Data privacy policy

 Sect. 1  General

We will process your personal data (e.g. title, name, address, e-mail address, phone number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please familiarise yourself with the respective use of your data there.

 

Sect. 2  Web analysis with Google Analytics
 
(1) Purpose of processing
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies", which are text files placed on your computer to help the website analyze how users utilize the site. Information including your usage of the website generated by the cookie may be transmitted to Google and stored by Google in the United States of America (USA). However, if IP anonymization is activated on the website, your IP address will be shortened beforehand by Google within member states of the European Union or other states that are signatories to the agreement in the European Economic Area. Only in exceptional cases the entire IP address will be transmitted to a Google server in the USA where it will then be shortened. On behalf of the operator of the website, Google will use this information to evaluate your usage of the website, in order to compile reports on the activities on that website and to provide other services to the website operator relating to the website activities and internet usage.

(2) Legal basis
The legal basis for this processing is Art. 6 para. 1 f) DSGVO.

(3) Legitimate interest
Our legitimate interest is the statistical analysis of the user behavior for optimization and marketing purposes. In order to protect your interest in data protection, this website uses Google Analytics with the extension "anonymizeIP()", so that the IP addresses are only processed in abbreviated form in order to exclude direct personal references.

(4) Recipient categories
Google and its partner companies.

(5) Transfer to a Third Country
Google Ireland Limited is an affiliate of Google LLC. Google LLC is located in the United States (1600 Amphitheatre Parkway, Mountain View, CA 94043) and is certified under the U.S. Privacy Shield Agreement, which ensures compliance with EU privacy standards.

(6) Storage period
14 months

(7) Right of objection
You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie - related to your use of the website (including your IP address) - as well as Google’s processing of this data by downloading and installing the browser plugin which is available under the following link:  optout

You can also prevent it by setting an opt-out cookie. If you would like to stop the future collection of your data when you visit this website, please click here to  deactivate Google Analytics.

 

Sect. 3  The use of Google Maps

(1) On this website we utilize Google Maps. This allows us to present interactive maps, which provide one the option to make use of the map feature.

(2) By visiting this website, Google receives information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in § 3 of this declaration will be transmitted. This occurs regardless of whether the user account is logged into a Google account or not. If you are logged into Google, then your data will be associated directly to your account. If you do not wish it to be associated with your profile on Google, you must log out before clicking on the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and / or customization of its website. Such an evaluation is carried out to provide appropriate advertising (even for users who are not logged in) and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles by contacting Google directly.

(3) For more information on the purpose and scope of the data collection and its processing through the plug-in provider, please refer to the privacy policy of the provider. You can also find out more about your rights and privacy settings here: www.google.com/intl/en/policies/privacy. Google also processes your personal information in the USA and has signed up to the EU-US Privacy Shield, www.privacyshield.gov/EU-US Framework.

 

Sect. 4  Rights of the data subject
 
If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards the controller:


1. Right of access by the data subject
 
You may ask the controller to confirm whether your personal data is processed.
In the case of such processing, you may request the following information from the controller:
(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the estimated period of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the right to request from the controller to rectify or erase the personal data or the right to restrict the processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information for your about the logic involved, as well as the consequences and intended effects of such processing.
As a data subject, you have the right to be informed whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

 

2. Right to rectification
 
You have the right to have corrected and/or completed your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the correction without delay.


3. Right to restriction of processing
 
You have the right to obtain from the controller restriction of processing where one of the following applies:
(1) if you contest the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or
(4) if you have lodged an objection against the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your grounds.
Where processing of personal data relating to you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or for the protecting of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the conditions mentioned above, you will be informed by the controller before the restriction of processing is lifted.

 

4. Right to erasure
 
a) Obligation regarding erasure
You have the right to obtain from the controller the erasure of your personal data immediately and the controller is obliged to erase this data without delay where one of the following reasons applies:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based accordance to point (a) of Article 6 (1), or point (a) of Article 9 (2) GDPR and where there is no other legal ground for the processing;
(3) you submit an objection to the processing accordance to Article 21 (1) of the GDPR, and there are no legitimate reasons for the processing, or you lodge an objection against the processing accordance to Article 21 (2) of the GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data need to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer information society services referred to Article 8 (1);

b) Obligation to inform other controllers (third parties)
If the controller has made your personal data public and is obliged to erase them accordance to Article 17 (1) of the GDPR, he has to take reasonable steps, taking into account the available technology and the cost of implementation, including technical measures, to inform the controllers who process the personal data that you, as the person concerned, have requested the erasure of any links to, or copy or replication of those personal data.

c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for fulfilment of a legal obligation which requires processing by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority transferred to the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to make it impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishing, exercising or defending legal claims.

 

5. Notification obligation
 
If you have made use of your right to correct, erase or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or erasure of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.

 

6. Right to data portability
 
You have the right to receive the personal data relating to you which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where:
(1) the processing is based on a consent in accordance with the point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract in accordance with the point (b) of Article 6 (1); and
(2) the processing is carried out using automated means.
In exercising this right, you also have the right to have your personal data are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.
The right to data portability is not applicable to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority given to the data controller.


7. Right to object
 
For reasons arising from your particular situation, you have the right to object at any time to processing of personal data concerning you, which is carried out based on point (e) or (f) of Article 6 (1); this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Where you object to the processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

 

8. Right to withdraw the declaration of consent under Data Protection Act
 
You have the right to withdraw your declaration of consent under Data Protection Act at any time. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

 

9. Automated individual decision-making, including profiling
 
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly impairs you in a similar manner.
This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data in accordance with Article 9 (1), unless point (a) or (g) of Article 9 (2) applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests are in place.
Regarding the cases referred to in (1) and (3), the data controller has to take appropriate measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the data controller, to state his or her own position and to contest the decision.

 

10. Right to lodge a complaint with a supervisory authority
 
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy accordance to Article 78.

 

Privacy Notice Application Procedure:

Here you will find special privacy notices that apply to the application process.

 

Responsible for data processing:
d-fine GmbH
An der Hauptwache 7
D-60313 Frankfurt
Phone: +49 69 90737-0
infod-fine.de

 

Contact details of our data protection officer:
An der Hauptwache 7
D-60313 Frankfurt
Datenschutzbeauftragterd-fine.de