Data Protection according to DSGVO
General information on data protection
The protection of your personal data is very important to us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national legal provisions.
You can of course revoke your declaration(s) of consent at any time with effect for the future. To do so, please contact the person responsible in accordance with § 1.
The following declaration provides an overview of the type of data collected, the way in which this data is used and passed on, the security measures we take to protect your data and the way in which you can obtain information about the information given to us.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a) of the EU General Data Protection Regulation (DSGVO) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) S. lit. b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6 (1) sentence 1 lit. c) DSGVO serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f) DSGVO serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
§ 1 THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER
(1) Name and address of the data controller
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Tel.: +49 5054-249
(2) The data protection officer of the data controller is:
Akwiso Data Protection & Audit
Tel.: 0831 / 5124-7030
§ 2 DEFINITIONS
The data protection declaration is based on the terms used by the European legislator when adopting the EU General Data Protection Regulation (hereinafter referred to as: "DSGVO"). The data protection declaration is intended to be easy to read and understand. To ensure this, the most important terms are explained below:
(a) Personal data means any information relating to an identified or identifiable natural person (hereinafter: "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
(c) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(d) Profiling means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
(e) 'pseudonymisation' means the processing of personal data in such a way that the personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
(f) Controller or controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
(g) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(h) recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
(i) third party means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
j) consent means any freely given specific and informed indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed.
§ 3 PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
(1) In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we automatically collect the following data and information from the computer system of the calling computer each time the website is called up:
a) The IP address of the user
b) Information about the type of browser and the version used
c) The user's operating system
d) The user's Internet service provider
e) Date and time of access
f) Websites from which the user's system accesses the Internet page
g) Websites that are accessed by the user's system via our Internet site
h) Content of the calls (specific pages)
i) Amount of data transferred in each case
j) Language and version of the browser software
k) Search engines used
l) Names of downloaded files
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
(2) The legal basis for the temporary storage of the log files is Art. 6 para. 1 p. lit. f) DSGVO.
(3) The temporary storage of the IP address by the system is necessary in order to
a) enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
b) optimise the content of our website and the advertising for it
c) to ensure the functionality of our information technology systems and the technology of our website
d) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f) DSGVO.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected - in this case at the end of the usage process. Storage beyond this period is possible. In this case, the IP addresses are deleted or made anonymous so that it is no longer possible to assign the calling client.
(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility of objection.
(1) This website uses so-called cookies. Cookies are small text files which, as soon as you visit a website, are sent to your browser by a web server and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and are stored on your computer and provide the user (i.e. us) with certain information. Cookies are used to make the website more customer-friendly and secure, and in particular to collect usage-related information, such as frequency of use and number of users of the pages and behaviour patterns of page use. Cookies do not cause any damage to the computer and do not contain viruses.
This cookie contains a characteristic character string (so-called cookie ID), which enables the browser to be uniquely identified when the website is called up again.
- Borlabs cookie
- Google Tag Manager
- Language settings
- Articles in a shopping cart
- log-in information
- personal settings
We require cookies for the following applications:
- Shopping cart
- Acceptance of language settings
- Remembering search terms
The user data collected through technically necessary cookies are not used to create user profiles.
§ 5 NEWSLETTER
(1) If you purchase goods or services from us and provide us with your e-mail address, we may subsequently use this e-mail address to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. The legal basis for sending the newsletter is Art. 7 Para. 3 UWG.
For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
Only your e-mail address is required for sending the newsletter. The provision of further data [such as title, first name and surname] is voluntary and is used to address you personally.
If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services.
The data will be used exclusively for sending the newsletter.
(2) The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 p. 1 lit. a) DSGVO if consent has been given.
(3) The collection of the user's email address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your e-mail address will therefore be stored as long as the subscription to the newsletter is active. The other personal data collected in the course of the registration process will generally be deleted after a period of seven days.
(5) You can cancel the receipt of our newsletter at any time and thus revoke your consent by clicking on the "Unsubscribe from newsletter" field in our newsletter unsubscribe or by sending us an e-mail to the contact details given in the imprint.
This also enables you to revoke your consent to the storage of the personal data collected during the registration process.
ADDITIVE Online Marketing
In addition to our website, we also operate optimised sales landing pages. In order to process your enquiry, booking, order, activation, registration or other submission of a form on such a landing page and to store and retain your data, we use common cloud services and CRM systems as well as software from ADDITIVE OHG, 39011 Lana (BZ), Italy ("ADDITIVE"). By means of these services and systems, your data is also processed and stored, at least in part, outside the EU or the EEA. The appropriate level of data protection results from an adequacy decision of the European Commission ("Privacy Shield") or from the concluded order processing agreements with the respective companies.
Our landing pages use functions of the Google Analytics web analysis service of Google Inc ("Google"). Cookies are used for this purpose, which enable an analysis of the use of the website by its users. The information thus generated is transferred to the provider's server and stored there. You can prevent this by setting up your browser in such a way that no cookies are stored or you are informed about the setting of cookies and you only allow this in individual cases.
Your IP address is recorded, but anonymised immediately (e.g. by deleting the last 8 bits). This means that only a rough localisation is possible. The relationship with the web analytics provider Google is based on the adequacy decision of the European Commission (in the case of the USA: "Privacy Shield"). You can prevent the storage of cookies by setting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Our landing pages also use functions from ADDITIVE for cross-channel recording of the use of our websites as well as marketing and sales measures such as landing pages, newsletters and social media presences. ADDITIVE has insight into the data collected via Google Analytics. This data is not used for purposes other than analysing the use of our websites and evaluating our marketing and sales measures.
The data processing is carried out on the basis of the legal provisions of Art 6 para 1 lit f (legitimate interest) of the DSGVO.
Our concern within the meaning of the DSGVO (legitimate interest) is to improve our offer and our website by analysing the use of our website as well as sales and marketing measures.
In addition, our landing pages use remarketing functions of Google Inc ("Google") and Facebook Inc ("Facebook"). In doing so, it is transmitted to Facebook and Google that you have visited this website. These functions are used to present visitors to the landing pages with interest-based advertisements in the Google advertising network or in the Facebook and Instagram social networks.
Data processing in connection with these remarketing functions is carried out on the basis of the legal provisions of Art 6 para 1 lit a (consent) of the DSGVO.
§ 6 REGISTRATION
(1) We offer you the opportunity to register on our website by providing personal data. The data is entered in an input mask and transmitted to us and stored. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves criminal or legal prosecution purposes.
The following data is collected as part of the registration process:
- e-mail address
- Possibly self-selected password (there is no obligation to use a clear name, pseudonymous use is possible)
- Freely chosen user name
- IP address
- Date and time of registration
All details can be managed and changed in the protected customer area. As part of the registration process, the user's consent to the processing of this data is obtained.
(2) We use the so-called double-opt-in procedure for registration. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to register. If you do not confirm your registration within [14 days], your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) If the user has given his or her consent, the legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a) DSGVO.
If the registration serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b) DSGVO.
(4) Registration is necessary for the performance of the contract or for the implementation of pre-contractual measures. (further description of the contract; norms according to EGBGB and BGB).
(5) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed cannot be determined in general terms, but must be determined for each individual contract and contracting party.
(6) If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
Otherwise, you are free to have the personal data provided during registration completely deleted from the data stock of the controller. Upon request, the controller will provide you at any time with information about which personal data is stored about the data subject. Furthermore, the controller shall correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention obligations. You can write to the data controller or the data protection officer in accordance with § 1 at any time by e-mail or post and ask for the deletion/amendment of the data.
§ 7 E-COMMERCE
(1) If you would like to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. The data is entered in an input mask and transmitted to us and stored. The following data is collected within the framework of the web shop / booking section
- Name (title, first name, surname)
- Persons travelling with you (booking section)
- Date of birth (booking section)
- Address (different delivery address, if applicable)
- e-mail address
- IP address
The data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for accounting purposes or for collecting the payment. The data recipients are
- Collection companies, insofar as payment must be collected (forwarding of name, address, order details)
- Credit agencies for checking creditworthiness (forwarding of name, address, date of birth etc.). In this case, the information is only passed on if we make advance payments for orders (e.g. purchase on account).
- The bank for the collection of the payment, insofar as the payment is made via direct debit.
- tourist service providers
(2) The legal basis is Art. 6 para. 1 p. 1 lit. b) DS-GVO. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a) DSGVO.
(3) The compulsory data collected are necessary for the fulfilment of the contract with the user (for the purpose of sending the goods and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your order, if necessary to check creditworthiness or to recover a debt and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after 1 year and 3 months, i.e. your data is only used to comply with legal obligations. If a continuing obligation exists between us and the user, we store the data for the entire duration of the contract and for ten years thereafter (see above). With regard to data provided voluntarily, we will delete the data upon expiry of five years after the execution of the contract, provided that no further contract is concluded with the user during this period; in this case, the data will be deleted upon expiry of five years after the execution of the last contract.
(5) If the data is required for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
Otherwise, you are free to have the personal data provided during registration completely deleted from the data stock of the controller. The controller will provide you with information about which personal data is stored about you at any time upon request. Furthermore, the controller will correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention obligations. You can write to the data controller or the data protection officer in accordance with § 1 at any time by e-mail or post and ask for the data to be deleted/changed.
§ 8 TRANSFER OF PERSONAL DATA TO THIRD PARTIES
In the course of visiting our Soundcloud profile, personal data, i.e. data relating to an identified or identifiable person, is collected from you. In the following, we therefore inform you about the type, scope and purpose of the collection and the use in connection with the visit to our Soundcloud profile. You will receive information on how your data is used and what rights you have with regard to its use.
The information in this privacy notice relates to the collection and processing of your personal data in connection with your visit to our Soundcloud profile, insofar as this is carried out by us.
You can find more information on data processing by the operator of Soundcloud at: https://soundcloud.com/pages/privacy.
Links to external websites
This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or content on this site, you are welcome to point this out to us. In this case we will check the content and react accordingly (notice and take down procedure).
This site uses the open source mapping tool "OpenStreetMap" (OSM) via an API. The provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to store your IP address. This information is usually transferred to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. More information on the handling of user data can be found on the OpenStreetMap data protection page and here http://wiki.openstreetmap.org/wiki/Legal_FAQ.
3. data protection provisions on the use and application of WhatsApp
We offer the possibility to contact us via the messaging service WhatsApp of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If you apply to us via WhatsApp or contact us, we store and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Art. 6 Para. 1 lit. b. DSGVO to process and respond to your request. On the basis of the same legal basis, we may ask you to provide further data (such as address or email address) via WhatsApp in order to be able to assign your request to a specific process.
If you use our WhatsApp contact for general enquiries (such as about our range of services, availability or our website), we will store and use the mobile phone number you used on WhatsApp and - if provided - your first name and surname in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in providing the requested information efficiently and promptly.
Your data will only ever be used to respond to your request via WhatsApp. It will not be passed on to third parties.
Please note that WhatsApp obtains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp account, we use a mobile device whose address book only stores the WhatsApp contact data of those users who have also contacted us via WhatsApp.
For the purpose and scope of the data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of
The company operates an online presence on Facebook, a so-called Facebook Fanpage. The following additional information on data processing applies to visits to our fan page. Information on data protection on Facebook in general can be found at https://www.facebook.com/about/privacy/.
1. joint responsibility & contact details:
We are jointly responsible with Facebook for the operation of our Facebook Fanpage in accordance with Art. 26 DSGVO. For this purpose, we have stipulated in an agreement with Facebook who fulfils which obligations with regard to data protection. This agreement can be accessed here. Accordingly, Facebook is primarily responsible for providing the data subject with information about the joint processing and enabling him or her to exercise his or her data protection rights. Irrespective of this, we hereby inform you about your visit to our fan page.
Our contact details are:
Tel.: +49 5054-249
You can reach Facebook at:
Meta Platforms Ireland Ltd
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
You can reach Facebook online at https://www.facebook.com/help/contact/2061665240770586.
You can reach Facebook's data protection officer at
2. collection and storage of personal data and the nature, purpose and use thereof:
a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under "What types of information do we collect?". If you are not a Facebook user, cookies with identifiers, small text files, may still be stored in your browser, which enable so-called tracking of your user behaviour.
As a rule, the user data when visiting Facebook is also processed by Facebook for market research and advertising purposes. Based on user behaviour (including when visiting our fan page), complex user profiles are created which Facebook can use to play personalised advertisements to the visitor within and outside of Facebook. More information on this can also be found in the Facebook data policy.
If you do not agree to this, you can object here (opt-out).
b) Data used by us ("Page Insights") and legal basis:
Facebook provides us with statistics and usage data that we can use to analyse the use of our Fanpage (so-called "Page Insights"). This enables us to continuously improve our offer on Facebook. As the operator, we do not make any decisions regarding the processing of insights data and all other information resulting from Art. 13 of the GDPR, such as the storage period of cookies on user devices. The primary responsibility under the GDPR for the processing of Insights Data lies with Facebook and Facebook fulfils all obligations under the GDPR with regard to the processing of Insights Data.
As the site administrator, we have no other possibility, not even via user tracking, to evaluate user behaviour on our fan page. It is also fundamentally not possible for us to identify the visitor to the fan page on the basis of the page insights. In particular, we have no right under the agreement to demand that Facebook disclose individual visitor data. Identification is only possible for us if we are able to assign individual profile pictures to "Like" Page Views; however, this is only possible to the extent that our Fanpage has been marked with "Like" by the corresponding visitor and the "Like" Page Views is set to "public".
You can find out what information Facebook uses to create page insights at https://www.facebook.com/legal/terms/information_about_page_insights_data.
The operation of the Faceboook fan page and the use of the page insights serve our legitimate interest in an effective external presentation and efficient communication with our customers and interested parties. This interest justifies the operation of the page both in relation to the legitimate interests of Facebook users and in relation to visitors to our fan page who do not have a Facebook account. Accordingly, the legal basis is Art. 6 para. 1 p. 1 lit. f) DSGVO.
3. transfer of data to third parties:
Data collected by Facebook is exchanged and processed within the entire Facebook group. The Facebook group also includes, for example, Instagram, WhatsApp and Oculus. For example, information collected via Facebook is used to display personalised advertising to the user on Instagram, or information from WhatsApp is used to take action on Facebook against accounts that send spam via WhatsApp. This information can be found in the Facebook Data Policy (https://www.facebook.com/about/privacy/update) under "How do Facebook companies work together?".
The processing of data by Facebook may involve the transfer of user data outside the European Economic Area (EEA), in particular the USA.
4. right of objection:
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to email@example.com.
5. data subject rights:
You have the right to revoke your consent to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. In addition, you have the right to information according to Art. 15 DSGVO, the right to correction according to Art. 16 DSGVO, the right to deletion according to Art. 17 DSGVO, the right to restriction of processing according to Art. 18 DSGVO, as well as the right to data portability according to Art. 21 DSGVO. Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
In principle, you can assert your data subject rights against Facebook as well as against us. Since only Facebook has direct access to your user data, you can most effectively assert your data protection rights against Facebook.
The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).
1. joint responsibility & contact details:
A controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
If you submit personal data to us via our Instagram page and we alone decide on the purposes and means of the processing, is
Tel.: +49 5054-249
sole controller of the processing.
Insofar as personal data are processed in connection with our Instagram page and Facebook alone decides on the purposes and means of the processing, the following is responsible
Meta Platforms Ireland Ltd
4 Grand Canal Square
Grand Canal Harbour
sole controller of the processing.
2. information on data processing by Meta Platforms Ireland Ltd.
When you visit our Instagram page and your browser allows cookies to be stored, Meta Platforms Ireland Ltd stores information in the form of small text files in your browser's memory (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that embeds Facebook technologies. You can find more information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard in the information on Instagram cookies.
We would like to point out that Meta Platforms Ireland Ltd is able, by means of the cookies used, to track your user behaviour (across devices for registered users) on other websites beyond the Instagram platform. This applies both to persons registered with the Instagram platform and to persons not registered there.
We would also like to point out that we have no influence on the data processing carried out by Meta Platforms Ireland Ltd in connection with cookies. It is also possible to visit our Instagram page if you configure your browser so that no cookies are stored by the Facebook platform. Information on how to adjust the settings for cookies in your browser can usually be found in the help section of the browser you are using.
If you are registered or logged in to the Instagram or Facebook platform and would like to avoid Meta Platforms Ireland Ltd being able to associate your visit to our Facebook page with your Instagram or Facebook user account, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser.
4. data processing during interactions on our Instagram page
Our Instagram page offers you the opportunity to react to our posts, comment on them and send us private messages. Please carefully consider what personal data you share with us through our Instagram page. If you wish to avoid Facebook processing any personal data you submit to us, please contact us by other means.
In addition to the content you submit, information about your profile, likes and posts will be visible to us depending on your privacy settings. You can find out how to change your privacy settings in this help article.
The processing of your data when contacting or interacting with our site or its content is carried out by us on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to respond to your request. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.
We process the data you provide in this context and which may be accessible to us in order to protect our legitimate interests in contacting and communicating with our interested parties, which are outweighed by our interests. This is also our legitimate interest in data processing according to Art. 6 Para. 1 S. 1 lit. f DSGVO.
5. processing anonymised data for statistical purposes
We have set up our Instagram page as a business profile and use anonymised page statistics ("Instagram Insights") provided by Meta Platforms Ireland Ltd to provide us with insights about visitors to our Instagram page and their interactions with our Instagram page and its content. We do not contribute to the decision on the means and purposes of processing event data used to generate page statistics. The statistics include the following information:
- Reach, page views, time spent on video posts.
- Interactions such as tagging a post with "like", commenting or sharing posts.
- Demographic information such as age, gender and location.
We use this data to identify trends. It is not possible for us to link back to individuals who triggered these events.
6. rights of data subjects
Below we have summarised the rights of data subjects for you. The full legal texts can be found in the articles mentioned. This summary does not result in any rights beyond those set out in the GDPR.
Data subjects have the following rights vis-à-vis the controller:
- Right to revoke consent (Art. 7 (3) DSGVO): You can revoke your consent to the processing of data at any time with effect for the future.
- Right to information (Art. 15 DSGVO): You can request information about whether personal data about you is being processed. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for this, the existence of a right to rectification, erasure, restriction of processing, objection or the existence of the right of appeal. Furthermore, you can request information about the origin of data that has not been collected from you. You can also ask to be informed whether automatic decision-making is used, whether data is transferred to a third country or to an international organisation and on the basis of which guarantees this is done. You may request a copy of the personal data concerning you, provided that this does not affect the rights and freedoms of other persons.
- Right to rectification (Art. 16 DSGVO): You may request the rectification without delay of inaccurate personal data or the completion of your stored personal data, taking into account the purposes of the processing.
- Right to erasure (Art. 17 DSGVO): You may request the erasure of your stored personal data if the purpose of the processing has ceased to exist due to the passage of time or other reasons, you have withdrawn your consent or objected to the processing and there are no overriding reasons for the processing or other legal grounds, the legal basis for the data processing is absent or has ceased to exist and the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims. If we have made your data public, we are obliged to take reasonable steps to inform any recipient that you have requested the erasure of any links to or copies of the personal data concerned.
- Right to restriction of processing(Art. 18 GDPR): You have a right to restriction of processing if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data; we no longer need the personal data for the purposes of the processing but you need them for the establishment, exercise or defence of legal claims, or if you object to the processing pursuant to Art. 21 DSGVO and it is not yet clear whether our legitimate reasons outweigh your reasons.
- Right to data portability (Art. 20 DSGVO): You have a right to receive the personal data you have provided on the basis of your consent or a contract concluded with us in a structured, common and machine-readable format or to request that it be transferred to another controller, provided that this does not adversely affect the rights and freedoms of other persons and that it is technically feasible.
- Right to object (Art. 21 DSGVO): You have a right to object, on grounds relating to your particular situation, to processing carried out by us for the purposes of protecting our legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. At any time, you have the right to object to processing that we carry out for direct marketing purposes. Your data may then no longer be processed for these purposes.
- Right of appeal (Art. 77 DSGVO): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes data protection rules.
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration. The new data protection statement will then apply to your next visit.
§ 9 CONTACT FORM AND E-MAIL CONTACT
(1) Our website contains a contact form which can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
At the time the message is sent, the following data is also stored:
- IP address of the user
- Date and time of registration
For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
(2) The legal basis for the processing of the data is Art. 6 para. 1 p. lit. a) DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1S. 1 lit. b) DSGVO.
(3) The processing of the personal data from the input mask serves us solely to process the contact. We will, of course, use the data from your e-mail enquiries exclusively for the purpose for which you provide them when contacting us. In the case of contacting us by e-mail, we also have the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
(4) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
(5) You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. Regarding the revocation of consent/opposition to storage, we ask you to contact the person responsible or the data protection officer as per § 1 via e-mail or by post. All personal data stored in the course of contacting us will be deleted in this case.
§ 10 WEB ANALYSIS BY GOOGLE ANALYTICS (WITH PSEUDONYMISATION)
(1) We use the service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Monutain View, CA 94043, USA) on our website to analyse the surfing behaviour of our users. The software sets a cookie on your computer (for cookies, see above). If individual pages of our website are called up, the following data is stored:
a) Two bytes of the IP address of the user's calling system.
b) The web page called up
c) Entry pages, exit pages,
d) The time spent on the website and the abort rate
e) The frequency of access to the website
f) country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
g) Search engines used and search terms used.
The information generated by the cookie about the use of this website by users is generally transmitted to a Google server in the USA and stored there.
This website uses Google Analytics with the extension "_anonymizeIp()". The software is set so that the IP addresses are not stored in full, but only in shortened form. In this way, it is no longer possible to assign the shortened IP address to the calling computer. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. However, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(2) The legal basis for the processing of personal data is Art. 6 para. 1 p. 1 lit. f) DSGVO.
(3) On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activities. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes are also our legitimate interest in processing the data according to Art. 6 para. 1 lit. f) DSGVO. The anonymisation of the IP address sufficiently takes into account the interest of users in the protection of their personal data.
(4) The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is the case after 14 months.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de. You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. Regarding the revocation of consent/opposition to storage, we ask you to contact the person responsible according to § 1 via e-mail or by post.
If you visit our website with your mobile device, you can also object to the use here by deactivating Google Analytics by clicking on the following link: Deactivate Google Analytics. In this case, a cookie will be set in your browser, which tells Google to stop tracking.
(6) Third party provider is Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
11 § RIGHTS OF THE DATA SUBJECT
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
1. right of access,
2. right to rectification
3. right to restriction of processing,
4. right to erasure
5. right to information
6. right to data portability.
7. right to object to processing
8. right to withdraw consent under data protection law
9. right not to have an automated decision made.
10. right to complain to a supervisory authority
1. right to information
(1) You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may at any time request from the controller free of charge information about the personal data stored about you and about the following information:
(a) the purposes for which the personal data are processed;
b) the categories of personal data which are processed;
c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
(e) the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) any available information on the origin of the data where the personal data are not collected from the data subject;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
(2) You have the right to request information as to whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. right to rectification
You have the right to obtain rectification and/or completion from the controller without undue delay if the personal data processed concerning you is inaccurate or incomplete.
3. right to restriction of processing
(1) You may request the controller to restrict the processing of personal data concerning you without undue delay under the following conditions:
(a) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(c) the controller no longer needs the personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
(d) if you have objected to the processing pursuant to Article 21(1) DSGVO and it is not yet clear whether the legitimate grounds of the controller override your grounds.
(2. Where the processing of personal data concerning you has been restricted, such data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. right to erasure
(1) You may request the controller to erase the personal data concerning you without undue delay, provided that one of the following reasons applies:
(a) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b) You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
c) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
d) The personal data concerning you have been processed unlawfully.
e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(f) the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
(2) If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the controller shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers processing the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, those personal data.
(3. The right to erasure shall not apply insofar as the processing is necessary for
(a) for the exercise of the right to freedom of expression and information;
(b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section (a) is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or
e) for the assertion, exercise or defence of legal claims.
5. right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
(6) Right to data portability
(1) You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
b) the processing is carried out with the aid of automated procedures.
(2) In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
(3. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4. In order to assert the right to data portability, the data subject may at any time contact the controller.
7. right of objection
(1) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
(2) The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
(3) If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
(4) You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
(5. To exercise the right to object, the data subject may contact the controller directly.
8. right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can contact the data controller for this purpose.
9 Automated decision in individual cases including profiling
(1) You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you. This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the controller,
b) is permissible on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests; or
(c) is made with your express consent.
(2) However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
(3) With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and to contest the decision.
(4) If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact the controller.
10. right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
12 § CHANGES TO THE DATA PROTECTION POLICY