Data Protection + Cookies
In accordance with the new General Data Protection Regulation (GDPR), we must inform you of the following:
Your data is safe with us and will be protected in accordance with the law.
This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the related websites, functions and content, as well as external online presence, such as our Social Media Profile. (collectively
referred to as “online offer”).
With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible for the data protection:
Company Karin Sebelin
Telephone: 0049 – 176 – 84545228
Type of processed data
x stock data (eg, names, addresses).
x contact information (eg, e-mail, telephone numbers).
x content data (eg, text input, photographs, videos).
x contract data (eg, subject matter, payment information, term, customer category).
x Usage data (eg, websites visited, interest in content, access times).
Processing of special categories of data (Article 9 (1) GDPR):
x No special categories of data are processed.
Categories of data subjects:
x customers / prospects / suppliers.
x visitors and users of the online offer.
x recipient of marketing activities
In the following, we also refer to the persons concerned as “users”.
Purpose of processing:
x Provision of the online offer, its contents and functions.
x provision of contractual services, service and customer care.
x Answering contact requests and communicating with users.
x Marketing, Advertising and Market Research.
x Security measures.
As of: 24.04.2018
1. Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing.
Unless the legal basis in the data protection declaration is mentioned, the following applies:
The legal basis for obtaining consent is Article 6 (1) lit.a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit.b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit.c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit.f GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
We will inform you as soon as the changes require your participation (e.g. consent) or other individual notification.
3. Security measures
3.1. We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measure as to ensure a level of protection appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures,
according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).
3.2. One of the security measures is the encrypted transfer of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents, webhosters, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “contract processing contract”, this is done on the basis of Art. 28 GDPR.
5. Transfers to third countries
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR.
This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized level of data protection (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual
6. Rights of the persons concerned
6.1. You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data inaccordance with Art. 15 GDPR.
6.2. You have accordingly Art. 16 GDPR the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
6.3. In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be deleted immediately or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
6.4. You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.
6.5. You have in accordance with Art. 77 GDPR the right to file a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to grant consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
8. Right of objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time.
The objection may in particular be made against processing for direct marketing purposes.
9. Cookies and right to object in direct mail
or the EU site https://www.youronlinechoices.com/ be explained.
Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser.
Please note that not all features of this online offer may be used.
10. Deletion of data
This applies, for example, to data that must be kept for commercial or tax reasons.
10.2. According to legal requirements, the storage takes place in particular for 6 years in accordance with § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, records, management reports , Accounting documents, commercial and business letters, documents relevant to taxation, etc.).
11. Provision of contractual services
11.1. We process stock data (e.g., names and addresses as well as contact data of users), contract data (e.g., used services, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR.
The entries marked as obligatory in online forms are required for the conclusion of the contract.
11.2. We process usage data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for research purposes, to improve our online offer.
11.3. The deletion takes place after expiry of legal warranty and comparable obligations, the necessity of keeping the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation);
Information in the customer account remains until its deletion.
12.1. When contacting us (e.g. by e-mail), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.
12.2. User information can be stored in our Customer Relationship Management System (“CRM System”) or similar request organization.
12.3. We use Nimble’s CRM system, from Nimble Inc , 3122 Santa Monica Boulevard, Santa Monica, CA 90404, based on our legitimate interests.
Nimble is certified under the Privacy Shield Agreement, which provides an additional guarantee to comply with European data protection law
( https://www.privacyshield.gov/participant?id=a2zt0000000GnmCAAS&status=Active ).
12.4. We delete the requests, if they are no longer required. We constantly check the necessity. In the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
13. Comments and posts
13.1. When you post a comment on our blog, your name will be saved.
This is for our safety, if someone writes in comments illegal content (insults, etc.).
14. Antispam Bee
14.1. This site uses the Antispam Bee service, a simple and highly effective antispam plugin to protect against Trackback spam.
14.2. With the help of this service, comments of real people are distinguished from spam comments. If a comment has been classified as spam, the data will be stored on our site and we will be notified.
14.3. For more information about the collection and use of data by Antispam Bee and the functionality of the plugin, see: https://wordpress.org/plugins/antispam-bee/
15. Profile pictures from Gravatar
We use the service Gravatar, Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA, within our online offering and specifically on the blog.
Gravatar is a service that allows users to log in and submit profile pictures and their email addresses. If users with the respective e-mail address on other online sites (especially in blogs) leave posts or comments, so their
profile pictures can be displayed next to the posts or comments. For this purpose, the e-mail address communicated by the users to Gravatar is transmitted encrypted in order to check whether a profile is stored for it. This is the sole purpose of sending the e-mail address and it will not be used for other purposes, but will be deleted afterwards.
The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 lit.f) GDPR, because with the help of Gravatar we offer the post and comment writers the opportunity to personalize their posts with a
Automattic is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (
By displaying the images, Gravatar has learned the IP address of the users, as this is necessary for communication between a browser and an online service. For more information about Gravatar’s collection and use of data, see the
Automattic Privacy Notice:
If users do not want a user picture linked to their email address on Gravatar to appear in the comments, they should use a non-Gravatar email address to comment. We also point out that it is also possible to use an anonymous or even no e-mail address if the users do not want their own e-mail address to be sent to Gravatar.
Users can completely prevent the transfer of data by not using our commenting system.
16. Online presences in social media
16.1. We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services. When calling the respective networks and
platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
17. Cookies and reach measurement
17.1. Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
17.2. We use “session cookies”, which are only stored for the duration of the current visit to our online presence.
In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save any other data.
Session cookies are deleted if you have finished using our online offer and log out or close your browser.
17.4. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
( https://optout.networkadvertising.org/ ) and the US website
( https://www.aboutads.info/choices ) or the European website
( https://www.youronlinechoices.com/uk/your-ad-choices/ ).
18.1. With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter,
you agree to the receipt and the procedures described.
18.2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the
contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters contain information about our products, offers, promotions and our company.
18.3. Double opt-in and logging: Registration for our newsletter is done in a so-called double-opt-in procedure.
This means you will receive an e-mail after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.
18.4. Shipping Service Provider : The newsletter is distributed via “MailChimp “, a mailing list platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA.
https://mailchimp.com/legal/privacy/ .The Rocket Science Group LLC is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards
18.5. Furthermore, the shipping service provider may, according to its own information, use this data in a pseudonymous form, ie without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of shipping and the presentation of newsletters or for statistical purposes in order to determine which countries the recipients come from. However, the shipping service provider does not use the data of our newsletter recipients to write them down or to pass them on to third parties.
18.6. Registration information: In order to subscribe to the newsletter, we need your first and last name, as well as your e-mail address.
18.7. Success measurement – The newsletters contain a so-called “web beacon”, ie a pixel-sized file, which is called up by the server of the shipping service provider when the newsletter is opened. This call will initially collect
technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened and which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
18.8. The dispatch of the newsletter and the success measurement are made on the basis of a consent of the recipients acc. Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG or on the basis of the statutory
permission pursuant to Art. § 7 Abs. 3 UWG.
18.9. The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para.
1 lit. f GDPR and serves as proof of consent to the receipt of the newsletter.
18.10. Termination / Revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent.
A link to cancel the newsletter can be found at the end of each newsletter. If the users have only subscribed to the newsletter and terminated this registration, their personal data will be deleted.
18.11. In addition, newsletter recipients can subsequently correct their data (for example, their e-mail address).
18.12. Online Calling and Data Management: It may happen that we direct the newsletter recipients to the MailChimp website. Our newsletters may contain a link that allows the newsletter recipients to retrieve the newsletters online
(for example, in the case of display problems).
18.13. We would like to point out that cookies are used on the websites of MailChimp and personal data is processed by MailChimp, its partners and commissioned service providers (e.g. Google Analytics). Here we have no influence.
18.15. We particularly point out the possibilities of objecting to the collection of data for advertising purposes on the websites
https://www.youronlinechoices.com/ (for the European area)
18.16. We have completed a Data Processing Agreement with MailChimp.
In this contract, MailChimp commits itself to protect the user data, to process accordingly data protection regulations on our behalf and, most importantly, not to pass them on to third parties.
19. Nimble Social CRM
19.1. To manage our contacts via social media, we use the CRM system from Nimble .
19.2. We can assure you that the data at Nimble is safe.
20. Provider Strato
20.1. Our website is hosted by the provider Strato .
20.2. We have signed an order data processing contract with Strato.
20.3. Further information on data protection can be found here .
21. Integration of services and content of third parties
21.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), we make use of content or services offered by third-party providers in order to provide their content and services Integrate services such as videos or fonts (collectively referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel
tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit time, and other
information regarding the use of our online offer.
21.2. The following presentation provides an overview of third-party providers as well as their contents, as well as links to their privacy statements, which contain further notes on the processing of data and, in some cases
already mentioned here, possibilities of contradiction (so-called opt-out):
– Third-party platform YouTube videos – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
https://policies.google.com/privacy , opt-out:
– Within our online offer functions of the service Instagram are involved.
These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States.
If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button.
This allows Instagram to associate the visit to our pages with your user account.