We are pleased that you have visited our website and we thank you for your interest. We would like to inform you about how your personal data is handled when you use our website in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
The authority specified in the legal notice is responsible for the data collection and processing described below.
To improve the quality of our web pages, we store data relating to the individual access to our web pages for statistical purposes. This data consists of:
- page from which the file was requested
- date and time of the request
- data volume transmitted
- access status (file transmitted, file not found)
- description of the type of web browser used
- the IP address of the device making the request, which is shortened to ensure that no conclusions can be made about the individual concerned.
The specified log data is only stored in pseudonymised form. We do not store IP addresses or other personal information that could be used to identify you. When you visit our website, no data or information is shared with third parties.
We have technical and organisational measures in place to protect your data as comprehensively as possible from undesired attacks. We have an encryption process in operation on our web pages. Your information is transferred over the Internet from your device to our server and vice versa by means of TLS encryption. This is evident from a locked padlock symbol in the status bar of your browser and the URL beginning with https://.
You have the option to get in touch with us using the web form. To use our contact form, all we need is your name and email address. You can provide us with further information if you wish, but you do not have to.
The legal basis for the data processing is Art. 6(1)(a) GDPR. By submitting your email enquiry, you allow us to process your data for the purposes of responding to your enquiry. No processing is carried out for any other purpose. Your data will be deleted as soon as we have conclusively dealt with your enquiry and there are no legal obligations on our part to retain the data that would prevent us from deleting it.
You can revoke your consent to processing of your data at any time, including before we respond to your enquiry. If you wish to revoke your consent to the processing of your data transmitted using the contact form, please contact us at the email address specified in the legal notice.
The data (pictures, first name, email address) is transmitted exclusively to service providers based in Germany, who are commissioned to develop and operate the website and social media accounts. The campaign images that companies wish to provide us with are processed by Gruppe für Gestaltung GfG, Altes Zollamt / Waller Stieg 1, 28217 Bremen, Germany, email: email@example.com.
The data will be deleted after the campaign has terminated, no later than within 24 months, or if the website is taken down, unless there is a legal obligation to retain the data.
Integration of SmartMaps
On this website, we use SmartMaps, a service provided by YellowMap AG, CAS-Weg 1–5, 76131 Karlsruhe, Germany.
This enables us to display maps to you directly on our website and for you to use the map functionality conveniently. In order display the maps to you, SmartMaps uses your IP address when your browser accesses the SmartMaps components. Your IP address is retained in the memory of the web server for around five minutes to protect against DoS attacks. After this, it expires and is not processed or stored in any other way.
YellowMap AG is therefore the recipient of data. However, it does not process the data for its own purposes, rather exclusively on behalf of and on the instructions of the data controller.
Data protection regulations for the use and application of Shariff:
The controller has integrated the Shariff component on this website. The Shariff provides social media buttons in accordance with data protection regulations. Shariff was developed for the German computer magazine c't and was published by GitHub, Inc.
The developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.
Typically, the button solutions provided by social networks transmit personal data to the social network in question when a user visits a website on which a social media button is integrated. With the Shariff component, personal data is only transmitted to social networks when a website visitor actively clicks one of the social media buttons. The computer magazine c't provides further information about Shariff at http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html. We use Shariff in order to protect the personal data of visitors to our website as well as to integrate a button solution for social networks on this website.
Data protection regulations for the use and application of Facebook and Instagram:
The controller has integrated components from Facebook on this website. Facebook and Instagram are social networks.
A social network is a social meeting place operated on the Internet. It is an online community that usually enables users to communicate and interact with one another in a virtual space. A social network can serve as a platform for sharing opinions and experiences and enables the Internet community to provide personal or company-related information. Facebook allows its users to create personal profiles, upload photos and network by means of friend requests.
The operating company of Facebook and Instagram is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The data controller for personal information where the data subject lives outside of USA or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website operated by the data controller is accessed and on which a Facebook component (Facebook plug-in) is integrated, the web browser on the data subject’s information technology system is automatically prompted by the respective Facebook component to download an instance of the relevant Facebook component from Facebook. For a complete overview of all Facebook plug-ins, see https://developers.facebook.com/docs/plugins/?locale=en_gb. As part of this technical process, Facebook receives information about which specific sub-page of our website is visited by the person concerned.
If the data subject is logged in to Facebook/Instagram at the same time, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account/Instagram account of the person concerned. If the data subject interacts with one of the Facebook buttons integrated on our website, such as the ‘Like’ button, or if the data subject submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time that they access our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the data transmission by logging out of their Facebook account before they access our website.
Data protection regulations for the use and application of Twitter:
The controller has integrated the components from Twitter on this website. Twitter is a multilingual publicly accessible micro-blogging service on which users can publish and share messages known as tweets. These are short messages limited to 140 characters. These messages can be accessed by anybody, including people who are not registered with Twitter. However, the tweets are also displayed to the followers of the user in question. Followers are other Twitter users who follow the tweets of a user. Furthermore, Twitter makes it possible to reach a broad audience by means of hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time one of the individual pages of this website operated by the data controller is accessed and on which a Twitter component (Twitter button) is integrated, the web browser on the data subject’s information technology system is automatically prompted by the respective Twitter component to download an instance of the corresponding Twitter component from Twitter. For more information about Twitter buttons, visit https://about.twitter.com/de/resources/buttons. As part of this technical process, Twitter receives information about which specific sub-page of our website is visited by the person concerned. The purpose of integrating the Twitter component is to enable our users to distribute the content of this website, to raise awareness of this website in the digital world and to increase our visitor numbers.
If the data subject is logged in to Twitter at the same time, Twitter recognises which specific sub-section of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of the respective stay on our website. This information is collected by the Twitter component and assigned by Twitter to the respective Twitter account of the person concerned. If the data subject interacts with one of the Twitter buttons integrated on our website, the data and information transmitted in this way will be assigned to the personal Twitter user account of the data subject and will be stored and processed by Twitter.
Transmission of data to third parties
We treat your personal data confidentially and do not share it with unauthorised third parties. Data is transmitted to our assigned service providers, such as the agency Bernstein GmbH and WebMen GmbH.
As part of the operation of these websites and related processes, we may be assisted by other service providers (e.g. for hosting and web development). These service providers are strictly bound by instructions and by contract to us in accordance with Art. 28 GDPR.
Your rights as a data subject
In relation to the processing of your personal data, you have certain rights in accordance with the GDPR:
- Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data as well as the information specified in Art. 15 GDPR.
- Right of adjustment and deletion (Art. 16 and 17 GDPR): You have the right to request the prompt adjustment of any inaccurate personal data concerning you and, if applicable, the completion of any incomplete personal data. You also have the right to request that personal data concerning you be deleted promptly if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the relevant purposes.
- Right of limitation of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data if one of the conditions specified in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of any examination.
- Right of data portability (Art. 20 GDPR): In certain cases, specified in Art. 20 GDPR, you have the right to obtain the personal data concerning you in a structured, common, machine-readable format or to request the transmission of this data to a third party.
- Right of objection (Art. 21 GDPR): If data is collected on the basis of Art. 6(1)(f) (data processing for the protection of legitimate interests), you have the right to object to the processing at any time for reasons relating to your particular situation. We will then no longer process the personal data unless there is compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject or if the processing relates to the enforcement, exercise or defence of legal claims.
Right of appeal to a supervisory authority
In accordance with Art. 77 GDPR, you have the right to make a complaint to a supervisory authority if you believe that the processing of your personal information was in violation of data protection regulations. You can exercise your right of appeal in particular before a supervisory authority in the Member State of your residence, your place of work or the location of the alleged infringement.
Contact details of data protection officer
Our official data protection officer would be happy to provide you with further information or suggestions in relation to data protection:
Dr. Uwe Schläger
datenschutz nord GmbH
Phone: 0421 69 66 32 0