Data protection statement

This data protection statement provides you with information about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online services and the linked websites, functions and contents, and on external online presences such as our social media profiles (hereinafter collectively referred to as “online services”). With regard to the terms used here such as “processing (German: Verarbeitung)” and “controller (German: Verantwortlicher)”, we make reference to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

MOLL bauökologische Produkte GmbH
Rheintalstraße 35-43
68723 Schwetzingen
Germany

Tel +49 62 02 - 27 82.0
Fax +49 62 02 - 27 82.21
E-mail info@proclima.de

Authorised representative managing directors:
Lothar Moll & Uwe Bartholomäi

Data Protection Officer

Ulrich Jahnke
PRIOLAN GmbH
Gottlieb-Daimler-Straße 9
74076 Heilbronn
Tel +49 7131 - 2628 - 800
E-mail datenschutz@proclima.de

Types of data processed

  • Master data (e.g., names, addresses)
  • Contact data (e.g., e-mail, telephone numbers)
  • Content data (e.g., entered text, photographs, videos)
  • Usage data (e.g., visited websites, interest in contents, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Categories of data subjects

Visitors to and users of online services (hereinafter we also refer to data subjects collectively as “users”).

Purpose of processing

  • Provision of online services, including their functions and contents.
  • Responding to contact inquiries and communication with users.
  • Security measures.
  • Audience measurement/marketing

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This term is broadly defined and includes practically every operation with data.

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Pprocessor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Insofar as the legal basis is not identified in the data protection statement, the following applies: The legal basis for obtaining consent is point (a) of Article 6(1) and Article 7 of the GDPR, the legal basis for processing for the fulfilment of our services, the carrying out of contractual measures and for responding to inquiries is point (b) of Article 6(1) of the GDPR, the legal basis for processing for the fulfilment of our legal obligations is point (c) of Article 6(1) of the GDPR, and the legal basis for processing for the fulfilment of our legitimate interests is point (f) of Article 6(1) of the GDPR. In the case that the vital interests of the data subject or of other natural persons make it necessary to process personal data, point (d) of Article 6(1) of the GDPR serves as the legal basis.

Security measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure a level of security appropriate to the risk.

In particular, these measures include the securing of the confidentiality, integrity and availability of data by means of monitoring of physical access to the data and also of monitoring the accessing, entry, forwarding, securing of availability and isolation of individual element of these data. In addition, we have implemented procedures that ensure adherence to the rights of data subjects, the erasure of data and a reaction to threats to data. Moreover, we shall take into account the protection of personal data already during the development and/or selection of hardware, software and processes in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).

Cooperation with processors and third parties

Insofar as we reveal data to other persons or companies (processors or third parties), transfer these data to them or grant them any other access to these data in the course of our processing, this shall occur only on the basis of legal permission (e.g. if transfer of data to third parties such as payment service providers is necessary for fulfilment of a contract in accordance with point (b) of Article 6(1) of the GDPR), if you have granted consent, a legal obligation foresees this or on the basis of our legitimate interests (e.g. when using contractors, web hosters, etc.). Insofar as we engage third parties to process data on the basis of a so-called “processing contract”, this shall be done on the basis of Article 28 of the GDPR.

Transfer to third countries

Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or insofar as this occurs in the course of the use of the services of third parties or the revealing or transfer of data to third parties, this shall only take place if it occurs for the fulfilment of our (pre-)contractual obligations, on the basis of your consent, because of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process data or have them processed in a third country only if the special requirements of Article 44 ff. of the GDPR are in place; i.e., processing is carried out on the basis of of special guarantees, for example, such as the officially recognised identification of a level of data protection that corresponds to the EU (e.g. by means of the “Privacy Shield” for the USA) or the adherence to officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and to information about these data, further information and a copy of these data in accordance with Article 15 of the GDPR.

In accordance with Article 16 of the GDPR, you have the right to completion of data concerning you or to the rectification of inaccurate personal data concerning you.

In accordance with Article 17 of the GDPR, you have the right to request the erasure of personal data concerning you without undue delay or, alternatively, in accordance with Article 18 of the GDPR, a restriction of the processing of data.

In accordance with Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us and to the transmission of these data to other controllers.

In addition, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.

Withdrawal of consent

In accordance with Article 7(3) of the GDPR, you have the right to withdraw consent that you have granted, with effect for the future.

Right to object

You can object at any time to the future processing of data concerning you in accordance with Article 21 of the GDPR. In particular, the data subject can object to processing for direct marketing purposes.

Cookies and the right to object for direct marketing

“Cookies” refer to small files that are stored on the computers of users. Various items of information can be stored in these cookies. The primary purpose of a cookie is to store information about a user (or about the device that the cookie is stored on) during or also after the user’s visit to online services. Temporary cookies or “session cookies” or “transient cookies” refer to cookies that are erased after the user has left online services and closed his or her browser. For example, the content of a shopping cart in an online shop or a login status can be stored in a cookie of this sort. Cookies that remain stored after the browser is closed are referred to as “permanent“ or “persistent”. For example, the login status can be stored if users visit online services again after a few days. The interests of users, which are used for audience measurement or marketing purposes, can also be stored in a cookie of this sort. “Third-party cookies” are cookies placed by service providers other than the controller that operates the online services (in other cases, where only the cookies of the controller are concerned, these are referred to as “first-party cookies”).

We can use temporary and permanent cookies, and we provide information about this within the framework of our data protection statement.

If users do not wish cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be erased in the system settings of your browser. The rejection of cookies can lead to limitation of the functioning of these online services.

A general objection to the use of cookies for the purposes of online marketing can be declared for a range of services, particularly in the case of tracking, using the US-based website http://www.aboutads.info/choices/ or the EU-based website http://www.youronlinechoices.com/. In addition, the avoidance of cookies can be achieved by switching them off in your browser settings. Note that it may then not be possible to use all functions of these online services.

Erasure of data

The data processed by us can be erased or the processing of these data can be restricted in accordance with Articles 17 and 18 of the GDPR. Insofar as this is not explicitly specified in this data protection statement, the data that we store are erased as soon as they are no longer required for their purpose and no legal obligations to keep these data are in conflict with the erasure of the data. If these data are not deleted because they are required for other legally permitted purposes, the processing of these data is restricted. This means that the data will be blocked and not processed for other purposes. For example, this applies to data that have to be kept for reasons relating to trade or tax law.

In line with the statutory requirements in Germany, data are to be kept for 10 years in accordance with § 147 para. 1 of the German Tax Code (AO) and § 257 para. 1 nos. 1 and 4 and para. 4 of the German Commercial Code (HGB) (accounts, records, status reports, accounting records, commercial books, documents relevant to taxation, etc.) and for 6 years in accordance with § 257 para. 1 nos. 2 and 3 and para. 4 of the German Commercial Code (HGB) (commercial letters).

In line with the statutory requirements in Austria, data are to be kept for 7 years in accordance with § 132 para. 1 of the Austrian Federal Tax Code (BAO) (accounting documents, invoices, accounts, business documents, statements of income and expenditure, etc.), for 22 years in connection with plots of land, and for 10 years for documents in connection with electronically provided services and for telecommunications, radio and television services that are provided to non-traders in EU member states and that are used by mini-one-stop-shops (MOSSs).

Privacy policy for application procedures

We process data from applicants solely for the purpose of and as part of the application procedure in accordance with the statutory regulations. Data from applicants are processed to fulfil our (pre-)contractual obligations as part of the application procedure pursuant to point (b) of Article 6(1) of the GDPR and point (f) of Article 6(1) of the GDPR insofar as data processing is necessary for us, for example as part of legal processes (§ 26 of the German Federal Data Protection Act (BDSG) also applies in Germany).

The application procedure requires that applicants provide us with their application data. The necessary application data are marked in cases where we provide an online form, otherwise these data arise in response to job advertisements and generally include information on the persons themselves, postal and contact addresses, and documents such as a cover letter, curriculum vitae, references and certificates that form part of an application. In addition, applicants can voluntarily provide us with further information.

When they send their application to us, applicants grant their consent to the processing of their data for the purposes of the application procedure in accordance with the type and scope specified in this data protection statement.

Insofar as particular categories of personal data pursuant to Article 9(1) of the GDPR are voluntarily provided as part of the application procedure, they shall be processed also in accordance with point (b) of Article 9(2) of the GDPR (e.g. data concerning health such as the existence of severe disability, ethnic origin). Insofar as particular categories of personal data pursuant to Article 9(1) of the GDPR are requested from applicants as part of the application procedure, they shall be processed also in accordance with point (a) of Article 9 (2) of the GDPR (e.g. data concerning health if these are necessary for carrying out the position).

Applicants can send their applications to us by means of an online form on our website, if such a form is provided. These data shall be transmitted to us in an encrypted manner in accordance with state-of-the-art technology.
In addition, applicants can transmit their applications to us by e-mail. However, we ask you to consider that e-mails are generally not sent in an encrypted manner and that applicants must ensure themselves that encryption is carried out. For this reason, we can assume no responsibility for the transmission path of the application between the sender and receipt on our server, and we therefore recommend that an online form or post should be preferred. After all, applicants still have the possibility of sending us their application by post as an alternative to the online form and e-mail.

The data made available by the applicants can be further processed by us for the purposes of an employment relationship if the application is successful. In other cases, the data of applicants are erased if their applications for a position are not successful. The data of applicants are also erased if an application is withdrawn; applicants are entitled to withdraw their applications at any time.

Erasure is carried out, subject to the legitimate withdrawal of applicants, after the expiry of a period of six months so that we can answer any follow-up questions on applications and fulfil our documentation obligations that result from the German General Equal Treatment Act. Invoices relating to any reimbursement of travel expenses are archived in accordance with the tax-law requirements.

Registration function

Users have the option of creating a user account. In the course of registration, users are informed of items of required information that are obligatory and these items are processed on the basis of point (b) of Article 6(1) of the GDPR for the purposes of providing the user account. The data entered in the course of registration are used for the purposes of taking advantage of the user account and its purposes. Users can be informed by e-mail of information that is relevant for their user account, such as technical changes. If users cancel their user accounts, the users’ data relating to the user account are erased, subject to a statutory obligation to archive data. It is the responsibility of users to store their data before the end of the contract if they have cancelled. We are entitled to irrevocably erase all user data stored during the contract duration.

We store the IP address and time of the relevant user action in the course of the use of our registration and login functions and of the use of user accounts. This information is stored on the basis of our legitimate interests, and also protects the user against misuse and other unauthorised use. These data are generally not passed on to third parties unless this is necessary in order to pursue our claims or there is a statutory obligation to do so in accordance with point (c) of Article 6(1) of the GDPR. The IP addresses are anonymised or erased after 7 days at the latest.

Comments and other contributions

If users add comments and other contributions, their IP addresses can be stored on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR. This is done for our security in case somebody adds illegal content (insults, forbidden political propaganda, etc.) in their comments and other contributions. In this case, we can be held responsible for the comment or contribution and therefore have an interest in the identity of the contributor.

In addition, we reserve the right to process data entered by users for the purpose spam detection on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR.

The data entered as part of comments and other contributions are stored by us permanently until users object.

Comment subscriptions

Users can subscribe to follow-up comments by granting their consent in accordance with point (a) of Article 6(1) of the GDPR. Users receive a confirmation e-mail to confirm that they are the owner of the e-mail address that was entered. Users can unsubscribe from current comment subscriptions at any time. The confirmation e-mail contains information on methods of withdrawing consent. For the purposes of documenting the consent of users, we store the registration time along with the IP address of users and erase this information when users unsubscribe from the subscription.

You can cancel your delivery of our newsletters at any time, i.e. you can withdraw your consent. We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we erase them so that we have documentation of previously granted consent. The processing of these data is restricted to the purpose of defence against any possible claims. An application for individual erasure is possible at all times if the previous existence of consent is confirmed at the same time.

Akismet anti-spam testing

Our online services use the “Akismet” service, which is provided by Automattic, Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This service is used on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR. This service helps to differentiate between comments from real people and spam comments. For this purpose, all comment data are sent to a server in the United States, where they are analysed and stored for comparison purposes for four days. If a comment is deemed to be spam, the data are stored beyond this period. These data include the name entered, e-mail address, die IP address, the contents of the comment, the referrer, information on the browser and computer system used, and the time of the entry.

Further information on the collection and use of data by Akismet can be found in Automattic’s privacy policy: https://automattic.com/privacy/.

Users are welcome to use pseudonyms or to omit their name or e-mail address. You can completely avoid transmission of data by not using our comment system. This would be a pity, but unfortunately we know of no other alternative that works as effectively.

Accessing of profile pictures using Gravatar

We use the Gravatar service provided by Automattic, Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our online services and, in particular, for the blog.

Gravatar is a service where users can login and enter their profile pictures and their e-mail addresses. If users add contributions or comments with this e-mail address on other online sites (mainly for blogs), their profile pictures can be displayed alongside their contributions or comments. For this purpose, the e-mail address provided by the user is transmitted to Gravatar in an encrypted manner to check whether a profile has been stored for this e-mail address. This is the sole purpose of transmission of the e-mail address and it is not used for other purposes, but is instead subsequently erased.

Gravatar is used on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR, as we offer the writers of contributions and comments the opportunity to personalise their contributions with a profile picture with the aid of Gravatar.

When pictures are displayed, Gravatar is informed of the IP address of users as this is necessary for communication between the browser and the online service. Further information on the collection and use of data by Gravatar can be found in Automattic’s privacy policy: https://automattic.com/privacy/.

If users do not wish a user picture linked with their e-mail address on Gravatar to appear in their comments, they should use an e-mail address that is not stored with Gravatar when making their comments. In addition, we wish to state that it is possible to use an anonymous e-mail address or no e-mail address if users do not want their own e-mail address to be transmitted to Gravatar. Users can prevent the transmission of data completely by not using our comment system.

Establishing contact with us

When users establish contact with us (e.g. using the contact form, e-mail, telephone or social media), data from the users are processed in handling and dealing with the contact request in accordance with point (b) of Article 6(1) of the GDPR. The data entered by users can be stored in a Customer Relationship Management System (“CRM system”) or in a comparable inquiry organisation system.

We erase inquires if they are no longer required. We check the necessity for this every two years; the statutory archiving obligations also apply.

Newsletter

Here we provide you with information about the contents of our newsletter, the registration procedure, the delivery procedure, the statistical evaluation procedure, and your rights to withdraw consent. By subscribing to our newsletter, you grant your consent to receiving the newsletter and to the procedures described.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter referred to as “newsletters”) only with the consent of the recipients or with statutory permission. If the contents of a newsletter are described in detail in the course of registration for this newsletter, they are binding with regard to user consent. In addition to this, our newsletters contain information about our services and about us.

Double opt-in and logging: Registration for our newsletter involves a so-called double opt-in procedure. This means that after signing up, you receive an e-mail that asks you to confirm your registration. This confirmation is necessary so what nobody can sign up using somebody else’s e-mail address. Registrations for the newsletter are logged so as to document the registration process in accordance with the statutory requirements. This includes the storage of the time of registration, the time of confirmation and the IP address. The changes in your data that are stored by the delivery service provider are also logged.

Registration data: In order to register for the newsletter, it is sufficient if you provide your e-mail address. As an option, we also ask that you provide your name so that we can address you in person in the newsletter.

Sending of the newsletter and the associated measurement of success is carried out on the basis of the consent of the recipients in accordance with point (a) of Article 6(1) and Article 7 of the GDPR in conjunction with § 7 para. 2 no. 3 of the German Unfair Competition Act (UWG) and on the basis of statutory permission in accordance with § 7 para. 3 of the German Unfair Competition Act (UWG) or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with point (f) of Article 6(1) of the GDPR in conjunction with § 7 para. 3 of the German Unfair Competition Act (UWG).

Logging of the registration procedure is carried out on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR. Our interest focuses on the implementation of a user-friendly and secure newsletter system that serves our business interests and also fulfils the expectations of users, as well as allowing for documentation of consent.

Cancellation/withdrawal of consent – you can cancel your delivery of our newsletters at any time, i.e. you can withdraw your consent. A link to cancel the newsletter can be found at the end of each newsletter. We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we erase them so that we have documentation of previously granted consent. The processing of these data is restricted to the purpose of defence against any possible claims. An application for individual erasure is possible at all times if the previous existence of consent is confirmed at the same time.

Newsletter – Clever Reach

The newsletter is sent by our delivery service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The data protection conditions of our delivery service provider are available in German at: https://www.cleverreach.com/de/datenschutz/. The delivery service provider is engaged on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR and of a processing contract in accordance with Article 28(3) sentence 1 of the GDPR.

The delivery service provider can use the data of the recipients in pseudonymised form, i.e. without the data being assigned to a user, in order to optimise or improve its own service, e.g. for technical optimisation of delivery and presentation of the newsletters or for statistical purposes. However, the delivery service provider does not use the data of our newsletter recipients in order to write to them itself or to pass these data to third parties.

Newsletter – measurement of success

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is accessed by our server or, if we use a delivery service provider, by its server when the newsletter is opened. As part of this access, technical information such as information on your browser and your system, and also your IP address and the time of access are collected.

This information is used for technical improvement of our service based on technical data or target groups and your reading behaviour based on the access locations (which can be determined with the aid of the IP address). The statistics collected also include whether the newsletter was opened, when it was opened and which links were clicked. This information can be associated with individual newsletter recipients for technical reasons; however, it is not our aim or, if a delivery service provider is used, the aim of the delivery service provider to observe individual users. Instead, we use these evaluations to identify the reading habits of our readers and to adapt our contents for them or to send differing contents that correspond to the interests of our users.

A separate objection to measurement of success is unfortunately not possible; in this case, the entire newsletter subscription must be cancelled.

Hosting and sending of e-mails

The hosting services that we engage are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, sending of e-mails, security services and technical maintenance services that we use to run these online services.

In the course of this, we and/or our hosting providers process master data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties und visitors to these online services on the basis of our legitimate interests in the efficient and secure provision of these online services in accordance with point (f) of Article 6(1) of the GDPR in conjunction with Article 28 of the GDPR (conclusion of a processing contract).

Collection of access data and log files

We and/or our hosting providers collect data relating to every accessing of the server that this service is located on (so-called serve log files) on the basis of our legitimate interests pursuant to point (f) of Article 6(1) of the GDPR. These access data include the name of the website that was accessed, file, date and time of access, amount of data transferred, notification of successful accessing, browser type and version, operating system of the user, referrer URL (the page visited previously), IP address and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. when investigating acts of misuse or fraud) and are then erased. Data that have to be further processed for evidence purposes are excluded from erasure until investigation of the relevant incident has been completed.

Audience measurement with Matomo

As part of audience measurement with Matomo, the following data are processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercially viable operation of our online services pursuant to point (f) of Article 6(1) of the GDPR): the browser type and browser version that you use, the operating system that you use, your country of origin, the date and time of the server request, the number of visits, your time spent on the website and the external links that you activated. The IP address of users is anonymised before it is stored.

Matomo uses cookies that are stored on the computer of the users and that allow for an analysis of the use of our online services by users. Pseudonymous usage profiles of users can be created from the processed data. The cookies have a storage duration of one week. The information created by the cookie about your use of this website is stored only on our server and is not passed on to third parties.

Users can object at any time to the anonymised collection of data by the Matomo program with effect for the future by clicking the link below. In this case, a so-called opt-out cookie is placed in your browser, which has the effect that Matomo will no longer collect any session data. However, if users delete their cookies, this also causes the opt-out cookie to be deleted and it must then be activated again by the users.

Logs with the data of users are erased after 6 months at the latest.

Online presences on social media

We maintain online presences on social networks and platforms in order to communicate with customers, interested parties and users who are active there and to inform them about our services. When these networks and platforms are accessed, the terms and conditions of business and the privacy policies of the relevant operators apply.

Insofar as nothing to the contrary is specified as part of our data protection statement, we process user data if users communicate with us on social networks and platforms, e.g. write contributions to our online presences or send us messages.

Inclusion of services and contents from third parties

We use contents and services from third-party providers within our online services in order to include their contents and services such as videos or fonts (hereinafter consistently referred to as “contents”) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercially viable operation of our online services pursuant to point (f) of Article 6(1) of the GDPR).

A prerequisite for this is always that the third-party providers of these contents can detect the IP addresses of users, as they cannot send contents to the users’ browsers without an IP address. The IP address is thus required for the displaying of these contents. We try to use only those contents for which the relevant provider uses the IP address solely for the supply of contents. In addition, third-party providers can use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” facilitate the evaluation of information such as visitor traffic to sites. The pseudonymous information can also be stored on the device in cookies, can contain technical information on the browser and operating system, referring websites, visit time and other data on use of our online services, for example, and can also be linked with similar information from other sources.

Vimeo

We can include videos from the “Vimeo” platform of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy.

We hereby state that Vimeo can use Google Analytics and we make reference in this regard to the Privacy Policy (https://www.google.com/policies/privacy) and to the opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) or the Google settings for the use of data for marketing purposes (https://adssettings.google.com/).

YouTube

We include videos from the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Maps

We include maps from the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

In particular, the processed data can include the IP addresses and location data of users, which, however, are not collected without the users’ consent (generally obtained as part of the settings on their mobile devices). The data can processed in the United States of America.

OpenStreetMap

We include maps from the “OpenStreetMap” service (https://www.openstreetmap.de), which are provided on the basis of an Open Data Commons Open Database Licence (ODbL) by the OpenStreetMap Foundation (OSMF). Privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

To the best of our knowledge, user data is used by OpenStreetMap solely for the purposes of presenting map functions and for the intermediate storage of the selected settings. In particular, these data can include the IP addresses and location data of users, which, however, are not collected without the users’ consent (generally obtained as part of the settings on their mobile devices).

The data can processed in the United States of America. Further information is available in the Privacy Policy of OpenStreetMap: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

Use of Facebook Social Plugins

We use Social Plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercially viable operation of our online services pursuant to point (f) of Article 6(1) of the GDPR). The Plugins can display interactive elements or contents (e.g. videos, graphics or text) and can be recognised by the presence of one of the Facebook logos (white “f” on a blue tile, the terms “Like” or “Gefällt mir” (in German), or a “Thumbs-up” sign) or are marked with the description “Facebook Social Plugin”. A list of Facebook Social Plugins and their appearances can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Framework and thus guarantees that it adheres to European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a function of these online services that contains a plugin of this type, the user’s device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted from Facebook directly to the user’s device and is included in the online service by this device. Usage profiles of users can be created from the processed data. As a result, we have no influence on the scope of the data that Facebook collects with the aid of this plugin, and we hereby inform users of this in accordance with the knowledge available to us.

When the plugin is included, Facebook is informed that a user has accessed the corresponding page on the online services. If the user is logged in to Facebook, Facebook can match the visit to the user’s Facebook account. If users interact with plugins by clicking the “Like” button or leaving a comment, for example, the corresponding information is transmitted from your device directly to Facebook and stored by Facebook. If a user is not a member of Facebook, it is nonetheless possible for Facebook to learn of the user’s IP address and to store it. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of data collection, further processing and use of data by Facebook, and the relevant rights and possible settings for protecting users’ privacy are described for users in Facebook’s Data Policy: https://www.facebook.com/about/privacy/.

If a user is a member of Facebook but doesn’t want Facebook to collect data about him or her through these online services or to link these data with his or her membership data stored by Facebook, the user must log out of Facebook and delete his or her cookies before using our online services. Further settings and objections to the use of data for promotional purposes can be made within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or using the US-based site http://www.aboutads.info/choices/ or the EU-based site http://www.youronlinechoices.com/. The settings are independent of platform, i.e. they are made for all devices such as desktop computers or mobile devices.

Twitter

Functions and content from the Twitter service, which is provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,, can be included in our online services. These can feature content such as images, videos, text and buttons that users can use to express their approval of the content or to subscribe to the sources of the content or to our contributions. If users are members of the Twitter platform, Twitter can link the accessing of these contents and functions to the Twitter profiles of the users. Twitter is certified under the Privacy Shield Framework and thus guarantees that it adheres to European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.

Xing

Functions and content from the Xing service, which is provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be included in our online services. These can feature content such as images, videos, text and buttons that users can use to express their approval of the content or to subscribe to the sources of the content or to our contributions. If users are members of the Xing platform, Xing can link the accessing of these contents and functions to the Xing profiles of the users. Xing’ Privacy Policy: https://www.xing.com/app/share?op=data_protection.

LinkedIn

Functions and content from the LinkedIn service, which is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be included in our online services. These can feature content such as images, videos, text and buttons that users can use to express their approval of the content or to subscribe to the sources of the content or to our contributions. If users are members of the LinkedIn platform, LinkedIn can link the accessing of these contents and functions to the LinkedIn profiles of the users. Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield Framework and thus guarantees that it adheres to European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Google+

Functions and content from the Google+ service, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) can be included in our online services. These can feature content such as images, videos, text and buttons that users can use to express their approval of the content or to subscribe to the sources of the content or to our contributions. If users are members of the Google+ platform, Google can link the accessing of these contents and functions to the Google+ profiles of the users.

Google is certified under the Privacy Shield Framework and thus guarantees that it adheres to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Further information on the use of data by Google and options for settings and objections can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for the displaying of ads by Google (https://adssettings.google.com/authenticated).


Created using Datenschutz-Generator.de by the law office of Dr. Thomas Schwenke