1. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection rules, is:
In the following, we provide you with information about the processing of your personal data within the context of the use of our website.
Should you have any further questions relating to data protection in connection with our website or the services offered, please contact our data protection officer.
The data protection officer for the controller is:
DPP Data Protection GmbH
2. Scope, purpose and legal basis for the processing of personal data
In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website, as well as our content and services. The collection and use of the personal data of our users is carried out on a regular basis only with the consent of the user. An exception applies in those cases in which for reasons of fact it is not possible to obtain prior consent and the processing of the data is permitted by law.
2.1 Creation of logfiles
Every time our website is accessed, our system automatically captures data and information from the computer system of the requesting computer.
The following data (“technical information”) is collected:
Information about the browser type and the version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address in anonymous form
- Date and time of access
- Websites from which the user’s system linked to our website
- Websites which are called up by the user’s system via our website
The data is also stored in our system’s logfiles. The user’s IP addresses or other data which allow the data to be related to a user are not affected. This data is not stored with other personal data relating to the user. We process this technical information for the purpose of network security in order, for example, to combat any attacks, for marketing purposes to better understand the requirements of our users, and to improve our website offering. Our legitimate interest in data processing pursuant to Art. 6 (1) point f GDPR is also for this purpose. The collection of data for the provision of the website and to store the data in logfiles is absolutely necessary for the operation of the website. Therefore the user has no right to object.
On our website we give users the opportunity to register by entering their personal data. The data is entered into an input mask, transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:
At the time of registration, the following data is also stored:
The user’s IP address
Date and time of registration
During the registration process, the user’s consent to process this data is obtained. It is necessary for the user to register to access specific content and services on our website.
When the user’s consent has been obtained, the legal basis for the processing of data is Art. 6 (1) point a GDPR.
2.2 Contact form
A contact form on our website can be used to make contact electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. This data includes:
At the time the message is sent, the following data is also stored:
The user’s IP address
Date and time of registration
During the send operation, your consent is obtained for the processing of data and you are referred to this privacy statement. It is also possible to make contact using the email address provided. In this case, the user’s personal data that was transmitted with the email is stored.
In this connection, no data is passed on to third parties. The data is only used to process the conversation. We only use the processing of personal data from the input mask to process the establishing of contact. Where contact is made by email, we also have a legitimate interest in processing the data. The other personal data processed during the send operation is used to prevent the contact form from being misused and to ensure the security of our information technology systems. When the user’s consent has been obtained, the legal basis for the processing of data is Art. 6 (1) point a GDPR.
The legal basis for processing data which has been transmitted during the sending of an email is Art. 6 (1) point f GDPR. If the email contact is aimed at concluding a contract, Art. 6 (1) point b GDPR constitutes an additional legal basis. The data is deleted as soon as it is no longer required to realise the purpose of its collection. This is the case for personal data from the input mask of the contact form and personal data sent by email when the respective conversation with the user is concluded. The conversation is concluded when it can be inferred from the circumstances that the situation in question is definitively resolved. The user may at any time withdraw his consent to the processing of personal data with effect for the future. If the user contacts us by email, he may object to the storing of his personal data at any time. In this case, the conversation cannot be continued. All personal data which were stored in the course of making contact are deleted in this case.
2.3 Tracking tools
On our website, we use Google Analytics as the tracking and website analysis tool. The purpose is to increase the efficiency of our website and our direct marketing. This tool is operated by third-party providers and requires data to be transmitted via the website user. The legal basis for the use of website analytics is Art. 6 (1) point f GDPR.
2.4 Social media plug-ins
We use the following social media plug-ins on our website:
The basic provision of the plug-ins on our website arises from our legitimate interest for marketing purposes from Art. 6 (1) point f GDPR.
3. Legal basis for processing personal data
Insofar as we obtain consent for processing personal data from the data subject, Art. 6 (1) point a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For the processing of personal data which is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) point b GDPR serves as the legal basis. This also applies to processing which is necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) point c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) point d GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or of a third party, and if the interests, basic rights and basic freedoms of the data subject do not prevail over the interest first mentioned, Art. 6 (1) point f GDPR serves as legal basis for the processing. In this case, along with the purposes set out above, our legitimate interests are:
To protect the company from material or immaterial damage
To professionalise our products and services
To optimise costs
Furthermore, we process personal data in order to comply with data retention requirements under commercial law or tax law.
In the input masks on our website we have indicated which input fields are required to be completed by you to meet statutory or contractual requirements so that we are able to provide the service you require.
4. Data erasure and storage period
The personal data of the data subject is erased or blocked as soon as the purpose of the storage ceases to exist or is no longer necessary. At the same time, it is possible for personal data to be retained for the period in which claims against our company can be asserted (statutory periods of limitation can be from three to thirty years).
Data may also be stored beyond that if provided for by the European or national legislator in regulations, laws or provisions laid down by the legislation of the Union to which the controller is subject. Appropriate obligations to provide evidence and to retain data arise inter alia from the German Commercial Code, German Fiscal Code and the German Money Laundering Act. On this basis, the storage periods are up to ten years.
Data is blocked or erased even if a storage period prescribed by the specified norms expires, unless there is a necessity to continue to store the data for the conclusion or the fulfilment of a contract.
5. Right to object according to Art. 21 GDPR
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal Claims Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
6. Rights of the data subject
It is important to our company that our processes for processing personal data are transparent. For this reason, we make you aware that as well as the right to object, you are able to exercise further rights if the appropriate statutory requirements are met:
Right of access by the data subject according to Art. 15 GDPR
Right to rectification in accordance with Art. 16 GDPR
Right to erasure (“right to be forgotten”) in accordance with Art. 17 GDPR
Right to restriction of processing in accordance with Art. 18 GDPR
Notification obligation in accordance with Art. 19 GDPR
Right to data portability in accordance with Art. 20 GDPR
(no) automated individual decision-making, including profiling in accordance with Art. 21 GDPR
To safeguard your rights, you can send an email to email@example.com. In order to process your application and for identification purposes, we make you aware that we process your personal data in accordance with Art. 6 (1) point c GDPR.
You have the right to withdraw your declaration of consent under data protection law at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In some cases, we are entitled despite the withdrawal to continue to process your personal data on a different legal basis (to fulfil a contract).
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy, pursuant to Article 78 GDPR.
Competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)