These are the guidelines that we use for our websites:
We undertake to comply with the legal privacy provisions and strive to adhere to the principles of data reduction and data economy.
1. Name and address of the controller and data protection commissioner
The controller in the terms of the General Data Protection Regulation and other national data protection acts of the member states of the European Union and any other data protection provisions is:
Dr. Klaus Karg KG
Represented by Dr. Klaus Karg
Alte Rother Str. 10
Phone: 09122 6311- 0
Fax: 09122 6311 - 63
The data protection commissioner of the controller is:
Eschenbacher IT-Consulting & Service
3. Lawfulness of processing personal data
We will only process your personal data, such as your first name and surname, your e-mail address, your IP address etc., if there is a corresponding legal basis for it. This includes without limitation the following three provisions of the General Data Protection Regulation:
- You granted us permission to process your personal data for one or more purposes, article 6 paragraph 1 sentence 1 a of the GDPR. In this case we will inform you in detail on the purpose(s) of processing and your express consent will be documented in our files.
- Processing your personal data is necessary for the performance of a contract or in order to take steps with you prior to entering into a contract, article 6 paragraph 1 sentence 1 b of the GDPR.
- Processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, article 6 paragraph 1 sentence 1 f of the GDPR.
We will always point out the legal basis of processing your personal data at the appropriate times.
4. Disclosure of personal data
We will not disclose your personal data to any third parties for any other than the purposes stated below. We will only disclose your personal data to any third parties if:
- You granted express permission in accordance with article 6 paragraph 1 sentence 1 a of the GDPR,
- Disclosure according to article 6 paragraph 1 sentence 1 f of the GDPR is required for the establishment, exercise or defence of legal claims and there is no reason to assume that you have compelling legitimate interest in non-disclosure of your data,
- If there is a legal obligation to disclose data according to article 6 paragraph 1 sentence 1 f of the GDPR,
- If it is legally permissible and necessary for the execution of any contractual relationships with you according to article 6 paragraph 1 sentence 1 f of the GDPR.
5. Duration of storage and deletion
We will only store the personal data you submit for as long as they are needed to fulfil the purposes for which they were submitted or for as long as prescribed by law. When the purpose has been fulfilled and/or the legal storage period has expired, we will delete or block the data.
6. SSL encryption
For security reasons and in order to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator, we use SSL encryption. You can detect encrypted connections because the address bar of the browser changes from “http://” to “https://” and there is a lock symbol before the URL. With an activated SSL encryption, no third party can read any data that you transfer to us.
7. Collection and storage of personal data and how and to what purpose we will use it
a) When you visit the website
When you access our website, the browser used on your device will automatically send certain information to our website server. This information will be temporarily stored in a so-called log file. The information that will be automatically collected and stored until the automatic deletion will be the following:
- IP address of the computer sending the request
- date and time of access
- name and URL of the requested file
- browser used and in some cases the operating system your computer uses and the name of your access provider
We will process these data for the following purposes:
- evaluation of the security and stability of our system
Any data that can be tracked back to you, such as the IP address, will be deleted after 7 days or earlier. If we store the data longer, then we will allocate pseudonyms so that tracking them to you is no longer possible.
Legally, the data processing is based on article 6 paragraph 1 sentence 1 f of the GDPR. Our legitimate interest stems from the above purposes for the collection of data. We will never use any data collected to try and track you as a person.
b) Google Maps
This website uses the Google Maps API. By using Google Maps, certain data on how you use this website (including without limitation your IP address) can be sent to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) in the USA and be stored there.
Google might transfer such data to a third party if this is a legal requirement or if such third party acts as a data processing commissioner on behalf of Google. However, your IP address will never be connected to any other Google data. We still need to point out that, technically, it is possible for Google to identify individual users based on the data received.
Google Maps is intended as a service for you so you can see where exactly we are located and if needed plan your route accordingly. Using Google Maps is therefore based on our legitimate interest according to article 6 paragraph 1 sentence 1 f of the GDPR.
The data processed by the cookies are necessary for the purposes stated in order to protect our and third parties’ legitimate interest according to article 6 paragraph 1 sentence 1 f of the GDPR.
Most browsers are set in a way that makes them accept cookies automatically. You can change the settings so that either no cookies will be stored on your device or you will be notified before any new cookies are stored. If you deactivate cookies completely, you might experience some difficulties if you want to use all the functions presented on our website.
Below we give you more details on the different kinds of cookies we use.
- Session cookies
To improve the user experience of our offers, we use so-called session cookies that detect whether you have visited any individual pages of our website before.
These session cookies will be deleted automatically once you leave our website.
b. Temporary cookies
Such temporary cookies will be stored on your device for a fixed period.
c. Optimization cookies
They will be deleted after a certain fixed period.
9. Analysing and tracking tools
We use the following analysing and tracking tools on our website. Their purpose is to ensure continuous optimization of our website and to adapt it to specific needs.
This interest is legitimate according to article 6 paragraph 1 sentence 1 f of the GDPR. The purposes of data collection and the data categories are each stated in the respective tools.
a) Google Analytics
On our website, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/en/about/) (1Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; hereinafter referred to as “Google”).
- the name and version of browser used
- the operating system of your computer
- the website from which you access our website (referrer URL)
- the IP address of the computer sending the request
- the time of server inquiry
will usually be transferred to a Google server in the USA and be stored there.
We activated IP anonymization on our website, so your IP will be shortened beforehand by Google within the member states of the European Union or any other member states of the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and be shortened there.
Google will use these data on our behalf to analyse how you use this website, to create reports on the activity on the website and to render other services to us relating to how the website and the internet is used. Google will not collate the IP address transmitted by your browser in the scope of Google Analytics with other data from Google.
You can prevent cookies from being stored by adjusting the preferences of your browser software. However, we would like to point out that if you do so, you may not be able to use some of the functionalities of our website fully.
In addition, you can also prevent that any data created by cookies and relating to how you use this website (including without limitation your IP address) be collected and processed by Google by downloading and installing the browser plugin from the following link https://tools.google.com/dlpage/gaoptout?hl=en.
You can prevent Google Analytics from collecting your data by clicking on the following link. This will set an opt-out cookie preventing any collection of your data when you visit our website in the future:
Deactivate Google Analytics
b) Google Remarketing
We use the Remarketing function from Google Analytics in order to provide marketing campaigns, including without limitation Google AdWords campaigns, to the visitors of our website.
This means that you will see relevant ads based on your previous visits to our website when you visit other websites in the Google Display Network.
With the DoubleClick cookie, Google can show us and other third-party vendors targeted ads corresponding to the interests determined from your previous visits to our website and/or other websites. These ads can be displayed on Google websites and/or the websites of other operators of the Google ad network. We also use the Google Analytics ad feature to analyse the effectiveness of our own ad campaigns.
You can adjust the Google ad settings to your own preferences and opt out of Google ads that are based on your interests. In this case, the cookie ID (set individually for each cookie) of the DoubleClick cookie will be overwritten and it will no longer be possible to allocate it to a certain browser.
If you delete all cookies from your device, a new DoubleClick cookie might be set. This means you might have to renew your opt-out settings. You can permanently deactivate the DoubleClick cookie by downloading and installing the respective browser plugin from here: http://www.google.com/settings/ads/plugin. You can deactivate third-party cookies for the purpose of online ads on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
If you agreed in your Google account that your Google web and app browser history can be linked to your Google account and that information from your Google account may be used to personalize ads, Google will use your data in combination with Google Analytics data for the creation of target group lists for Remarketing over several devices. To this end, Google Analytics collects IDs connected to your Google account, authenticated by Google for you as a user of our website. Google Analytics then temporarily links these IDs to Google Analytics data to optimize our target groups.
Click here to see an overview of Google’s privacy settings.
c) Google reCaptcha
On our websites we use the reCAPTCHA service of Google Inc (1600 Amphitheatre Parkway, Mountain View, California, 94043) for our contact forms to differentiate human input from automatic, fraudulent machine input. We have a legitimate interest in protecting our web offers from fraudulent automatic use and spam.
For reCAPTCHA queries, both your IP address and any other data that Google might need for reCAPTCHA will be transferred to Google and be processed there.
There are three query options:
- No CAPTCHA reCAPTCHA: You will only have to check a box confirming that you are not a robot.
- Image reCAPTCHA: You will see 9 image sections and will be asked to select similar elements (e. g. all images showing road signs).
- Text reCAPTCHA: You will need to enter text that is hard to read and shown as image(s).
10. Rights of the data subject
You are entitled to the following:
a) Right of access
According to article 15 of the GDPR, you are entitled to obtain information on your personal data processed by us. This includes without limitation information on
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request rectification or deletion of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, and if possible meaningful information about the logic involved
b) Right to rectification
According to article 16 of the GDPR, you have a right to rectification of inaccurate or incomplete personal data that are stored with us without undue delay.
c) Right to deletion
According to article 17 of the GDPR, you have a right to deletion of your personal data stored with us without undue delay unless further processing is necessary due to one of the following reasons:
- For exercising the right of freedom of expression and information
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- For reasons of public interest in the area of public health in accordance with article 9 paragraph 2 h and i and article 9 paragraph 3 of the GDPR
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 paragraph 1 of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
- For the establishment, exercise or defence of legal claims
d) Right to restriction of processing
According to article 18 of the GDPR, you are entitled to demand restriction of processing of your personal data where one of the following applies:
- You contest the accuracy of your personal data.
- The processing is unlawful and you oppose the deletion of the personal data.
- We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
- You have objected to processing pursuant to article 21 paragraph 1 of the GDPR.
e) Right of notification
We will communicate any rectification or deletion of personal data or restriction of processing carried out in accordance with article 16, article 17 paragraph 1 and article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You are entitled to know who those recipients are.
f) Right to data portability
You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to have the personal data transmitted directly to a third party if the processing was carried out automatically and is based on consent according to article 6 paragraph 1 sentence 1 a or article 9 paragraph 2 a or a contract according to article 6 paragraph 1 sentence 1 b of the GDPR.
g) Right to withdraw your consent
According to article 7 paragraph 3 of the GDPR, you have the right to withdraw your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent before revocation. From the time of withdrawal we will no longer be entitled to continue processing your data based on the consent revoked.
h) Right to lodge a complaint
According to article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that processing your personal data infringes the GDPR.
i) Right to object
If your personal data are processed based on legitimate interest which is based on article 6 paragraph 1 sentence 1 f of the GDPR, you have the right to object, on grounds relating to your particular situation, or if you want to object to direct marketing, at any time to processing of your personal data. If you want to object to direct marketing, you have a general right to object which we will implement without any information on your particular situation. In order to exercise your right to withdraw or to object, please send us an e-mail to firstname.lastname@example.org.
j) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly affects you significantly. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and us
- is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
- is based on your explicit consent
However, such decisions must not be based on special categories of personal data referred to in article 9 paragraph 1 of the GDPR unless article 9 paragraph 2 a or g of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
We will implement suitable measures regarding the cases stated in point i) and iii) to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
Last updated on May 14, 2018