2. General purposes of processing We only use personal data for the purpose of operating and optimising our website.
3. Data processing
3. 1 Hosting
We use the hosting services to make the following services available: Infrastructure and platform services, computing capacity, storage space and security services as well as technical maintenance services for the operating of the website.
We or our hosting provider are processing content data, usage data and access data of visitors to this website. The basis for this is our legitimate interest in an optimal and secure availability of our website in accordance with Art. 6, Paragraph 1, Sentence 1 f) DSGVO in conjunction with Art. 28 DSGVO.
3. 2 Access data When using our website, anonymous information about usage behaviour and interactions is automatically collected. These data include:
- Name and URL of the requested file
- date, duration and time of the request
- transferred data volume
- successful retrieval message (HTTP response code)
- browser type and version, operating system
- referrer URL (i.e. the previously visited page)
- data requested on our website by the user's system
- IP address and country of the request
We use this protocol data anonymously and without allocation to a person for statistical evaluation for the operating, securing and optimising of our website. Based on this information, we can provide customized content and analyse data traffic, search for and correct errors and improve our services. This is also our legitimate interest according to Art 6, Paragraph 1, S. 1 f) DSGVO.
3. 3 Cookies For the collection of data we use so-called session cookies. These are small text files that are sent by the servers when a user visits a website. They are temporarily stored on the user's end device and contain a so-called session ID which can assign requests from your browser to the shared session. To a small extent, we also use persistent cookies which remain on the user's end device and enable the browser to be identified on the next visit. These cookies contain log-in information, language settings as well as information about the access to individual pages of our website. After a given period of time, they delete themselves automatically.
Users can set up their browsers that they will be warned about the setting of cookies in advance. So users can decide in each individual case whether to exclude the cookies for certain cases or generally, or to block the setting of cookies completely. However, this may restrict the functionality of the website.
3. 4 Google Analytics We use Google Analytics, a web analysis service of Google Inc. ("Google"). Cookies are used to analyse the user behaviour of our website. The information collected by the cookie is usually transferred to a Google server in the USA and stored there. Our legitimate interest in accordance with Art 6, Paragraph 1, Sentence 1 f) DSGVO is to know how our website is used.
To protect personal data we activated IP anonymisation for Google Analytics (anonymizeIp). As a result, IP addresses of Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area are shortened beforehand. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On our behalf, Google uses this information to evaluate the use of our website for optimisation purposes.
The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data by Google. User can block the storage of cookies by selecting the settings in their browser software.
Google has submitted to the Privacy Shield Convention between the European Union and the USA and is certified. This means that Google is committed to complying with the standards and regulations of European data protection law. More information about: this.
4. Rights of the users According to existing laws, users have a number of rights regarding their personal data. The responsible authority for data protection is named in section 1.
4.1 Right to confirmation and information Users have the right to receive free and transparent information about the processing of personal data from us at any time. In detail this concerns the following main points:
- The purposes of processing,
- categories of data processed,
- the planned duration of storage and the criteria for determining this duration,
- the deletion of personal data,
- the right of appeal to a supervisory authority.
4.2 Right to deletion In some cases we are obliged to delete personal data if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- Users revoke their consent on which the processing was based according to Art. 6, para. 1, sentence 1 a) DSGVO or Art. 9, para. 2 a) DSGVO, or there is no other legal basis for the processing.
- Users appeal against the processing in accordance with Art. 21, para. 1 DSGVO and there are no legitimate reasons for the processing, or they appeal against the processing in accordance with Art. 21, para. 2 DSGVO.
- The personal data were processed unlawfully.
- Deletion of the personal data is necessary to comply with an applicable legal obligation under EU or national law.
- The personal data were collected in accordance with Art. 8, para. 1 DSGVO for services offered by the Information Society.
If we have published personal data and are obliged to delete them in accordance with Art. 17 para. 1 DSGVO, we will take adequate technical measures to delete them, in consideration of the available technology and the implementation costs.
4.3 Right to restrict processing In a number of cases, users can request us to limit the processing of their personal data if one of the following conditions is given:
- The correctness of the personal data is denied by the user for a period of time that allows us to verify the correctness of the personal data.
- The processing was unlawful, but the user declined to delete the personal data.
- Personal data will no longer required for the processing, but the user needs the data for the assertion, exercise or defence of legal claims.
- The user submitted an objection to the processing in accordance with Art. 21 para. 1 DSGVO and it is still being verified whether the legitimate reasons of our company outweigh those of the user.
4.4 Right to data transfer Users have the right to receive personal data relating to them which they have provided in a structured, common and machine-readable format. They also have the right to have this data communicated to another responsible party without obstruction by us, when:
- The processing is based on a permission according to Art. 6, para. 1, sentence 1 a) DSGVO or Art. 9, para. 2 a) DSGVO or on a contract according to Art. 6, para. 1, sentence 1 b) DSGVO and
- the processing is using computerised procedures.
When exercising the right to transfer data in accordance with paragraph 1, users may request that personal data be transferred directly from us to another responsible party, as far as this is technically possible.
4.5 Right to appeal a supervisory authority Users have the right to appeal to a supervisory authority if they consider that the processing of personal data is unlawful.
5. Data security We try to ensure the security of all data within the framework of the applicable data protection laws and technical possibilities to the highest possible extent. All data are transmitted by us in encrypted form. We use the SSL (Secure Socket Layer) coding system, but we must point out that data transmission on the Internet (e.g. when communicating by e-mail) can have safety risks. A complete protection of data against access by third parties is not possible.
To secure user data, we maintain technical and organisational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the latest state of technology.
Furthermore, we cannot guarantee that our services will always be available. The servers used by us are regularly and carefully backed up. However, we have no influence on disturbances, interruptions or failures.
6. Data transfer to third parties, no data transfer to non-EU countries Generally we only use collected data within our company. If third parties are involved in the fulfilment of contracts, they will only receive personal data wich are required for the execution of the contract.
In the case that we outsource certain parts of the data processing ("contract processing"), we contractually oblige contract processors to use personal data only in accordance with the requirements of the data protection laws and to ensure the protection of the rights of the data subject.
A data transfer to institutions or persons outside the EU except for the case mentioned in this declaration in section 4 does not take place and is not planned.
Schkeuditz, February 10th, 2021