Data protection

Privacy Policy

Thank you for visiting our website. Below we inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Responsibility

The office named in the imprint is responsible for the data processing described below.

Usage Data

When you visit our website, so-called usage data is temporarily processed on our web server in order to deliver the content of our website. In addition, we process the usage data for statistical purposes to ensure the quality of our websites. This data set consists of

• the name and address of the requested content
• the date and time of the request
• the amount of data transferred
• the access status (content transferred, content not found)
• the description of the web browser and operating system used
• the referral link, which indicates the page from which you came to our site
• the IP address of the requesting computer

Storage of the IP address for security purposes

In addition, we store the complete IP address transmitted by your web browser for a strictly limited period of seven days in the interest of being able to recognise, limit and eliminate attacks on our websites. After this period, we delete or anonymise the IP address. The legal basis is Art. 6 para. 1 lit. f GDPR.

Data Security

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organisational measures. We use an encryption process on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognise this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.

Visitor Measurement (Matomo)

We use the web analysis tool "Matomo" to design our websites in line with demand. Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise returning visitors and count them as such.

The data processing is based on your consent, provided you have given this via our banner. You can revoke your consent at any time. To do so, please follow this link  and make the appropriate settings via our banner.

Cookie Settings

Necessary Cookies

We use cookies on our websites, which are necessary for the use of our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use the cookies necessary for the operation of our websites for analysis, tracking or advertising purposes.

Necessary cookies may contain information about certain settings on the website. They may also be necessary to enable user navigation, security and implementation of the site. We use these cookies on the basis of Art. 6 (1) lit. f GDPR.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

Third-Party Tracking Technologies for Advertising Purposes

We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites. That allows us to see how effective our advertising efforts have been. Data processing is based on your consent, provided you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.

How does the tracking work?

When you visit our websites, it is possible that the third-party providers mentioned below retrieve recognition features for your browser or end device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.

The individual features can be used by the third-party providers to recognise your terminal device on other websites. We can commission the corresponding third-party providers to display advertisements that are based on the pages visited on our website.

What does cross-device tracking mean?

If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked to each other. If, for example, the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you use, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices.

Which third-party providers do we use?

Below we list the third party providers with whom we work for advertising purposes. If the data is processed outside the EU or EEA in this context, please note that there is a risk that authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. If we use providers in unsafe third countries and you consent, the transfer to a third country is based on Art. 49 (1) lit. a GDPR.

Cookie Settings

Contact Form

You have the option of contacting us via our contact form. To use our contact form, we first need the data marked as mandatory fields from you. We use this data on the basis of Art. 6 Para. 1 lit. f GDPR to answer your enquiry.

In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not required for contacting us. We process your voluntary information on the basis of your consent.

Your data will only be processed to answer your enquiry. We delete your data if it is no longer required and there are no legal retention obligations to the contrary.

Social Plugins

We allow you to use social plugins. However, for reasons of data protection, we only integrate the social plugins we use in deactivated form.

When you call up our websites, no data is therefore transmitted to social media services.

However, you have the option of activating and using the social plugins integrated on our websites. For this purpose, we use a solution that results in all data and functions required to display the social plugin being provided by our web server in a first step. Only when you decide to activate the respective social plugin and click on the corresponding preview image or symbol, will your browser establish a connection to the servers of the operator of the respective social media service in a second step.

When you activate a plugin, the social media service receives in particular your IP address and, among other things, knowledge about your visit to our websites. This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create usage profiles from your data and use them for the purpose of personalised advertising. In addition, your data will be used to inform other users of the social media service about your activities on our websites.

The embedding is based on your consent, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many social plugins results in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to seek redress. If we use providers in insecure third countries and you consent, the transfer to an insecure third country will be based on Article 49(1)(a) of the GDPR.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or icon of the respective social plugin.

Embedded Videos

We embed videos on our websites that are not stored on our servers. When you call up our pages with embedded videos, the content of the third-party provider that provides the videos is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context.

We have no influence on the further data processing by the third-party provider. However, when embedding the videos, we made sure to activate the extended data protection mode offered by the third-party provider. The extended data protection mode means that the third-party provider does not set any cookies.

The embedding is carried out on the basis of Art. 6 para. 1 lit. f GDPR in the interest of making our site as appealing and informative as possible.

Captcha

To protect our web forms from automated requests, we use a so-called captcha from a third-party provider. As part of the captcha function, you may be asked to solve tasks or click checkboxes. The user entries made in this context and possibly also the mouse movements are used to assess whether the entries originate from a human or an automated programme.

Since the function is provided by a third-party provider, the display of the captcha leads to content from the third-party provider being reloaded. As a result, the third-party provider receives the information that you have accessed our site as well as the technically necessary usage data in this context. We have no influence on the further data processing by the third-party provider.

The embedding is based on Art. 6 para. 1 lit. f GDPR in the interest of effective protection against spam and abuse.

Newsletter

You can order a newsletter on our website. Please note that we require certain data (at least your e-mail address) to subscribe to the newsletter.

The newsletter will only be sent if you have given us your express consent. After you have placed an order on our websites, you will receive a confirmation e-mail at the e-mail address you have provided (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent, for example, by clicking on the unsubscribe link in every newsletter.

When you subscribe to our newsletter, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have subscribed to our newsletter. This may include storing the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email we send. This data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR in the interest of being able to account for the lawfulness of the newsletter dispatch.

Mapping Services

We embed map services on our websites that are not stored on our servers. When you call up our pages with embedded map services, the content of the third-party provider that provides the map services is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider

The embedding is based on Art. 6 para. 1 lit. f GDPR in the interest of enabling you to use map services.

The embedding is based on Art. 6 para. 1 lit. f GDPR in the interest of effective protection against spam and abuse.

Integration of Other Third-Party Content and Functions

We use the technical functions and content of third-party providers mentioned below to present our websites.

When you call up our pages, the content of the third-party provider who provides these functions and content is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider.

The embedding is based on Art. 6 para. 1 lit. f GDPR in the interest of making our site as appealing and informative as possible.

Storage Duration

Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and legal retention obligations do not prevent deletion.

Other Processors

We pass on your data to service providers who support us in the operation of our websites and the associated processes as part of commissioned processing in accordance with Art. 28 DSGVO. These are, for example, hosting service providers. Our service providers are strictly bound by instructions to us and are contractually obligated accordingly.

In the following, we will name the processors with whom we work, if we have not already done so in the preceding text of the data protection notice. If data is transferred outside the EU or EEA in this context, we provide information on the appropriate level of data protection.

Your Rights as an Affected Person

When processing your personal data, the GDPR grants you certain rights as a data subject.

Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed about these personal data and to receive the information listed in detail in Article 15 of the GDPR.

Right of rectification (Art. 16 GDPR)
You have the right to request that inaccurate personal data concerning you be corrected without delay and, if necessary, that incomplete data be completed.

Right to erasure (Art. 17 GDPR)
You have the right to request that personal data concerning you be erased without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of the review by the controller.

Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right to erasure (Art. 17 GDPR) You have the right to request that personal data concerning you be erased without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of the review by the controller.

Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right of withdrawal (Art. 7 GDPR)
f the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Right of objection (Art. 21 GDPR)
f data is collected on the basis of Art. 6 (1) sentence 1 lit. f GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) sentence 1 lit. e GDPR (data processing for the protection of public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to complain to a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. In particular, the right of complaint may be asserted before a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Assertion of your rights
Unless otherwise described above, please contact the office named in the imprint to assert your data subject rights.

Contact Details of the Data Protection Officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH Niederlassung Berlin
Kurfürstendamm 212
10719 Berlin
E-Mail: office@datenschutz-nord.de

If you contact our data protection officer, please indicate the responsible person named in the Imprint.