PRIVACY NOTICE

Content:
I. Responsible within the meaning of data protection laws
II. Data protection officer
III. General information about data processing
IV. Automatic data processing when accessing the website www.badlangensalza.de
V. Use of cookies
VI. Processing of personal data via the contact form
VII. Processing of personal data via form 
VIII. Processing of personal data via email
IX. Processing of personal data via telephone
X. Processing of personal data via fax
XI. Processing of personal data as part of the application process
XII. Processing of personal data in the online shop & use of PayPal
XIII. Processing of personal data when subscribing to the newsletter
IXX. Use of the reservation and booking mask (book Thuringia)
XX. Use of the integrated functionality eT4® PAGES
XXI. Rights of the data subject

Data processing by us
When using the website www.badlangensalza.deYou provide us with personal data, its functionalities, your contact details and an inquiry, which we process for the purpose of processing your inquiries. We only treat this data strictly for the purposes of data protection law.

I. Responsible in terms of data protection laws is:

City administration of Bad Langensalza
Marktstrasse 1
99947 Bad Langensalza
Telephone: 03603 - 8590
E-mail: Stadtverwaltung (at) bad-langensalza.thueringen.de

Represented by: Mayor Matthias Reinz

Responsible for the content

Verantwortlich für den Bereich »Die Stadt« und »Erleben«


City administration of Bad Langensalza
Department I
Marktstrasse 1
99947 Bad Langensalza
Telephone: 03603 - 8258810
Fax: 03603 - 8258890
E-mail: Stadtverwaltung (at) bad-langensalza.thueringen.de 

and

Verantwortlich für den Bereich »Erleben«, »Tourismus« und »Aktiv & Gesundheit«

KTL Kur und Tourismus Bad Langensalza GmbH 
At the Marktkirche 11
99947 Bad Langensalza
Telefon:  03603 – 82580
Telefax:  03603 – 825836 
E-mail: marketing (at) ktl-badlangensalza.de 

II. Data protection officer
Legally required data protection officer:

Simon Bach 
Marktstrasse 1 
Town hall, room 101 
Telephone: 03603 859-174 
Fax: 03603 859-100 
E-mail: data protection officer (at) bad-langensalza.thueringen.de

III. General information about data processing

Scope of processing of personal data in general

In principle, we only process personal data insofar as this is necessary to provide a functional website and our content and services.

Legal basis for the processing of personal data:

The respective legal basis for the processing of personal data results from the General Data Protection Regulation, Article 6 (1) lit. a) - f) GDPR.

With the consent of the data subject, Art. 6 para. 1 lit. a) GDPR legal basis.

Art. 6 para. 1 lit. b) GDPR is the legal basis for the processing of personal data, for the fulfillment of a contract to which the data subject is a party or for processing operations for pre-contractual measures.

If processing is necessary to fulfill a legal obligation on the part of the controller, Art. 6 para. 1 lit. c) GDPR legal basis.

If the vital interests of the data subject or another natural person make processing necessary, Art. 6 para. 1 lit. d) GDPR legal basis.

If processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been delegated to the controller, the legal basis is Art. 6 Para. 1 lit. e) GDPR.

If processing is necessary to safeguard a legitimate interest of our company and the interests, fundamental freedoms or fundamental rights of the data subject do not outweigh the legal basis, Article 6 (1) lit. f) GDPR.

Provision of personal data required for a contract or due to statutory retention requirements

When you contact us, we collect personal data. We store this data partly due to legal regulations, partly it is necessary to conclude a contract. If you want to conclude a contract with us, you must provide us with your data so that we can provide our services to you. In addition, there are statutory retention requirements for us from tax and commercial law points of view, which we have to comply with. Otherwise we may not be able to provide our services to you.

Before providing your personal data, you are welcome to contact your respective contact person in our company to find out whether we need your data to conclude a contract and / or our legal retention requirements and what the consequences are if you do not provide us with the data .

Data deletion and storage duration

We store your personal data as long as this is necessary for the fulfillment of the purpose or storage is required due to legal regulations, Art 6 Para. 1 lit. c) GDPR. If the purpose for the storage of personal data is no longer given, this data will be deleted after 6 months or the processing will be restricted, unless there is a need for further storage of the data for the conclusion or performance of a contract. Any further storage will only take place if this has been provided for by the European or national legislator.

SSL or TLS encryption

We use SSL or TLS encryption on the entire website for security reasons and to protect your confidential data. This encryption prevents confidential data, such as inquiries or orders that you transmit to us, from being viewed by third parties. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and a green lock symbol is displayed in the address line.

IV. Automatic data processing when the website www.badlangensalza.de.de is accessed

IP address

1. Description and scope of data processing
When this page is accessed, requests are sent to the server, which the server must answer. For this, your IP address must be collected and processed in order to be able to answer the corresponding server inquiries.

2. Legal basis for data processing
The legal basis for processing this data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address is the functionality of the website and the provision of technical access.

4. Legitimate interest
The legitimate interest in the temporary storage of the IP address is that the functionality and provision of the technical accessibility of the website is not possible without it.

5. Duration of storage
The data will be deleted as soon as further storage is no longer necessary due to the purpose being achieved. When collecting the data for the provision of the website, this is the case when the retrieval process has ended.

6. Recipients of personal data
The IP address is assigned by the following hosting provider on the basis of an order processing agreement. Art. 28 Para. 2, Para. 4 GDPR processed:

Breitenstein IT (b.it)
Eisenacher Straße 8
99986 Vogtei | OT Langula
www.breitenstein.it

Hosting

1. Description and scope of data processing
We use the services of our hosting service provider for the technical implementation of the website and its accessibility as well as its technical maintenance. This includes the provision of storage and database services as well as their maintenance and care.

2. Legal basis for data processing
The legal basis for processing this data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing
The purpose of the processing is the realization of the online offer as well as the detection of malfunctions and attempts to break in.

4. Legitimate interest
The legitimate interest in commissioning the hosting service provider is the external technical competence and the provision of a functional and uncompromised technical website environment.

5. Recipients of personal data and data categories: The following hosting provider is commissioned on the basis of an order processing agreement in accordance with Art. 28 Para. 2 Para. 4 GDPR working for us:

Breitenstein IT (b.it)
Eisenacher Straße 8
99986 Vogtei | OT Langula
www.breitenstein.it

Affected data categories are: user data, communication data, contact details, contract data

Server log files

1. Description and scope of data processing
The IP addresses collected when this page is accessed are also stored in so-called server log files in order to discover technical faults and / or attempts to manipulate and break into the server structure and to make them remediable. In addition, the hosting provider of this website automatically collects, stores and processes information in so-called server log files, which are automatically transmitted by your browser. This information is: browser type and version of the operating system used referrer URL host name of the accessing computer time of the server request This information is not merged with other data sources.

2. Legal basis for data processing
The legal basis for processing this data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing
The purpose of processing your IP address and the information above is to identify malfunctions and attempts to break in.

4. Legitimate interest
The legitimate interest in processing the IP address and the information above is to provide a functional and uncompromised technical website environment.

5. Duration of storage
The data will be deleted within 7 days.

6. Recipients of personal data
The IP address and the above information are provided by the following hosting provider on the basis of an order processing agreement in accordance with. Art. 28 Para. 2, Para. 4 GDPR processed:

Breitenstein IT (b.it)
Eisenacher Straße 8
99986 Vogtei | OT Langula
www.breitenstein.it

V. Use of cookies

1. Description and scope of data processing
The www.badlangensalza.de website uses so-called “session cookies” (see 5.). Cookies are text files that are stored in the memory and / or on a data carrier of your device used for the page visit and that are processed by your internet browser according to the settings stored there.

2. Legal basis for data processing
The legal basis for processing is Art. 6 para. 1 lit. f) GDPR.

3. Purpose of data processing
These cookies contain technical information on the provision of website functionalities as part of the use. This enables the technical implementation of the website.

4. Legitimate interest according to Art. 6 Para. 1 lit. f) GDPR
The cookies used only contain technical data. The use of these cookies is necessary in order to be able to offer the user a functionality of our website that meets his expectations.

5. Duration of storage as well as objection and elimination options
The cookies used on this page are so-called "session cookies". After the end of your website visit and / or closing of your browser, these are automatically deleted from your browser cache / memory, provided you have activated this functionality in your browser. Please check the settings of your internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari). Your internet browser also gives you the option of regulating the treatment of cookies or deactivating them entirely. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.

VI. Processing of personal data via the contact form

1. Description and scope of data processing
There is a contact form on our website that is only used to contact us electronically. We only process your personal data if you provide it to us when you contact us.

The following data is processed for inquiries via the contact form:
Surname*
E-mail address*
phone
Comment* 

The fields marked with an "*" symbol are mandatory fields, without which no request can be sent to us using this contact form.

Please only provide the telephone number if you would like us to contact you by telephone.

The name is used to address you personally when processing your request.

If you simply enter the data in the forms, no data will be transmitted to us, this will only happen after you click the gray "Send" button.

The following data is also processed when the message is sent:
Date and time of the request

2. Legal basis for data processing
The legal basis for processing personal data to process and answer your inquiries is Art. 6 Para. 1 lit. f) GDPR. The legal basis for the processing of personal data used for the preparation and / or implementation of a contractual relationship is Art. 6 Para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data via the contact form serves the sole purpose of establishing contact and enabling the customer to be contacted by the company on the customer's initiative. Depending on the intention and content of your request, the purpose may also be the initiation and / or implementation of a contractual relationship, in which case the purpose is also to maintain the customer relationship.

4. Legitimate interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request from you. This processing is also in your interest in order to be able to react to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further statutory retention requirements (e.g. 10 years according to the AO, 6 years in accordance with the German Commercial Code). For your data entered in the contact form, this is the case when the respective conversation with the user has ended. The conversation is then ended when it emerges from the circumstances that the matter concerned has been finally clarified.

VII. Processing of personal data via forms 

1. Description and scope of data processing
There are forms for inquiries on our website that only serve to contact you regarding this topic. We only process your personal data insofar as you provide it to us as part of your request. The following data is processed for inquiries via the form:
- Surname*
- First name*
- Road
- Post Code
- place
- E-mail address*
- phone number
- if desired, desired date * 
- possibly number of people *
- If necessary, selected group tour *
- Additional requests if necessary 
- Personal message

The fields marked with an "*" symbol are mandatory fields, without which no request can be sent to us using this contact form.

Please only give your telephone number if you want a call back.

Please only enter your postal address if you wish to be addressed by post.

If you simply enter the data in the forms, no data will be sent to us, this will only happen after you click the gray "Send request" button.

The following data is also processed when the message is sent:
Date and time of the request

2. Legal basis for data processing
The legal basis for processing personal data to process and answer your inquiries is Art. 6 Para. 1 lit. f) GDPR. The legal basis for the processing of personal data used for the preparation and / or implementation of a contractual relationship is Art. 6 Para. 1 lit. b) GDPR. The legal basis for processing special categories of personal data such as health data is Art. 9 Para. 2 lit. h) and Para. 3 GDPR.

3. Purpose of data processing
The processing of personal data via the form serves the sole purpose of contacting and enabling the company to contact the customer for informational purposes at the customer's initiative. Depending on the intention and content of your request, the purpose may also be the initiation and / or implementation of a contractual relationship, in which case the purpose is also to maintain the customer relationship.

4. Legitimate interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request from you. This processing is also in your interest in order to be able to react to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further statutory retention requirements (e.g. 10 years according to the AO, 6 years in accordance with the German Commercial Code). For your data entered in the form, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been finally clarified.

VIII. Processing of personal data via email

1. Description and scope of data processing
For inquiries by email, personal data is processed depending on the content of your email: This is in any case your email address, date and time and the content of the message. Depending on the content of your email, the following personal data can also be processed:
First name Last Name
Phone number

The data is used exclusively for the processing of the conversation and / or the implementation and / or initiation of a contractual relationship.

2. Legal basis for data processing
Due to the express request of the user via email, the legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR. If the aim of contacting us by email is also to conclude and / or execute a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data via your e-mail request serves the sole purpose of contacting you and enabling the company to contact the customer for informational purposes at the customer's initiative. Depending on the intention and content of your request, the purpose may also be the initiation and / or implementation of a contractual relationship.

4. Legitimate interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request from you. This processing is also in your interest in order to be able to react to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further statutory retention requirements (e.g. 10 years according to the AO, 6 years in accordance with the German Commercial Code). This is the case for your email when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been finally clarified. 

IX. Processing of personal data via telephone

1. Description and scope of data processing
Depending on the content of the conversation, personal data is processed for telephone inquiries:

Depending on the information you provide during the call, this may also include the following personal data: first name, last name
Phone number
Customer number
Payment details
Contract data

The data is used exclusively for the processing of the conversation and / or the implementation and / or initiation of a contractual relationship.

2. Legal basis for data processing
On the basis of the user's express request via telephone, the legal basis for the processing of the data is Art. 6 Para. f) GDPR. If contacting us by telephone is also aimed at concluding and / or executing a contract, then an additional legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data over the phone serves the sole purpose of contacting and enabling the company to contact the customer for informational purposes at the customer's initiative. Depending on the intention and content of your request, the purpose may also be the initiation and / or implementation of a contractual relationship, as well as the maintenance of the customer relationship.

4. Legitimate interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request from you. This processing is also in your interest in order to be able to react to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further statutory retention requirements (e.g. 10 years according to the AO, 6 years in accordance with the German Commercial Code). This is the case for your email when the respective conversation with the user has ended. The conversation is then ended when it emerges from the circumstances that the matter concerned has been finally clarified.

X. Processing of personal data via fax

1. Description and scope of data processing
For inquiries by fax, personal data is processed depending on the content of your message: in any case, this is your fax number, date and time and the content of the message.

Depending on the content of your message, the following personal data can also be processed:
First name Last Name
Phone number
Customer number
Payment details
Contract data

The data is used exclusively for the processing of the conversation and / or the implementation and / or initiation of a contractual relationship.

2. Legal basis for data processing
Due to the express request of the user via fax, the legal basis for the processing of the data is Art. 6 Para. 1 lit. f) GDPR. If contact by fax is also aimed at the conclusion and / or execution of a contract, then an additional legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data via your inquiry by fax serves solely for the purpose of contacting and enabling the customer to be contacted for information by the company on the initiative of the customer. Depending on the intention and content of your request, the purpose may also be the initiation and / or implementation of a contractual relationship.

4. Legitimate interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request. The data collected will be processed on the basis of a request from you. This processing is also in your interest in order to be able to react to your request according to your expectations.

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further statutory retention requirements (e.g. 10 years according to the AO, 6 years in accordance with the German Commercial Code). For the fax request, this is the case when the respective conversation with the user has ended. The conversation is then ended when it emerges from the circumstances that the matter concerned has been finally clarified.

XI. Processing of personal data as part of the application process

1. Description and scope of data processing
We regularly provide information about current vacancies in job advertisements or on our website. You have the opportunity to apply for these positions. You can send us this application data either by post or by email.

Data that you send us during the application process can be:
- Name, address and contact details
- CV including all other information
- Personal cover letter
- qualifications
- Interests

If you send us your data by email, we will also process your email address, date and time and the content of the message. Depending on the content of your email, the following personal data can also be processed:
First name Last Name
Phone number

The data will only be used in the application process to decide on the vacancy.

2. Legal basis for data processing
The legal basis for processing the data in the context of the application process is Art. 6 Para. 1 lit. b) GDPR, Section 26 (1) BDSG. Insofar as you provide us with special categories of personal data as part of the application process, such as an existing severely disabled status or health data, which are necessary for the assessment of your applicability for a specific position, the processing of the data communicated at your initiative takes place in accordance with Art. 9 para 2 lit. b), lit. h) GDPR, § 26 Paragraph 3 BDSG.

3. Purpose of data processing
The processing of personal data as part of the application process serves the sole purpose of personnel planning and the establishment of employment relationships.

4. Legitimate interest
The legitimate interest in data processing lies in the need to fill vacancies with qualified applicants within the framework of sustainable personnel planning and corporate management.

5. Duration of storage
If an application is rejected, the data will be deleted within 6 months of rejection. Data of successful applications are subject to the retention requirements that result from labor and social law regulations, the AO and the HGB.

XII. Processing of personal data in the online shop & use of PayPal

Personal data is only transmitted to third parties if there is a need to do so in the course of the contract. Third parties can be payment service providers or logistics companies, for example. A further transmission of the data does not take place or only if you have given your express consent.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

We have integrated the payment option PayPal on this website. PayPal is an online payment service provider of PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also has the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services. If you select "PayPal" as the payment option during the ordering process, personal data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that is necessary for payment processing. In order to process the purchase contract, personal data related to the respective order are also necessary. The purpose of the transmission of the data is to process payments and prevent fraud. We will transmit PayPal personal data in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to verify identity and creditworthiness. PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations or the data is to be processed in the order. You can revoke your consent to the handling of personal data at any time towards PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing. PayPal's current data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full be retrieved.


XIII. Processing of personal data when subscribing to the newsletter

We need an email address from you to send our newsletter. Verification of the specified email address is necessary and receipt of the newsletter must be consented to. Additional data is not collected or is voluntary. The data will only be used for sending the newsletter.

The data provided when registering for the newsletter will only be processed on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by email is sufficient for the revocation or you unsubscribe via the “Unsubscribe” link in the newsletter. The legality of the data processing that has already taken place remains unaffected by the revocation.

Data entered to set up the subscription will be deleted if you unsubscribe.


IXX. Use of the reservation and booking mask (book Thuringia)

The purpose of data collection and processing is the preparation and implementation of reservation inquiries as well as the binding booking of accommodation. The KTL Kur und Tourismus Bad Langensalza GmbH acts as a travel agent and only collects, processes and uses the data necessary for the provision of its services and the use and operation of the services offered by the reservation and booking portal are required. Under no circumstances will the intermediary sell data to third parties. Data is only transmitted to third parties to the extent necessary for a booking / reservation with the provider chosen by the customer. This expressly includes disclosure to companies affiliated with the intermediary for the purpose of making the booking. We save your data in accordance with tax and commercial law requirements. You have the right to information, correction, deletion or restriction of processing and the right to data portability.


XX. Use of the integrated functionality eT4® PAGES

On our website under "Experience - Calendar of Events" is a function of the hubermedia GmbH in cooperation with the City Tourism in Thuringia ”eV involved. 

GPS location

The website requires access to the location of the customer's end device, for example if the search result is to be sorted according to the “current location” or if the location is to be displayed on a map. Data on the location of the user is only used to process the request. The location data is transmitted via an encrypted connection. The location data is anonymized after the end of the website use and statistically evaluated to improve the service. The location is queried regularly during use (use can also be read on mobile devices using the location arrow at the top of the display) and is stored in a cookie.

Bookmarks

When users create a watch list, it is also saved in a cookie so that the list can be displayed the next time it is used. The elements in the watch list are also stored on our servers to give the customer the opportunity to share the watch lists with other users.

Contact form "request"

We use the data you provide to process your request for the offer you have selected. For this purpose, we pass on your specified data in the form of an email to the provider of the offer and a copy of the email to the responsible operator of the website. The data you provide will also be stored in a log file on our servers for three months and then automatically and irrevocably deleted. The data will not be passed on to third parties and to prevent unauthorized access by third parties to your data, the contact form is encrypted using SSL technology.

Contact form "Report a problem"

We use the data you provide to process your request to the responsible author of the offer. For this purpose, we pass on your data in the form of an email to the responsible author. The data you provide will also be stored in a log file on our servers for three months and then automatically and irrevocably deleted. The data will not be passed on to third parties and to prevent unauthorized access by third parties to your data, the contact form is encrypted using SSL technology.

Contact form "Submit event"

We use the data you provide for the further processing of your submitted event. For this purpose, we pass on your specified data to the responsible editorial team via our web-based editing system eT4® (see also chapter 3.1). After the content has been checked by the editorial team, your submitted event will be published or rejected. For details on the requirements for when events may be published, please contact the website operator in the imprint.

Contact form "Print"

We use the data you provide for the delivery of the PDF document by email. The data you provide will be stored in a log file on our servers for three months and then automatically and irrevocably deleted. The data will not be passed on to third parties and to prevent unauthorized access by third parties to your data, the contact form is encrypted using SSL technology.

Share function

None of the specified data is processed or stored on our server here. When using the corresponding function (e.g. Facebook or email) it is linked directly to the respective website of the provider.


XXI. Rights of the data subject

If personal data is processed by you, you are the data subject within the meaning of the General Data Protection Regulation. Therefore, you have the following rights vis-à-vis the person responsible.

To exercise your rights as a data controller, please contact the following email address: dsb.ktl (at) rdp-law.de

1. Right to information - Art. 15 GDPR

You have the right to ask the person responsible to confirm whether your personal data is being processed. If there is such processing, you have the right to information about this personal data and the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or the categories of recipients to whom the personal data has been or will be disclosed;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining the storage period;
  • the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the person responsible or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

In addition, you have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you can also request the appropriate guarantees in accordance with Art. 46 GDPR to be informed in connection with the transmission.

2. Right to rectification - Art. 16 GDPR

You have the right to the data controller to immediately correct and / or complete the data concerning you, provided that the processed personal data is incorrect or incomplete.

3. Right to deletion - Art. 17 GDPR

Obligation to delete: You have the right to request the immediate deletion of your personal data at any time if one of the following reasons is given:

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You have withdrawn your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a) or Art. 9 Para. 2 lit. a) GDPR based, and there is no other legal basis for the processing;
  • You have objected to processing in accordance with Art. 21 Para. 1 and there are no overriding legitimate reasons for the processing, or you have objected to processing in accordance with Art. 21 Para. 2 GDPR;
  • the personal data concerning you have been unlawfully processed;
  • The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject;
  • The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

Exceptions:
There is no right to deletion if the processing is necessary

to exercise the right to freedom of expression and information; to fulfill a legal obligation that requires processing in accordance with the law of the Union or the Member States to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 letters h and i and Article 9 paragraph 3; for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, insofar as the right mentioned in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or to assert it , Exercise or defense of legal claims.

4. Right to restriction of processing - Art. 18 GDPR

You have the right to request the restriction of your personal data under the following conditions:

  • if you contest the accuracy of your personal data for a period of time that enables the person responsible to check the accuracy of the personal data;
  • if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  • if the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  • if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from the storage - may only be obtained with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest the Union or a Member State.

If the restriction of processing has been restricted due to the aforementioned requirements, you will be informed by the person responsible before the restriction is lifted.

5. Right to information - Art. 19 GDPR

If you have exercised any of your rights to correction, deletion or restriction of processing, we are obliged to inform all recipients to whom your personal data have been disclosed of the correction, deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You also have the right to be informed about these recipients.

6. Right to data portability - Art. 20 GDPR

You have the right to receive the personal data that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

a) the processing is based on consent in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 Para. 2 lit. a) GDPR or on a contract acc. Art. 6 para. 1 lit. b) GDPR is based and
b) the processing is carried out using automated processes.

In exercising this right to data portability, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible.

7. Right to object - Art. 21 GDPR

You have the right, for reasons that arise from your particular situation, at any time against the processing of your personal data, which is based on Art. 6 Para. 1 lit. e) or f) GDPR, to object; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. If personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option of exercising your right to object in connection with the use of information society services using automated procedures that use technical specifications.

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority - Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of your data affects you personal data violates the General Data Protection Regulation.

The supervisory authority to which you lodge a complaint must inform you as the complainant about the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

This data protection notice is updated at regular intervals.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) (f) GDPR). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

The following data is recorded during your visit to the website:

  • Pages called
  • Orders including sales and ordered products
  • Your behavior on the pages (e.g. clicks, scrolling behavior and length of stay)
  • Your approximate location (country and city)
  • Your IP address (in abbreviated form so that no clear assignment is possible)
  • Technical information such as browser, internet provider, end device and screen resolution
  • Source of origin of your visit (ie via which website or via which advertising material you came to us)

Google will use this information on our behalf to evaluate the use of our online offer by the user, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional cases.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent cookies from being saved by making the appropriate settings in their browser software; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on data use by Google, setting and objection options in Google's data protection declaration (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

The personal data of the users will be deleted or anonymized after 14 months.

YouTube

Our website uses YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, for the integration of videos, represented by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Normally, when you visit a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with the extended data protection mode (in this case YouTube is still contacting the Google Double Click service, but according to Google's data protection declaration, personal data are not evaluated). As a result, YouTube no longer stores any information about visitors unless they watch the video. If you click the video, your IP address will be sent to YouTube and YouTube will be informed that you have viewed the video. If you are logged in to YouTube, this information will also be assigned to your user account (you can prevent this by logging out of YouTube before viewing the video).

We have no knowledge of the then possible collection and use of your data by YouTube and have no influence on it. You can find more information in YouTube's privacy policy at www.google.de/intl/de/policies/privacy/ remove. We also refer to our general presentation in this data protection declaration for the general handling and deactivation of cookies.