Privacy Policy: How we process your personal Data

In this privacy policy, we inform you about how we process your personal data (hereinafter “your data”). We explain to you which of your data we process and we describe the purpose, extent, and legal basis for the data processing procedures concerning you.

This privacy policy covers all of our processing of your data, both on this website and as part of the provisioning of our services.

Controller

The controller according to Art. 4(7) of the General Data Protection Regulation (GDPR) is:

Nils Anspach
c/o Postflex #3191
Emsdettener Str. 10
48268 Greven
Germany

E-mail:

General Notes

Extent of Data Processing

We collect and process your data only to the extent necessary for us to provide a functional, stable, and secure website as well as our contents and services.

We collect and process your data only after your explicit consent unless obtaining that consent is not possible for us due to factual reasons and the respective data processing is permitted by legal provisions.

Duration of Data Processing

Your data will be erased when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

In addition to that, your data will be erased when you withdraw consent on which the processing is based according to Art. 6(1)(a) GDPR, and where there is no other legal ground for the processing.

Your data will also be erased when you object to the processing of your data and there are no overriding legitimate grounds for the processing.

Note that processing your data might be required by European and/or national laws and/or regulations (e.g., statutory storage obligations) in which case we cannot erase your data until the respective retention periods expire. In those situations, we will block your data and access them only for the legally mandated purposes.

If more specific provisions apply to a particular processing of your data with respect to data erase, we will detail them where appropriate.

Legal Basis for Data Processing

In the following, we list the fundamental provisions of the GDPR that serve as the legal basis for processing your data. If more specific provisions are relevant in an individual case, we state those where appropriate in this privacy policy.

Art. 6(1)(a) GDPR (“consent”): You have given consent to the processing of your personal data for one or more specific purposes.

Art. 6(1)(b) GDPR (“contract”): Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

Art. 6(1)(c) GDPR (“legal obligations”): Processing is necessary for compliance with a legal obligation to which the controller is subject.

Art 6(1)(d) GDPR (“vital interests”): Processing is necessary in order to protect your vital interests or those of another natural person.

Art. 6(1)(f) GDPR (“legitimate interests”): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

Besides the GDPR, additional legal provisions related to the protection of your data apply in Germany. In particular, the controller is subject to the BDSG (Bundesdatenschutzgesetz) and the BlnDSG (Berliner Datenschutzgesetz).

Security of Data Processing

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

In particular, we apply measures to protect the confidentiality and integrity of your data by controlling and restricting the physical and electronic access to them. We store your data safely.

TLS Encryption

To protect the confidentiality and integrity of your data as well as to ensure the authenticity of this website, all communication to/from this website is encrypted via TLS (formerly known as SSL). In particular, this means that your data cannot be read during transport.

You can recognize a working TLS encryption by the scheme (“prefix”) https:// in your browser’s address bar when accessing this website. Depending on your particular browser, additional visual signs might be displayed in your browser.

If you attempt to access this website via http://, i.e.,without transport encryption, we will redirect you to the TLS-encrypted version of this website as noted above. Hence, you should not be able to “accidentally” access this website without proper transport encryption.

Logging

Whenever you access our website, we automatically log some data about this process. The data, which is stored temporarily in log files, is as follows:

  • date and time of your access
  • IP address of your computer
  • web pages accessed by you on this website
  • website from which you came to this website (“Referrer”)
  • type and version of your browser and operating system (“User-Agent”)
  • size of the data transferred from/to you
  • status of the data transfer (i.e., whether successful or not)
  • input you supplied to our website (e.g., in text fields)

The logging of the given data is necessary for this website to work properly in terms of functionality, stability and security. More precisely, logging that data helps us to detect malfunctions in the services provided on this website (e.g., usability defects, defunct or missing web pages, network congestion) and/or malicious user behavior (e.g., hacking attempts and/or denial-of-service attacks).

The logged data is deleted when it is no longer needed for its purpose.
Data only required for you to be able to use this website is deleted when your session is terminated. Other Data is deleted after 7 days.

Since logging the data listed above is necessary for the functional, stable, and secure provision of this website, and hence, in our legitimate interest according to Art. 6(1)(f) GDPR, you cannot object against storing that data, in accordance with Art. 21(1) sentence 2 GDPR.

Cookies

This website uses cookies. A cookie is a small text file that is downloaded to your computer when you access a website for the first time. After that, if you request content on that website (for instance, different web pages) or revisit it later, your browser will send the cookie back to the website (first-party cookie) or to another website (third-party cookie) that has embedded some of its content (e.g., an image) in the respective website. By that, cookies allow a website to recognize your computer while you are accessing that website, and if applicable, when you visit it again at a later time. Depending on the website in question, this might be used, for instance, to save your login status or your user preferences across browser sessions when you access that website, or to associate your shopping cart with you in case of an e-shop, or to analyze your interaction with that website for optimization and/or marketing purposes. Cookies are either temporary (session cookies) or permanent (persistent cookies), depending on whether they are deleted when you close your browser or not.

With respect to the processing of your data on this website and the required legal basis to do so, we separate our cookies into two groups:

  1. cookies that are necessary for us to provide our services on this website in terms of functionality, availability, and security
  2. all other cookies

In case 1, we process the data obtained from the cookies based on our legitimate interests according to Art. 6(1)(f) GDPR (e.g., to provide the services on this website and/or to be able to operate viably as a business) and/or to fulfill the contractual agreements with you and others according to Art. 6(1)(b) GDPR.

In case 2, we will ask you explicitly (e.g., via a pop-up window) for your consent to let us process your data from the respective cookie(s). Should you agree (opt in), then the legal basis for the data processing will be the respective agreement you gave your approval to, in accordance with Art. 6(1)(a) GDPR. These cookies will not be sent to your browser until you give your consent.

You retain full control over the cookies we store on your computer. Depending on whether the processing of your data via cookies is legally based on your consent or a legal permission, you may revoke your previously given consent or object the processing, respectively (opt out).
One way to object the processing of your data via cookies, is to alter the settings in your browser by deactivating the use of cookies. Basically all browsers also provide a user control element (e.g., a menu item) to delete the currently stored cookies. Since these procedures likely do not differentiate between cookies required for us to provide our services and other, non-functional cookies, our services might be limited for you in that case. In case of opt-in cookies (case 2 above), you will be given the opportunity on our website to revoke your explicitly given consent should this website currently use such cookies.

Session cookies will be deleted automatically when you leave our website and close your browser. Persistent cookies on the other hand typically persist your browser session. Unless we inform you about the lifetime of a persistent cookie explicitly (e.g., in case of a opt-in cookie (see case 2 above)), you should assume the lifetime of that cookie to be up to two years.

Google Analytics

On this website we use the web analytics service Google Analytics provided by US company Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). Within the European Economic Area (EEA) and Switzerland your provider is Google Ireland Ltd. (Gordon House, Barrow Street Dublin 4, Irland).

What Is Google Analytics and Why Do We Use It?

Google Analytics is a service that collects data about user interactions on this website. For instance, if you click on a link on this website, that information is processed by Google Analytics.

For Google Analytics to work properly, a so called Measurement ID is implemented in our website. Via this Measurement ID, user interactions with our website can be captured and sent to Google Analytics.

We then get statistics and reports from Google Analytics about the captured user behavior. These statistics and reports enable us to to improve our website and our services and to optimize our advertisement and marketing campaigns by better understanding our users’ interactions with this website. In the end, the statistics and reports provided to us by Google Analytics about this user interaction enable us to provide you a better user experience when visiting this website.

What Data Is Stored by Google Analytics?

From the Measurement ID Google Analytics creates a unique user ID which is stored in your Google Analytics browser cookie. Your interactions with this website is then stored together with this user ID. If you also use other Google services (for instance, a Google account), then data generated from Google Analytics can also be associated with third-party cookies. Google does not distribute Google Analytics data unless a website owner explicitly permits this. Exceptions from this rule might arise due to legal requirements.

Google Analytics collects the following data from a user visiting this website: IP address, date and time of website access, click path, information about the user’s browser and device, visited pages on this website, referrer URL, location data. Google Analytics employs technologies like cookies, browser storage and pixels in order to provide its services.

Where and for How Long Is Your Data Stored?

Google’s servers are distributed around the world with most of Google’s servers being located in the United States. Your data is stored on one or more of these servers.

Google Analytics as implemented on this website stores your data for up to 14 months.

How Can You Delete Your Data or Prevent Storing Your Data?

You can prevent capturing your data on this website by not selecting the respective Google cookies in the cookie consent pop-up banner which is displayed when you first visit this website. Alternatively, you can delete those cookies anytime later in the cookie configuration menu. Apart from that, you can download and install the following browser plugin: https://tools.google.com/dlpage/gaoptout. This browser plugin prevents your data from being captured by Google Analytics.

What Is the Legal Basis for Processing Your Data?

The use of Google Analytics requires your explicit consent. We query and record that consent via the cookie consent pop-up banner that is displayed when you first visit this website. You can revoke or give your explicit consent anytime later via the cookie configuration menu. According to Art. 6(1)(a) GDPR, this explicit consent is the legal basis for the processing of your data.

We concluded an data processing agreement with Google based on Art. 28 GDPR. This agreement is required by law due to the fact that Google processes personally identifiable information. As part of this agreement, Google commits to process data received from us according to the GDPR.

In addition to that, based on a standard contract, Google commits itself to follow European data protection standards when processing data of European persons even if that data is stored and processed not within the realm of the GDPR (for instance, in the United States).

Further Information

Additional information about the terms and conditions and data privacy of Google Analytics can be found here: https://marketingplatform.google.com/about/analytics/terms/us/, https://policies.google.com.

Contacting

If you contact us (e.g., via e-mail, telephone, or contact forms), we process the data supplied via the respective means of communication as far as this is required to take care of your concerns (e.g., to answer a support question).

We process your communicated concerns in order to fulfill a contract of which you are a party or in order to take steps at your request prior to entering into a contract according to Art. 6(1)(b) GDPR, or due to our legitimate interests as a viable business in taking care of your concerns, according to Art. 6(1)(f) GDPR.

Otherwise, the general notes given above (see here) apply.

E-mails

For sending, receiving, filtering, and storing of e-mails, we fall back to external service providers. These are subject to the GDPR, the BDSG (Bundesdatenschutzgesetz) or corresponding national laws, and other laws ensuring the protection of your data.

From e-mails sent to us we process the sender, the receiver, the subject, other information (like the sender’s service provider), and the e-mail’s content.

Newsletters

By subscribing to any of our newsletters, you consent that we may inform you via e-mail about our products and services as advertised for the respective newsletter and that we may process your data as detailed below.

For the processing of your data according to this section of our privacy policy, we request your consent before the subscription process. For that purpose, we link to this section of our privacy policy and require you to explicitly accept it before we start your subscription process to the respective newsletter.

For the subscription process we use a so called double opt-in procedure: After you sent us the subscription form with your data, you will receive an e-mail from us with an activation link. Only if you click on that link will your subscription be effective. By that, we prevent misuse of your e-mail address by an unauthorized third party.

If you request subscription to a newsletter, we may store

  • your e-mail address
  • your name
  • your subscription status
  • the date, time, source IP address, and type of change regarding the creation and any subsequent modification of your data

We process your data to transact the double opt-in subscription process, to send you personalized newsletters, to optimize and secure our newsletter service, and to prove your consent and subscription status in order to be able to defend against potential claims. We will not use your data for other purposes.

Your data will not be made accessible to a third party.

If you do not complete the subscription process by not clicking on the activation link we sent to you as part of the double opt-in procedure, we will delete your data not later than 28 days after you sent us your subscription request. This should make it possible for a broad range of prospective customers to complete their subscription process within a reasonable amount of time. Otherwise, i.e., if you complete the subscription process by clicking on the activation link, we will process your data as long as you are subscribed to the respective newsletter. If you unsubscribe from a newsletter, i.e., cancel your subscription, we will preserve your data for up to three years after your cancellation becomes effective in order to retain proof of your consent and subscription status and be able to defend against potential claims. Upon cancellation of your subscription, your data will not be processed anymore except for the aforementioned purpose. After the given retention period has expired, all your data will be deleted.

At any time, you may withdraw your consent to the processing of your data by unsubscribing from the respective newsletter from within your profile settings which are accessible from your received newsletter e-mails or alternatively, by writing a corresponding e-mail or letter to the controller according to this privacy policy. In any case, you will be unsubscribed from the corresponding newsletter(s) and you will not receive it/them anymore. The lawfulness of the processing of your data based on your consent until the withdrawal of your consent will not be affected thereof.

The legal basis for the processing of your data is your consent given before the subscription process, according to Art. 6(1)(a) GDPR. Preserving your data for a limited period of time for the sole purpose of proving your consent and your subscription status after you withdraw your consent to the processing of your data is based on our legitimate interest, according to Art. 6(1)(f) GDPR, to be able to defend ourselves against potential claims.

Our newsletters might contain so called “web beacons”, i.e., small resources (e.g., one-pixel images), which are loaded from our servers when you open the respective newsletter and/or click on one of the contained links. These resources allow us to statistically analyze how many newsletters are actually read by our subscribers and which of the contained links are clicked by them. We only use that information for optimizing the content and distribution of our newsletters. The returned information will not be attributed to a particular subscriber.

Online Sales

If you purchase a product on one of our websites, we process the following data from you:

  • the date and time of your purchase
  • the product you purchased, its price, and the amount of paid taxes
  • any discount to your purchase
  • your e-mail address
  • your name
  • your billing address
  • your IP address
  • the payment service provider of your purchase
  • the transaction ID of the payment service provider for your purchase
  • the status of your purchase (e.g., complete, failed, refunded)

We process that data in order to enter in a contract with you, and/or to perform that contract, and/or to fulfill our statutory obligations related to your purchase. Depending on your chosen payment method, the data needed to transact your payment will be passed to the corresponding payment service provider. Our payment service providers are subject to the GDPR. The legal basis for the processing of your data is Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

We process your data as long as necessary to fulfill our contractual obligations. When your data are no longer required for that purpose, we will delete them unless there are statutory obligations to retain them. In that case, we will block access to your data except for the aforementioned purpose.

You have the right to object the processing of your data. In that case, we will delete your data unless we are required to process or retain them due to contractual and/or statutory obligations.

Your Rights

According to Art. 15 to 21 and 77 of the GDPR, you are granted a number of rights:

  • Right of access: You have the right to obtain confirmation as to whether, and, where that is the case, which personal data are processed, a copy of those personal data, and other information.
  • Right to rectification: Your have the right to have your personal data be completed if it is incomplete and the right to rectification should your personal data be inaccurate, subject to legal provisions and obligations.
  • Right to erase and/or restriction of processing: You have the right to have your personal data be erased or its processing be restricted subject to legal provision and obligations.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those personal data to another controller if the legal requirements are fulfilled.
  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you according to Art. 6(1)(e) or (f) of GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing which includes profiling to the extent that it is related to such direct marketing.
  • Right to revoke: You have the right to revoke consent you gave to processing personal data concerning you.
  • Right to complain: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular (if applicable) in the EU member state of your habitual residence, place of work, or place of the alleged infringement, if you are convinced that the processing of personal data relating to you infringes this regulation.

Changes to This Privacy Policy

We reserve the right to change this privacy policy. The necessity for a change might arise, for instance, in case of a modification of our data processing procedures or due to updated statutory requirements.
Should we need your explicit consent in a particular case, we will inform you.