Data protection

Pri­va­cy policy

We are very plea­sed about your inte­rest in our com­pa­ny. The ate­lier 522 atta­ches gre­at importance to data pro­tec­tion. The use of the ate­lier 522 web­site is pos­si­ble wit­hout any indi­ca­ti­on of per­so­nal data. Howe­ver, if a data sub­ject wants to use spe­cial ser­vices of our enter­pri­se via our web­site, pro­ces­sing of per­so­nal data could beco­me neces­sa­ry. If pro­ces­sing of per­so­nal data is neces­sa­ry and the­re is no legal basis for such pro­ces­sing, we will gene­ral­ly obtain the con­sent of the data subject.

The pro­ces­sing of per­so­nal data, such as the name, address, e‑mail address, or tele­pho­ne num­ber of a data sub­ject shall always be in line with the coun­try-spe­ci­fic data pro­tec­tion regu­la­ti­ons appli­ca­ble to the ate­lier 522 GmbH. By means of this data pro­tec­tion decla­ra­ti­on, our enter­pri­se would like to inform the public about the type, scope and pur­po­se of the per­so­nal data we coll­ect, use and pro­cess. Fur­ther­mo­re, data sub­jects are infor­med of their rights by means of this data pro­tec­tion declaration.

As the con­trol­ler, the ate­lier 522 GmbH has imple­men­ted num­e­rous tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to ensu­re the most com­ple­te pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Nevert­hel­ess, Inter­net-based data trans­mis­si­ons can always be sub­ject to secu­ri­ty vul­nerabi­li­ties, so that abso­lu­te pro­tec­tion can­not be gua­ran­teed. For this reason, every data sub­ject is free to trans­mit per­so­nal data to us by alter­na­ti­ve means, for exam­p­le by telephone.

1. definitions

The data pro­tec­tion decla­ra­ti­on of the ate­lier 522 is based on the terms used by the Euro­pean Direc­ti­ve and Ordi­nan­ce when issuing the Data Pro­tec­tion Regu­la­ti­on (DS-GVO). Our data pro­tec­tion decla­ra­ti­on should be easy to read and under­stand for the public as well as for our cus­to­mers and busi­ness part­ners. To ensu­re this, we would like to explain the terms used in advance.

We use the fol­lo­wing terms, among others, in this pri­va­cy policy:

(a) per­so­nal data
Per­so­nal data means any infor­ma­ti­on rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (her­ein­af­ter “data sub­ject”). An iden­ti­fia­ble natu­ral per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­ti­cu­lar by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­ti­on num­ber, loca­ti­on data, an online iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­ti­ty of that natu­ral person.

(b) per­son concerned
Data sub­ject means any iden­ti­fied or iden­ti­fia­ble natu­ral per­son who­se per­so­nal data are pro­ces­sed by the controller.

c) Pro­ces­sing
Pro­ces­sing is any ope­ra­ti­on or set of ope­ra­ti­ons which is per­for­med upon per­so­nal data, whe­ther or not by auto­ma­tic means, such as coll­ec­tion, recor­ding, orga­ni­sa­ti­on, fil­ing, sto­rage, adapt­a­ti­on or altera­ti­on, retrie­val, con­sul­ta­ti­on, use, dis­clo­sure by trans­mis­si­on, dis­se­mi­na­ti­on or other­wi­se making available, ali­gnment or com­bi­na­ti­on, rest­ric­tion, era­su­re or destruction.

(d) rest­ric­tion of processing
Rest­ric­tion of pro­ces­sing is the mar­king of stored per­so­nal data with the aim of limi­ting their future processing.

e) Pro­fil­ing
Pro­fil­ing is any form of auto­ma­ted pro­ces­sing of per­so­nal data which con­sists in using such per­so­nal data to eva­lua­te cer­tain per­so­nal aspects rela­ting to a natu­ral per­son, in par­ti­cu­lar to ana­ly­se or pre­dict aspects rela­ting to that natu­ral person’s per­for­mance at work, eco­no­mic situa­ti­on, health, per­so­nal pre­fe­ren­ces, inte­rests, relia­bi­li­ty, beha­viour, loca­ti­on or chan­ge of location.

f) Pseud­ony­mi­sa­ti­on
Pseud­ony­mi­sa­ti­on is the pro­ces­sing of per­so­nal data in such a way that the per­so­nal data can no lon­ger be attri­bu­ted to a spe­ci­fic data sub­ject wit­hout the use of addi­tio­nal infor­ma­ti­on, pro­vi­ded that such addi­tio­nal infor­ma­ti­on is kept sepa­ra­te­ly and is sub­ject to tech­ni­cal and orga­ni­sa­tio­nal mea­su­res which ensu­re that the per­so­nal data are not attri­bu­ted to an iden­ti­fied or iden­ti­fia­ble natu­ral person.

(g) con­trol­ler or per­son respon­si­ble for processing
The con­trol­ler or per­son respon­si­ble for pro­ces­sing is the natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which alo­ne or joint­ly with others deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data. Whe­re the pur­po­ses and means of such pro­ces­sing are deter­mi­ned by Uni­on or Mem­ber Sta­te law, the con­trol­ler or the spe­ci­fic cri­te­ria for its desi­gna­ti­on may be pro­vi­ded for under Uni­on or Mem­ber Sta­te law.

(h) Pro­ces­sors
Pro­ces­sor means a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which pro­ces­ses per­so­nal data on behalf of the controller.

i) Reci­pi­ent
A reci­pi­ent is a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body to whom per­so­nal data are dis­c­lo­sed, whe­ther or not a third par­ty. Howe­ver, public aut­ho­ri­ties that may recei­ve per­so­nal data in the con­text of a spe­ci­fic inves­ti­ga­ti­on man­da­te under Uni­on or Mem­ber Sta­te law shall not be con­side­red as recipients.

j) Third
Third par­ty means a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body other than the data sub­ject, the con­trol­ler, the pro­ces­sor and the per­sons aut­ho­ri­sed to pro­cess the per­so­nal data under the direct respon­si­bi­li­ty of the con­trol­ler or the processor.

k) Con­sent
Con­sent shall mean any free­ly given spe­ci­fic and infor­med indi­ca­ti­on of the data subject’s wis­hes in the form of a state­ment or other unam­bi­guous affir­ma­ti­ve act by which the data sub­ject signi­fies his or her agree­ment to the pro­ces­sing of per­so­nal data rela­ting to him or her.

2. the name and address of the controller

The respon­si­ble par­ty within the mea­ning of the Gene­ral Data Pro­tec­tion Regu­la­ti­on, other data pro­tec­tion laws appli­ca­ble in the Mem­ber Sta­tes of the Euro­pean Uni­on and other pro­vi­si­ons of a data pro­tec­tion natu­re is:

ate­lier 522
Fit­zen­wei­ler­stras­se 1c
88677 Markdorf
Germany

Tel: +49 (0) 7544 95 60 522
E‑mail: atelier@atelier522.com
Web­site: www.atelier522.com

3. name and address of the data protection officer

The data pro­tec­tion offi­cer of the con­trol­ler is:

Moritz Josch
ate­lier 522 GmbH
Fit­zen­wei­ler­stras­se 1c
88677 Markdorf
Germany

Tel: +49 (0) 7544 95 60 522
E‑mail: atelier@atelier522.com
Web­site: www.atelier522.com

Any data sub­ject may cont­act our data pro­tec­tion offi­cer direct­ly at any time with any ques­ti­ons or sug­ges­ti­ons regar­ding data protection.

4. cookies

The inter­net pages of ate­lier 522 GmbH use coo­kies. Coo­kies are text files that are stored on a com­pu­ter sys­tem via an inter­net brow­ser. Num­e­rous Inter­net pages and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a string of cha­rac­ters by which Inter­net pages and ser­vers can be assi­gned to the spe­ci­fic Inter­net brow­ser in which the coo­kie was stored. This enables the visi­ted Inter­net pages and ser­vers to distin­gu­ish the indi­vi­du­al brow­ser of the data sub­ject from other Inter­net brow­sers that con­tain other coo­kies. A spe­ci­fic inter­net brow­ser can be reco­g­nis­ed and iden­ti­fied via the uni­que coo­kie ID.

Through the use of coo­kies, the ate­lier 522 GmbH can pro­vi­de the users of this web­site with more user-fri­end­ly ser­vices that would not be pos­si­ble wit­hout the coo­kie set­ting. By means of a coo­kie, the infor­ma­ti­on and offers on our web­site can be opti­mi­sed for the bene­fit of the user. As alre­a­dy men­tio­ned, coo­kies enable us to reco­g­ni­se the users of our web­site. The pur­po­se of this reco­gni­ti­on is to make it easier for users to use our web­site. For exam­p­le, the user of a web­site that uses coo­kies does not have to re-enter his or her access data each time he or she visits the web­site, becau­se this is done by the web­site and the coo­kie stored on the user’s com­pu­ter sys­tem. Ano­ther exam­p­le is the coo­kie of a shop­ping bas­ket in an online shop. The online shop remem­bers the items that a cus­to­mer has pla­ced in the vir­tu­al shop­ping bas­ket via a cookie.

The data sub­ject can pre­vent the set­ting of coo­kies by our web­site at any time by means of an appro­pria­te set­ting of the Inter­net brow­ser used and thus per­ma­nent­ly object to the set­ting of coo­kies. Fur­ther­mo­re, coo­kies that have alre­a­dy been set can be dele­ted at any time via an inter­net brow­ser or other soft­ware pro­gram­mes. This is pos­si­ble in all com­mon inter­net brow­sers. If the data sub­ject deac­ti­va­tes the set­ting of coo­kies in the Inter­net brow­ser used, not all func­tions of our web­site may be ful­ly usable.

5. collection of general data and information

The web­site of the ate­lier 522 GmbH coll­ects a series of gene­ral data and infor­ma­ti­on when­ever a data sub­ject or auto­ma­ted sys­tem calls up the web­site. This gene­ral data and infor­ma­ti­on is stored in the log files of the ser­ver. The fol­lo­wing data may be coll­ec­ted: (1) the brow­ser types and ver­si­ons used, (2) the ope­ra­ting sys­tem used by the acces­sing sys­tem, (3) the web­site from which an acces­sing sys­tem acces­ses our web­site (so-cal­led refer­rer), (4) the sub-web­sites that are acces­sed via an acces­sing sys­tem on our web­site, (5) the date and time of access to the web­site, (6) an Inter­net pro­to­col address (IP address), (7) the Inter­net ser­vice pro­vi­der of the acces­sing sys­tem and (8) other simi­lar data and infor­ma­ti­on that ser­ve to avert dan­ger in the event of attacks on our infor­ma­ti­on tech­no­lo­gy systems.

When using the­se gene­ral data and infor­ma­ti­on, the ate­lier 522 does not draw any con­clu­si­ons about the data sub­ject. Rather, this infor­ma­ti­on is nee­ded (1) to deli­ver the con­tents of our web­site cor­rect­ly, (2) to opti­mi­se the con­tents of our web­site and the adver­ti­sing for the­se, (3) to ensu­re the long-term ope­ra­bi­li­ty of our infor­ma­ti­on tech­no­lo­gy sys­tems and the tech­no­lo­gy of our web­site, and (4) to pro­vi­de law enforce­ment aut­ho­ri­ties with the infor­ma­ti­on neces­sa­ry for pro­se­cu­ti­on in the event of a cyber attack. The­r­e­fo­re, the ate­lier 522 ana­ly­zes anony­mously coll­ec­ted data and infor­ma­ti­on on one hand, and on the other hand, with the aim of incre­asing the data pro­tec­tion and data secu­ri­ty of our enter­pri­se so that we can ulti­m­ate­ly ensu­re an opti­mal level of pro­tec­tion for the per­so­nal data we pro­cess. The anony­mous data of the ser­ver log files are stored sepa­ra­te­ly from any per­so­nal data sub­mit­ted by a data subject.

6. subscription to our newsletter

On the web­site of the ate­lier 522, users are given the oppor­tu­ni­ty to sub­scri­be to our enterprise’s news­let­ter. The per­so­nal data trans­mit­ted to the con­trol­ler when the news­let­ter is sub­scri­bed to is spe­ci­fied in the input mask used for this purpose.

The ate­lier 522 informs its cus­to­mers and busi­ness part­ners at regu­lar inter­vals by means of a news­let­ter about enter­pri­se offers. The news­let­ter of our enter­pri­se can basi­cal­ly only be recei­ved by the data sub­ject, if (1) the data sub­ject has a valid e‑mail address and (2) the data sub­ject regis­ters for the news­let­ter mai­ling. For legal reasons, a con­fir­ma­ti­on e‑mail is sent to the e‑mail address regis­tered by a data sub­ject for the first time for the news­let­ter dis­patch using the dou­ble opt-in pro­ce­du­re. This con­fir­ma­ti­on email ser­ves to veri­fy whe­ther the owner of the email address as the data sub­ject has aut­ho­ri­sed the receipt of the newsletter.

When regis­tering for the news­let­ter, we also store the IP address of the com­pu­ter sys­tem used by the data sub­ject at the time of regis­tra­ti­on as well as the date and time of regis­tra­ti­on, which is assi­gned by the Inter­net ser­vice pro­vi­der (ISP). The coll­ec­tion of this data is neces­sa­ry in order to be able to trace the (pos­si­ble) misu­se of the e‑mail address of a data sub­ject at a later point in time and the­r­e­fo­re ser­ves as a legal safe­guard for the controller.

The per­so­nal data coll­ec­ted in the con­text of a regis­tra­ti­on for the news­let­ter is used exclu­si­ve­ly for sen­ding our news­let­ter. Fur­ther­mo­re, sub­scri­bers to the news­let­ter could be infor­med by e‑mail if this is neces­sa­ry for the ope­ra­ti­on of the news­let­ter ser­vice or a rela­ted regis­tra­ti­on, as could be the case in the event of chan­ges to the news­let­ter offer or chan­ges in the tech­ni­cal cir­cum­s­tances. The sub­scrip­ti­on to our news­let­ter can be can­cel­led by the data sub­ject at any time. The con­sent to the sto­rage of per­so­nal data, which the data sub­ject has given us for the news­let­ter mai­ling, can be revo­ked at any time. For the pur­po­se of revo­king con­sent, a cor­re­spon­ding link can be found in each news­let­ter. Fur­ther­mo­re, it is also pos­si­ble to unsub­scri­be from the news­let­ter mai­ling direct­ly on the web­site of the con­trol­ler at any time or to inform the con­trol­ler of this in ano­ther way.

The news­let­ter is sent using the mai­ling ser­vice pro­vi­der mai­ling­work GmbH, Bir­ken­weg 7, 09569 Oede­ran, Ger­ma­ny. You can view the data pro­tec­tion regu­la­ti­ons of the mai­ling ser­vice pro­vi­der here: https://mailingwork.de/datenschutz/. The ship­ping ser­vice pro­vi­der is used on the basis of our legi­ti­ma­te inte­rests pur­su­ant to Art. 6 para. 1 lit. f DSGVO and an order pro­ces­sing agree­ment pur­su­ant to Art. 28 para. 3 sen­tence 1 DSGVO.

The dis­patch ser­vice pro­vi­der may use the reci­pi­ents’ data in pseud­ony­mous form, i.e. wit­hout assig­ning it to a user, to opti­mi­se or impro­ve its own ser­vices, e.g. to tech­ni­cal­ly opti­mi­se the dis­patch and pre­sen­ta­ti­on of the news­let­ter or for sta­tis­ti­cal pur­po­ses. Howe­ver, the dis­patch ser­vice pro­vi­der does not use the data of our news­let­ter reci­pi­ents to wri­te to them its­elf or to pass the data on to third parties.

7. newsletter tracking

The news­let­ters con­tain a so-cal­led “web bea­con”, i.e. a pixel-sized file that is retrie­ved from our ser­ver when the news­let­ter is ope­ned, or if we use a dis­patch ser­vice pro­vi­der, from their ser­ver. Within the scope of this retrie­val, tech­ni­cal infor­ma­ti­on, such as infor­ma­ti­on on the brow­ser and your sys­tem, as well as your IP address and the time of the retrie­val are initi­al­ly collected.

This infor­ma­ti­on is used for the tech­ni­cal impro­ve­ment of the ser­vices based on the tech­ni­cal data or the tar­get groups and their rea­ding beha­viour based on their retrie­val loca­ti­ons (which can be deter­mi­ned with the help of the IP address) or the access times. Sta­tis­ti­cal sur­veys also include deter­mi­ning whe­ther news­let­ters are ope­ned, when they are ope­ned and which links are cli­cked. For tech­ni­cal reasons, this infor­ma­ti­on can be assi­gned to the indi­vi­du­al news­let­ter reci­pi­ents. Howe­ver, it is neither our inten­ti­on nor, if used, that of the dis­patch ser­vice pro­vi­der to obser­ve indi­vi­du­al users. The ana­ly­ses ser­ve us much more to reco­g­ni­se the rea­ding habits of our users and to adapt our con­tent to them or to send dif­fe­rent con­tent accor­ding to the inte­rests of our users.

A sepa­ra­te revo­ca­ti­on of the per­for­mance mea­su­re­ment is unfort­u­na­te­ly not pos­si­ble, in which case the enti­re news­let­ter sub­scrip­ti­on must be cancelled.

8. routine deletion and blocking of personal data

The con­trol­ler shall pro­cess and store per­so­nal data of the data sub­ject only for the time neces­sa­ry to achie­ve the pur­po­se of sto­rage or whe­re pro­vi­ded for by the Euro­pean Direc­ti­ve and Regu­la­ti­on or other legis­la­tor in laws or regu­la­ti­ons to which the con­trol­ler is subject.

If the pur­po­se of sto­rage no lon­ger appli­es or if a sto­rage peri­od pre­scri­bed by the Euro­pean Direc­ti­ve and Regu­la­ti­on or ano­ther com­pe­tent legis­la­tor expi­res, the per­so­nal data will be rou­ti­ne­ly blo­cked or dele­ted in accordance with the sta­tu­to­ry provisions.

9. rights of the data subject

a) Right to confirmation
Every data sub­ject shall have the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, to obtain con­fir­ma­ti­on from the con­trol­ler as to whe­ther per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to exer­cise this right, he or she may, at any time, cont­act any employee of the controller.

b) Right to information
Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on, to obtain from the con­trol­ler, at any time and free of char­ge, infor­ma­ti­on about the per­so­nal data stored about him or her and a copy of that infor­ma­ti­on. Fur­ther­mo­re, the Euro­pean Direc­ti­ve and Regu­la­ti­on has gran­ted the data sub­ject access to the fol­lo­wing information:

  • the pro­ces­sing purposes
  • the cate­go­ries of per­so­nal data that are processed
  • the reci­pi­ents or cate­go­ries of reci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar in the case of reci­pi­ents in third count­ries or inter­na­tio­nal organisations
  • if pos­si­ble, the plan­ned dura­ti­on for which the per­so­nal data will be stored or, if this is not pos­si­ble, the cri­te­ria for deter­mi­ning this duration
  • the exis­tence of a right to obtain the rec­ti­fi­ca­ti­on or era­su­re of per­so­nal data con­cer­ning them or to obtain the rest­ric­tion of pro­ces­sing by the con­trol­ler or a right to object to such processing
  • the exis­tence of a right of appeal to a super­vi­so­ry authority
  • if the per­so­nal data are not coll­ec­ted from the data sub­ject: All available infor­ma­ti­on on the ori­gin of the data
  • the exis­tence of auto­ma­ted decis­i­on-making, inclu­ding pro­fil­ing, pur­su­ant to Artic­le 22(1) and (4) of the GDPR and, at least in the­se cases, meaningful infor­ma­ti­on about the logic invol­ved and the scope and inten­ded effects of such pro­ces­sing for the data subject
  • Fur­ther­mo­re, the data sub­ject has the right to be infor­med whe­ther per­so­nal data have been trans­fer­red to a third coun­try or to an inter­na­tio­nal orga­ni­sa­ti­on. If this is the case, the data sub­ject also has the right to obtain infor­ma­ti­on on the appro­pria­te safe­guards in con­nec­tion with the transfer.If a data sub­ject wis­hes to exer­cise this right of access, he or she may cont­act an employee of the con­trol­ler at any time.

c) Right of rectification
Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data shall have the right gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on to obtain the rec­ti­fi­ca­ti­on wit­hout delay of inac­cu­ra­te per­so­nal data rela­ting to him or her. Fur­ther­mo­re, the data sub­ject has the right to request the com­ple­ti­on of incom­ple­te per­so­nal data, inclu­ding by means of a sup­ple­men­ta­ry decla­ra­ti­on, taking into account the pur­po­ses of the pro­ces­sing. If a data sub­ject wis­hes to exer­cise this right of rec­ti­fi­ca­ti­on, he or she may, at any time, cont­act any employee of the controller.

d) Right to era­su­re (right to be forgotten)
Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data shall have the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, to obtain from the con­trol­ler the era­su­re wit­hout delay of per­so­nal data con­cer­ning him or her, whe­re one of the fol­lo­wing grounds appli­es and inso­far as the pro­ces­sing is not necessary:

  • The per­so­nal data were coll­ec­ted or other­wi­se pro­ces­sed for pur­po­ses for which they are no lon­ger necessary.
  • The data sub­ject revo­kes the con­sent on which the pro­ces­sing was based pur­su­ant to Artic­le 6(1)(a) of the GDPR or Artic­le 9(2)(a) of the GDPR and the­re is no other legal basis for the processing.
  • The data sub­ject objects to the pro­ces­sing pur­su­ant to Artic­le 21(1) of the GDPR and the­re are no over­ri­ding legi­ti­ma­te grounds for the pro­ces­sing, or the data sub­ject objects to the pro­ces­sing pur­su­ant to Artic­le 21(2) of the GDPR.
  • The per­so­nal data have been pro­ces­sed unlawfully.
  • The dele­ti­on of the per­so­nal data is neces­sa­ry for com­pli­ance with a legal obli­ga­ti­on under Uni­on or Mem­ber Sta­te law to which the con­trol­ler is subject.
  • The per­so­nal data was coll­ec­ted in rela­ti­on to infor­ma­ti­on socie­ty ser­vices offe­red pur­su­ant to Art. 8(1) DS-GVO.

If one of the afo­re­men­tio­ned reasons appli­es, and a data sub­ject wis­hes to arran­ge for the dele­ti­on of per­so­nal data stored by the ate­lier 522, he or she may, at any time, cont­act any employee of the ate­lier 522 who is in char­ge of pro­ces­sing. The employee of the ate­lier 522 will arran­ge for the dele­ti­on to be car­ri­ed out immediately.If the per­so­nal data has been made public by the ate­lier 522 and our com­pa­ny is respon­si­ble for it pur­su­ant to Art. 17 Para. 1 DS-GVO, the ate­lier 522 shall imple­ment reasonable mea­su­res, inclu­ding tech­ni­cal mea­su­res, to com­pen­sa­te other data con­trol­lers for pro­ces­sing the per­so­nal data published, taking into account the available tech­no­lo­gy and the cost of imple­men­ta­ti­on, in order to inform the data sub­ject that he or she has reques­ted from tho­se other data con­trol­lers to era­se all links to or copies or repli­ca­ti­ons of the per­so­nal data, unless the pro­ces­sing is neces­sa­ry. The employee of the ate­lier 522 will arran­ge the neces­sa­ry in indi­vi­du­al cases.

e) Right to rest­ric­tion of processing
Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, to obtain from the con­trol­ler the rest­ric­tion of pro­ces­sing whe­re one of the fol­lo­wing con­di­ti­ons is met:

  • The accu­ra­cy of the per­so­nal data is con­tes­ted by the data sub­ject for a peri­od enab­ling the con­trol­ler to veri­fy the accu­ra­cy of the per­so­nal data.
  • The pro­ces­sing is unlawful, the data sub­ject objects to the era­su­re of the per­so­nal data and requests ins­tead the rest­ric­tion of the use of the per­so­nal data.
  • The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of pro­ces­sing, but the data sub­ject needs it for the estab­lish­ment, exer­cise or defence of legal claims.
  • The data sub­ject has objec­ted to the pro­ces­sing pur­su­ant to Artic­le 21(1) of the GDPR and it is not yet clear whe­ther the legi­ti­ma­te grounds of the con­trol­ler over­ri­de tho­se of the data subject.

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to request the rest­ric­tion of per­so­nal data stored by the ate­lier 522, he or she may, at any time, cont­act any employee of the con­trol­ler. The employee of the ate­lier 522 will arran­ge the rest­ric­tion of the processing.

f) Right to data portability
Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data shall have the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, to recei­ve the per­so­nal data con­cer­ning him or her, which have been pro­vi­ded by the data sub­ject to a con­trol­ler, in a struc­tu­red, com­mon­ly used and machi­ne-rea­da­ble for­mat. The data sub­ject shall also have the right to trans­mit such data to ano­ther con­trol­ler wit­hout hin­drance from the con­trol­ler to whom the per­so­nal data have been pro­vi­ded, pro­vi­ded that the pro­ces­sing is based on con­sent pur­su­ant to Artic­le 6(1)(a) of the GDPR or Artic­le 9(2)(a) of the GDPR or on a con­tract pur­su­ant to Artic­le 6(1)(b) of the GDPR and the pro­ces­sing is car­ri­ed out by auto­ma­ted means, unless the pro­ces­sing is neces­sa­ry for the per­for­mance of a task car­ri­ed out in the public inte­rest or in the exer­cise of offi­ci­al aut­ho­ri­ty ves­ted in the controller.Furthermore, when exer­cis­ing the right to data por­ta­bi­li­ty pur­su­ant to Artic­le 20(1) of the GDPR, the data sub­ject shall have the right to obtain the direct trans­fer of per­so­nal data from one con­trol­ler to ano­ther con­trol­ler whe­re tech­ni­cal­ly fea­si­ble and pro­vi­ded that this does not adver­se­ly affect the rights and free­doms of other persons.In order to assert the right to data por­ta­bi­li­ty, the data sub­ject may at any time cont­act any employee of the ate­lier 522.

g) Right to object
Any per­son affec­ted by the pro­ces­sing of per­so­nal data shall have the right gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on to object at any time, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to the pro­ces­sing of per­so­nal data con­cer­ning him or her which is car­ri­ed out on the basis of Artic­le 6(1)(e) or (f) of the GDPR. This also appli­es to pro­fil­ing based on the­se provisions.The ate­lier 522 shall no lon­ger pro­cess the per­so­nal data in the event of the objec­tion, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or for the asser­ti­on, exer­cise or defence of legal claims.If the ate­lier 522 pro­ces­ses per­so­nal data for direct mar­ke­ting pur­po­ses, the data sub­ject shall have the right to object at any time to pro­ces­sing of per­so­nal data pro­ces­sed for such mar­ke­ting. This also appli­es to the pro­fil­ing, inso­far as it is rela­ted to such direct mar­ke­ting. If the data sub­ject objects to the ate­lier 522 to the pro­ces­sing for direct mar­ke­ting pur­po­ses, the ate­lier 522 will no lon­ger pro­cess the per­so­nal data for the­se purposes.In addi­ti­on, the data sub­ject has the right, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to object to pro­ces­sing of per­so­nal data con­cer­ning him or her which is car­ri­ed out by the ate­lier 522 for sci­en­ti­fic or his­to­ri­cal rese­arch pur­po­ses, or for sta­tis­ti­cal pur­po­ses pur­su­ant to Artic­le 89(1) of the Data Pro­tec­tion Regu­la­ti­on (DS-GVO), unless such pro­ces­sing is neces­sa­ry for the per­for­mance of a task car­ri­ed out in the public interest.In order to exer­cise the right to object, the data sub­ject may direct­ly cont­act any employee of the ate­lier 522 or ano­ther employee. The data sub­ject is also free to exer­cise his/her right to object by means of auto­ma­ted pro­ce­du­res using tech­ni­cal spe­ci­fi­ca­ti­ons in the con­text of the use of infor­ma­ti­on socie­ty ser­vices, not­wi­th­stan­ding Direc­ti­ve 2002/58/EC.

h) Auto­ma­ted decis­i­ons in indi­vi­du­al cases inclu­ding profiling
Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data shall have the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, not to be sub­ject to a decis­i­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­fil­ing, which pro­du­ces legal effects con­cer­ning him or her or simi­lar­ly signi­fi­cant­ly affects him or her, pro­vi­ded that the decis­i­on (1) is not neces­sa­ry for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the con­trol­ler, or (2) is aut­ho­ri­sed by Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject and that such law lays down appro­pria­te mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­ma­te inte­rests, or (3) is made with the data subject’s expli­cit consent.If the decis­i­on (1) is neces­sa­ry for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the data con­trol­ler, or (2) it is made with the data subject’s expli­cit con­sent, the ate­lier 522 shall imple­ment sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­ma­te inte­rests, which include at least the right to obtain the data subject’s invol­vement on the part of the con­trol­ler, to express his or her point of view and con­test the decision.If the data sub­ject wis­hes to exer­cise the rights con­cer­ning auto­ma­ted decis­i­ons, he or she may, at any time, cont­act any employee of the controller.

i) Right to revo­ke con­sent under data pro­tec­tion law
Every per­son affec­ted by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on to with­draw con­sent to the pro­ces­sing of per­so­nal data at any time.If the data sub­ject wis­hes to exer­cise the right to with­draw con­sent, he or she may, at any time, cont­act any employee of the controller.

10. data protection in applications and in the application process

The con­trol­ler coll­ects and pro­ces­ses the per­so­nal data of appli­cants for the pur­po­se of mana­ging the appli­ca­ti­on pro­ce­du­re. The pro­ces­sing may also be car­ri­ed out elec­tro­ni­cal­ly. This is in par­ti­cu­lar the case when an appli­cant sub­mits rele­vant appli­ca­ti­on docu­ments to the con­trol­ler by elec­tro­nic means, for exam­p­le by e‑mail or via a web form available on the web­site. If the con­trol­ler con­cludes an employ­ment con­tract with an appli­cant, the trans­mit­ted data will be stored for the pur­po­se of pro­ces­sing the employ­ment rela­ti­onship in com­pli­ance with the sta­tu­to­ry pro­vi­si­ons. If the con­trol­ler does not con­clude an employ­ment con­tract with the appli­cant, the appli­ca­ti­on docu­ments are auto­ma­ti­cal­ly dele­ted two months after the noti­fi­ca­ti­on of the rejec­tion decis­i­on, pro­vi­ded that no other legi­ti­ma­te inte­rests of the con­trol­ler con­flict with such dele­ti­on. Other legi­ti­ma­te inte­rest in this sen­se is, for exam­p­le, a duty to pro­vi­de evi­dence in pro­cee­dings under the Gene­ral Equal Tre­at­ment Act (AGG).

11. data protection provisions on the use and application of Facebook

The con­trol­ler has inte­gra­ted com­pon­ents of the com­pa­ny Face­book on this web­site. Face­book is a social network.

A social net­work is a social mee­ting place ope­ra­ted on the Inter­net, an online com­mu­ni­ty that usual­ly allows users to com­mu­ni­ca­te and inter­act with each other in vir­tu­al space. A social net­work can ser­ve as a plat­form for exchan­ging opi­ni­ons and expe­ri­en­ces or enables the inter­net com­mu­ni­ty to pro­vi­de per­so­nal or com­pa­ny-rela­ted infor­ma­ti­on. Face­book allows social net­work users to crea­te pri­va­te pro­files, upload pho­tos and net­work via fri­end requests, among other things.

The ope­ra­ting com­pa­ny of Face­book is Face­book, Inc., 1 Hacker Way, Men­lo Park, CA 94025, USA. The con­trol­ler of per­so­nal data whe­re a data sub­ject lives out­side the USA or Cana­da is Face­book Ire­land Ltd, 4 Grand Canal Squa­re, Grand Canal Har­bour, Dub­lin 2, Ireland.

Each time one of the indi­vi­du­al pages of this web­site ope­ra­ted by the data con­trol­ler is cal­led up and on which a Face­book com­po­nent (Face­book plug-in) has been inte­gra­ted, the inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly cau­sed by the respec­ti­ve Face­book com­po­nent to down­load a repre­sen­ta­ti­on of the cor­re­spon­ding Face­book com­po­nent from Face­book. A com­ple­te over­view of all Face­book plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this tech­ni­cal pro­ce­du­re, Face­book recei­ves infor­ma­ti­on about which spe­ci­fic sub-page of our web­site is visi­ted by the data subject.

If the data sub­ject is log­ged in to Face­book at the same time, Face­book reco­g­ni­s­es which spe­ci­fic sub-page of our web­site the data sub­ject is visi­ting each time the data sub­ject calls up our web­site and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Face­book com­po­nent and assi­gned by Face­book to the respec­ti­ve Face­book account of the data sub­ject. If the data sub­ject acti­va­tes one of the Face­book but­tons inte­gra­ted on our web­site, for exam­p­le the “Like” but­ton, or if the data sub­ject posts a com­ment, Face­book assigns this infor­ma­ti­on to the per­so­nal Face­book user account of the data sub­ject and stores this per­so­nal data.

Face­book always recei­ves infor­ma­ti­on via the Face­book com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is log­ged into Face­book at the same time as cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Face­book com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Face­book, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Face­book account befo­re acces­sing our website.

The data poli­cy published by Face­book, which can be found at https://de-de.facebook.com/about/privacy/ pro­vi­des infor­ma­ti­on on the coll­ec­tion, pro­ces­sing and use of per­so­nal data by Face­book. It also explains which set­ting opti­ons Face­book offers to pro­tect the pri­va­cy of the data sub­ject. In addi­ti­on, various appli­ca­ti­ons are available that make it pos­si­ble to sup­press the trans­mis­si­on of data to Face­book. Such appli­ca­ti­ons can be used by the data sub­ject to sup­press data trans­mis­si­on to Facebook.

12. data protection provisions on the use and application of Google Analytics (with anonymisation function)

The con­trol­ler has inte­gra­ted the Goog­le Ana­ly­tics com­po­nent (with anony­mi­sa­ti­on func­tion) on this web­site. Goog­le Ana­ly­tics is a web ana­ly­sis ser­vice. Web ana­ly­sis is the coll­ec­tion, com­pi­la­ti­on and eva­lua­ti­on of data about the beha­viour of visi­tors to web­sites. Among other things, a web ana­ly­sis ser­vice coll­ects data on the web­site from which a data sub­ject has acces­sed a web­site (so-cal­led refer­rers), which sub-pages of the web­site have been acces­sed or how often and for how long a sub-page has been view­ed. A web ana­ly­sis is main­ly used to opti­mi­se a web­site and to ana­ly­se the cos­ts and bene­fits of inter­net advertising.

The ope­ra­tor of the Goog­le Ana­ly­tics com­po­nent is Goog­le Inc., 1600 Amphi­theat­re Pkwy, Moun­tain View, CA 94043–1351, USA.

The con­trol­ler uses the addi­ti­on “_gat._anonymizeIp” for web ana­ly­sis via Goog­le Ana­ly­tics. By means of this addi­ti­on, the IP address of the Inter­net con­nec­tion of the data sub­ject is shor­ten­ed and anony­mi­sed by Goog­le if access to our Inter­net pages is made from a mem­ber sta­te of the Euro­pean Uni­on or from ano­ther sta­te par­ty to the Agree­ment on the Euro­pean Eco­no­mic Area.

The pur­po­se of the Goog­le Ana­ly­tics com­po­nent is to ana­ly­se the flow of visi­tors to our web­site. Goog­le uses the data and infor­ma­ti­on obtai­ned, among other things, to eva­lua­te the use of our web­site, to com­pi­le online reports for us show­ing the acti­vi­ties on our web­site and to pro­vi­de other ser­vices rela­ted to the use of our website.

Goog­le Ana­ly­tics sets a coo­kie on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. What coo­kies are has alre­a­dy been explai­ned abo­ve. By set­ting the coo­kie, Goog­le is enab­led to ana­ly­se the use of our web­site. Each time one of the indi­vi­du­al pages of this web­site ope­ra­ted by the data con­trol­ler is cal­led up and on which a Goog­le Ana­ly­tics com­po­nent has been inte­gra­ted, the inter­net brow­ser on the data subject’s infor­ma­ti­on tech­no­lo­gy sys­tem is auto­ma­ti­cal­ly cau­sed by the respec­ti­ve Goog­le Ana­ly­tics com­po­nent to trans­mit data to Goog­le for the pur­po­se of online ana­ly­sis. As part of this tech­ni­cal pro­cess, Goog­le obta­ins know­ledge of per­so­nal data, such as the IP address of the data sub­ject, which Goog­le uses, among other things, to track the ori­gin of visi­tors and clicks and sub­se­quent­ly to enable com­mis­si­on calculations.

By means of the coo­kie, per­so­nal infor­ma­ti­on, for exam­p­le the access time, the place from which an access ori­gi­na­ted and the fre­quen­cy of visits to our web­site by the data sub­ject, is stored. Each time the data sub­ject visits our web­site, this per­so­nal data, inclu­ding the IP address of the inter­net con­nec­tion used by the data sub­ject, is trans­mit­ted to Goog­le in the United Sta­tes of Ame­ri­ca. This per­so­nal data is stored by Goog­le in the United Sta­tes of Ame­ri­ca. Goog­le may pass on this per­so­nal data coll­ec­ted via the tech­ni­cal pro­cess to third parties.

The data sub­ject can pre­vent the set­ting of coo­kies by our web­site, as alre­a­dy descri­bed abo­ve, at any time by means of an appro­pria­te set­ting of the inter­net brow­ser used and thus per­ma­nent­ly object to the set­ting of coo­kies. Such a set­ting of the Inter­net brow­ser used would also pre­vent Goog­le from set­ting a coo­kie on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. In addi­ti­on, a coo­kie alre­a­dy set by Goog­le Ana­ly­tics can be dele­ted at any time via the inter­net brow­ser or other soft­ware programmes.

Fur­ther­mo­re, the data sub­ject has the opti­on to object to the coll­ec­tion of data gene­ra­ted by Goog­le Ana­ly­tics and rela­ted to the use of this web­site as well as to the pro­ces­sing of this data by Goog­le and to pre­vent such pro­ces­sing. For this pur­po­se, the data sub­ject must install a brow­ser add-on under the link https://tools.google.com/dlpage/gaoptout down­load and install. This brow­ser add-on tells Goog­le Ana­ly­tics via Java­Script that no data and infor­ma­ti­on about visits to web­sites may be trans­mit­ted to Goog­le Ana­ly­tics. The instal­la­ti­on of the brow­ser add-on is con­side­red by Goog­le as an objec­tion. If the data subject’s infor­ma­ti­on tech­no­lo­gy sys­tem is dele­ted, for­mat­ted or reinstal­led at a later date, the data sub­ject must reinstall the brow­ser add-on in order to deac­ti­va­te Goog­le Ana­ly­tics. If the brow­ser add-on is unin­stal­led or deac­ti­va­ted by the data sub­ject or ano­ther per­son within his or her con­trol, it is pos­si­ble to reinstall or reac­ti­va­te the brow­ser add-on.

Fur­ther infor­ma­ti­on and the appli­ca­ble pri­va­cy poli­cy of Goog­le can be found at https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html can be retrie­ved. Goog­le Ana­ly­tics is acces­sed under this link https://www.google.com/intl/de_de/analytics/ explai­ned in more detail.

13. data protection provisions on the use and application of Google AdWords

The con­trol­ler has inte­gra­ted Goog­le AdWords on this web­site. Goog­le AdWords is an inter­net adver­ti­sing ser­vice that allows adver­ti­sers to place ads both in Google’s search engi­ne results and in the Goog­le adver­ti­sing net­work. Goog­le AdWords allows an adver­ti­ser to spe­ci­fy cer­tain key­words in advan­ce, by means of which an ad is dis­play­ed in Google’s search engi­ne results exclu­si­ve­ly when the user retrie­ves a key­word-rele­vant search result with the search engi­ne. In the Goog­le adver­ti­sing net­work, the ads are dis­tri­bu­ted on topic-rele­vant web­sites by means of an auto­ma­tic algo­rithm and taking into account the pre­vious­ly defi­ned keywords.

The ope­ra­ting com­pa­ny of the Goog­le AdWords ser­vices is Goog­le Inc., 1600 Amphi­theat­re Pkwy, Moun­tain View, CA 94043–1351, USA.

The pur­po­se of Goog­le AdWords is to adver­ti­se our web­site by dis­play­ing inte­rest-rele­vant adver­ti­sing on the web­sites of third-par­ty com­pa­nies and in the search engi­ne results of the Goog­le search engi­ne and to dis­play third-par­ty adver­ti­sing on our website.

If a data sub­ject acces­ses our web­site via a Goog­le ad, a so-cal­led con­ver­si­on coo­kie is stored by Goog­le on the data subject’s infor­ma­ti­on tech­no­lo­gy sys­tem. What coo­kies are has alre­a­dy been explai­ned abo­ve. A con­ver­si­on coo­kie loses its vali­di­ty after thir­ty days and does not ser­ve to iden­ti­fy the data sub­ject. The con­ver­si­on coo­kie is used to track whe­ther cer­tain sub-pages, for exam­p­le the shop­ping bas­ket of an online shop sys­tem, have been cal­led up on our web­site, pro­vi­ded the coo­kie has not yet expi­red. The con­ver­si­on coo­kie enables both us and Goog­le to track whe­ther a data sub­ject who has acces­sed our web­site via an AdWords ad has gene­ra­ted a sale, i.e. has com­ple­ted or can­cel­led a purcha­se of goods.

The data and infor­ma­ti­on coll­ec­ted through the use of the con­ver­si­on coo­kie are used by Goog­le to crea­te visit sta­tis­tics for our web­site. The­se visit sta­tis­tics are in turn used by us to deter­mi­ne the total num­ber of users who were refer­red to us via AdWords ads, i.e. to deter­mi­ne the suc­cess or fail­ure of the respec­ti­ve AdWords ad and to opti­mi­se our AdWords ads for the future. Neither our com­pa­ny nor other adver­ti­sers of Goog­le AdWords recei­ve infor­ma­ti­on from Goog­le by means of which the data sub­ject could be identified.

By means of the con­ver­si­on coo­kie, per­so­nal infor­ma­ti­on, such as the web­sites visi­ted by the data sub­ject, is stored. Each time the data sub­ject visits our web­site, per­so­nal data, inclu­ding the IP address of the inter­net con­nec­tion used by the data sub­ject, is trans­mit­ted to Goog­le in the United Sta­tes of Ame­ri­ca. This per­so­nal data is stored by Goog­le in the United Sta­tes of Ame­ri­ca. Goog­le may pass on this per­so­nal data coll­ec­ted via the tech­ni­cal pro­ce­du­re to third parties.

The data sub­ject can pre­vent the set­ting of coo­kies by our web­site, as alre­a­dy descri­bed abo­ve, at any time by means of an appro­pria­te set­ting of the inter­net brow­ser used and thus per­ma­nent­ly object to the set­ting of coo­kies. Such a set­ting of the inter­net brow­ser used would also pre­vent Goog­le from set­ting a con­ver­si­on coo­kie on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. In addi­ti­on, a coo­kie alre­a­dy set by Goog­le AdWords can be dele­ted at any time via the inter­net brow­ser or other soft­ware programmes.

Fur­ther­mo­re, the data sub­ject has the opti­on to object to inte­rest-based adver­ti­sing by Goog­le. To do this, the data sub­ject must call up the link www.google.de/settings/ads from any of the inter­net brow­sers he or she uses and make the desi­red set­tings there.

Fur­ther infor­ma­ti­on and the appli­ca­ble pri­va­cy poli­cy of Goog­le can be found at https://www.google.de/intl/de/policies/privacy/ can be retrieved.

14. privacy policy on the use and application of Instagram

The con­trol­ler has inte­gra­ted com­pon­ents of the Insta­gram ser­vice on this web­site. Insta­gram is a ser­vice that qua­li­fies as an audio­vi­su­al plat­form and allows users to share pho­tos and vide­os and also to redis­tri­bu­te such data on other social networks.

The ope­ra­ting com­pa­ny of the Insta­gram ser­vices is Insta­gram LLC, 1 Hacker Way, Buil­ding 14 First Flo­or, Men­lo Park, CA, USA.

Each time one of the indi­vi­du­al pages of this web­site ope­ra­ted by the data con­trol­ler is cal­led up and on which an Insta­gram com­po­nent (Ins­ta but­ton) has been inte­gra­ted, the inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly cau­sed by the respec­ti­ve Insta­gram com­po­nent to down­load a repre­sen­ta­ti­on of the cor­re­spon­ding com­po­nent from Insta­gram. Within the scope of this tech­ni­cal pro­ce­du­re, Insta­gram recei­ves infor­ma­ti­on about which spe­ci­fic sub­page of our web­site is visi­ted by the data subject.

If the data sub­ject is log­ged in to Insta­gram at the same time, Insta­gram reco­g­ni­s­es which spe­ci­fic sub­page the data sub­ject is visi­ting each time the data sub­ject calls up our web­site and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Insta­gram com­po­nent and assi­gned by Insta­gram to the respec­ti­ve Insta­gram account of the data sub­ject. If the data sub­ject acti­va­tes one of the Insta­gram but­tons inte­gra­ted on our web­site, the data and infor­ma­ti­on thus trans­mit­ted will be assi­gned to the per­so­nal Insta­gram user account of the data sub­ject and stored and pro­ces­sed by Instagram.

Insta­gram always recei­ves infor­ma­ti­on via the Insta­gram com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is log­ged into Insta­gram at the same time as cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Insta­gram com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Insta­gram, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Insta­gram account befo­re acces­sing our website.

Fur­ther infor­ma­ti­on and the appli­ca­ble pri­va­cy poli­cy of Insta­gram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ can be retrieved.

15. privacy policy on the use and application of LinkedIn

The con­trol­ler has inte­gra­ted com­pon­ents of the Lin­ke­dIn Cor­po­ra­ti­on on this web­site. Lin­ke­dIn is an Inter­net-based social net­work that allows users to con­nect with exis­ting busi­ness cont­acts and to make new busi­ness cont­acts. Over 400 mil­li­on regis­tered peo­p­le use Lin­ke­dIn in more than 200 count­ries. This makes Lin­ke­dIn curr­ent­ly the lar­gest plat­form for busi­ness cont­acts and one of the most visi­ted web­sites in the world.

The ope­ra­ting com­pa­ny of Lin­ke­dIn is Lin­ke­dIn Cor­po­ra­ti­on, 2029 Stier­lin Court Moun­tain View, CA 94043, USA. For data pro­tec­tion issues out­side the USA, Lin­ke­dIn Ire­land, Pri­va­cy Poli­cy Issues, Wil­ton Pla­za, Wil­ton Place, Dub­lin 2, Ire­land, is responsible.

With each indi­vi­du­al call-up of our web­site that is equip­ped with a Lin­ke­dIn com­po­nent (Lin­ke­dIn plug-in), this com­po­nent cau­ses the brow­ser used by the per­son con­cer­ned to down­load a cor­re­spon­ding repre­sen­ta­ti­on of the com­po­nent from Lin­ke­dIn. Fur­ther infor­ma­ti­on on the Lin­ke­dIn plug-ins can be found at https://developer.linkedin.com/plugins can be retrie­ved. As part of this tech­ni­cal pro­ce­du­re, Lin­ke­dIn recei­ves infor­ma­ti­on about which spe­ci­fic sub-page of our web­site is visi­ted by the data subject.

If the data sub­ject is log­ged in to Lin­ke­dIn at the same time, Lin­ke­dIn reco­g­ni­s­es which spe­ci­fic sub­page of our web­site the data sub­ject is visi­ting with each call-up of our web­site by the data sub­ject and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Lin­ke­dIn com­po­nent and assi­gned by Lin­ke­dIn to the respec­ti­ve Lin­ke­dIn account of the data sub­ject. If the data sub­ject acti­va­tes a Lin­ke­dIn but­ton inte­gra­ted on our web­site, Lin­ke­dIn assigns this infor­ma­ti­on to the per­so­nal Lin­ke­dIn user account of the data sub­ject and stores this per­so­nal data.

Lin­ke­dIn always recei­ves infor­ma­ti­on via the Lin­ke­dIn com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is log­ged into Lin­ke­dIn at the same time as cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Lin­ke­dIn com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Lin­ke­dIn, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Lin­ke­dIn account befo­re acces­sing our website.

Lin­ke­dIn offers at https://www.linkedin.com/psettings/guest-controls the abili­ty to opt-out of email mes­sa­ges, SMS mes­sa­ges and tar­ge­ted ads, as well as mana­ge ad set­tings. Lin­ke­dIn also uses part­ners such as Quant­cast, Goog­le Ana­ly­tics, Blue­Kai, Dou­ble­Click, Niel­sen, Comscore, Elo­qua and Lota­me, which may set coo­kies. Such coo­kies can be found at https://www.linkedin.com/legal/cookie-policy be rejec­ted. The appli­ca­ble pri­va­cy poli­cy of Lin­ke­dIn is available at https://www.linkedin.com/legal/privacy-policy available. LinkedIn’s coo­kie poli­cy is available at https://www.linkedin.com/legal/cookie-policy available.

16. data protection provisions on the use and application of Pinterest

The con­trol­ler has inte­gra­ted com­pon­ents of Pin­te­rest Inc. on this web­site. Pin­te­rest is a so-cal­led social net­work. A social net­work is a social mee­ting place ope­ra­ted on the Inter­net, an online com­mu­ni­ty, which gene­ral­ly enables users to com­mu­ni­ca­te with each other and inter­act in vir­tu­al space. A social net­work can ser­ve as a plat­form for sha­ring opi­ni­ons and expe­ri­en­ces or enables the inter­net com­mu­ni­ty to pro­vi­de per­so­nal or com­pa­ny-rela­ted infor­ma­ti­on. Among other things, Pin­te­rest allows users of the social net­work to publish image coll­ec­tions and indi­vi­du­al images as well as descrip­ti­ons on vir­tu­al pin­boards (so-cal­led pin­ning), which can then in turn be shared by other users (so-cal­led repin­ning) or com­men­ted on.

The ope­ra­ting com­pa­ny of Pin­te­rest is Pin­te­rest Inc., 808 Brannan Street, San Fran­cis­co, CA 94103, USA.

Each time one of the indi­vi­du­al pages of this web­site ope­ra­ted by the data con­trol­ler is cal­led up and on which a Pin­te­rest com­po­nent (Pin­te­rest plug-in) has been inte­gra­ted, the inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly cau­sed by the respec­ti­ve Pin­te­rest com­po­nent to down­load a repre­sen­ta­ti­on of the cor­re­spon­ding Pin­te­rest com­po­nent from Pin­te­rest. More infor­ma­ti­on on Pin­te­rest is available at https://pinterest.com/ retrie­va­ble. As part of this tech­ni­cal pro­cess, Pin­te­rest recei­ves infor­ma­ti­on about which spe­ci­fic sub-page of our web­site is visi­ted by the data subject.

If the data sub­ject is log­ged into Pin­te­rest at the same time, Pin­te­rest reco­g­ni­s­es which spe­ci­fic sub-page of our web­site the data sub­ject is visi­ting each time the data sub­ject calls up our web­site and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Pin­te­rest com­po­nent and assi­gned by Pin­te­rest to the respec­ti­ve Pin­te­rest account of the data sub­ject. If the data sub­ject acti­va­tes a Pin­te­rest but­ton inte­gra­ted on our web­site, Pin­te­rest assigns this infor­ma­ti­on to the per­so­nal Pin­te­rest user account of the data sub­ject and stores this per­so­nal data.

Pin­te­rest always recei­ves infor­ma­ti­on via the Pin­te­rest com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is log­ged into Pin­te­rest at the same time as cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Pin­te­rest com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Pin­te­rest, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Pin­te­rest account befo­re acces­sing our website.

The pri­va­cy poli­cy published by Pin­te­rest, which can be found at https://about.pinterest.com/privacy-policy pro­vi­des infor­ma­ti­on on the coll­ec­tion, pro­ces­sing and use of per­so­nal data by Pinterest.

17. data protection provisions on the use and application of Vimeo

We use “Vimeo” on our web­site to dis­play vide­os. This is a ser­vice pro­vi­ded by Vimeo, LL C, 555 West 18th Street, New York, New York 10011, USA, her­ein­af­ter refer­red to as “Vimeo”. Some of the user data is pro­ces­sed on Vimeo ser­vers in the USA. Due to the cer­ti­fi­ca­ti­on accor­ding to the EU-US Pri­va­cy Shield

https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active

Howe­ver, Vimeo gua­ran­tees that the data pro­tec­tion requi­re­ments of the EU are also com­pli­ed with when pro­ces­sing data in the USA.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legi­ti­ma­te inte­rest lies in impro­ving the qua­li­ty of our web­site. If you visit a page of our web­site in which a video is embedded, a con­nec­tion to the ser­vers of Vimeo in the USA is estab­lished to dis­play the video. For tech­ni­cal reasons, it is neces­sa­ry for Vimeo to pro­cess your IP address. In addi­ti­on, the date and time of your visit to our web­site are also recorded.

If you are log­ged in to Vimeo at the same time as you visit one of our web­sites in which a Vimeo video is embedded, Vimeo may assign the infor­ma­ti­on coll­ec­ted in this way to your per­so­nal user account the­re. If you wish to pre­vent this, you must eit­her log out of Vimeo befo­re visi­ting our web­site or con­fi­gu­re your Vimeo user account accordingly.

For the pur­po­se of func­tion­a­li­ty and usa­ge ana­ly­sis, Vimeo uses the web ana­ly­sis ser­vice Goog­le Ana­ly­tics. Goog­le Ana­ly­tics stores coo­kies on your end device via your inter­net brow­ser and sends infor­ma­ti­on about the use of our inter­net pages, in which a Vimeo video is embedded, to Goog­le. It can­not be ruled out that Goog­le pro­ces­ses this infor­ma­ti­on in the USA.

If you do not agree to this pro­ces­sing, you have the opti­on of pre­ven­ting the instal­la­ti­on of coo­kies by making the appro­pria­te set­tings in your inter­net brow­ser. Details on this can be found abo­ve under the item “Coo­kies”.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legi­ti­ma­te inte­rest lies in impro­ving the qua­li­ty of our web­site and in the legi­ti­ma­te inte­rest of Vimeo to sta­tis­ti­cal­ly ana­ly­se user beha­viour for opti­mi­sa­ti­on and mar­ke­ting purposes.

Vimeo offers under http://vimeo.com/privacy for fur­ther infor­ma­ti­on on the coll­ec­tion and use of data and on your rights and opti­ons for pro­tec­ting your privacy.

18. use of Matomo (formerly Piwik)

This web­site uses the open source web ana­ly­sis ser­vice Mato­mo to ana­ly­se the usa­ge beha­viour of our web­site visi­tors. We curr­ent­ly use a ver­si­on of the ser­vice that does not use coo­kies. The web ana­ly­sis ser­vice is hos­ted by an exter­nal ser­vice pro­vi­der (hos­ter). Data coll­ec­ted by the ser­vice on this web­site is stored on the hoster’s ser­vers. The­se are

  • IP address of the com­pu­ter used (the IP address is anony­mi­sed direct­ly when the log file is writ­ten by zero­ing the last digit or the last two digits of the IP address. It is then no lon­ger pos­si­ble for us to estab­lish a per­so­nal reference).
  • Uni­que user ID (per session)
  • Date and time of the enquiry
  • Time zone in which the web­site visi­tor is located
  • Title of the page being view­ed (page title)
  • Address of the page view­ed (URL)
  • Address of the page (URL) that was view­ed befo­re the cur­rent page (refer­rer URL) (if available)
  • Screen reso­lu­ti­on used
  • Files that are cli­cked and downloaded
  • Links to an exter­nal domain that were cli­cked on
  • Loa­ding time of the view­ed page
  • Coun­try of ori­gin of the site visitor
  • User agent of the brow­ser used incl. 
    • Brow­ser type
    • Brow­ser language
    • Ope­ra­ting system
    • Type of end device used incl. brand and model

 

We have con­cluded an order pro­ces­sing con­tract with our hos­ting ser­vice pro­vi­der in accordance with Art. 28 GDPR.

The coll­ec­tion of data ser­ves to opti­mi­se our web­site and its con­tent, in which we have a legi­ti­ma­te inte­rest within the mea­ning of Art. 6 para. 1 lit. f) GDPR.

Objec­tion to data collection

19 Legal basis of the processing

Artic­le 6 I lit. a DS-GVO ser­ves as the legal basis for our com­pa­ny for pro­ces­sing ope­ra­ti­ons in which we obtain con­sent for a spe­ci­fic pro­ces­sing pur­po­se. If the pro­ces­sing of per­so­nal data is neces­sa­ry for the per­for­mance of a con­tract to which the data sub­ject is a par­ty, as is the case, for exam­p­le, with pro­ces­sing ope­ra­ti­ons that are neces­sa­ry for the deli­very of goods or the pro­vi­si­on of ano­ther ser­vice or con­side­ra­ti­on, the pro­ces­sing is based on Artic­le 6 I lit. b of the GDPR. The same appli­es to pro­ces­sing ope­ra­ti­ons that are neces­sa­ry for the imple­men­ta­ti­on of pre-con­trac­tu­al mea­su­res, for exam­p­le in the case of enqui­ries about our pro­ducts or ser­vices. If our com­pa­ny is sub­ject to a legal obli­ga­ti­on by which the pro­ces­sing of per­so­nal data beco­mes neces­sa­ry, such as for the ful­film­ent of tax obli­ga­ti­ons, the pro­ces­sing is based on Art. 6 I lit. c DS-GVO. In rare cases, the pro­ces­sing of per­so­nal data might beco­me neces­sa­ry in order to pro­tect the vital inte­rests of the data sub­ject or ano­ther natu­ral per­son. This would be the case, for exam­p­le, if a visi­tor were to be inju­red on our pre­mi­ses and as a result his or her name, age, health insu­rance details or other vital infor­ma­ti­on had to be pas­sed on to a doc­tor, hos­pi­tal or other third par­ty. Then the pro­ces­sing would be based on Art. 6 I lit. d DS-GVO. Final­ly, pro­ces­sing ope­ra­ti­ons could be based on Art. 6 I lit. f DS-GVO. Pro­ces­sing ope­ra­ti­ons that are not cover­ed by any of the afo­re­men­tio­ned legal bases are based on this legal basis if the pro­ces­sing is neces­sa­ry to pro­tect a legi­ti­ma­te inte­rest of our com­pa­ny or a third par­ty, pro­vi­ded that the inte­rests, fun­da­men­tal rights and free­doms of the data sub­ject are not over­ridden. Solc