Content of data protection:
The use of our website is generally possible without providing personal data.
Person in charge:
Mundsburger Damm 2
22087, Hamburg, Deutschland
+49 40 74325989
1.Basic information on data processing and legal basis
The terms used, such as “personal data” or their “processing” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
The personal data of users processed within the scope of this offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information) and usage data (e.g., the web pages visited of our offer, interest in our products).
The term “user” includes all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors to our offer. The terms used, such as “user”, are to be understood as gender-neutral.
We process users’ personal data only in compliance with the relevant data protection provisions. This means that the users’ data is only processed if a legal permission exists. I.e., in particular if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, a consent of the users is available, as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our offer within the meaning of Art. 6 para. 1 lit. f. DSGVO, in particular in the case of range measurement, creation of profiles for advertising and marketing purposes, as well as collection of access data and use of third-party services.
We would like to point out that the legal basis for the consents is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for the processing for the fulfillment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing to fulfill our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.
1.1 Use of 1&1-WebAnalytics
On our Internet pages, we use 1&1-WebAnalytics, a web analytics service of 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as 1&1 IONOS).
1&1 IONOS evaluates user behavior via our websites through its service 1&1-WebAnalytics and logs the following usage data:
– names of the pages accessed
– of the browser used,
– the operating system and
– the requesting domain,
– date and time of access,
– search engines used,
– names of downloaded files and
– your IP address.
The usage data is collected by the web analysis tool 1&1 IONOS WebAnalytics used by us and processed and stored anonymously. Further personal data is only collected if you provide it to us voluntarily, for example in the context of an inquiry via our websites.
According to 1&1 IONOS, cookies are not used.
1&1 IONOS compiles anonymous reports on website activity using the usage data collected. According to 1&1 IONOS, your IP address is also anonymized by 1&1 WebAnalytics and only processed in abbreviated form in order to exclude any reference to your person. You can find more information on how 1&1-WebAnalytics works under http://hilfe-center.1und1.de/hosting/online-marketing-c10085303/1und1-webanalytics-c10082682/vorteile-von-1und1-webanalytics-a10784875.html.
2. Security measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Disclosure of data to third parties and third-party providers:
– Data is only passed on to third parties within the framework of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, on the basis of Art. 6 Para. 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f. DSGVO in the economic and effective operation of our business.
– Where we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
– If content, tools or other means from other providers (hereinafter collectively referred to as “third party providers”) are used within the scope of this data protection declaration and their named registered office is located in a third country, it is to be assumed that a data transfer takes place to the third party providers’ countries of domicile. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, user consent or otherwise legal permission.
3. Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of customers), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO.
When contacting us (by e-mail or telephone), the user’s details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO.
User information may be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
Collection of access data and log files
We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
5. User rights
Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.
In addition, users have the right to rectify inaccurate data, restrict processing and erase their personal data, if applicable, to exercise your rights to data portability and, in the event that unlawful data processing is suspected, to lodge a complaint with the competent supervisory authority.
Likewise, users can revoke consent, in principle with effect for the future.
6. Data deletion
The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
In accordance with legal requirements, storage is for 6 years pursuant to Section 257 (1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
7. Right of objection
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations, or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.