Privacy Policy

We are very delighted that you have shown interest in our enterprise. Data protection is particularly on a high priority for the management at AvenDATA GmbH. The use of the Internet pages of AvenDATA GmbH is possible without any indication of the personal data. However, if a data subject wants to use special enterprise services through our website, then the processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, and/or telephone number of a data subject shall always match with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations, applicable to AvenDATA GmbH. By means of this data protection declaration, our enterprise would like to inform the public about the nature, scope, and purpose of the personal data that we collect, use, and process. Further, by means of this data protection declaration, the data subjects not only know about their rights but also their entitlement of these rights.

As the controller, AvenDATA GmbH has implemented varied technical and organizational measures to ensure the most comprehensive protection of the personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps and so absolute protection may not be guaranteed. Thus, every data subject is free to transfer the personal data to us through alternative means, for example, transferring the data through telephone.

1. Definitions

The data protection declaration of AvenDATA GmbH is based on the terms used by the European Legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable to the public, as well as to our customers and business partners. So, we would like to explain the terminology used in this data protection declaration.

In this data protection declaration, we use, inter alia, the following terms:

a) Personal data

Personal data refers to any information related to an identified or identifiable natural person (“data subject”). An identifiable natural person can be identified, directly or indirectly, specifically by a reference to an identifier such as a name, an identification number, location data, an online identifier and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

Data subject refers to any identified or identifiable natural person, whose personal data is processed by the controller, who is responsible for the processing.

c) Processing

Processing refers to an operation or set of operations, performed on the personal data or on the sets of personal data. Processing is done irrespective of the automated means, such as collecting, recording, organizing, structuring, storing, adapting, or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, by alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing refers to the marking of the stored personal data. The process gets accomplished with the objective of limiting their processing in the future.

e) Profiling

Profiling refers to any form of automated processing of the personal data comprising the use of the personal data to evaluate certain personal aspects related to a natural person, specifically to analyze or predict various aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location and/or movements.

f) Pseudonymisation

Pseudonymisation refers to the processing of the personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. The additional information is kept separately and is subjected to technical and organisational measures, ensuring that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

Controller or controller responsible for the processing refers to the natural or legal person, public authority, agency, or another body which, alone or jointly, determines the purposes and means of processing the personal data. The purposes and means of such processing are determined by the Union or Member State law. The controller or the specific criteria for its nomination may be provided by the Union or Member State law.

h) Processor

Processor refers to a natural or legal person, public authority, agency, or another body, processing the personal data on behalf of the controller.

i) Recipient

Recipient refers to a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed. It may or may not be a third party. However, the public authorities, which may receive the personal data in the framework of a particular inquiry in accordance with the Union or Member State law shall not be regarded as recipients. In such cases, processing of the personal data by those public authorities shall comply with the applicable data protection rules, according to the purposes of the processing.

j) Third party

Third party refers to a natural or legal person, public authority, agency, or another body other than the data subject, controller, processor, and persons. These are under the direct authority of the controller or processor and are authorised to process the personal data.

k) Consent

Consent of the data subject refers to a freely given, specific, informed, and unambiguous indication of the data subject’s wishes. Through the consent, he, or she, by a statement or by a clear affirmative action, signifies agreement to the processing of the personal data.

2. Name and Address of the controller

The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union, and other provisions related to data protection is:

3. Cookies

The Internet pages of AvenDATA GmbH uses cookies. Cookies are the text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. The cookies contain an ID called the cookie ID, which is a unique identifier of the cookie. The cookie ID consists of a character string through which the Internet pages and servers can be assigned to the specific Internet browser, where the cookie was stored. This allows the visited Internet sites and servers to differentiate between the individual browser of the data subject and the other Internet browsers, containing some other cookies. A specific Internet browser can be recognized and identified by using the unique cookie ID.

Through cookies, AvenDATA GmbH can provide the users of this website with more user-friendly services. These services would not be possible without the cookie setting.

By using cookies, the information and offers on our website can be optimized with the user-centric approach. Cookies allow us to recognize our website users, making it easier for these users to utilize our website. For example, the website user using cookies does not have to specify the access data each time while accessing the website. This is because the specification has been taken over by the website, enabling it to be stored as a cookie on the user’s computer system.

The data subject may prevent the setting of cookies through our website any time. This is achieved by means of a corresponding setting of the Internet browser (in use), thus permanently denying the setting of the cookies. Moreover, the already set cookies may be deleted any time via an Internet browser or other software program. This is applicable for all the popular Internet browsers. Also, not all the functions of our website may be entirely usable if the data subject deactivates the setting of the cookies in the Internet browser.

4. Collection of general data and information

The AvenDATA GmbH website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The data and information collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

AvenDATA GmbH does not draw any conclusions about the data subject while using the general data and information. Instead this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution, in case of a cyber-attack. Therefore, AvenDATA GmbH statistically analyzes the anonymously collected data and information. The aim is to increase the data protection and data security of our enterprise and ensure an optimal level of protection of the personal data that we process. The anonymous data of the server log files is stored separately from all the personal data provided by a data subject.

5. Contact possibility via the website

The AvenDATA GmbH website contains information that enables a quick electronic contact to our enterprise, as well as fosters direct communication with us, including a general address of the electronic mail i.e., the e-mail address. The personal data transmitted by the data subject is automatically stored if a data subject contacts the controller by e-mail or a contact form. Such personal data, transmitted on a voluntary basis by a data subject to the data controller, is stored for the purpose of processing or contacting the data subject. Moreover, the personal data is not transferred to the third parties.

6. Routine erasure and blocking the personal data

The data controller shall process and store the personal data of the data subject only for a period. This is the period necessary to achieve the purpose of storage, or as granted by the European Legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage period is not applicable, or the period as granted by the European Legislator or another competent legislator expires, the personal data is blocked or erased on a routine basis, and it is in accordance with the legal requirements.

7. Rights of the data subject

a) Right of confirmation

Each data subject shall have the right that is granted by the European Legislator. Accordingly, the controller needs to confirm whether the personal data, concerning him or her, is being processed or not. The data subject may contact any employee of the controller if the data subject wishes to avail the right of confirmation.

b) Right of access

Each data subject shall have the right that is granted by the European Legislator. Accordingly, the controller needs to provide free information about his or her personal data stored at any time along with a copy of this information. Further, the European directives and regulations grant the following information to the data subject:

the purposes of the processing;

the categories of personal data concerned;

the recipients or categories of recipients to whom the personal data has been or will be disclosed, specifically the recipients in the third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

the existence of the right to request from the controller regarding the rectification or erasure of the personal data, or restriction of processing the personal data concerning the data subject, or to object to any such processing;

the existence of the right to lodge a complaint with a supervisory authority; where the personal data is not collected from the data subject, along with any available information as to the source;

the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Further, the data subject shall have a right to obtain information about the transfer of personal data to a third country or to an international organisation. In this case, the data subject shall have the right to be informed of the appropriate safeguards related to the transfer of the personal data.

The data subject may contact any employee of the controller if the data subject wishes to avail the right of access.

c) Right to rectification

Each data subject shall have the right that is granted by the European Legislator. Accordingly, the controller needs to provide the rectification of inaccurate personal data concerning him or her without undue delay. According to the purposes of the processing, the data subject shall have the right to complete the incomplete personal data, providing a supplementary statement.

The data subject may contact any employee of the controller if the data subject wishes to avail the right to rectification.

d) Right to erasure (Right to be forgotten)

Each data subject shall have the right that is granted by the European Legislator. Accordingly, the controller needs to provide the information about the erasure of personal data concerning him or her without undue delay. Also, the controller shall have the obligation to erase the personal data without undue delay, for the following if the processing is not necessary:

The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

The data subject withdraws consent for the processing according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant according to Article 21(1) of the GDPR and where there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant according to Article 21(2) of the GDPR.

The personal data has been unlawfully processed.

The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

The data subject may contact any employee of the controller if any one of the aforementioned reasons applies, and a data subject wishes to request the erasure of the personal data stored by AvenDATA GmbH. AvenDATA GmbH shall promptly ensure that the erasure request is complied.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. In such cases, AvenDATA GmbH will arrange the necessary measures.

e) Right of restriction of processing

Each data subject shall have the right that is granted by the European Legislator. Accordingly, the controller needs to provide the restriction of processing where one of the following applies: The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful, and the data subject opposes the erasure of the personal data and instead requests the restriction of their use.

The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defence of legal claims.

The data subject has objected to processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.

The data subject may contact any employee of the controller if any one of the aforementioned reasons applies, and a data subject wishes the restriction of processing of the personal data stored by AvenDATA GmbH. AvenDATA GmbH shall promptly ensure that the restriction of the processing is complied.

f) Right to data portability

Each data subject shall have the right that is granted by the European Legislator. Accordingly, the controller needs to provide the personal data concerning him or her in a structured, commonly used, and machine-readable format. He or she shall have the right to transmit the data to another controller without any hindrance from the controller to which the personal data has been provided, as long as the processing is based on the consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, if the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Further, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to transmit the personal data directly from one controller to another. It shall be done with the technically feasible aspect and shall not adversely affect the rights and freedom of others.

The data subject may contact any employee of the controller if the data subject wishes to avail the right to data portability.

g) Right to object

Each data subject shall have the right granted by the European Legislator to object, on grounds related to his or her situation, at any time, to process the personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The AvenDATA GmbH shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing, overriding the interests, rights, and freedom of the data subject, or for the establishment, exercise, or defence of legal claims.

If the AvenDATA GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time. The objection is to the processing of the personal data concerning him or her for the direct marketing purposes. This also applies to profiling based on such direct marketing purposes. If the data subject objects to AvenDATA GmbH for processing the personal data for direct marketing purposes, then AvenDATA GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, as per his or her situation, to object to the processing of the personal data concerning him or her by AvenDATA GmbH. This could be for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for the reasons of public interest.

The data subject may contact any employee of the controller if the data subject wishes to avail the right to object. Additionally, the data subject is free for the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by the automated means using technical specifications.

h) Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European Legislator so as to not be a subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, if decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by the Union or Member State law to which the controller is the subject and which also lays down suitable measures to safeguard the data subject’s rights and freedom as well as legitimate interests, or (3) is not based on the data subject’s explicit consent.

If decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, AvenDATA GmbH shall implement suitable measures to safeguard the data subject’s rights and freedom as well as legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

The data subject may contact AvenDATA GmbH, if the data subject wishes to avail the rights concerning automated individual decision-making.

i) Right to withdraw data protection consent

Each data subject shall have the right granted by the European Legislator to withdraw his or her consent for the processing of his or her personal data at any time.

The data subject may contact AvenDATA GmbH, if the data subject wishes to avail the right to withdraw the data protection consent.

8. Data protection for applications and application procedures

The data controller shall collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out electronically. This is done specifically if an applicant submits the corresponding application documents by e-mail or by means of a web form available on the website, to the controller. The submitted data will be stored for the purpose of processing the employment relationship in compliance with the legal requirements, if the data controller concludes an employment contract with an applicant. But if no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after the notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. For example, other legitimate interest in this relation is a burden of proof in a procedure under the General Equal Treatment Act (AGG).

9. Data protection provisions about the application and use of etracker and eXTReMe Tracking

On this website, the controller has integrated components of the enterprise etracker and eXTReMe. etracker and eXTReMe Tracking are Web analytics services. Web analytics is the process of collecting, gathering, and analyzing data about the behavior of visitors visiting the websites. Among the other things, a web analytics service captures data, such as from which website a person has arrived on another website (the so-called referrer), which sub-sites of the website were visited or how often and for what duration a sub-site was viewed. Web analytics are mainly used for the optimization of a website and to carry out a cost-benefit analysis of Internet advertising. The operating company of etracker is etracker GmbH, Erste Brunnenstr 1, 20459 Hamburg, Germany. The operating company of eXTReMe Tracking is eXTReMe digital, Herengracht 155A, 1015 BH Amsterdam, Netherlands. etracker and eXTReMe Tracking set a cookie on the information technology system of the data subject. The Internet browser on the information technology system of the data subject is automatically prompted to transmit data for marketing and optimisation purposes to Etracker and eXTReMe. This occurs with each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which an etracker and eXTReMe Tracking component was integrated.

Tracking through the etracker- and eXTReMe Tracking- component. 

During this technical procedure, etracker and eXTReMe Tracking receives data that is used to create pseudonymous user profiles. These user profiles are used for the analysis of the data subject behaviour. Here, the data subject has accessed the Internet page of the controller and evaluated with the aim of improving and optimizing the website. The data collected through the etracker, and eXTReMe Tracking component firstly obtains a separate and explicit consent of the data subject to identify the data subject. This data is not merged with the personal data or any other data containing the same pseudonym. As stated above, the data subject may (at any time) prevent the setting of cookies through our website by means of a corresponding adjustment of the Internet browser, permanently denying the cookies setting. Such an adjustment to the Internet browser would also prevent etracker and eXTReMe Tracking from setting a cookie on the information technology system of the data subject. In addition, cookies already set by etracker and eXTReMe Tracking may be deleted at any time via a Web browser or other software program. The data subject also has the possibility of objecting to a collection of data related to the use of this Internet site, which are generated by the Etracker and eXTReMe Tracking cookie. There may also be a possibility of objecting to the processing of the data by Etracker and eXTReMe Tracking.

For this purpose, the data subject must press the ‘cookie-set’ button under the link:

http://www.etracker.de/privacy

to set an opt-out cookie. 

For eXTReMe Tracking, please send an email to info@extremetracking.com. For details, please visit the link: 

https://extremetracking.com/?policy

The opt-out cookie used for this purpose is placed on the information technology system used by the data subject. If the cookies are deleted from the system of the data subject, then the data subject must call up the link again to set a new opt-out cookie. With the setting of the opt-out cookie, however, the possibility exists that the websites of the controller are no longer used by the data subject. 

The applicable data protection provisions of etracker may be accessed by visiting the following link: https://www.etracker.com/de/datenschutz.html

The applicable data protection provisions of eXTReMe Tracking may be accessed by visiting the following link: https://extremetracking.com/?policy

10. Privacy policy regarding the use of Google Tools

a) Google Web Fonts

This page uses web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

A standard font will be used by your computer if your browser does not support web fonts.

Further information on Google Web Fonts can be found by visiting the following link: 

https://developers.google.com/fonts/faq 

and in Google’s privacy policy can be found by visiting the following link: 

https://www.google.com/policies/privacy/

b) Google Maps

This page uses the Google Maps map service via an API. 

Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred and stored to a Google server in USA. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on the handling of user data in Google’s data protection declaration, please visit the following link:

https://www.google.de/intl/de/policies/privacy/

c) Google AdWords / Conversion Tracking

As part of Google AdWords conversion tracking, we use the online advertising program “Google AdWords.” Google Conversion Tracking is an analysis service provided by Google.

When you click on an ad placed by Google, a conversion tracking cookie is placed on your device. These cookies lose their validity after 30 days, do not contain any personal data, and are therefore not used for personal identification.

Google and we may recognize that you clicked on the ad and were directed to that page, if you visit certain pages on our website wherein the cookie has not expired. Each Google AdWords customer receives a different cookie. As a result, there is no way that cookies can be tracked from AdWords customer websites. The information collected from the Conversion cookie is used to generate conversion statistics for AdWords customers, who have opted for Conversion Tracking. This informs the customers about the total number of users, who clicked on their ad and were directed to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. The purpose also includes our legitimate interest in data processing. The legal basis for the use of Google AdWords/ Conversion Tracking is § 15 para. 3 TMG in conjunction with Art. 6 para. 1 lit. f GDPR.

If you do not wish to participate in tracking, you can object by preventing the installation of cookies from the domain “googleadservices.com.” You can do so by setting your browser software accordingly (deactivation option). Thus, the cookies will not be included in the conversion tracking statistics. 

Further information and Google’s data protection declaration can be found by visiting the following links: 

http://www.google.com/policies/technologies/ads/

http://www.google.de/policies/privacy/

d) Google AdSense

This website uses Google AdSense, a service for the integration of Google Inc. advertisements. (“Google”). Google AdSense uses “cookies,” which are text files placed on your computer, helping the website to analyze how users use the site. Google AdSense also uses web beacons (invisible graphics). Information such as visitor traffic on these pages can be evaluated through these web beacons.

The information about the use of this website (including your IP address) and the delivery of advertising formats, generated by cookies and web beacons, is transmitted, and stored to a Google server in USA. This information can be passed on by Google to Google’s contractual partners. However, Google will not combine your IP address with the other data stored by you.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

e) Google Remarketing

This website uses Google Remarketing, an advertising service of Google Inc. (“Google”). Third parties, including Google place ads on websites over the Internet. Third parties, including Google, use cookies to serve ads based on user’s previous visits to this website. 

Users may opt-out of Google’s use of cookies by visiting the Google Advertising Opt-out page at:

http://www.google.com/privacy_ads.html.

Alternatively, users may opt out of the use of cookies by third parties by visiting the Network Advertising Initiative opt-out page at:

http://www.networkadvertising.org/managing/opt_out.asp.

11. Data protection provisions about the application and use of Google Analytics (with anonymization function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the process of collecting, gathering, and analyzing data about the behavior of visitors visiting the websites. Among other things, a web analytics service captures data, such as from which website a person has arrived on another website (the so-called referrer), which sub-sites of the website were visited or how often and for what duration a sub-site was viewed. Web analytics are mainly used for the optimization of a website and to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is:

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics, the controller uses the application “_gat. _anonymizeIp.” 

By means of this application, the IP address of the Internet connection of the data subject is abridged by Google and anonymised, when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and provide online reports, display the activities on our websites, and provide other services concerning the use of our Internet site.

Google Analytics places a cookie on the information technology system of the data subject. With the setting of the cookie, Google is enabled to analyze the use of our website. The Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. This occurs with each call-up to one of the individual pages of this Internet site, operated by the controller and into which a Google Analytics component was integrated. During this technical procedure, the enterprise Google gains knowledge of the personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits on our website by the data subject. With each visit on our Internet site, the personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. The personal data is stored by Google in the United States of America. Google may pass this personal data (collected through the technical procedure) to the third parties.

As stated above, the data subject may (at any time) prevent the setting of cookies through our website by means of a corresponding adjustment of the Internet browser, permanently denying the cookies setting. Such an adjustment to the Internet browser would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Google Analytics may be deleted at any time via a Web browser or other software program.

The data subject also has the possibility of objecting to a collection of data related to the use of this Internet site, which are generated by the Google Analytics. There may be a possibility of objecting to the processing of the data by Google Analytics. 

For this purpose, the data subject must download and install a browser add-on by visiting the following link:

https://tools.google.com/dlpage/gaoptout 

Through JavaScript, this browser add-on tells Google Analytics that any data and information about the visits of the Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. Also, the data subject must reinstall the browser add-ons to disable the Google Analytics, if the information technology system of the data subject is deleted, formatted, or freshly installed. If the browser add-on was uninstalled by the data subject or any other person, who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Visit the following links for further information and the applicable data protection provisions of Google:

https://www.google.com/intl/en/policies/privacy

http://www.google.com/analytics/terms/us.html

For details on Google Analytics, visit the following link:

https://www.google.com/analytics/

12. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for the processing operations, obtaining consent for a specific processing purpose. The processing is based on Article 6(1) lit. b GDPR, if the processing of the personal data is necessary for the performance of a contract to which the data subject is party, for example, when processing operations are necessary for the supply of goods or to provide any other service. The same applies to such processing operations, which are necessary for carrying out the pre-contractual measures, for example, in the case of inquiries concerning our products or services. The processing is based on Art. 6(1) lit. c GDPR, if it is required to know whether our company is subject to a legal obligation by which processing of personal data is required, for example, the fulfilment of tax obligations. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. For example, if a visitor(s) were injured in our company and the name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then, the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations, which are not covered by any of the above-mentioned legal grounds. Further, this legal basis is used if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedom of the data subject, requiring protection of the personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European Legislator. It is considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

13. The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.

14. Period for which the personal data will be stored

The criteria used to determine the storage period of the personal data is the respective statutory retention period. After expiration of that period, the corresponding data is deleted on a routine basis, if it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

15. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter in a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (for example, tax regulations) or can also result from contractual provisions (for example, information on the contractual partner). Sometimes it may be necessary to conclude a contract provided by the data subject with the personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with the personal data, when our company signs a contract with him or her. The non-provision of the personal data would have the consequence wherein the contract with the data subject could not be concluded. The data subject must contact any employee before the personal data is provided by the data subject. Here, the employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, or whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

16. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

This Privacy Policy has been generated by the Privacy Policy Generator of the External Data Protection Officers, developed in cooperation with the Media Law Lawyers from WBS-LAW.