Data Protection Statement

As of: 10/04/2018

  1. Preface
  2. Data Controller
  3. Data Protection Officer
  4. Terms
  5. General Information about Data Processing
  6. Provision of the Website and Creation of Log Files
  7. Legal Basis for Data Processing
  8. Purpose of Data Processing
  9. Duration of Storage
  10. Possibility for Appeal and Removal
  11. Use of Cookies
  12. Newsletter
  13. Contact Form and E-Mail Contact
  14. Registration
  15. Google Analytics
  16. Google Fonts
  17. Google Maps
  18. Facebook
  19. YouTube
  20. Rights of the Data Subject
  21. Right of Objection
  22. Right of Revocation of the Data Protection Declaration of Consent
  23. Automated Decision in Individual Cases Including Profiling
  24. Right to Complain at a Supervisory Authority

 

  1. Preface
  2. Romai places great value on data protection.
    This data protection statement informs you about the type, scope and purpose of the processing of personal data within our online service and the connected websites, functions and contents (hereinafter jointly referred to as "online service" or "website"). This data protection statement shall apply regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online service is performed.

     

  3. Data Controller
  4. The data controller within the meaning of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature:

    ROMAI Robert Maier GmbH
    Florianstrasse 22
    71665 Vaihingen/Enz-Horrheim
    Germany

    Tel.: +49 7042 - 8321-0
    E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Website: www.romai.de

     

  5. Data Protection Officer
  6. The data protection officer responsible for processing is:

    Ralf Zlamal
    IITR Datenschutz GmbH
    Schubertstrasse 2
    73660 Urbach
    Germany

    Tel.: +49 (0)89 18917360
    Website: www.iitr.de

    Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

     

  7. Terms
  8. Our data protection statement is based on the terms used by the European legislator for directives and regulations when issuing the General Data Protection Regulation (GDPR). Our data protection statement should be easy to read and understandable for the public and for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance. The terms used, such as "personal data" or their "processing" are defined in Art. 4 of the General Data Protection Regulation (GDPR).
    In this data protection statement we use the following terms, among others:

    Personal Data
    Personal data is all information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered identifiable if he can be identified directly or indirectly, in particular by attribution to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

    Data Subject
    The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

    Processing
    Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, capture, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, publication or any other form of provision, comparison or linking, restriction, erasure or destruction.

    Restriction of Processing
    Restriction of processing is the labelling of stored personal data with the aim of restricting their future processing.

    Profiling
    Profiling is any form of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

    Pseudonymisation
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

    Data Controller or Person Responsible for Processing
    The data controller or person responsible for processing is the natural or legal person, authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by European Union law or by the law of the Member States, the data controller or the specific criteria for his appointment may be laid down in accordance with European Union law or the law of the Member States.

    Data Processor
    The data processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.

    Recipient
    The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether this is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.

    Third Party
    A third party is a natural or legal person, authority, institution or body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or the data processor.

    Consent
    Consent shall mean any informed and unequivocal expression of will which has been given voluntarily by the data subject in particular in the form of a declaration or other clear affirmative act by which the person indicates his or her consent to the processing of personal data concerning him or her.

     

  9. General Information on Data Processing
  10. Scope of Personal Data Processing
    We only collect and use personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of the personal data of our users only ensues regularly with the user's consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

    Legal Basis for the Processing of Personal Data
    Insofar as we obtain the consent of the data subject for the processing of personal data, Art.  6  (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data required for fulfilling a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR shall serve as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR shall serve as the legal basis. If processing is necessary in order to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject shall not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR shall serve as the legal basis for processing.

    Data Deletion and Storage Period
    The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject.
    The data shall also be blocked or deleted if the storage period prescribed by the aforementioned standards expires, unless there is a need for the further storage of the data for the conclusion or fulfilment of a contract.

  11. Provision of the Website and Creation of Log Files
  12. Description and Scope of Data Processing
    Each time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

    • information about the type of browser and the version used
    • operating system of the user
    • internet service provider of the user
    • IP address of the user
    • date and time of access
    • websites from which the system of the user reaches our website
    • websites accessed by the system of the user via our website

    The data is also saved in the log files of our system. This data is not stored together with other personal data of the user. The data is also saved in the log files of our system. Not affected by this are the IP addresses of the user or other data that enable the attribution of the data to a user. This data is not stored together with other personal data of the user.

  13. Legal Basis for Data Processing
  14. The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
    The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR.

  15. Purpose of Data Processing
  16. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.
    The data is stored in log files to ensure the functionality of the website. In addition, the data serves the optimisation of the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not ensue in this context.
    Our legitimate interest in data processing according to Art. 6 (1) (f) GDPR also lies in these purposes.

  17. Duration of Storage
  18. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users is deleted or altered, so that an attribution of the accessing client is no longer possible.

     

  19. Possibility for Appeal and Removal
  20. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

  21. Use of Cookies
  22. Description and Scope of Data Processing
    We use so-called cookies on the basis of our legitimate interests on this website. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables a unique identification of the browser when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after changing the webpage. The following data is stored and transmitted in the cookies:

    • language settings
    • items in a shopping basket
    • log-in information

    Furthermore, we use cookies on our website which enable an analysis of the user’s surfing behaviour.
    In this way, the following data can be transmitted:

    • search terms entered
    • frequency of page views
    • use of website functions

    The user data collected in this way is pseudonymised via technical precautions. Therefore, it is no longer possible to attribute the data to the accessing user. The data shall not be stored together with other personal data of the users.
    When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies in the browser settings can be prevented.
    When accessing our website, the user is informed about the use of cookies for analytical purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this data protection statement.

    Legal Basis for Data Processing
    The legal basis for the processing of personal data by using cookies is Art. 6 (1) (f) GDPR.
    The legal basis for the processing of personal data by using technologically necessary cookies is Art. 6  (1) (f) GDPR.
    The legal basis for the processing of personal data by using cookies for analytical purposes, if the respective consent of the user exists, is Art. 6 (1) (a) GDPR.

    Purpose of Data Processing
    The purpose of using technologically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognised after changing the webpage.
    The user data collected by technologically necessary cookies is not used to create user profiles.
    We require cookies for the following applications:

    • Shopping basket
    • Adopting language settings
    • Remembering search terms

    The use of analysis cookies ensues with the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimise our services. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.

    Duration of Storage, Possibility for Appeal and Removal
    Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies which are already stored can be deleted at any time. This can also ensue automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.
    The transmission of Flash cookies cannot be prevented via browser settings, but by changing the Flash Player settings.

     

  23. Newsletter
  24. Description and Scope of Data Processing
    Based on our legitimate interests on this website, we offer our users the opportunity to subscribe to a free newsletter.
    We shall only send newsletters, e-mails and other electronic notifications containing advertising (hereinafter "newsletters") with the consent of the recipients or legal permission. When registering for the newsletter, the data from the input mask is transmitted to us.
    If the contents of a newsletter are specifically described within the scope of a subscription, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
    The following user data is collected:

    • e-mail address
    • first name and surname

    Furthermore, the following data is collected when registering:

    • IP address of the accessing computer
    • date and time of registration

    In the course of the registration process, your consent is obtained for the processing of the data and reference is made to this data protection statement.
    Subscription to our newsletter takes place via a so-called double opt-in procedure. This means that after registration you receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. Subscriptions to the newsletter are logged in order to substantiate the registration process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. The changes to your data stored with the shipping service provider are also logged.
    If you purchase goods or services on our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for similar goods or services of our own shall be sent via the newsletter.
    In connection with data processing for the dispatch of newsletters, no data is transmitted to third parties. The data is used exclusively for sending the newsletter. The newsletters contain a so-called "web beacon", meaning a pixel-sized file which is retrieved from the server of the shipping service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval is initially collected. This information is used to improve the services technologically based on the technological data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be attributed to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to monitor individual users. Instead, the evaluations serve to determine the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

    Legal Basis for Data Processing
    The legal basis for the processing of the data after subscription to the newsletter by the user, if consent by the user exists, is Art. 6 (1) (a) GDPR.
    The legal basis for sending the newsletter as a result of the sale of goods or services is Sect. 7 (3) of the German Fair Trade Practices Act (UWG).
    The legal basis for statistical collection and analyses is Art. 6 (1) (f) GDPR.

    Purpose of Data Processing
    To subscribe to the newsletter, simply enter your e-mail address. The collection of the user's e-mail address serves the purpose of sending the newsletter. Optionally, we ask you to enter a name in order to address you personally in the newsletter.
    The collection of other personal data as part of the registration process serves to prevent the misuse of the services or the e-mail address used. The purpose of the statistical surveys is to utilise a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.

    Duration of Storage
    The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.
    The other personal data collected during the registration process shall generally be deleted after a period of seven days.

    Possibility for Appeal and Removal
    Subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter.
    This also makes it possible to revoke the consent to the storage of personal data collected during the subscription process. At the same time, your consent to the statistical analyses will expire. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. If users have only subscribed to the newsletter and cancelled this subscription, their personal data shall be deleted.

    heir

  25. Contact Form and E-Mail Contact
  26. Description and Scope of Data Processing
    On the basis of our legitimate interests, we use a contact form on this website, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored.
    This data includes:

    • e-mail address
    • first name and surname
    • address
    • telephone number

    At the time of sending the message, the following data is also stored:

    • IP address of the accessing computer
    • date and time of registration

    In the course of the sending process, your consent is obtained for the processing of the data and reference is made to this data protection statement.
    Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the interchange.

    Legal Basis for Data Processing
    The legal basis for the processing of the data, if consent by the user exists, is Art. 6 (1) (a) GDPR.
    The legal basis for the processing of the data which is transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

    Purpose of Data Processing
    The processing of the personal data from the input mask serves only for the processing of contacting. If contact has been made via e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
    The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

    Duration of Storage
    The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case if the respective interchange with the user is terminated. The interchange is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
    The other personal data collected during the sending process shall generally be deleted after a period of seven days.

    Possibility for Appeal and Removal
    The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the interchange cannot be continued.
    In case of objection, please send an informal e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.
    All personal data stored in the course of contacting us will be deleted in this case.

     

  27. Google Analytics
  28. Scope of Personal Data Processing
    On the basis of our legitimate interests, we use the Google Analytics web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). It is used to analyse the surfing behaviour of our users.
    Google uses cookies. The information generated by the cookie about the use of the online service by users is generally transmitted to a Google server in the USA and stored there. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website is called up, which is operated by the data controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which serves Google, among other things, to trace the origin of visitors and clicks and subsequently to enable commission to be financially settled.
    Cookies are used to store personal information, such as access time, the location from which access came and the frequency of visits to our website by the data subject. Whenever you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.
    If individual pages of our website are accessed, the following data is stored:

    • two bytes of the IP address of the user’s accessing system
    • accessed website
    • website from which the user has accessed the website (referrer)
    • subpages that are accessed from the accessed website
    • dwell time on the website
    • frequency of visiting the website

    Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    Google will use this information on our behalf to evaluate the use of our online service, to compile reports on the activities within this online service and to provide us with further services associated with the use of this online service and the use of the internet. Pseudonymous user profiles can be created from the processed data.
    The IP address transmitted by the user's browser is not merged with other Google data.
    We use Google Analytics to display the adverts placed by Google and its partners within advertising services only to users who have also shown an interest in our online service or who have certain characteristics (e.g. interests in certain topics or products that are determined by the web pages visited) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences we would also like to ensure that our adverts correspond to the potential interest of the users and do not inconvenience them.
    We use Google Analytics only with IP anonymisation enabled. This means Google will shorten the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

    Legal Basis for the Processing of Personal Data
    The legal basis for the processing of personal data of users is Art. 6 (1) (f) GDPR.

    Purpose of Data Processing
    The processing of the personal data of users enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.
    By anonymising the IP address, the interest of users in protecting their personal data is sufficiently taken into account.

    Duration of Storage
    The data is deleted as soon as it is no longer needed for the purpose of keeping a record. In our case, this is after 18 months.

    Possibility for Appeal and Removal
    Cookies are stored on the user's computer and transmitted to our site and Google. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies which are already stored can be deleted at any time. This can also ensue automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full. Users may refuse the storage of cookies by selecting the respective settings on their browser software; users may also prevent Google from collecting data generated by the cookie and relating to their use of the website and from processing this data by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
    This browser plugin informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. The installation of the browser plugin is considered as an objection by Google. If the person's information technology system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser plugin to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, it is possible to reinstall or reactivate the browser plugin.
    Further information on data use by Google, settings and objection possibilities can be found on Google's web pages: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Administrating information which Google uses to display adverts”).

     

  29. Google Fonts
  30. Scope of Personal Data Processing
    On the basis of our legitimate interests, we use the Google Fonts service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
    Google Fonts provides an intuitive and robust directory of open source designer web fonts. With an extensive catalogue, typography can be seamlessly integrated into any design project. The service is used for the integration of fonts (web fonts) on our internet pages. The integration of Google Fonts ensues by accessing Google via the URL https://fonts.google.com. The fonts come from different designers and are open-source. When users access our online service, a request is usually transmitted to a Google server in the USA and stored and processed there. Technically, the fonts embedded in our website are stored on a Google server and then loaded from there when the page is accessed. By using Google Fonts, Google's servers send respective files to each user, based on the technologies supported by the user's browser. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Connection to Google Fonts is not authenticated. When you visit our website, no cookies or login information are sent to Google via the Google Fonts service. Respective requests to the servers of the Google Fonts service are made to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requests for fonts are generally separate from login information which can otherwise be sent to Google domains, such as google.com or google.de, and authenticated. Google Fonts logs CSS and font file request records. Google assigns aggregated usage numbers for statistical purposes on the popularity of font families and publishes these results on an analytics page (https://fonts.google.com/analytics). More information about the Google Fonts service can be found at https://developers.google.com/fonts/faq.

    Legal Basis for the Processing of Personal Data
    The legal basis for the processing of personal data of users is Art. 6 (1) (f) GDPR.

    Purpose of Data Processing
    Data processing ensues in the interest of analysing, optimising and economically operating the online service in order to integrate content or service offers from third party providers or their content and services.
    We use Google Fonts to make our website independent of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display image on different systems. The purpose and scope of data collection and further processing and use of the data by Google can be viewed in Google's data protection statement at https://policies.google.com/privacy?hl=de.

    Duration of Storage
    The data will be deleted as soon as it is no longer needed for the purpose of keeping a record.

    Possibility for Appeal and Removal
    More information on data use by Google, possible settings and objections can be obtained on the Google websiteshttps://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Administrating information which Google uses to display adverts”).

     

  31. Google Maps
  32. Scope of Personal Data Processing
    On the basis of our legitimate interests, we use the Google Maps service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Maps is an online map service by Google. The earth's surface can be viewed as a road map or as an aerial or satellite image. The service is used for the integration of map data on our website. The integration of Google Maps is done by accessing a Google server via an interface, the Google Maps API. When users access a page of our online service, in which a corresponding map section has been integrated, a request is transmitted to a Google server in the USA and stored and processed there. By using Google Maps, Google's servers send corresponding data to the user's browser to display the map material. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). More information about the Google Maps service can be found at https://developers.google.com/fonts/faq.

    Legal Basis for Personal Data Processing
    The legal basis for the processing of personal data is Art. 6 (1) (f) GDPR.

    Purpose of Data Processing
    Data processing ensues in the interest of analysing, optimising and economically operating the online service in order to integrate content or service offers from third party providers or their content and services. We use Google Maps to integrate verified map data in our online presence. The purpose and scope of data collection and further processing and use of the data by Google can be viewed in Google's data protection statement at https://policies.google.com/privacy?hl=de.

    Duration of Storage
    The data will be deleted as soon as they are no longer needed for the purpose of keeping a record.

    Possibility for Appeal and Removal
    More information on data use by Google, possible settings and objections can be obtained on the Google websiteshttps://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Administrating information which Google uses to display adverts”).

     

  33. Facebook
  34. Description and Scope of Data Processing
    On the basis of our legitimate interests, we use social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
    The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (a white "f" on a blue tile, the term "like" or a "thumbs up" sign) or are marked with the addition of a "Facebook Social Plugin". The list and the appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
    Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
    If a user accesses a function of this online service which contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online service. User profiles can be created from the processed data. We therefore have no influence on the amount of data Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge. By integrating the plugins, Facebook receives information that a user has accessed the corresponding page of the online service. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.

    Legal Basis for Data Processing
    The legal basis for the processing of personal data of users is Art. 6 (1) (f) GDPR.

    Purpose of Data Processing
    The data processing ensues in the interest of the analysis, optimisation and economic operation of the online service.
    The purpose and scope of the data collection and further processing and use of the data by Facebook, as well as the relevant rights and settings options for the protection of the privacy of the users, can be found in the Facebook data protection information: https://www.facebook.com/about/privacy/.

    Duration of Storage
    The data shall be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

    Possibility for Appeal and Removal
    If a user is a Facebook member and does not want Facebook to collect data about him via this online service and link it to his membership data stored on Facebook, he must log out of Facebook before using our online service and delete his cookies.
    Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

     

  35. YouTube
  36. Description and Scope of Data Processing
    Based on our legitimate interests, we use components of the YouTube service operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). YouTube is an internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers and videos produced by users themselves can be accessed via the internet portal. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to transmit data to YouTube. You can find more information about YouTube at https://www.youtube.com/yt/about/de/. In the course of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the data subject.
    If the data subject is logged on to YouTube at the same time, YouTube recognises which specific subpage of our website the data subject is visiting by accessing a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged on to YouTube at the same time as accessing our website; this happens regardless of whether the data subject clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the data subject, he can prevent the transmission by logging out of his YouTube account before accessing our website.

    Legal Basis for Data Processing
    The legal basis for the processing of personal data of users is Art. 6 (1) (f) GDPR.

  37. Purpose of Data Processing

  38. The data processing ensues in the interest of the analysis, optimisation and economic operation of the online service. The purpose and scope of data collection and the further processing and use of the data by YouTube can be found at https://www.google.de/intl/de/policies/privacy/.

    Duration of Storage
    The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

    Possibility for Appeal and Removal
    If a user is also a YouTube user and does not want YouTube to collect data about him via this online service and link it to the user data stored on YouTube, he must log out of YouTube before using our online service and delete his cookies.
    YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Accordingly, it may be necessary for the user to log out of a possible user account of Google Inc. and delete his cookies.
    YouTube offers the possibility of contradicting targeted advertising under https://www.google.de/settings/ads/authenticated.

     

  39. Rights of the Persons Concerned
  40. If personal data are processed by you, you are the data subject in the sense of the GDPR and you have the following rights vis-à-vis the data controller:

    Right of Information
    You can demand confirmation from the data controller whether personal data concerning you will be processed by us.
    If such processing has taken place, you can demand the following information from the data controller:

    • the purposes for which the personal data is processed;
    • the categories of personal data processed;
    • the recipients or categories of recipients to whom the personal data concerning you has been disclosed or is still being disclosed;
    • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
    • the existence of a right to have your personal data concerning you rectified or deleted, a right to have the processing restricted by the data controller or a right to object to such processing;
    • the existence of a right of appeal to a supervisory authority;
    • any available information on the origin of the data if the personal data is not collected from the data subject;
    • the existence of automated decision-making, including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

    You have the right to request information as to whether the personal data concerning you is transmitted to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees according to Art. 46 GDPR in connection with the transmission. This right to information may be restricted to the extent that it is likely to make it impossible or seriously impair the realisation of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

    Right to Rectification
    You have a right to rectification and/or completion vis-à-vis the data controller if the processed personal data concerning you is incorrect or incomplete. The data controller shall make the correction immediately.
    This right to rectification may be restricted to the extent that it is likely to make it impossible or seriously impair the realisation of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

    Right of Restriction of Processing
    Under the following conditions, you may demand that the processing of personal data concerning you be restricted:

    1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
    2. the processing is unlawful and you refuse to erase the personal data and instead request that the use of the personal data be restricted;
    3. the data controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
    4. if you have filed an objection to the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

    If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
    If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted. This right of restriction of processing may be restricted to the extent that it is likely to make it impossible or seriously impair the realisation of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

    Right to Erasure
    You may demand that the data controller erase the personal data relating to you immediately and the data controller is obliged to erase this data immediately if one of the following reasons applies:

    1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
    2. You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for processing.
    3. You file an objection against the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with Art. 21 (2) GDPR.
    4. The personal data concerning you has been processed unlawfully.
    5. The erasure of personal data concerning you is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the data controller is subject.
    6. The personal data concerning you has been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR. Information to Third Parties

    If the data controller has made the personal data concerning you public and is obliged to erase it in accordance with Art. 17 (1) GDPR, he shall take appropriate measures, including technological measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

    Exceptions
    The right to erasure does not exist insofar as the processing is necessary

    1. for the execution of the right of expression and information;
    2. for fulfilling a legal obligation required for processing under the law of the European Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or for executing official authority conferred on the data controller;
    3. for reasons of public interest in the field of public health according to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
    4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
    5. for asserting, executing or defending legal claims.

    Right to Information
    If you have exercised your right to have the data controller correct, delete or restrict the processing, he is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. The data controller has the right to be informed about such recipients.

    Right of Data Portability
    You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data on to another data controller without obstruction by the data controller to whom the personal data was provided, provided that

    1. processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and
    2. processing is carried out using automated procedures.
    In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technologically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the execution of official power conferred on the data controller.

     

  41. Right of Objection
  42. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. The data controller will no longer process the personal data concerning you, unless he can substantiate legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
    You have the possibility to exercise your right of objection in connection with the use of the information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
    You also have the right to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR for reasons arising from your particular situation. This right to object may be restricted to the extent that it is likely to make it impossible or seriously impair the realisation of research or statistical purposes and the restriction is necessary for the fulfilment of research or statistical purposes.

     

  43. Right of Revocation of the Data Protection Declaration of Consent
  44. You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

     

  45. Automated Decision in Individual Cases Including Profiling
  46. You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply, if the decision

    1. is necessary for the conclusion or performance of a contract between you and the data controller,
    2. is admissible by law of the European Union or of the Member States to which the data controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
    3. is made with your express consent.
    However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state his own position and to challenge the decision.

  47. Right to Complain at a Supervisory Authority
  48. Without prejudice to any other administrative law or legal action, you have the right to appeal to a supervisory authority, in particular in the Member State where you are staying, working or the alleged infringement has taken place, if you believe that the processing of personal data concerning you is contrary to the GDPR.
    The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of legal action under Art. 78 GDPR.