Data privacy statement

    Thank you for your interest in our company. Data privacy is very important to the management of Heye International. Essentially, it is possible to use the Heye International website without entering any personal data. However, as soon as an affected person wishes to use particular services from our company via the website, the processing of personal data may become necessary. We generally obtain consent from the affected person if we need to process personal data and there is no legal reason for processing such data.

    Personal data, such as the name, address, e-mail address, or telephone number of the affected person, is always processed in line with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Heye International. By means of this data privacy statement, our company would like to inform the public about the nature and scope of the personal data that we collect, use and process. Furthermore, this data privacy statement informs the affected persons of the rights to which they are entitled.

    As the body responsible for processing, Heye International has implemented numerous technical and organisational measures to ensure the maximum possible protection for personal data processed through this website. However, internet-based data transfers can always have security loopholes, so absolute protection cannot be guaranteed. For this reason, all affected persons have the right to communicate personal data to us using alternative methods, for example by telephone.

     

    1. Definitions

    The Heye International data privacy statement is based on the definitions used by the European directive and ordinance regulators in the General Data Protection Regulation (GDPR). Our data privacy statement aims to be clear, legible and understandable, both for the public and for our customers and business partners. In order to guarantee this, we would like to start by explaining the terms used.

    In this data privacy statement, we use the following terms, among others:

     

    • Personal data

    Personal data is all information relating to an identified or identifiable natural person (hereinafter “affected person”). A natural person is deemed to be identifiable if he can be directly or indirectly identified by means of assigning a code such as name, an identity number, location data, an online username or one or more particular features which are an expression of the physical, physiological, genetic, mental, economical, cultural or social identity of this natural person.

     

    • Affected person

    The affected person is any identified or identifiable natural person whose personal data is processed by the body responsible for processing.

     

    • Processing

    Processing is any process or series of  processes carried out in conjunction with the personal data with or without automated procedures, such as recording, organising, filing, saving, adapting or changing, reading, querying, using, publishing by means of transmission, distribution or another form of publication, comparing or linking, restricting, deleting or destroying.

     

    • Restriction of processing

    Restriction of processing involves marking saved personal data with a view to restricting its future processing

     

    • Profiling

    Profiling is any kind of automatic processing of personal data which serves the purpose of using this personal data to evaluate specific personal aspects relating to a natural person, especially to analyse or predict aspects relating to work, financial situation, health, personal preferences, interests, reliability, behaviour, location or relocation for this natural person.

     

    • Pseudonymisation

    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be is attributed to a specific affected person without the inclusion of further information, providing this additional information is stored separately and is subject to technical and organisational measures to guarantee that the personal data cannot be attributed to an identified or identifiable natural person.

     

    • Body responsible (for processing)

    The body responsible for processing is the natural or legal person, authority, facility or similar body which makes decisions on the purposes and means of processing of personal data, either alone or in conjunction with others. If the purpose and means of processing are defined by Union law or the law of the Member State, then the body responsible may be subject to specific appointment criteria in accordance with Union law or the law of the Member State.

    • Order processor

    The order processor is a natural or legal person, authority, facility or other body which processes personal data on behalf of the body responsible.

     

    • Recipient

    The recipient is a natural or legal person, authority, facility or other body to which personal data is disclosed, irrespective of whether it is a third party or not. However, authorities which receive personal data in line with a specific investigation order in accordance with Union law or the law of the Member State are not deemed as recipients.

     

    • Third parties

    A third party is a natural or legal person, authority, facility or other body apart from the affected person, the body responsible, the order processor and persons who are entitled to process personal data under the direct responsibility of the body responsible or the order processor.

     

    • Consent

    Consent is any agreement given freely by the affected person in an informed and unmistakable form as a declaration or other clear confirmation by which the affected person affirms that they are in agreement with the processing of the personal data relating to them.

     

    2. Name and address of the body responsible for processing

    In accordance with the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data protection regulations, the body responsible is:

    Heye International

    Lohplatz 1

    31683 Obernkirchen

    Germany

    Tel.: +49 5724 260

    e-mail: info@heye-international.com

    Website: www.heye-international.com

     

    3. Name and address of the data protection officer

    The data protection officer for the body responsible for processing is:

    Dr Klaus Langrock

    Data privacy and IT security consultant

    Mittelstraße 34

    06198 Salzatal

    Germany

    Tel.: (0345) 5 51 26 20

    e-mail: info@heye-international.com

    Website: www.heye-international.com

    All affected persons may contact our data protection officer directly at any time if they have any questions or suggestions regarding data privacy.

     

    4. Cookies

    The Heye International websites use cookies. Cookies are text files which are set and saved on a computer system via an Internet browser.

    Countless websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a clear identifier of the cookie. It consists of a series of characters by which websites and servers can be assigned to the specific Internet browser in which the perfume saved. This allows the websites and servers visited to differentiate the individual browser of the affected person from other Internet browsers containing other cookies. A specific Internet browser can be recognised and identified by means of the unique cookie ID.

    The use of cookies allows Heye International to provide the users of this website with more user-friendly services, which would not be possible without setting cookies.

    Cookies allow the information and content of our website to be optimised for the user. As mentioned above, cookies allow us to recognise the users of our website. The purpose of this recognition process is to make it easier for visitors to use our website. For example, users of a website which uses cookies do not need to enter their access details again every time they visit the website, because these are taken from the cookie saved on the user’s computer system, Another example is the cookie for the shopping basket in an online shop. The online shop remembers the items that a customer has placed into the virtual shopping basket by means of a cookie.

    The affected person can prevent the saving of cookies by our website at any time by changing the relevant setting in the Internet browser they are using, thus permanently suppressing the saving of cookies. At the same time, cookies which have already been set can be deleted using an Internet browser or other software at any time. This is possible in all conventional Internet browsers. If the affected person deactivates the setting of cookies in the Internet browser they are using, this may mean that, under some circumstances, not all the functions of our website can be used in full.

     

    5. Recording of general data and information

    The Heye International website records a series of general data and information every time the website is accessed by an affected person or an automated system. This general data and information is saved in logfiles on the server. The following data can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system reached our website (known as the referrer), (4) the sub-pages of our website accessed by the device, (5) the date and time of the access to the website, (6) an Internet Protocol address (IP address), (7) the Internet Service Provider of the accessing device and (8) other similar data and information used to defend against risks in the event of attacks on our information technology systems.

    Heye International cannot derive anything about the affected person from the use of this general data and information. This information is required in order (1) to deliver the content of our website correctly, (2) to optimise the content of our website and advertising for it, (3) to guarantee the permanent functionality of our information technology systems and the technology of our website and (4) to provide the criminal investigation authorities with the information necessary for criminal investigation in the event of a cyber-attack. This data and information ,which is collected anonymously, is evaluated by Heye International for statistical purposes and with a view to increasing data protection and security within our company in order to guarantee an optimum level of protection for the personal data which we process. The anonymous data in the server log files is stored separately from all personal data provided by an affected person .

     

    6. Registering on our website

    The affected person has the option of registering on the website of the body responsible for processing by entering personal data. The personal data transmitted to the body responsible for processing is captured by the input screen used for the registration process. The personal data entered by the affected person is used exclusively for internal purposes at the body responsible for processing and collected and saved for its own purposes. The body responsible for processing can authorise forwarding to one or more order processors, for example, courier companies, which also use the personal data exclusively for internal purposes of our body responsible for processing.

    When the affected person registers on the website of the body responsible for processing, the IP address issued by their Internet Service Provider (ISP), and the date and time of registration are also saved. This data is saved as it is the only means of preventing misuse of our services and  the data can be used to investigate criminal offences where necessary. In this respect, it is necessary to save this data for security purposes for the body responsible for processing. This data is essentially not forwarded to third parties, unless there is a statutory obligation to do so or it is forwarded for criminal investigation purposes.

    The registration of the affected person and voluntary provision of personal data allows the body responsible for processing to offer the affected person content or services which, by their nature, can only be provided to registered users. Registered persons have the option of having the data they entered on registration modified or deleted completely from the systems of the body responsible for processing at any time.

    On request, the body responsible for processing will provide information to any affected person at any time on what personal data it holds about the affected person. In addition, the body responsible for processing will correct or delete personal data on the request or instruction of the affected person, providing there are no statutory obligations for it to do otherwise. All the employees of the body responsible for processing are available for the affected person to contact in this respect.

     

    7. Subscribing to our newsletter

    On the Heye International website, users are given the option of subscribing to our company newsletter. The personal data transmitted to the body responsible for processing when the newsletter is ordered is based on the input screen used for this purpose. Heye International will process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR.

    Heye International informs its customers and business partners at regular intervals by sending out a newsletter about company offers. Our company newsletter can only be received by the affected person if (1) the affected person has a valid e-mail address and (2) the affected person registers to be sent the newsletter. For legal reasons, a double opt-in procedure with a confirmation e-mail is applied when the affected person first enters an e-mail address for the newsletter to be sent to. This confirmation e-mail is used to check that the holder of the e-mail address has authorised the receipt of the newsletter as the affected person.

    For a subscription to the newsletter, we also save the IP address issued by the Internet Service Provider of the affected person for the computer system used at the time of registration, and the date and time of registration. The collection of this data is required in order to trace (potential) misuse of the e-mail address of an affected person at a later date and thus provides legal security for the body responsible for processing.

    The personal data obtained in line with a newsletter subscription is used exclusively for sending our newsletter. Newsletter subscribers can also be provided with information by e-mail where this is necessary for the provision of the newsletter service or registration is required in this respect, such as if there are changes to the newsletter service or the technical circumstances. Personal data obtained for the provision of the newsletter service is not passed on to third parties Affected persons can unsubscribe from our newsletter at any time. The consent to the storage of personal data given by the affected person subscribing to the newsletter can be revoked at any time. There is a link to revoke consent in every newsletter. There is also the option of unsubscribing directly from the website of the body responsible for processing or informing the body responsible for processing using other means.

     

    8. Newsletter tracking

    The Heye International newsletter contains what are known as tracking pixels. A tracking pixel is a miniature graphic which is embedded into e-mails sent in HTML format in order to enable logfile recording and analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, Heye International can recognise whether and when an e-mail has been opened by an affected person and which links in the e-mail were clicked on by the affected person.

    This personal data gathered by tracking pixels contained in the newsletters is saved and analysed by the body responsible for processing in order to optimise sending the newsletter and tailor the content of future newsletters better to the interests of the affected person. This personal data is not passed on to any third parties. affected persons have the right to revoke their declaration of consent, which in this case is given separately via the double opt-in process, at any time. Following a revocation, this personal data is deleted by the body responsible for processing. Unsubscription from the newsletter is automatically treated as a revocation by Heye International.

     

    CleverReach

    This website uses CleverReach to send newsletters. The supplier is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service which organizes and analyzes the distribution of newsletters. The data you provide (e.g. your email address) to subscribe to our newsletter will be stored on CleverReach servers in Germany.

    Sending our newsletters with CleverReach enables us to analyze the behavior of newsletter recipients. Among other things, we can find out how many recipients have opened the email containing the newsletter and how often various links contained therein are clicked. With the help of conversion tracking, we can also analyze whether a predefined action (such as the purchase of a product on our website) takes place after clicking on the link in the newsletter. For more information on how data is analyzed by CleverReach, please visit https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

    Data processing is based on Art. 6 (1) (a) GDPR. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

    If you do not want your usage of the newsletter to be analyzed by CleverReach, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.

    The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of CleverReach. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.

    For more information, see the privacy policy of CleverReach at https://www.cleverreach.com/de/datenschutz/.

     

    9. Online contact option

    Based on the statutory regulations, the Heye International website contains information which allows fast electronic contact with our company and direct communication with us, including a general electronic mail or e-mail address. If an affected person makes contact with the body responsible for processing via e-mail or using a contact form, the personal data transmitted by the affected person is saved automatically. This personal data provided voluntarily by an affected person to the body responsible for processing is stored for the purposes of processing the enquiry or contacting the affected person. This personal data is not passed on to third parties

     

    10. Routine deletion and blocking of personal data

    The body responsible for processing only processes and stores personal data relating to the affected person for the period of time required to fulfil the purpose for which they are stored or if the European directive and ordinance regulator or other legislator requires their storage in laws or regulations which the body responsible for processing must comply with.

    If the reason for storage no longer applies or a storage period stipulated by the European directive and ordinance regulator or another appropriate legislator expires, personal data is routinely blocked or deleted in accordance with legal requirements.

     

    11. Rights of the affected person

    • a) Right to confirmation

    All affected persons are granted the right by the European directive and ordnance regulator to demand confirmation from the body responsible for processing as to whether personal data relating to them has been processed. If an affected person wishes to exert this right to confirmation, they can contact any employee of the body responsible for processing about this at any time.

    • b)    Right to information

    All persons affected by processing personal data are granted the right by the European directive and ordinance regulator to obtain information from the body responsible for processing about the personal data held about them and receive a copy of this information free of charge. In addition, the European directive and ordinance regulator grants the affected person the right to the following information:

      • the purposes of processing
      • the categories of personal data which are processed
      • the recipient or categories of recipients to whom the personal data has been or will be disclosed, especially for recipients in other countries or international organisations
      • if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for establishing this period
      • the existence of a right to correction or deletion of personal data relating to them, or to restriction of the processing by the body responsible for processing or the right to object to this processing
      • The existence of a right to complain to a regulatory body
      • If the personal data was not obtained from the affected person: all available information about the origin of the data
      • The existence of automated decision-making processes, including profiling, in accordance with art. 22, para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the range, plus the desired implications of such processing for the affected person

    In addition, the affected person has the right to information on whether personal data is forwarded to a foreign country or an international organisation. If this is the case, the affected person also has the right to obtain information about suitable guarantees in conjunction with this forwarding.

    If an affected person wishes to exert this right to information, they can contact any employee of the body responsible for processing about this at any time.

    • c)         Right to correction

    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator to demand the immediate correction of any incorrect personal data relating to them. In addition, the affected person has the right to demand the completion of incomplete personal data – and this can involve an additional explanation – taking the purposes of the processing into consideration.

    If an affected person wishes to exert this right to notification, they can contact any employee of the body responsible for processing about this at any time.

    • d)        Right to deletion (right to be forgotten)

    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator, to demand from the body responsible for processing that personal data relating to them is deleted immediately, providing one of the following reasons applies and processing is not required.

      • The personal data was gathered or otherwise processed for a purpose for which it is no longer required.
      • The affected person revokes the consent on which the processing in accordance with art. 6, para. 1, letter a GDPR or art. 9, para. 2, letter a GDPR relied, and there is no other legal basis for processing.
      • The affected person objects to the processing in accordance with art. 21, para 1 GDPR, and there are no overriding justified reasons for the processing, or the affected person objects to the processing in accordance with art. 21, para. 2 GDPR.
      • The personal data was processed illegally.
      • Deletion of the personal data is necessary in order to comply with the statutory obligation in accordance with Union law and the law of the Member State to which the body responsible for processing is subject.
      • The personal data was collected in relation to services offered by the information society in accordance with art. 8, para. 1 GDPR.

    If one of the above reasons applies and an affected person wishes to delete the personal data held by Heye International, they can contact any employee of the body responsible for processing at any time. The Heye International employee will ensure that the deletion request is complied with immediately.

    If the personal data was made public by Heye International and if our company as the body responsible for processing in accordance with art. 17, para. 1 GDPR is obliged to delete personal data, then Heye International will take into consideration the available technology and implementation costs and take appropriate measures, including technical ones, to inform other bodies responsible for the processing of the disclosed personal data that the affected person has demanded that these other bodies responsible for data processing delete all links to this personal data or copies or replications of this personal data, providing processing is not required. The Heye International employee will take the necessary steps on an individual basis.

    • e)        Right to restriction of processing

    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator, to demand the restriction of processing by the body responsible for processing if one of the following conditions is fulfilled:

      • The correctness of the personal data is disputed by the affected person, restriction is then for a period of time which involves the body responsible for processing to verify the correctness of the personal data.
      • The processing is illegal, the affected person refuses deletion of the personal data and instead demands restriction of use of personal data.
      • The body responsible for processing no longer requires the personal data for the purposes of processing, but the affected person needs it for the exertion or defence of legal claims.
      • The affected person has objected to the processing in accordance with art. 21, para. 1 GDPR and it is not yet clear whether the justified reasons of the body responsible for processing outweigh those of the affected person.

    If one of the above conditions is fulfilled and an affected person wishes to restrict the personal data held by Heye International, they can contact any employee of the body responsible for processing at any time. The Heye International employee will engineer the restriction of processing

    • f)         Right to data transferability

    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator, to receive the personal data relating to them, as provided by the affected person to a body responsible for processing, in a structured, standard machine-readable format. They also have rights to transfer this data to another body without hindrance from the body responsible for processing to which the personal data was provided, providing processing is based on consent in accordance with art 6, para. 1, letter a, GDPR or art 9, para. 2, letter a, GDPR or on a contract in accordance with art 6, para. 1, letter b, GDPR and processing is carried out using automated methods, providing processing is not required for completion of the task which is in the public interests or the results of the exertion of public powers granted to the body responsible for processing.

    In exercising their right to data transferability in accordance with art. 20, para. 1, GDPR, the affected person also has the right to effect the direct transfer of the personal data from one body to another body responsible for processing, providing this is technically feasible and does not compromise the rights and freedoms of other people.

    In order to assert the right to data transferability, the affected person can consult any employee of Heye International at any time.

    • g)        Right to object

    All persons affected by the processing of personal data at the right, as granted by the European directive and ordinance regulator, to object to the processing of personal data relating to them based on art. 6, para. 1, letter e or f, GDPR for  reasons relating to their personal situation. This also applies to profiling based on these regulations.

    Heye International will cease the processing of personal data in the event of an objection, unless we can provide evidence of urgent proprietary reasons for the processing which outweigh the interests, rights and freedoms of the affected person, or the processing serves to exert or defend legal claims.

    If Heye International processes personal data in order to operate direct advertising, the affected person has the right to object to the processing of personal data for the purposes of such advertising at any time. This also applies to profiling where it relates to direct advertising of this kind. If the affected person objects to processing by Heye International for the purposes of direct advertising, Heye International will no longer process the personal data for these purposes.

    For reasons relating to their personal situation, the affected person also has the right to object to the relevant processing of personal information by Heye International for scientific or historic research purposes or for statistical purposes in accordance with art. 89, para. 1 GDPR, unless this processing is required for the fulfilment of a task in the public interest.

    In order to assert the right to object, the affected person can consult any employee of Heye International directly. In addition, the affected person  is also free to exert their right to object using automated processes based on technical specifications in conjunction with the use of the services of the information society, irrespective of directive 2002/58/EU.

    • h)        Automated decisions in individual cases, including profiling

    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator, not to be subject to a decision-making process which relies exclusively on automated processing – including profiling – and which has a legal implication on them or similarly compromises them in a substantial way, providing the decision (1) is not required for the conclusion or fulfilment of the contract between the affected person and the body responsible for processing, or (2) there are legal regulations from the Union or Member States to which the body responsible for processing is subject which deem the processing authorised and these legal regulations include appropriate measures to preserve the rights and freedoms, and the justified interests of the affected person or (3) the processing takes place with the explicit consent of the affected person.

    If the decision is (1) necessary for the conclusion of the fulfilment of the contract between the affected person and the body responsible for processing or (2) taken with the explicit consent of the affected person, Heye International will take appropriate measures to preserve the rights and freedoms and justified interests of the affected person, including at least the right to engineer the involvement of a person on behalf of the body responsible for processing, the right to present their own point of view and the right to object to the decision.

    If an affected person wishes to exert this right with respect to automated decisions, they can contact any employee of the body responsible for processing about this at any time.

    • i)         Right to revoke consent under data protection laws

    All persons affected by the processing of personal data have the right, as granted by the European directive and ordinance regulator to revoke their consent to the processing of personal data at any time.

    If an affected person wishes to exert this right to revoke their consent, they can contact any employee of the body responsible for processing about this at any time.

     

    12. Data protection for job applications and application processes

    The body responsible for processing collects and processes applicants' personal data for the purpose of completing the application process. Data may also be processed electronically. This is particularly the case if an applicant submits corresponding application documents by electronic means, such as e-mail or a form on the website, so that the person responsible can process them. If the body responsible for processing concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment contract in accordance with statutory regulations. If the body responsible for processing does not conclude an employment contract with the candidate, the application documents will be automatically deleted two months after the decision to reject the candidate is notified, provided that deletion does not prejudice the other legitimate interests of the body responsible for processing. Other legitimate interests in this respect include burden of proof in proceedings under the General Equal Treatment Act (AGG).

     

    13. Data privacy terms regarding the application and use of LinkedIn

    The body responsible for processing has embedded components from the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network which allows users to connect to existing business contacts and establish new ones. LinkedIn has more than 400 million registered users in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

    LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. The contact details of data privacy issues outside the USA are LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

    On every visit to a page of our website which has an embedded LinkedIn component (LinkedIn plug-in), the component triggers the browser used by the affected person to download an image of the component from LinkedIn. Further information on the LinkedIn plug-ins can be found at developer.linkedin.com/plugins. In line with this technical process, LinkedIn gains information on which specific sub-pages of our website are visited by the affected person.

    If the affected person is also logged into LinkedIn at the same time, LinkedIn is also given information on which specific sub-pages of our website have been visited by the affected person every time our website is accessed by the affected person and throughout the duration of their visit. This information is collected by the LinkedIn component and assigned by LinkedIn to the relevant LinkedIn account of the affected person. If the affected person actuates one of the LinkedIn buttons embedded on our website, LinkedIn assigns this information to the personal LinkedIn user account of the affected person and saves this personal data.

    The LinkedIn component always gives LinkedIn information about the fact that the affected person has visited our website if the affected person is also logged in to LinkedIn at the point at which they visit our website, this is irrespective of whether the affected person clicks on the LinkedIn component or not. If the affected person does not wish this kind of information to be transferred to LinkedIn, they can prevent it by logging out of their LinkedIn account before accessing our website.

    At www.linkedin.com/psettings/guest-controls, LinkedIn provides the option of unsubscribing from e-mail messages, text messages and targeted advertising and managing advert settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua und Lotame, which can save cookies. These cookies can.be blocked at www.linkedin.com/legal/cookie-policy. The applicable data privacy terms from LinkedIn can be viewed at www.linkedin.com/legal/cookie-policy. The cookie guidelines from LinkedIn can be viewed at www.linkedin.com/legal/cookie-policy.

     

    14. Data privacy terms regarding the application and use of Matomo

    The body responsible for processing has embedded components from Matomo on this website. Matomo is an open source software tool for web analysis. Web analysis is the gathering, collection and evaluation of data about visitor behaviour on websites. Among other things, a web analysis tool records data on the website from which an affected person accesses a specific website (known as the referrer), which sub-pages of the website were accessed for how often and for how long a sub-page was viewed. Web analysis is primarily used to optimise the website and carry out cost to benefit analysis for Internet advertising.

    The software is operated on the server body responsible for processing with any log files which are sensitive under data protection laws stored exclusively on these servers.

    The purpose of the Matomo components is to analyse visitor flows on our website. The body responsible for processing uses the data and information obtained for various purposes, including evaluating use of this website and generating online reports highlighting activities on our websites.

    Matomo sets a cookie on the information technology system of the affected person. What cookies are has been explained above. Setting the cookie allows us to analyse the use of our website. Every time an individual page of this website is visited, the Internet browser on the information technology system of the affected person is automatically triggered by the Matomo component to transmit data to our server for the purposes of online analysis. As part of this technical process, we become aware of personal data, such as the IP address of the affected person. This is then used, among other things, to derive the origin of the visitor and clicks.

    Cookies are used to save personal information, such as the access time, the location from which the website was accessed and the frequency of visits to our website. Every time our website is visited, this personal data, including the IP address of the internet connection used by the affected person, is transmitted to our server. This personal data is saved by us. We do not pass this personal data on to third parties

    As explained above, the affected person can prevent the saving of cookies by our website at any time by changing the relevant setting in the Internet browser they are using, thus permanently suppressing the saving of cookies. Changing this setting in the Internet browser used will also prevent Matomo being able to save the cookie on the information technology system of the affected person. A cookie which has already been saved by Matomo can also be deleted at any time by an internet browser or other software.

    The affected person also has the option to object to or prevent the recording of data generated by Matomo about the use of this website. To do this, the affected person must set “Do Not Track” in their browser.

    However, setting the opt-out cookie doesn’t mean it is possible that the affected person is no longer able to use the websites of the body responsible for processing to their full extent.

    You will find more information on Matomo's applicable data privacy terms at matomo.org/privacy/.

     

    Data Storage by “Matomo” Web Analysis Service

    You can deactivate the web analysis at anytime:

    Objection against Data Storage

    15. Data privacy terms regarding the application and use of YouTube

    The body responsible for processing has embedded components from YouTube on this website. YouTube is an Internet video portal which allows video publishers to upload video clips free of charge, and allows other users to view rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which means that  complete films and boxsets, music videos, trailers and videos produced by users themselves are all available to view on the Internet portal.

    The operating company is YouTube, LLC, 901 Cherry Ave., San Bruno CA 94 066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

    Every time an individual page of the website operated by the body responsible for processing and including a YouTube component (YouTube plug-in) is accessed, the internet browser on the information technology system of the affected person is automatically triggered to download an image of the relevant YouTube component from YouTube. Further information about YouTube can be found at www.youtube.com/yt/about/de/. In line with this technical process, YouTube gains information on which specific sub-pages of our website are visited by the affected person.

    If the affected person is logged into YouTube at the same time, and a sub-page containing a YouTube video is accessed, YouTube recognises which specific sub-page of our website the affected person is visiting. This information assigned by Google and YouTube to the relevant YouTube account of the affected person.

    The YouTube component always gives YouTube and Google information about the fact that the affected person has visited our website if the affected person is also logged in to YouTube at the point at which they visit our website, this is irrespective of whether the affected person clicks on the YouTube video or not. If the affected person does not wish this kind of information to be transferred to YouTube and Google, they can prevent it by logging out of their YouTube account before accessing our website.

    The privacy guidelines published by YouTube at www.google.de/intl/de/policies/privacy/ provide information about the collection, processing and use of personal data by YouTube and Google.

     

    16. Legal basis for processing

    Art. 6 I, letter a GDPR serves our company as the legal basis for all processing for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract where the affected person is a contracting party, as is, for example, the case for processing for the supply of goods or the provision of services or counter-services, then processing is based on art. 6 I, letter b, GDPR. The same applies for the processing required for the implementation of pre-contractual measures, such as enquiries about our products or services. If our company is subject to statutory obligation which requires the processing of personal data, such as the fulfilment of tax obligations, then processing is based on art. 6 I, letter c, GDPR. In rare cases, the processing of personal data can be necessary to protect the vital interests of the affected person or another natural person. This would be the case if, for example, a visitor to our company were injured, and  their name, age, health insurance details and other critical information needed to be passed on to a doctor, hospital or other third party. Processing would then be based on art. 6 I, letter d GDPR. Finally, processing can be based on art. 6 I, letter f GDPR. This covers processing which is not covered by any of the above legal bases, if the processing is necessary to preserve the justified interest of our company party, providing this is not outweighed by the interests, basic rights and basic freedoms of the affected person. This kind of processing is permitted in particular if it is mentioned specifically by the European legislator. In this respect, it has expressed the view that a justified interest could be assumed if the affected person the customer of the body responsible for processing (consideration reason 47, clause 2 GDPR).

     

    17. Justified interests in processing pursued by the body responsible processing or a third party

    If the processing of personal data is based on art. 6 I, letter f GDPR, our justified interest is understood as the running of our business for the benefit of all our employees and our shareholders.

     

    18. Period of time for which personal data is stored

    The criterion for the duration of storage of personal data is the relevant statutory holding period. At the end of this period, the relevant data is deleted on a routine basis, providing it is no longer required for contract fulfilment or conclusion.

     

    19. Statutory or contractual regulations on the provision of personal data; requirement for contract conclusion; obligation of the affected person to provide the personal data; potential consequences of non-compliance

    We would like to point out that the provision of personal data is sometimes a statutory requirement (e.g. tax regulations) all a requirement under contractual terms (e.g. information on contract partner). In order to conclude a contract, it may be necessary for the affected person to provide us with personal data which we then have to process. For example, the affected person is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide the personal data would mean that the contract could not be concluded with the affected person. Before providing personal data, the affected person must consult one of our employees. Our employee will clarify to the affected person on a case-by-case basis whether the provision of the personal data is a requirement of the law or the contract or whether it is required in order to conclude the contract or whether there is a requirement to provide personal data and what consequences of failure to provide the personal data would be.

     

    20. Automated decision-making processes

    As a responsible company, we do not use automated decision-making processes or profiling.