Rosenalp health resort and spa

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Table of contents

- Preamble

- Controller

- Contact data protection officer

- Overview of processing operations

- Relevant legal bases

- Security measures

- Transmission of personal data

- Deletion of data

- Use of cookies

- Business services

- Provision of the online offer and web hosting

- Advertising communication via email, post, fax or telephone

- Rights of the data subjects

 

 

Data controller

Allgäuer Rosenalp GmbH & Co. KG
represented by the managing director Mr Bernd Schädler
Am Lohacker 5, 87534 Oberstaufen
Oberstaufen, Germany

Phone: +49 (0) 83 86 / 7 06 – 0
E-mail: datenschutz@rosenalp.de
Website: https://www.rosenalp.de

RG Kempten, HRA No. 8171
VAT ID No.: DE236398105

 

Contact data protection officer

OFF Telekommunikation GmbH
Mr Mathias Greiner
At Högner 2 ½
87490 Börwang
Börwang, Germany
E-mail: mg@off.de

 

Overview of the processing operations

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

- Inventory data.
- Payment data.
- Contact data.
- Contract data.
- Usage data.
- Meta, communication and process data.
<![if !supportLineBreakNewLine]>
<![endif]>

Categories of data subjects

- Interested parties.
- Communication partners.
- Users.
- Business and contractual partners.
<![if !supportLineBreakNewLine]>
<![endif]>

Purposes of the processing

- Provision of contractual services and customer service.

- Contact requests and communication.

- Security measures.

- Direct marketing.

- Office and organisational procedures.

- Managing and responding to enquiries.

- Provision of our online services and user-friendliness.

- Information technology infrastructure.
<![if !supportLineBreakNewLine]>
<![endif]>

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

- Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.

- Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

- Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.

- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. The data protection laws of the individual federal states may also apply.

 

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

 

Transmission of personal data

As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

 

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.

Our data protection notices may also contain further information on the storage and deletion of data, which take precedence for the respective processing operations.

 

Use of cookies

Cookies are small text files or other storage devices that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping basket in an e-shop, the content accessed or the functions of an online service used. Cookies can also be used for various purposes, e.g. to ensure the functionality, security and convenience of online offers and to create analyses of visitor flows.

Notes on consent:We use cookies in accordance with the statutory provisions. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offering). The revocable consent is clearly communicated to users and contains information on the respective use of cookies.

Information on the legal basis under data protection law: The legal basis under data protection law on which we process users' personal data with the help of cookies depends on whether we ask users for their consent. If users give their consent, the legal basis for processing their data is the consent given. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is done in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We will explain the purposes for which we process cookies in the course of this privacy policy or as part of our consent and processing procedures.

Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies

- Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g. browser or mobile application).

- Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements in Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g. by deactivating the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

 

Further information on processing processes, procedures and services:

Processing of cookie data on the basis of consent: We use a cookie consent management procedure in which the consent of users to the use of cookies or the processing and providers named in the cookie consent management procedure can be obtained, managed and revoked by users. The declaration of consent is stored so that it does not have to be requested again and the consent can be proven in accordance with the legal obligation. Consent can be stored on the server and/or in a cookie (so-called opt-in cookie or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: Consent may be stored for up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.

 

Use and application of Google Analytics (with anonymisation function)
The controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, gathering and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the addition "_gat._anonymiseIp" for web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the data subject's Internet connection if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to analyse the use of our website, to compile online reports for us that show the activities on our website and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties..

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programmes.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/

 

 

Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you sign in with your Google account.

To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account by following this link: https://www.google.com/settings/ads/onweb/.

The data collected in your Google account is summarised exclusively on the basis of your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.

Further information and the data protection provisions can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/.

 

Google AdWords and Google conversion tracking
This website uses Google AdWords. AdWords is an online advertising programme of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use what is known as conversion tracking. When you click on an advert placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user has clicked on the ad and has been redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

"Conversion cookies" are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

You can find more information about Google AdWords and Google Conversion Tracking in Google's privacy policy: https://www.google.de/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

 

Facebook Pixel
Our website uses the visitor action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") to measure conversions.

This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

You can find further information on protecting your privacy in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the settings for adverts at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

vioma USER ADAPTIVE CONTENT
Our website uses the functions of vioma USER ADAPTIVE CONTENT, provided by vioma GmbH ("vioma"), Industriestrasse 27, 77656 Offenburg, Germany, to adapt website content to user behaviour. vioma USER ADAPTIVE CONTENT enables the website operator to adapt the output of website content to your individual user behaviour. In doing so, vioma collects and stores various usage data via a cookie that is set on your end device. This usage data may include, for example, page views, length of visit and offers clicked on. This data may be summarised by vioma in a profile that is assigned to the respective user or their end device. As the website operator, we have no access to user profiles created by vioma.

The vioma USER ADAPTIVE CONTENT cookie and the personal data collected about you are automatically deleted after 30 days. After deletion, no data about you is stored in connection with vioma USER ADAPTIVE CONTENT. vioma uses the collected data exclusively to display content such as images, thematic offers and text content according to your interests when you visit our website again. This means that you will be shown preferential offers that correspond thematically to the offers you have previously viewed. Similarly, images or text segments that correspond to content that you have viewed or clicked on during previous visits to our website may be displayed preferentially or larger.

Data processing by the vioma analysis tool is based on your consent, Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

 

ADDITIVE+ MC
Our websites use the functions of ADDITIVE+ MC. The provider is ADDITIVE OHG, Industriezone 1/5 - Eurocenter, I - 39011 Lana (BZ), privacy@additive.eu.

The purpose of storing cookies is to allocate the visitor session and any actions taken by the visitor to the corresponding access source (e.g. adverts). In addition, the information in the cookies is used to recognise the visitor on future visits. This enables a better evaluation of the advertising measures taken.

You can object to tracking by clicking on this link: Opt Out.

vioma NEWSLETTER
Diese Website nutzt vioma NEWSLETTER für den Versand von Newslettern. Anbieter ist die vioma GmbH, Industriestraße 17, 77656 Offenburg („vioma“). Vioma NEWSLETTER ist ein Dienst, mit dem der Newsletterversand organisiert und analysiert werden kann.

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

Our newsletters sent with vioma NEWSLETTER enable us to analyse the behaviour of newsletter recipients. Among other things, we can analyse how many and which recipients have opened the newsletter message and how often and by whom which link in the newsletter was clicked. Conversion tracking can also be used to analyse whether a predefined action (e.g. booking a stay on this website) has taken place after clicking on the link in the newsletter.

The data entered in the newsletter registration form and the analysis of individual opening and click rates are processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR) and on the basis of legitimate interest (Art. 6 para. 1 lit. f GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in an exclusion list in order to prevent future mailings. The data from the exclusion list will only be used for this purpose and will not be merged with other data.

 

YouTube with enhanced data protection
This website embeds videos from the YouTube website. YouTube is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de

 

Pinterest plugin
On this website, we use social plugins from the social network Pinterest, which is operated by Pinterest Europe Ltd ("Pinterest"), Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.

The data is stored and analysed on the basis of your consent, Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

 

Contact form (request information, apply online)
If you contact us using the form on the website or by e-mail, or apply for a job, we will store the data you provide and the general data described above. By using our form, you consent to the processing of your data. We do not pass the data on to third parties and use the data exclusively to process the contact and to answer the respective enquiry. If you contact us by e-mail, the necessary legitimate interest in the processing of the data also lies in the processing of the contact. The legal basis for the processing of the data is Article 6(1)(a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Article 6(1)(f) GDPR. The data transmitted to us in the course of contacting us will be deleted as soon as it is no longer required for the aforementioned purpose. As far as the personal data from the contact form and the data sent by e-mail are concerned, this is the case as soon as the respective conversation has ended. This in turn is the case as soon as the facts of the case have been conclusively clarified. If the contact is also aimed at concluding a contract, the additional legal basis is Article 6 (1) (b) GDPR. In this case, we will store your enquiry as a business letter for 7 years.

 

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships and associated measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries.

We process this data in order to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organisation. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse, jeopardising their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this privacy policy.

We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law as well as for trading books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organisational documents and accounting records, and six years for commercial and business letters received and reproductions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting document was created, the record was made or the other documents were created.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

- Processed data types: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers); contract data (e.g. subject matter of the contract, term, customer category).

- Data subjects: Interested parties; business and contractual partners.

- Purposes of Processing: Provision of contractual services and customer support; contact requests and communication; Office and organisational procedures; Managing and responding to enquiries.

- Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
<![if !supportLineBreakNewLine]>
<![endif]>

 

Provision of the online offer and web hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

- Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).

- Data subjects: Users (e.g. website visitors, users of online services).

- Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.

- Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

 

Further information on processing processes, procedures and services:

- Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g. to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure server utilisation and stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidentiary purposes is exempt from erasure until the respective incident has been finally clarified.

 

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorisation for contacting or sending for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defence against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the user, we also store the data required to avoid renewed contact (e.g. depending on the communication channel, the e-mail address, telephone number, name).

- Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers).

- Data subjects concerned: Communication partner.

- Purposes of processing: Direct marketing (e.g. by email or post).

- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

 

Rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

- Right to withdraw consent: You have the right to withdraw any consent you have given at any time.

- Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
<![if !supportLineBreakNewLine]>
<![endif]>

- Right to rectification: In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

- Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.

- Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request that it be transferred to another controller.

- Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.