Data protection

Data protection

I.    Contact details of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as data protection regulations is:

HUF HAUS GmbH & Co. KG
Franz-Huf-Straße 1
56244 Hartenfels
Deutschland
Tel.: 02626 761-0
E-Mail: info@huf-haus.com
Website: www.huf-haus.com 

II.    Contact details of the Data Protection Officer

You can contact our Data Protection Officer at datenschutz@huf-haus.com or at our postal address FAO “der Datenschutzbeauftragte”.

III.    General information on data processing

1.    Scope of processing of personal data
We process the personal data of our users in principle only where this is required to provide a functional website as well as the contents and services offered by us. The personal data of our users is usually only processed with the consent of the user. An exception applies to cases in which prior consent cannot be obtained on factual grounds and the processing of the data is permitted by law.

2.    Legal basis for the processing of personal data
Where we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as legal basis.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6 (1) (b) GDPR is the legal basis. This also applies to processing operations that are required to take steps prior to entering into a contract. Where the processing of personal data is necessary for the compliance with a legal obligation to which our company is subject, Article 6 (1) (c) GDPR is the legal basis.
If the processing of personal data is required in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) (d) GDPR is the legal basis.
If the processing is required to protect the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interests, Article 6 (1) (f) GDPR is the legal basis for the processing.

3.    Data erasure and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, personal data may be stored if provided for by the European or national legislator in EU regulations, laws, or other regulations to which the controller is subject. The data is also blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.

4.    Use of service providers
We use service providers for the following services and for the processing of your data:
(1)     for the hosting of our website in a secure computer centre
(2)     the care and maintenance of software and hardware
The service providers process data in the course of so-called job processing Article 28 GDPR exclusively in accordance with our instructions and are obliged to comply with the applicable data protection provisions. All service providers have been carefully selected by us and obtain access to personal data only to the extent and for the duration required to provide the service or as far as you have consented to the use of the data.

Where the registered office of our service providers or partners is located in a country outside the European Economic Area (EEA), we will inform you accordingly.

IV.    Provision of the website and creation of log files

1 .    Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected here:

(1)    Information regarding the browser type and the version used
(2)   The user’s operating system
(3     The internet service provider of the user
(4)   The IP address of the user
(5)   Date and time of access
(6)   Websites, from which the system of the user reaches our website
(7)   Websites that are called up by the system of the user via our website

The data is also stored in the log files of our system. Storage of this data will not be stored with other personal data of the user.

2.    Legal basis for data processing
The legal basis for temporary storage of the data and the log files is Article 6 (1) (f) GDPR.

3.    Purpose of the data processing
Temporary storage of the IP address by the system is required to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
Log files are used for the storage in order to ensure the functionality of the website. The data also helps us to optimise the website and to safeguard the security of our IT systems. In this context, the data is not evaluated for marketing purposes.
Our legitimate interest in data processing also lies in these purposes, in accordance with Article 6 (1) (f) GDPR.

4.    Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Where data is collected for the provision of the website, the data is deleted when the respective session is completed.
If the data is stored in log files, it will be deleted within seven days. Continued storage may be possible, in which case the users’ IP addresses are deleted or masked so that association with a website user isnot possible.

5.    Option to reject and erase
The capture of the data for the delivery of our website and the storage of the data in log files is imperative for the operation of our website. The user therefore does not have the option to object.

V.   Use of cookies

a) Description and scope of the data processing
Our site uses cookies. Cookies are text files which are saved in the internet browser or by the internet browser on the computer system of the user. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified also after changing websites.
In the process, the following data is saved and transferred:
(1)    Log-in information, e.g. login area  ServiceART
(2)    Consent to note on cookie
(3)    Spam protection
In addition, we also use cookies on our website, which facilitate an analysis of the surfing behaviour of the users (Google Analytics, Eloqua).
The following data can be transmitted this way:
(1)    various statistics on visitors’ analysis
(2)    use of website functions
The user data collected this way are pseudonymised by technical means. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data.

When you visit our website the users will be informed of the use of cookies for analytical purposes and referred to this data privacy statement by means of an info banner. In this context, reference is also made to the fact that the storage of cookies can be prevented in the browser settings.
When our website is accessed, the user is notified about the use of cookies for analytical purposes and his consent for the processing of the personal data used in this connection is obtained. In this context, reference is also made to this privacy policy.
(b) Legal basis for data processing
The legal basis for the processing of personal data through the use of cookies is Art. 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies that are technically necessary is Article 6 (1) (f) GDPR.
The legal basis for the processing of personal data while using cookies for analysis purpose is Article 6 (1) (a) GDPR. if the user’s consent to this effect has been obtained.
c) Purpose of the data processing
The purpose of utilising technically necessary cookies is to facilitate the use of the website for the users. Some functions of our website cannot be offered without the use of cookies. For those, it is required that the browser can be recognised also after a change of the website.
We require cookies for the following purposes:
(1)    Login function
The user data collected by means of technically required cookies is not used to create user profiles.
The use of cookies for analysis has the purpose to improve the quality and contents of our website. We learn by means of the analysis cookies how the website is used and thus can continuously optimise our offering.
(2)    Analytics of visitor statistics
(3)    User-Tracking Eloqua
Our legitimate interest in the processing of the personal data also lies in these purposes, in accordance with Article 6 (1) (f) GDPR.
d) Duration of storage, Right to object and right to erasure
Cookies are stored on the user’s computer and transmit information to our website. You therefore have total control over the use of cookies on your computer. You can disable or limit cookie activity by changing the settings in your web browser. Cookies already stored on your computer can be disabled at any time. This can also be done automatically. Disabling cookies may lead to restricted functionality of our website.

VI.    Newsletter

1.    Description and scope of the data processing
Newsletters are despatched on the basis of the user’s registration on the website:
It is possible to subscribe to a free newsletter via our website. In the process of registering for the newsletter, the data entered on the input screen is transmitted to us.

Name, e-mail address, postal address, telephone number

In addition, the following data is collected during registration:
(1)    IP address of the computer making the request
(2)   Date and time of registration
For the processing of the data, your consent is obtained, and reference is made to this privacy policy as part of the registration process.

Data will not be passed on to third parties in the context of data processing for the sending of newsletters. The data will be used exclusively for sending the newsletter.

2.    Legal basis for the data processing
If the user’s consent is available, the legal basis for the processing of the data after the user has registered for the newsletter is Article 6 (1) (a) GDPR.

3.    Purpose of the data processing
The user’s e-mail address is collected in order to send the newsletter.
The purpose of collecting other personal data during the course of the registration process is to prevent the misuse of the services or fraudulent use of the e-mail used.

4.    Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is ordinarily deleted after a period of seven days.

5.    Right to object and erasure
The user concerned may cancel the subscription to the newsletter at any time. A corresponding link for this purpose is provided in every newsletter. This also enables a withdrawal of the consent to the storage of the personal data collected during the registration process.
 

VII.    Contact form, form to request informational material and e-mail contact

1.    Description and scope of the data processing
Our website contains a contact form as well as a form to request informational material which can be used to establish contact electronically. If a user chooses this option, the data entered in the input screen will be sent to us and stored. The contact form contains the following data:
•    My name
•    My e-mail address
•    My phone number
•    Town/city
•    Country
•    My topic
The form to request informational material contains:
•    Postal address
•    Telephone number
•    E-mail address
When the message is sent, the following data is also stored:
(1)   The IP address of the user
(2)   Date and time of registration


For the processing of the data, your consent will be obtained and reference will be made to this privacy policy, as part of the dispatch process.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
Data will not be passed on to third parties in this regard unless you have given your consent for us to pass this on to our HUF group of companies (MalerBodenART GmbH, GartenART GmbH, HUF HAUS Finanzierungsservice GmbH, redblue energy GmbH & Co. KG, StilART Möbelwerkstätten GmbH, IDEAL Betonelementbau GmbH & Co. KG). The data will be used exclusively for processing the conversation or for the purposes for which you have given your consent. This data will be used exclusively for processing the conversation.

2.    Legal basis for data processing
If the consent of the user has been provided, the legal basis for the processing of the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) (f) GDPR. If the e-mail contact is aimed at forming a contract, an additional legal basis for the processing is Article 6 (1) (b) GDPR.

3.    Purpose of the data processing
The purpose of processing the personal data from the input screen is solely to enable us to process the establishment of contact. In the case of contact via e-mail, this is also the basis of the required legitimate interest in the processing of the data.
The other personal data processed during the dispatching process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4.    Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input screen of the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The personal data also collected during the dispatching process is deleted no later than after a period of seven days.

5.    Right to object and erasure
The user has the right to withdraw its consent to the processing of the personal data at any time. A user contacting us by e-mail may object to the storage of his personal data at any time. In this case, the conversation cannot be continued.

You can notify us of your objection informally at any time by contacting us using the contact details provided in clause 1.
In this case, all personal data stored during contact will be erased.

VIII. Publication of job advertisements / online job applications

1.    Scope of processing of personal data
You have the opportunity to send us your application details by e-mail or via our online application portal.
You application details are processed by the HUF HAUS head office:
   
HUF HAUS GmbH u. Co. KG
Franz-Huf-Straße
56244 Hartenfels
Germany
Tel.: 02626 761-0
E-Mail: info@huf-haus.com
Website: www.huf-haus.com

2.     Legal basis for data processing
The legal basis for the processing of personal data of the applicants is Section 26 of the Federal Data Protection Act.

3.    Purpose of the data processing
Your data is electronically collected and processed by us for the purpose of handling the application process. If your application leads to the signing of an employment contract, the data you have transmitted can be saved by us in your personnel file for the purpose of the usual organisational and administrative process, in compliance with the relevant legal provisions. The processing is carried out exclusively in Germany.

4.    Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input screen of the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

5.    Right to object and right to erasure
During the course of the ongoing application process, the applicant has the opportunity at any time to withdraw his consent for the processing of the personal application data. A user contacting us by e-mail may object to the storage of his personal data at any time. In this case, the conversation cannot be continued.

If your job application is not successful, the data you have transmitted to us is automatically erased six months after notification of the rejection. This does not apply if a longer storage period is required due to legal requirements (for example the burden of proof under the Equal Treatment Act), or if you have expressly consented to a longer storage period in our potential customer database. An applicant has the right of information, correction and erasure of his data.

IX.    Web analysis using Google Analytics

(1) This website uses Google Analytics, an online website analysis service of Google Inc. ("Google").
Google Analytics uses so-called “cookies”, these are text files stored on your computer, and which enable an analysis on how you use the website. The information generated by the cookie about your usage of this website is normally sent to one of Google's servers in the USA and stored there. If IP anonymisation has been activated on this website, your IP address will, however, first be truncated by Google within the Member States of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area. Only in exceptional situations will your full IP address be transmitted to a Google server in the US and truncated there. Google will use this information on behalf of this website’s operator to analyse your use of this website, to create reports about website activity, and to provide additional services connected with the website and Internet use to the website operator.
(2) Google will not associate your IP address transmitted by your browser with any other data held by Google.

(3) You can prevent the storage of cookies storage by selecting the appropriate settings in your browser; however, we would like to point out that in such cases you might not be able to use all of the functions of this website. You can also prevent the capture of the data related to your use of the website generated by the cookie (including your IP address) on Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.


(4) This website uses Google Analytics with the “_anonymizeIp()” function. The IP addresses are further processed in truncated form, excluding the possibility of their being linked to any individual. If the data collected from you is found to be of a personal nature, it will be removed and deleted immediately.

(5) We use Google Analytics to analyse the use of our website and regularly make improvements to it. The statistical evaluation obtained helps us to improve our website and make it more interesting for you as user. For exceptional cases in which personal data may be transmitted to the USA, Google is subject to the EU-US Privacy Shield Framework: www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1, sentence 1 f GDPR.


(6) Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: www.google.com/analytics/terms/de.html; Data privacy overview: www.google.com/intl/de/analytics/learn/privacy.html, and Data Privacy Policy: www.google.de/intl/de/policies/privacy.

X.    Other web analysis tools

1.    Integration of YouTube videos

(1) We have YouTube videos integrated on our website. These are stored at www.YouTube.com and can be played directly from our website.



(2) When you visit our website, YouTube receives the information that you have accessed the corresponding sub-page. This is done regardless of whether or not you have a YouTube user account through which you are logged in. If you are logged into Google, your data will be associated directly with your account. If you prefer that your activity is not associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or the design of its website. Such an analysis is undertaken (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube if you wish to exercise this right.

(3) For more information on the purpose and extent of the collection and the processing of data by YouTube, please refer to Google’s privacy policy. You will also find further information there about your rights and settings options for the protection of your privacy: www.google.de/intl/de/policies/privacy



(4) Google also processes your personal data in the USA and has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

2.    Information on social plug-ins
(1) We are currently using social media plug-ins from the following social networks: Facebook, Google+, Twitter, Xing, LinkedIn. These buttons enable you to recommend selected website contents via a social network to other internet users, to add these to your personal profile in a social network or otherwise draw attention to such contents.
(2) The recommend buttons are provided by the operators of the social networks for the purpose of embedding them into other websites. By their integration into our websites, a connection to the servers of the respective social network is made via the cookies saved on your computer system. Via this connection, your IP address is thereby transmitted to the respective social network without clicking the recommend button. You can prevent this with the appropriate browser settings (see clause 4.).
(3) If you are logged into one of the profiles of the aforementioned social networks during your visit to our websites, where appropriate, the operator of this network collects and stores other data regarding the visit to our websites. Should you not wish for this to happen, we recommend logging out of social networks prior to visit our websites.

(4) We have neither any influence on the collected data and data processing procedures, nor knowledge of the full extent of the data collection, the purpose of the processing or the storage periods. We also do not have any information about the deletion of collected data by the provider of the plug-in. Your data that has been collected is stored by the plug-in provider as usage profiles and used by the provider for the purposes of advertising, market research and/or the appropriate design of its website. Such an analysis is undertaken (also for users who are not logged in) in particular for the presentation of targeted advertising and to inform other users of the social network of your activities on our website. You have a right to object to the creation of these user profiles, and you must contact the respective plug-in provider to exercise this right.
Please request information regarding the processing and use of your data from the respective operator of the social networks. Notes from the operators on the respective data protection provisions and, where appropriate, possible settings to protect your privacy are provided here:
Addresses of the respective plug-in providers and URL with their data protection notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
HUF HAUS maintains the Facebook page to communicate with users and to refer to contributions, services and similar aspects. HUF HAUS points out that the data of the users can thereby be processed outside the area of the European Union. This can lead to risks for the users, because, for example, it may be more difficult to assert the users’ rights. Facebook has, however, agreed to be bound by the terms and conditions of the EU-US Privacy Shield and promises to comply with the data protection level of the EU (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
As a general rule, the user data is also processed for the purposes of market research and advertising. This enables, for example, the creation of usage profiles from the usage behaviour and the resulting user interests. The usage profiles can in turn be used, for example, to switch advertisements within and outside Facebook, which are presumed to correspond with the interests of the users. For these purposes, cookies are stored on the computers of the users, where in turn the usage behaviour and the interests of the users are stored.

It is also possible to store data in the usage profiles, such data being independent from the devices used by the users (in particular if the users are Facebook members and logged in). For such detailed presentation of the respective processing and the opportunities to object (opt-out), HUF HAUS refers to the following links in Facebook: Privacy policy: www.facebook.com/about/privacy/, Opt-Out: www.facebook.com/settings and www.youronlinechoices.com.


HUF HAUS would also like to point out that the most effective way to raise requests for information and assert user rights is to address such issues directly to Facebook. Only Facebook has access to the user data and can directly take appropriate measures and provide information.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/.


Google has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.


c) Further, the Tweet button by twitter.com has been implemented, for which the company Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107 in the USA (hereinafter “Twitter”) is assuming responsibility. The button can be recognised by a white “t” or by a bird. If you call up a part of our website containing such button, when this is activated, the browser makes a direct connection with the Twitter servers. Twitter is also using cookies. In any case, Twitter is collecting data about your usage behaviour. We do not have any influence on the extent of the data collected by Twitter via the button. Here also, the following applies: If you are a Twitter member, you should be aware that Twitter can collect data concerning yourself via our website (such as which specific page you have visited) and link such data with your user account - regardless of whether you use the “share” button yourself. If you do not wish this to happen, you should not activate the button and/or log out after using the Tweet button. To our knowledge it is, however, quite possible, that Twitter can link data collected by means of activated social plug-ins with the user account also at a later time via so-called persistent cookies.
You should therefore prevent the setting of cookies by Twitter via your browser settings.
The privacy policy by Twitter containing further information can be found at:

twitter.com/de/privacy


Twitter has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.


d) We also use the XING share button. During the retrieval of the HUF webpage, provided the “recommend” button is activated, a connection to servers of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany, is temporarily made via the browser, whereby the functions of the “XING share button” are provided. XING does not store any personal data regarding the retrieval of this webpage. In particular, XING does not store any IP addresses. Further, usage behaviour in connection with the “XING Share button”, is not evaluated by means of cookies. The currently valid data protection information regarding the “XING share button” and supplemental information can be retrieved here: www.xing.com/app/share


e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

3.    Information regarding Eloqua
We send e-mails by means of a range of different services. Each service is using tracking technologies. We use this date first and foremost to establish which topics are of interest to our readers, by monitoring whether our e-mails are being opened and which links are clicked on by our readers. We then use this information to improve the e-mails we are sending to your as well as the services we provide.
In relation to our above-mentioned newsletters, we use Eloqua for the registration and to send e-mails to you. Eloqua sets a permanent cookie on the respective registration page, if an Eloqua cookie has not already been placed on your device. If you have already used a website that uses Eloqua, you may already have an Eloqua cookie. We use the Eloqua cookie potentially to analyse your use of our site to enable us to continually improve the site.
E-mails that are being sent by means of Eloqua are using the type of tracking technologies described above. If you wish to completely prevent the use of Eloqua tracking technologies in your device, you have the option to do so on the Eloqua Opt-out page.
Further information can be found in the Eloqua Privacy policy.

4. Meta Pixel and other Meta Marketing services and functions: Meta Conversion Tracking, Meta Custom Audiences, Meta Retargeting, Meta Ads Ad Manager. 

On our websites, we integrate the "Meta Pixel" of Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.
In the European Union (EU) and the European Economic Area (EEA), the service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Description of data processing and purpose

We use the Meta Pixel and other meta marketing services and functions such as the Meta Custom Audiences, Meta Conversion Tracking, Meta Retargeting and the Meta Ads ad manager in order to be able to place and control targeted ads for our products and services on the meta social media platforms Facebook and Instagram and to measure how successful these ads are. 
The data collection and processing on our website is carried out via the "Meta Pixel". This is a JavaScript code that is loaded when the page is called up and executed in the browser of your end device. With the help of this JavaScript code, cookies can then be stored in your end device and various information can be read from your end device and from cookies stored there. 
In this way, it is possible for us to recognize website visitors and the end devices they use pseudonymously. Visitors who have their own user account on the Meta social media platform can also be identified by Meta as visitors to our websites across all devices. 
In addition, the "Meta Pixel" allows us to track and evaluate your interests based on the websites you visit and your interactions with our websites.

The information that is read via the "Meta Pixel" includes in particular 
- Information that is contained in the so-called HTTP header when you call up a website in the browser of your end device, in particular usage data such as IP address, information about the web browser used, the location of the page, the files called up, the referral link, which indicates the page from which you arrived at ours,
- Characteristics of the terminal device used by you when calling up our web pages,
- Cookies already present in the browser of your terminal device, if any, which have been set by meta services, e.g. marketing cookies "_fbp" and "fr",
- Button click data, i.e. data about which buttons on the web pages were clicked by visitors, the labels of these buttons and all pages visited as a result of the button clicks, this concerns, for example, the clicking of buttons in web forms for product inquiries or demonstrations, for downloading documents or for booking appointments.

Meta uses this information to create statistics for us as part of "Meta Conversion Tracking" in the "Meta Ads Ad Manager", from which we can see how many users have responded to our ads placed on the Meta social media platforms and in what way. The conversion of an ad into an action by the website visitor is referred to as a conversion. Based on these statistics, we can optimize the effectiveness of our advertising and control our advertising strategy.
In addition, we use the information collected via the "Meta Pixel" on our websites to create so-called "Meta Custom Audiences" (user-defined target groups) in the "Meta Ads Advertising Manager" and to place target group-oriented advertisements for them on the Meta Social Media Platform. For example, we can place advertisements on the platforms for website visitors who were previously interested in our products, services or promotions and had visited our websites within a certain period of time. This type of targeted advertising is called retargeting.

Legal basis of data processing

The legal basis for the integration and use of the service is your consent, provided that you have given this via our consent management platform "ConsentManager".
The use of cookies and similar technologies is based on Section 25 (1) TTDSG. The subsequent data processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO.
Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your revocation, please use the fingerprint icon at the bottom left of the web page to access "ConsentManager" again and change your settings.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries without an adequate level of data protection, in particular in the USA.
If your data is transferred to third countries, there is a risk that authorities there may access your data for security and monitoring purposes without you being informed or being able to appeal.
To ensure an adequate level of data protection when transferring your data to third countries, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 (2) lit. c DSGVO. They oblige the recipient of the data to process it in accordance with the European level of protection.
If the standard data protection clauses alone are not sufficient to ensure the level of protection, additional technical, contractual or organizational measures are taken to safeguard the transfer of data. Furthermore, it is regularly reviewed and evaluated whether these additional measures continue to ensure a sufficient level of data protection or whether further supplementary measures may need to be taken. 

Recipient

In the course of using the service, the data collected via our websites is transmitted to the following recipients:
- Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland,
- Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.
In principle, we have no influence on further data processing by the third-party provider.

Further information on the handling of personal data by Meta can be found at de-de.facebook.com/privacy/policy/.



Storage period

Through the integration of the service on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 24 months.

XI.    Rights of the Person concerned

If your personal data is processed, you are a data subject within the meaning of GDPR and you have the following rights against controller:

1.    Right of access
You may ask the controller to confirm whether your personal data is processed by us.
If such processing is carried out, you can request information from the controller on the following:
(1)   the purposes for which personal data is processed;
(2)   the categories of personal data that is processed;
(3)   the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is will be disclosed;
(4)   the envisaged period for which the personal data relating to you will be stored, or, if specific details cannot be provided in this respect, the criteria used to determine that period;
(5)   he existence of a right to request from the controller rectification or erasure of personal data relating to you or restriction of processing or to object to such processing;
(6)   the existence of a right to lodge a complaint with a supervisory authority;
(7)   all available information on the origins of the data, if the personal data is not collected from the data subject;
(8)   the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic applied as well as the significance and the envisaged effects of such processing for the data subject.
You have the right to request information on whether the personal data relating to you is transmitted to a third country or to an international organisation. In this connection, you may request information about the appropriate safeguards in accordance with Article 46 GDPR, in connection with the transmission.

2.    Right to rectification
You have the right to request the rectification and/or completion of your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the rectification without delay.

3.    Right to restriction of processing
Subject to the following conditions, you may request the restriction of processing of the personal data relating to you:
(1)   If you are disputing the accuracy of the personal data concerning your person for a duration, which enables the responsible party to verify the accuracy of the personal data;
(2)   the processing is unlawful, and you oppose the deletion of the personal data and instead request a restriction of its use;
(3)   the controller no longer requires the personal data for the purposes of the processing, you, however, you require these for the establishment, exercise or defence of legal claim, or
(4)   if you have objected to the processing in accordance with Article 21 (1) GDPR and it has not yet been established whether the legitimate grounds of the controller outweigh your grounds.
If processing of the personal data relating to you has been restricted, then this data may only be processed, apart from its storage, with your permission or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of a significant public interest of the European Union or a member state.
If the processing has been restricted in accordance with the above-mentioned conditions, you shall be notified by the controller prior to the withdrawal of the restriction.

4.    Right to erasure
a) Duty to erase
You can request the controller to immediately erase the personal data relating to you, and the controller has an obligation to erase such data immediately, if one of the following reasons applies:
(1)   The personal data relating to you is no longer required for the purposes for which they were collected or otherwise processed.
(2)   You are withdrawing your consent, on which the processing in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR was based, and there is no other legal basis for processing.
(3)   You are objecting to the processing in accordance with Article 21 (1) GDPR, and there are no overriding legitimate grounds for the processing, or you are objecting to the processing in accordance with Article 21 (2) GDPR.
(4)   The personal data relating to you was illegally processed.
(5)   The deletion of the personal data relating to you is required to meet a legal obligation under European Union law or the right of the member states, to which the controller is subject.
(6)   The personal data relating to you was collected in relation to the offer of information society services in accordance with Article 8 (1) GDPR.
b) Information disclosed to third parties
If the controller has made the personal data relating to you public, and he has a duty to delete such data in accordance with Article 17 (1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data.
c)    Exceptions
The right to erasure does not exist where the processing is required
(1)    for the exercise of the right to freedom of expression and information;
(2)    for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3)    for reasons of public interests in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) GDPR;
(4)    for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5)   for the establishment, exercise or defence of legal claims.

5.    Notification obligation
If you have made use of your right to rectify, erase, or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data has been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.

6.    Right to data portability
You have the right to receive the personal data relating to you which you have provided to the data controller in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where
(1)   the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
(2)   the processing is carried out using automated means.
In the exercise of this right you also have the right to seek that the personal data relating to you are transmitted directly by a controller to another controller, insofar this is technically feasible. Freedoms and rights of other persons must hereby not be compromised.
The right to data portability does not apply to the processing of personal data, which is required for the performance of a task, which is in the public interest or which is carried out in the exercise of public power, which has been transferred to the controller.

7.    Right to object
You have the right to object at any time to processing of personal data relating to you on grounds relating to your particular situation where the processing is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data related to you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or the processing serves to establish, exercise, or defend legal claims.
Where the personal data related to you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data related to you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Where you object to the processing for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.
You can notify us of your objection to advertising informally at any time by contacting us using the contact details provided in clause 1.

8.    Right to withdraw the declaration of consent under the Data Protection Act
You can withdraw your consent on the use of your data for advertising purposes at any time. You can send such withdrawal in writing or by e-mail to the above-mentioned contact address. You can also unsubscribe from a specific service using the respective platform or via your customer account and therefore withdraw your consent. If you only unsubscribe from individual services (such as a specific customer programme), your registration for other services and, where appropriate, consent provided for corresponding advertising continue to remain valid.
The withdrawal of your consent does not affect the legality of the processing up until its withdrawal.

9.     Automated individual decision-making including Profiling
You have the right not to be subjected to a decision that is exclusively based on automated processing, including profiling, where such decision has a legal effect or a similar significant adverse effect on you. This does not apply if the decision
(1)   is required for the formation or the implementation of a contract between yourself and the controller,
(2)   is admissible by European Union or Member State law to which the controller is subject, and if these legal provisions contain reasonable measures to safeguard your rights and freedoms as well as your legitimate interests or
(3)   is made with your express consent.
These decisions may not, however, be based on special categories of personal data in accordance with Article 9 (1) GDPR, provided that Article 9 (2) (a) or (g) GDPR does not apply and reasonable steps have been taken to safeguard your rights and freedoms as well as your legitimate interests.
Regarding the cases referred to in (1) and (3) the controller implements suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
We currently are not making any decisions that are exclusively based on automated processing, including profiling.

10.    Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged is shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy in accordance with Article 78 DSGVO.

XII.    Disclaimer

Our websites may contain links to websites of other providers, to which this privacy policy does not extend.
The website contains links to other websites (“external links”). These websites are the responsibility of the respective website operators. At the time of the connection to the external links, there were no legal infringements apparent. The provider does not have any influence on the current and future presentation of the linked sites. In the absence of specific indications of any legal infringements, it is not reasonable for the provider to constantly monitor the external links. As soon as we become aware of any legal infringements, we shall remove the relevant external links immediately.