The Website operator takes privacy very seriously. Your Personal Data is collected and processed in accordance with the applicable data protection regulations, particularly the General Data Protection Regulation (GDPR). We collect and process your Personal Data in order to be able to offer you the portal specified above. This policy describes how, and for which purpose, your Personal Data are collected and used as well as your options concerning your Personal Data.
The person responsible for the collection, processing, and use of your Personal Data pursuant to the GDPR is
Renate Schnürch, tax accountant
Nymphenburger Straße 1
80335 Munich, Germany
Phone +49 (0)89 / 130 120 80
Fax +49 (0)89 / 130 120 819
Nature of the Processed Data:
Contact details (e. g. email address, phone numbers) when contact is established via email.
Data Subject Categories:
Visitors and users of the online content. Hereinafter, Data Subjects will also be referred to as “Users.”
Purpose of the Processing:
– to answer contact requests made by Users;
– security measures.
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e. g. a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means. The term is broadly defined and includes practically any form of data handling.
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Collection and Logging of Data
Whenever you access our Websites, your internet browser is required to transmit data to our web server for technical reasons. The following data are recorded during an open connection to facilitate the communication between your internet browser and our web server:
- Date and time of the request;
- Name of the requested file;
- Page from which the file request originated;
- Access status (file transferred, file not found, etc.);
- Web browser and operating system used;
- Full IP address of the requesting computer;
- Data volume transferred.
For reasons of technical security, including but not limited to the defence against attempted attacks on our web servers, these data will temporarily be stored by us. It is not possible for us to identify an individual based on these data. After no later than seven days, these data are anonymised by shortening the IP address to domain level, effectively rendering it impossible to link it to an individual User. In parallel, the anonymised data are also processed for statistical purposes; the data are neither compared to other data resources nor transferred in whole or in part to a third party. An overview of the number of page impressions merely forms part of our server statistics, which are published every two years in our activity report.
Collection of Further Data
If you contact us via email, we will collect, process, and use your Personal Data for the sole purpose of processing your request.
Web Tracking Procedure (Reach Measurement)
We do not use any analytics programmes and other techniques to evaluate your user behaviour on our Website.
The hosting services utilised by us are intended to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services we use for the purpose of providing this online content.
We/our hosting provider processes the data specified above based on our legitimate interest in providing this online content in an efficient and safe manner pursuant to Art. 6, Paragraph 1, Lit. f GDPR in conjunction with Art. 28 GDPR (data processing agreement).
General Use of this Website
Whenever you contact us (e. g. via email), we store your information for the purpose of processing your request and in case of any follow-up questions. We only store and use any other Personal Data if you consent or if the law permits us to do so without any special consent.
Inclusion of Third-Party Services and Content
Within the scope of our online content we make use of third-party content or services in order to include their content and services such as videos or fonts (hereinafter collectively referred to as “Content”) based on our legitimate interest (i. e. the optimisation of our online content within the meaning of Art. 6, Paragraph 1, Lit. f GDPR).
It is always assumed that the third-party Content providers learn the Users’ IP addresses, because they cannot send the Content to the Users’ browsers without the IP addresses. The IP address is therefore required to view this Content. We endeavour to only use Content from providers who merely use the IP address to deliver the Content. Moreover, third-party providers may use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as Website traffic. In addition, the pseudonymised information may be stored in cookies on the Users’ devices containing, among other things, technical information on the browser and operating system, referring websites, the time of the visit as well as further information on the use of our online content, or may be linked to such information from other sources.
Legal Basis and Storage Period
The legal basis for data processing as specified above is Art. 6, Paragraph 1, Lit. f GDPR. Our main interests in data processing relate to ensuring the operation and safety of the Website, evaluating the way Users use the Website, and simplifying the use of the Website.
Unless specified otherwise, we store Personal Data for no longer than is necessary for the purposes for which the data are processed.
Your Rights as a Data Subject
You have various rights concerning your Personal Data under applicable law. If you wish to exercise those rights, please submit your request via email or post to the Website operator (see Section 1) and unmistakably state your identity. As a Data Subject you have the following rights:
Right of Access
You have the right to obtain from us at any time confirmation as to whether or not Personal Data concerning you are being processed. Where that is the case, you have the right to be informed free of charge about your Personal Data stored by us, and to obtain a copy of these data. Furthermore, you have the right to access the following information:
- the purposes of the processing;
- the categories of Personal Data concerned;
- the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to rectification or erasure of your Personal Data;
- right to restriction of processing by the Controller;
- right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the Personal Data are not collected from you, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22, Paragraphs 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where Personal Data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
Right to Rectification
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to Erasure (“Right to be Forgotten”)
You have the right to obtain from us the erasure of Personal Data concerning you without undue delay, and we have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to Art. 6, Paragraph 1, Lit. a GDPR, or Art. 9, Paragraph 2, Lit. a GDPR, and where there is no other legal ground for the processing;
- you object to the processing pursuant to Art. 21, Paragraph 1 GDPR and there are no overriding legitimate grounds for the processing (e. g. legal retention periods), or you object to the processing pursuant to Art. 21, Paragraph 2 GDPR;
- the Personal Data have been unlawfully processed;
- the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
- the Personal Data have been collected in relation to the offer of information society services referred to in Art. 8, Paragraph 1 GDPR.
Where we have made Personal Data public and are obliged to erase the Personal Data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Controllers which are processing the Personal Data that you have requested the erasure by such Controllers of any links to, or copy or replication of those Personal Data.
Right to Restriction of Processing
You have the right to obtain from us the restriction of processing where one of the following applies:
- the accuracy of the Personal Data is contested by you, for a period enabling the Controller to verify the accuracy of the Personal Data;
- the processing is unlawful and you opposed the erasure of the Personal Data and requested the restriction of their use instead;
- the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise, or defence of legal claims;
- you have objected to processing pursuant to Art. 21, Paragraph 1 GDPR pending the verification whether the legitimate grounds of the Controller override yours.
Right to Data Portability
You have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another Controller without hindrance from us, where:
- the processing is based on consent pursuant to Art. 6, Paragraph 1, Lit. a GDPR or Art. 9, Paragraph 2, Lit. a GDPR or on a contract pursuant to Art. 6, Paragraph 1, Lit. b GDPR; and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to Paragraph 1, you have the right to have the Personal Data transmitted directly from us to another Controller, where technically feasible.
Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on Art. 6, Paragraph 1, Lit. e or f GDPR, including profiling based on those provisions. We will no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defence of legal claims.
Where Personal Data are processed by us for direct marketing purposes, you have the right to object at any time to the processing of Personal Data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where Personal Data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 9 , Paragraph 1 GDPR, you, on grounds relating to your particular situation, have the right to object to processing of Personal Data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Automated Individual Decision-Making, including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to Withdraw Privacy Consent
You have the right to withdraw your consent to the processing of your Personal Data at any time.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes this Regulation.
We take maximum effort to keep your Personal Data safe within the scope of the applicable data protection laws and our own technical means. Your Personal Data is encrypted during transfer. This applies both to your orders and your customer login. We use the SSL (Secure Socket Layer) encryption system; however, we must point out that any data transfer over the internet (e. g. email communication) may be subject to security vulnerabilities. It is not possible to completely protect the data against third-party access.
We take technical and organisational security measures to keep your data safe, and adapt these measures to the state of the art from time to time. Furthermore we do not guarantee the availability of our content at any time; malfunctions, interruptions, and failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
There is no automated decision-making based on the collected Personal Data.
Transfer of Data to Third Parties, No Data Transfer to Non-EU/EEA Countries
As a rule, we only use your Personal Data within our enterprise. If and to the extent that we engage third parties in the fulfilment of contracts, such third parties will only receive Personal Data to the extent that is necessary for the completion of the service in question.
Where part of the data processing is outsourced (Processing), we enter into a contract with the Processors stipulating that they use Personal Data only in accordance with data protection law requirements and ensure the protection of the rights of the Data Subject.
No data is transferred to authorities or persons outside of the EU and outside of the cases specified in this Policy, and there are no plans to do so in the future.
Data Protection Officer
(Effective: May 2018)