Data Protection Notice
Name and address of the controller:
The controller within the meaning of the EU General Data Protection Regulation and other data protection provisions is:
Schlesische Straße 20
Name and address of our data protection officer:
Herting Oberbeck Datenschutz GmbH
We respect your data!
We are pleased that you’re taking an interest in our website. The trust of all visitors and customers, the security of your data and the protection of your privacy are extremely important to us. We therefore handle your personal data in accordance with the applicable data protection regulations and this data protection notice. Personal data is information that can be used to identify you, including (for example) your real name, address or telephone number.
When you visit and use our website without registering or otherwise explicitly providing information to us, we process the data transmitted to us with every request of your browser (see “Log data” below). If you explicitly provide us with personal data (e.g. using our contact form), this is done for the sole purpose of each request or order. Please note that data transmission on the Internet can never be completely protected against access by third parties.
In the following, we would like to tell you what data we process, when and for what purpose. We explain how our services work and how we ensure the protection of your personal data in this regard.
Legal basis for the processing of personal data
If we obtain consent from the data subject to process personal data, Art. 6 (1) letter (a) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) letter (b) GDPR serves as the legal basis. The same applies to the necessary steps taken at the request of the data subject prior to entering into a contract.
If the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Art. 6 (1) letter (c) GDPR serves as the legal basis.
If the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 (1) letter (d) GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) letter (f) GDPR serves as the legal basis for data processing.
Data erasure and duration of storage
The personal data of the data subject is erased as soon as the purpose of storage no longer applies. In addition, personal data may be stored beyond that time if required by European or national laws or other regulations to which the controller is subject. The data will then also be blocked or erased when the retention period prescribed by the aforementioned laws and regulations expires, unless continued storage of the data is necessary for the conclusion or performance of a contract.
Your rightsYou have the right to free information about your personal data stored with us and where applicable, the right to the rectification, restriction of processing, or erasure of this data. You also have the right to data portability. Finally, you also have the right to complain to the data protection supervisory authority about our processing of your personal data.
Please also note that you may object at any time to the future processing of your personal data in accordance with the legal requirements of Art. 21 GDPR. In particular, you may object to processing for purposes of direct advertising.
Provision of information
If you have questions about the collection, processing or use of your personal data, or if you would like to request information or the rectification, blocking or erasure of data, or if you wish to revoke any granted consents or object to a certain use of data, please send us an email at the following email address:
The automatic collection and storage of log data by the provider of Internet services are done because the processing of such data is necessary in order to display our website to you and ensure stability and security. Log data includes the following information:
- Data and time of each request
- Internet address (URL) that was requested
- URL which the visitor visited immediately beforehand
- Browser and language used
- Operating system and user interface used
- IP address and host name of the visitor
- Access status / http status code
- Each data quantity transmitted
This data is transmitted to us automatically and cannot be attributed to you personally without undue effort. The legal basis for this processing is our legitimate interest according to Art. 6 (1) sentence 1 letter (f) GDPR because this data processing is necessary for the operation and display of the website. The data is erased as soon as it is no longer required to fulfill the purpose for which they were collected. With respect to the data collected for the purpose of providing the website, this is the case when each session ends. The collection of data for the purpose of providing the website and the storage of the data in log files are absolutely necessary for the operation of the website. The user therefore has no possibility of objecting to the collection and storage of such data.
We use so-called cookies to make the experience of visiting our website attractive and allow for the use of certain functions. Cookies are small text files that are stored on your terminal device and store certain information to be exchanged with our system. The legal basis for the processing of this data is Art. 6 (1) sentence 1 letter (f) GDPR. Some of the cookies we use are erased again after the end of the browser sessions, meaning when you close the browser (transient cookies). These cookies particularly include session cookies, which store a unique identifier (session ID). This session ID makes it possible to attribute the different requests of your browser to the same session. This way, your terminal device can be recognized again when you return to our website during the same session. Session cookies are also erased when you log out.
Other cookies remain on your terminal device for a predefined period of time and enable us to recognize your browser or terminal device the next time you visit us (persistent cookies).
When you log in to your user account on our website, we use persistent cookies to recognize your terminal device again the next time you visit even after you have closed the browser. This way, you do not need to log in again.
Please note that certain cookies are placed as soon as you enter our website. You can adjust your browser settings to be informed of the placement of cookies and decide whether to accept them on a case-by-case basis or generally prevent the acceptance of cookies in certain cases, particularly including third-party cookies. If you do not accept cookies, the functionality of our website may be limited for you.
Configuration of cookie settings in the browser
You have the option of preventing the storage of cookies on your computer by adjusting your browser settings. Every browser manages cookie settings in a different way. This is described in the help menu of every browser, which tells you how you can change your cookie settings. You will find these instructions for each browser at the following links:
Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Encryption with SSL
For security reasons, our website uses SSL (Secure Sockets Layer) encryption. It protects transmitted data so they cannot be read by third parties. You can recognize successful encryption when the protocol designation in the status bar of your browser changes from “http://” to “https://” and a closed lock symbol appears there.
Web hosting by Hetzner Online
We use the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (“Hetzner Online”) for the hosting of our websites and have entered into a job processing agreement with Hetzner Online for this purpose in accordance Art. 28 GDPR. You can find further information on this subject in the data protection notice of Hetzner Online at https://www.hetzner.de/rechtliches/datenschutz. The legal basis is our legitimate interest in the operation and assurance of the operational security of this website, in accordance with Art. 6 Abs. 1 sentence 1 letter (f) GDPR.
Web hosting by Heroku
We use the services of Heroku (the service of offered by “SFDC” salesforce.com, Inc., a Delaware corporation, One Market, Suite 300, San Francisco, California 94105). We have no knowledge of the further type of processing and duration of storage. We cannot rule out the possibility that data will be transmitted to the United States, which is deemed to be a third country with an unsecure level of data protection under the GDPR. You can find further information on the use of data by Heroku in Heroku’s data protection notice: https://www.salesforce.com/company/privacy/. The legal basis is our legitimate interest in the operation and assurance of the operational security of this website, in accordance with Art. 6 Abs. 1 sentence 1 letter (f) GDPR.
You can contact us electronically using the contact form we provide.
Our contact form provides an indication of which data is mandatory and which can be entered voluntarily. All entered data is stored with us and used only for the purpose of answering your inquiries. In addition, your IP address and the data and time of registration are stored as well. Your personal data is erased as soon as it is no longer necessary to store it for this purpose or we restrict the processing of this data if we are required to fulfill legal retention obligations. The legal processing for this data processing is to take steps prior to entering into a contract in order to reply to your inquiry, in accordance with Art. 6 (1) letter (b) GDPR.
System and information security
We take technical and organizational measures to protect our website and other systems against the loss, destruction, access, modification, or circulation of the stored data by unauthorized persons. Despite these safeguards, however, complete protection against all risks is not possible. Simply by connecting to the Internet and using the attendant technical possibilities, no guarantee can be made that contents and information flows will not be read and recorded by third parties.
Objection to unauthorized advertising by email
We have published general contact data and an email address on our website in compliance with our obligation to provide information about the publisher according to Section 5 TMG (German Telemedia Act). We hereby object to the use of this contact data for the unauthorized transmission of information materials, advertising or spam emails that we have not explicitly requested.
Status of the Data Protection Notice: July 7, 2018.