Data Protection

Data Pro­tec­tion State­ment in ac­cord­ance with the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR)

I. Name and ad­dress of re­spons­ible party
The re­spons­ible party in the sense of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion and oth­er na­tion­al data pro­tec­tion laws by mem­ber states as well as oth­er leg­al data pro­tec­tion pro­vi­sions is:

IBIS Prof. Thome AG
Tele­phone: +49 931 73046 500
Fax: +49 931 73046 99 500
Email: info@ibis-thome.de
web site: www.ibis-thome.de

 

II. Name and ad­dress of data pro­tec­tion of­ficer
The re­spons­ible party’s data pro­tec­tion of­ficer is:

At­tor­ney
Kon­stantin Mala­kas
Stein­bachtal 2b
97072 Würzburg
Tele­phone. +49 931 29 98 08 – 0
Fax: +49 931 29 98 08 – 8
Email: dsb@ibis-thome.de
Web sites: www.malakas.de; www.weblawyer.de

 

III. Gen­er­al in­form­a­tion re­gard­ing data pro­cessing

1. Scope of pro­cessing of per­son­al in­form­a­tion
In prin­ciple, we col­lect and use our users’ per­son­al in­form­a­tion only to the ex­tent ne­ces­sary to provide a func­tion­al web site and our con­tents and ser­vices. The col­lec­tion and use of our users’ per­son­al in­form­a­tion takes place on a peri­od­ic­al basis only after the user’s con­sent has been ob­tained. An ex­cep­tion is made in cases where it is im­possible to ob­tain pri­or per­mis­sion due to prac­tic­al reas­ons and the pro­cessing of the data is al­low­able un­der leg­al pro­vi­sions.

2. Leg­al basis for the pro­cessing of per­son­al in­form­a­tion
Whenev­er we ob­tain the con­sent of the per­son con­cerned for the pro­cessing of per­son­al in­form­a­tion, this is car­ried out with­in the leg­al frame­work of Art. 6 Par. 1 lett. a EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR).
In the pro­cessing of per­son­al in­form­a­tion ne­ces­sary to ful­fill a con­tract to which the per­son con­cerned is a con­trac­tu­al party, Art. 6 Par. 1 lett. b GDPR provides the leg­al frame­work. This also ap­plies to pro­cessing re­quired to carry out pre-con­trac­tu­al meas­ures.
Where pro­cessing of per­son­al in­form­a­tion is re­quired to ful­fill a leg­al ob­lig­a­tion to which our com­pany is sub­ject, this is done with­in the leg­al frame­work of Art. 6 Par. 1 lett. c GDPR.
In the event that vi­tal in­terests of the per­son con­cerned or an­oth­er nat­ur­al per­son re­quire pro­cessing of per­son­al in­form­a­tion, Art. 6 Par. 1 lett. d GDPR provides the leg­al frame­work.
Where pro­cessing is re­quired to safe­guard a jus­ti­fied in­terest of our com­pany or a third party and these are not out­weighed by the in­terests, fun­da­ment­al rights or fun­da­ment­al freedoms of the per­son con­cerned, Art. 6 Par. 1 lett. f GDPR provides the leg­al frame­work.

3. De­le­tion of data and dur­a­tion of data re­ten­tion
The per­son­al in­form­a­tion of the per­son con­cerned will be de­leted or blocked as soon as the pur­pose of re­tain­ing such in­form­a­tion has lapsed. Re­ten­tion can also oc­cur when it is stip­u­lated un­der European or na­tion­al law in reg­u­la­tions, laws or oth­er pro­vi­sions which are leg­ally val­id in the EU and to which the re­spons­ible parties are sub­ject. Block­ing or de­le­tion of data also oc­curs upon the lapse of a pre­scribed re­ten­tion peri­od un­der the stand­ards men­tioned above un­less fur­ther re­ten­tion of the data is re­quired for the con­clu­sion or ful­fill­ment of a con­tract.

 

IV. Pro­vi­sion of the web site and cre­ation of log files

1. De­scrip­tion and scope of data pro­cessing

Each time our In­ter­net site is ac­cessed, our sys­tem auto­mat­ic­ally col­lects data and in­form­a­tion from the ac­cess­ing computer’s sys­tem.
The fol­low­ing data are col­lec­ted in this pro­cess:
(1) in­form­a­tion re­gard­ing the browser type and the ver­sion be­ing used
(2) the user’s op­er­at­ing sys­tem
(3) the user’s In­ter­net ser­vice pro­vider
(4) the user’s IP ad­dress
(5) date and time of ac­cess
(6) web sites from which the user’s sys­tem ac­cessed our In­ter­net page
(7) web sites ac­cessed from the user’s sys­tem via our web site
These data are also re­tained in our system’s log files. These data are not re­tained to­geth­er with oth­er per­son­al in­form­a­tion of the user.

2. Leg­al basis for data pro­cessing
The leg­al basis for the tem­por­ary re­ten­tion of data and log files rests on Art. 6 Par. 1 lett. f GDPR.

3. Pur­pose of data pro­cessing
Tem­por­ary re­ten­tion of the IP ad­dress by the sys­tem is re­quired to al­low the web site to be provided to the web site on the user’s com­puter. This pro­cess re­quires re­ten­tion of the user’s IP ad­dress for the dur­a­tion of the ses­sion.
Re­ten­tion in the log files takes place to en­sure the web site’s func­tion­al­ity. Moreover, the data en­able us to op­tim­ize the web site and safe­guard the se­cur­ity of our tech­nic­al in­form­a­tion sys­tems. Re­view of the data for mar­ket­ing pur­poses does not oc­cur in this re­gard.
For such pur­poses, our jus­ti­fied in­terest in the data pro­cessing is based on Art. 6 Par. 1 lett. f GDPR.

4. Dur­a­tion of re­ten­tion
The data will be de­leted at the point where they are no longer needed to achieve the pur­pose for which they were col­lec­ted. Where data are col­lec­ted to provide ac­cess to the web site, this point is reached when the re­spect­ive ses­sion has been com­pleted.
Where data is re­tained in log files, this oc­curs after 14 days. Fur­ther re­ten­tion is a pos­sib­il­ity. Where this oc­curs, users’ IP ad­dresses are pseud­onym­ized or an­onym­ized to pre­vent any as­so­ci­ation with the ac­cess­ing cli­ent.

5. Op­tion for ob­jec­tion and re­mov­al
The col­lec­tion of data for the ac­cess­ing of the web site and the re­ten­tion of the data in log files are es­sen­tial to the op­er­a­tion of the In­ter­net page. As a res­ult, the user has no op­tion to ob­ject to this col­lec­tion.

 

V. Use of cook­ies

1. De­scrip­tion and scope of data pro­cessing
In design­ing our of­fer to be as user-friendly as pos­sible, we em­ploy cook­ies.
A cook­ie is a small text file sent by our web serv­er at the IBIS Prof. Thome AG (for ex­ample, the web serv­er at www.ibis-thome.de) to your browser whenev­er you vis­it a web page. This cook­ie con­tains a unique char­ac­ter string that fa­cil­it­ates pre­cise iden­ti­fic­a­tion of the browser when the web site is ac­cessed again. Ses­sion cook­ies ex­pire at the end of a browser ses­sion and can only cap­ture your ac­tions dur­ing this single browser ses­sion. In con­trast, per­man­ent cook­ies con­tin­ue to be re­tained on your ter­min­al even between dif­fer­ent browser ses­sions and can cap­ture your set­tings or ac­tions on mul­tiple web pages.
In prin­ciple, cook­ies present no risk to your com­puter since they are merely text files, not ex­ecut­able pro­grams.
On one hand, the cook­ies used by the IBIS Prof. Thome AG (www.ibis-thome.de) fa­cil­it­ate use of our web site, while on the oth­er hand they per­mit mar­ket re­search and ad­vert­ising ef­forts as well as the com­pil­ing of us­age stat­ist­ics. We also em­ploy cook­ies in the con­text of web track­ing, us­ing them as the basis for per­son­al­ized con­tents.
Be­sides ses­sion cook­ies, which are de­leted when you ter­min­ate your browser ses­sion, we also store per­man­ent cook­ies on your com­puter. These cook­ies are re­tained un­til you de­lete them. No per­son­al in­form­a­tion is re­tained in the cook­ies we use.
De­pend­ing on your browser set­ting, cook­ie files are either re­tained or re­jec­ted. If they are re­tained, our web serv­er is able to de­tect your ter­min­al. In later ses­sions and in mov­ing between func­tions that re­quire you to enter a pass­word, the cook­ie as­sists you in avoid­ing hav­ing to re-enter cer­tain in­form­a­tion. In this way, cook­ies fa­cil­it­ate the use of our web pages that re­quire user in­put. In ad­di­tion, cook­ies can as­sist us in be­ing able to cus­tom-tail­or web of­fers to match your in­terests.
If you prefer that these ac­tions not take place, you can de­ac­tiv­ate cook­ies as fol­lows:
Set your browser to re­ject our cook­ies if you prefer to use our web sites without cook­ie func­tion­al­ity. The steps re­quired for you to es­tab­lish these set­tings can vary from one browser to the next, and we are there­fore un­able to provide you with more pre­cise guid­ance here.
If your browser is already set to warn you each time it re­ceives a cook­ie, you can then de­cide on a case-by-case basis wheth­er you wish to al­low the cook­ie to be stored. Since it will be ne­ces­sary for our iden­ti­fic­a­tion cook­ie to be re-sent each time you ac­cess the web site, you may soon find these mes­sages quite in­con­veni­ent.
For this reas­on, we re­com­mend that you set your browser to ac­cept cook­ies from www.ibis-thome.de each time they are sent. It is pos­sible for you to es­tab­lish this set­ting for in­di­vidu­al web pages. In this case, for ex­ample, your text in­puts will be re­tained in form fields for fu­ture quer­ies, and you will not need to re-enter your in­form­a­tion each time you vis­it our web sites. In ad­di­tion, we will then be able to of­fer you con­tents tailored to your per­son­al in­terests.
Some ele­ments of our In­ter­net site re­quire the ac­cess­ing browser to be iden­ti­fi­able each time a new page is ac­cessed.
For these pur­poses, the fol­low­ing in­form­a­tion is re­tained in the cook­ies and trans­mit­ted:

(1) Lan­guage set­tings

User data cap­tured in this way are an­onym­ized through tech­nic­al means. This pre­vents the in­form­a­tion from be­ing as­so­ci­ated with the ac­cess­ing user. The data are not stored to­geth­er with oth­er per­son­al in­form­a­tion per­tain­ing to the user.
When users ac­cess our web site, an in­form­a­tion lay­er provides in­form­a­tion re­gard­ing the use of cook­ies for ana­lyt­ic­al pur­poses and refers users to this Data Pro­tec­tion State­ment. In­form­a­tion is also provided here on how to set the browser to pre­vent the stor­age of cook­ies.
You can find fur­ther in­form­a­tion on us­ing or de­ac­tiv­at­ing cook­ies at www.meine-cookies.org or www.youronlinechoices.com.
For se­cur­ity pur­poses, re­gard­less wheth­er cook­ies are stored, you will need to log in again each time you ac­cess areas of our web site that re­quire you to re­gister.

a) Third-party cook­ies
The IBIS Prof. Thome AG also in­cor­por­ates third-party con­tents at the IBIS Prof. Thome’s web site. These third parties can store cook­ies on your com­puter when you ac­cess our web pages and in this way de­term­ine that you have ac­cessed our web pages via www.ibis-thome.de. We in­vite you to ac­cess the third-party web sites to ob­tain fur­ther in­form­a­tion on their use of cook­ies. If you have made the de­cision not to per­mit shar­ing of cook­ies or to ob­ject to such ac­tions (de­ac­tiv­ate the cook­ies), you will only have ac­cess to func­tions we can provide at our web site without these cook­ies.
b) So­cial me­dia (Face­book, Google+ and You­Tube, Twit­ter)
You can also find our company’s ser­vices on-line through so­cial net­works provided on the In­ter­net by oth­er com­pan­ies (Face­book, Google and You­Tube, Twit­ter).
You can use these ser­vices only by re­gis­ter­ing and log­ging in­to each so­cial net­work. You should there­fore be aware that each so­cial network’s terms of use and data pro­tec­tion ap­ply when us­ing its re­spect­ive ser­vices.
Our web site uses so­cial plug-ins from the fol­low­ing so­cial net­works:
• Face­book Ire­land Lim­ited, Han­over Reach, 5 – 7 Han­over Quay, Dub­lin 2 Ire­land, iden­ti­fi­able through the Face­book logo (white “f” on a blue back­ground)
• Google+, op­er­ated by Google Inc., 1600 Am­phi­theatre Park­way, Moun­tain View, CA 94043, United States, iden­ti­fi­able through the Google+ logo (red “G” fol­lowed by “+1”)
• Twit­ter, a mi­cro-blog­ging ser­vice of the U.S. Com­pany Twit­ter Inc., 795 Fol­som St., Suite 600, San Fran­cisco, CA 94107, United States, iden­ti­fi­able through the Twit­ter logo (a blue bird)
• You­Tube: You­Tube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. You­Tube, LLC is a sub­si­di­ary of Google Inc., 1600 Am­phi­theatre Pkwy, Moun­tain View, CA 94043 – 1351, United States.
Whenev­er you ac­cess one of our web pages con­tain­ing a You­Tube com­pon­ent, your browser es­tab­lishes a dir­ect con­nec­tion to the You­Tube serv­ers. The con­tents of the com­pon­ents are trans­mit­ted dir­ectly to your browser by You­Tube, which in­cor­por­ates them in­to the web site.
By in­cor­por­at­ing these com­pon­ents, You­Tube and Google re­ceive the in­form­a­tion that you have ac­cessed our company’s cor­res­pond­ing web site. If you are logged in­to You­Tube, You­Tube and Google can con­nect the ses­sion to your You­Tube ac­count.
If you prefer that your in­form­a­tion not be trans­mit­ted to You­Tube and Google in this way, you can pre­vent the trans­mis­sion by log­ging off your You­Tube ac­count pri­or to ac­cess­ing our web pages.

Be­cause we have no in­flu­ence on the scope of the data these ser­vice pro­viders col­lect us­ing their plug-ins, we are shar­ing what we know about it with you. Through its in­cor­por­ated plug-ins, each ser­vice pro­vider re­ceives in­form­a­tion that you have ac­cessed the cor­res­pond­ing area of our web site. If you are logged in­to the re­spect­ive ser­vice pro­vider, that pro­vider can as­so­ci­ate this ac­cess dir­ectly with your ac­count. If you in­ter­act with the plug-ins — by click­ing the re­com­mend but­ton, for ex­ample — the cor­res­pond­ing in­form­a­tion will be dir­ectly trans­mit­ted to the ser­vice pro­vider and re­tained there. If you are not sub­scribed to a ser­vice pro­vider, it is as­sumed that the re­spect­ive ser­vice pro­vider has gained know­ledge of your IP ad­dress and re­tained it. If you are sub­scribed to a ser­vice pro­vider and prefer that it not col­lect in­form­a­tion about you through our In­ter­net site and as­so­ci­ate this in­form­a­tion with the sub­scriber data stored by that ser­vice pro­vider, you must log off that ser­vice pro­vider pri­or to click­ing on the so­cial network’s but­ton.
To re­quest fur­ther in­form­a­tion re­gard­ing the pur­pose and scope of data col­lec­tion and the fur­ther pro­cessing and use of the data by Face­book as well the set­ting op­tions avail­able to you for the pro­tec­tion of your pri­vacy, please con­sult the data pro­tec­tion guidelines of the re­spect­ive ser­vice pro­vider:
Face­book: https://www.facebook.com/privacy/explanation and http://www.facebook.com/full_data_use_policy
Google+ and You­Tube: http://www.google.com/intl/de/policies/privacy/
Twit­ter: http://twitter.com/privacy

2. Leg­al basis for the pro­cessing of per­son­al in­form­a­tion
The leg­al basis for the pro­cessing of the data when the user has giv­en con­sent is Art. 6 Par. 1 lett. a GDPR.
The leg­al basis for the pro­cessing of data trans­mit­ted in the course of us­ing plug-ins is Art. 6 Par. 1 lett. f GDPR.

3. Pur­pose of data pro­cessing
The pur­pose of our use of tech­nic­ally ne­ces­sary cook­ies is to sim­pli­fy the use of web sites by the user. Some func­tions of our In­ter­net site can­not be offered without em­ploy­ing cook­ies. For these func­tions, it is ne­ces­sary for the browser to be iden­ti­fied even after mov­ing to the next page.
The user data col­lec­ted by tech­nic­ally re­quired cook­ies are not used to cre­ate user pro­files.
The use of ana­lyt­ic­al cook­ies oc­curs for the pur­pose of im­prov­ing the qual­ity of our web site and its con­tents. Through the use of ana­lyt­ic­al cook­ies, we learn how the web site is used and can in this way con­stantly re­fine our of­fer­ings.
Google uses cook­ies es­pe­cially to com­pile web stat­ist­ics.
We use cook­ies from so­cial me­dia pro­viders to of­fer users the op­por­tun­ity to in­ter­act with the ad­di­tion­al ser­vices they use.
For such pur­poses, our jus­ti­fied in­terest in the data pro­cessing is based on Art. 6 Par. 1 lett. f GDPR.

4. Re­ten­tion peri­od
Cook­ies will be stored on the user’s com­puter and sub­sequently trans­mit­ted to our site. In this way, you as the user also have com­plete con­trol over the use of cook­ies. By chan­ging the set­tings on your In­ter­net browser, you can de­ac­tiv­ate or re­strict the trans­mis­sion of cook­ies. Cook­ies that have already been re­tained can be de­leted at any time. This can oc­cur auto­mat­ic­ally.
With re­spect to the dur­a­tion of re­ten­tion by the re­spect­ive so­cial me­dia pro­viders and your rights and con­fig­ur­a­tion op­tions to pro­tect your pri­vacy, we refer you each ser­vice provider’s data pro­tec­tion guidelines, ac­cess­ible via the links provided above.
Please note that when cook­ies are de­leted, opt-out cook­ies may also be mis­takenly de­leted in the pro­cess, pro­du­cing an un­in­ten­ded ef­fect. If you de­lete all the cook­ies in your browser, you will then need to re­set each re­spect­ive opt-out cook­ie.

5. Ob­jec­tion and re­mov­al op­tion
You have the op­tion at all times to de­ac­tiv­ate the cook­ie set­ting in your browser as de­scribed in Sec. V. 1. If no act­ive de­ac­tiv­a­tion oc­curs, re­mov­al is pos­sible only through de­le­tion on your sys­tem. There is no right of ob­jec­tion based on tech­nic­al reas­ons.
With re­spect to ob­jec­tion and re­mov­al op­tions provided by the re­spect­ive so­cial me­dia pro­viders and your rights and con­fig­ur­a­tion op­tions to pro­tect your pri­vacy, we refer you each ser­vice provider’s data pro­tec­tion guidelines, ac­cess­ible via the links provided above

 

VI. News­let­ter

1. De­scrip­tion and scope of data pro­cessing
Our In­ter­net site fea­tures the op­tion to sub­scribe to a free news­let­ter. In our man­age­ment of the mail­ing list and dis­tri­bu­tion, we use the pro­vider Newsletter2Go. In this pro­cess, the fol­low­ing in­form­a­tion from the in­put mask is sent to Newsletter2Go upon sign-up by means of a double opt-in pro­ced­ure.
(1) email ad­dress (man­dat­ory field)
(2) first name (op­tion­al field)
(3) last name (op­tion­al field)

In ad­di­tion, the fol­low­ing data are cap­tured dur­ing sign-up:
(1) IP ad­dress of the ac­cess­ing com­puter
(2) date and time of lo­gin
Your con­sent to the pro­cessing of the data is ob­tained in the con­text of the lo­gin pro­ced­ure and you are re­ferred to the Newsletter2Go data pro­tec­tion state­ment at Datens­chutzerklärung von Newsletter2Go.

2. Leg­al basis for the pro­cessing of per­son­al in­form­a­tion
The leg­al basis for the pro­cessing of the data fol­low­ing sign-up for the news­let­ter, when the user has giv­en con­sent, is Art. 6 Par. 1 lett. a GDPR.
The leg­al basis for the send­ing of the news­let­ter as a res­ult of the pur­chase of goods or ser­vices is Sec. 7 Par. 3 Ger­man Act Against Un­fair Com­pet­i­tion (Ge­setz ge­gen den un­laut­er­en Wettbe­w­erb — UWG).

3. Pur­pose of data pro­cessing
The col­lec­tion of the user’s email ad­dress al­lows us to send the news­let­ter.
The col­lec­tion of ad­di­tion­al per­son­al in­form­a­tion as part of the lo­gin pro­cess serves to pre­vent mis­use of the ser­vices or the email ad­dress be­ing used.

4. Re­ten­tion peri­od
The data will be de­leted at the point where they are no longer needed to achieve the pur­pose for which they were col­lec­ted. Ac­cord­ingly, the user’s email ad­dress will only be re­tained as long as the news­let­ter sub­scrip­tion is act­ive.

5. Ob­jec­tion and re­mov­al op­tion
The news­let­ter sub­scrip­tion can be can­celed by the user at any time. This can be done via the link for this pur­pose found in each news­let­ter.
The link can also be used to re­voke con­sent to re­ten­tion of the per­son­al in­form­a­tion col­lec­ted as part of the lo­gin pro­cess.

 

VII. Con­tact form and email con­tact

1. De­scrip­tion and scope of data pro­cessing
Our In­ter­net site fea­tures con­tact forms that can be used for mak­ing con­tact elec­tron­ic­ally. When a user makes use of these op­tions, the data entered in­to the in­put mask are trans­mit­ted to us for re­ten­tion. This in­cludes the fol­low­ing data:
(1) name (man­dat­ory field)
(2) email ad­dress (man­dat­ory field)
(3) your in­form­a­tion (man­dat­ory field)
In the trans­mis­sion pro­cess, the fol­low­ing data are also re­tained:
(1) the user’s IP ad­dress
(2) date and time of con­tact and trans­mis­sion of the con­tact form
For data pro­cessing, your con­sent is ob­tained as part of the trans­mis­sion pro­cess and you are re­ferred to this data pro­tec­tion state­ment.
It is also pos­sible to make con­tact us­ing the provided email ad­dress. In this case, the user’s trans­mit­ted per­son­al in­form­a­tion is stored along with the email.
When this oc­curs, no third parties out­side the IBIS Prof. Thome AG are giv­en ac­cess to the data. The data are used ex­clus­ively for the pro­cessing of the cor­res­pond­ence.

2. Leg­al basis for the pro­cessing of per­son­al in­form­a­tion
The leg­al basis for the pro­cessing of the data, when the user has giv­en con­sent, is Art. 6 Par. 1 lett. a GDPR.
The leg­al basis for the pro­cessing of data trans­mit­ted in the course of send­ing email is Art. 6 Par. 1 lett. f GDPR. Where the email con­tact is based on the con­clu­sion of a con­tract, the ad­di­tion­al leg­al basis for the data pro­cessing is Art. 6 Par. 1 lett. b GDPR.

3. Pur­pose of data pro­cessing
The pro­cessing of per­son­al in­form­a­tion from the in­put mask only al­lows us to pro­cess the con­tact. In the case con­tact is made via email, the re­quired jus­ti­fied in­terest is based on the pro­cessing of the data.
The oth­er per­son­al in­form­a­tion pro­cessed dur­ing the trans­mis­sion pro­cess serves to pre­vent any mis­use of the con­tact form and to safe­guard the se­cur­ity of our in­form­a­tion sys­tem tech­no­logy.

4. Re­ten­tion peri­od
The data will be de­leted at the point where they are no longer needed to achieve the pur­pose for which they were col­lec­ted. For per­son­al in­form­a­tion from the in­put mask or sent by email, this oc­curs when the re­spect­ive cor­res­pond­ence with the user has been com­pleted. The cor­res­pond­ence is deemed com­pleted when it can be de­term­ined from the cir­cum­stances that the rel­ev­ant facts have been con­clus­ively settled.
The data ad­di­tion­ally col­lec­ted dur­ing the trans­mis­sion pro­cess will be de­leted with­in no more than 14 days.

5. Ob­jec­tion and re­mov­al op­tion
The user has the op­tion at all times to re­voke con­sent to the pro­cessing of the user’s per­son­al in­form­a­tion. The user can con­test the re­ten­tion of per­son­al in­form­a­tion at any time by con­tact­ing us via email. In such a case, the cor­res­pond­ence can­not be for­war­ded. Please send your de­le­tion pref­er­ence via email to info@ibis-thome.de.
All per­son­al in­form­a­tion re­tained in the course of the con­tact will be de­leted in this case.

 

VIII. Web ana­lys­is us­ing Mat­omo

1. Scope of per­son­al in­form­a­tion pro­cessing
At our web site, we use the Mat­omo (https://matomo.org/) soft­ware to ana­lyze our users’ web-surf­ing be­ha­vi­or. The soft­ware places a cook­ie in the user’s com­puter (see above re­gard­ing cook­ies). When in­di­vidu­al pages of our web site are ac­cessed, the fol­low­ing in­form­a­tion is re­tained:

(1) three bytes of the IP ad­dress of the ac­cess­ing user’s sys­tem (xxx.xxx.xxx.???)
(2) web page be­ing ac­cessed
(3) web site from which the user has con­nec­ted to the ac­cessed web site (re­fer­rer)
(4) sub­pages that are ac­cessed from the ac­cessed web site
(5) length of time spent at the web page
(6) fre­quency of ac­cess to the web page
(7) search terms entered
(8) fre­quency of page ac­cess

In this pro­cess, the eval­u­ation soft­ware runs ex­clus­ively on our own serv­ers. There is no re­ten­tion of the user’s per­son­al in­form­a­tion since the IP ad­dress is an­onym­ized. The soft­ware set­ting does not com­pletely re­tain the IP ad­dress, in­stead mask­ing 1 byte of the IP ad­dress (ex­ample: xxx.xxx.xxx.???). This ac­tion pre­vents the ab­bre­vi­ated IP ad­dress from be­ing as­so­ci­ated with the ac­cess­ing com­puter.
There is no trans­fer of data to third parties.

2. Leg­al basis for the pro­cessing of per­son­al in­form­a­tion
The leg­al basis for the pro­cessing of the user’s per­son­al in­form­a­tion is Art. 6 Par. 1 lett. f GDPR un­til the user’s IP ad­dress is an­onym­ized. This oc­curs at the earli­est pos­sible mo­ment (see https://matomo.org/privacy/ ).

3. Pur­pose of data pro­cessing
The pro­cessing of the user’s per­son­al in­form­a­tion, which is an­onym­ized at the earli­est pos­sible mo­ment, al­lows us to ana­lyze our users’ web-surf­ing be­ha­vi­or. By ana­lyz­ing the data we col­lect, we are able to com­pile in­form­a­tion re­gard­ing the use of the in­di­vidu­al com­pon­ents of our web site. This as­sists us in con­tinu­ously im­prov­ing our web site and its user-friend­li­ness.

4. Re­ten­tion peri­od
Be­cause the data are an­onym­ized, they are not de­leted, re­main­ing per­man­ently avail­able to us for pur­poses of ana­lys­is. No as­so­ci­ation with an in­di­vidu­al user is pos­sible. Mat­omo has made the com­mit­ment nev­er to merge the data it col­lects with oth­er data­bases — for the pur­pose of es­tab­lish­ing a per­son­al re­la­tion­ship, for ex­ample (see https://matomo.org/privacy/ ).

5. Ob­jec­tion and re­mov­al op­tion
Mat­omo cook­ies are re­tained on the user’s com­puter, from where they are trans­mit­ted to our site. In this way, you as the user also have com­plete con­trol over the use of cook­ies. By chan­ging the set­tings on your In­ter­net browser, you can de­ac­tiv­ate or re­strict the trans­mis­sion of cook­ies at any time. Cook­ies that have already been re­tained can be de­leted at any time. This can oc­cur auto­mat­ic­ally. If cook­ies for our web site are de­ac­tiv­ated, all web site func­tions may no longer be fully us­able.
At our web site, we of­fer our users the op­tion to opt out of the ana­lys­is pro­cess. This op­tion adds a cook­ie to your sys­tem that sig­nals that the user’s data are not to be re­tained. Please note that when cook­ies are de­leted, opt-out cook­ies may also be mis­takenly de­leted in the pro­cess, pro­du­cing an un­in­ten­ded ef­fect.

Fur­ther in­form­a­tion re­gard­ing Mat­omo Software’s pri­vacy set­tings can be ob­tained at the fol­low­ing link: https://matomo.org/privacy/

 

IX. Rights of the per­sons con­cerned
If per­son­al in­form­a­tion con­cern­ing you is pro­cessed, you are a per­son con­cerned in the sense of the GDPR, and you are en­titled to the fol­low­ing rights vis-a-vis the re­spons­ible parties:

1. Right to in­form­a­tion
You can de­mand a state­ment from the re­spons­ible party in­dic­at­ing wheth­er per­son­al in­form­a­tion con­cern­ing you is be­ing pro­cessed by us.
If such pro­cessing is oc­cur­ring, you can de­mand the fol­low­ing in­form­a­tion from the re­spons­ible party:
(1) the pur­poses for which the per­son­al in­form­a­tion is be­ing pro­cessed;
(2) the cat­egor­ies of per­son­al in­form­a­tion be­ing pro­cessed;
(3) the re­ceiv­ers and the cat­egor­ies of re­ceiv­er to which the per­son­al in­form­a­tion con­cern­ing you has been or is still to be dis­closed;
(4) the an­ti­cip­ated dur­a­tion of re­ten­tion of the per­son­al in­form­a­tion con­cern­ing you or, should spe­cif­ic in­form­a­tion re­gard­ing this mat­ter not be pos­sible, cri­ter­ia for de­term­in­ing the re­ten­tion peri­od;
(5) the ex­ist­ence of a right to cor­rect or de­lete the per­son­al in­form­a­tion con­cern­ing you, a right to re­strict the re­spons­ible party’s pro­cessing of the in­form­a­tion, or a right to con­test this pro­cessing;
(6) the ex­ist­ence of a right to ap­peal to a reg­u­lat­ory au­thor­ity;
(7) all avail­able in­form­a­tion re­gard­ing the data source if the per­son­al in­form­a­tion is not col­lec­ted by the per­son con­cerned;
(8) the ex­ist­ence of auto­mat­ic de­cision mak­ing in­clud­ing pro­fil­ing in ac­cord­ance with Art. 22 Pars. 1 and 4 GDPR and – at least in these cases – mean­ing­ful in­form­a­tion re­gard­ing the lo­gic in­volved as well as the scope and in­ten­ded ef­fect of such pro­cessing on the per­son con­cerned.
You have the right to de­mand to know wheth­er the per­son­al in­form­a­tion con­cern­ing you is be­ing trans­mit­ted to a third coun­try or an in­ter­na­tion­al or­gan­iz­a­tion. In this con­text, you can de­mand to be in­formed re­gard­ing the spe­cif­ic guar­an­tees un­der Art. 46 GDPR in con­nec­tion with the in­form­a­tion trans­fer.

2. Right to rec­ti­fic­a­tion
You have a right to rec­ti­fic­a­tion and/or com­ple­tion vis-a-vis the re­spons­ible party to the ex­tent that the pro­cessed per­son­al in­form­a­tion con­cern­ing you is in­cor­rect or in­com­plete. The re­spons­ible party must promptly carry out the rec­ti­fic­a­tion.

3. Right to re­strict pro­cessing
Un­der the fol­low­ing con­di­tions, you can de­mand re­stric­tion of the pro­cessing of per­son­al in­form­a­tion con­cern­ing you:
(1) if you dis­pute the ac­cur­acy of the per­son­al in­form­a­tion con­cern­ing you for a peri­od that al­lows the re­spons­ible party to check the ac­cur­acy of the per­son­al in­form­a­tion;
(2) if the pro­cessing is un­law­ful and you de­cline de­le­tion of the per­son­al in­form­a­tion, de­mand­ing in­stead re­stric­tion of the use of the per­son­al in­form­a­tion;
(3) if the re­spons­ible party no longer has need of the per­son­al in­form­a­tion for the pur­poses of the pro­cessing but you need the in­form­a­tion to as­sert, ex­er­cise or de­fend against a leg­al claim, or
(4) if you have filed an ob­jec­tion to the pro­cessing in ac­cord­ance with Art. 21 Par. 1 GDPR and it re­mains un­cer­tain wheth­er the re­spons­ible party’s jus­ti­fied reas­ons out­weigh your own reas­ons.
If the pro­cessing of the per­son­al in­form­a­tion con­cern­ing you has been re­stric­ted, such data — apart from their re­ten­tion — may only be pro­cessed with your con­sent or to as­sert, ex­er­cise or de­fend against a leg­al claim or to pro­tect the rights of an­oth­er nat­ur­al per­son or leg­al en­tity or based on a sig­ni­fic­ant pub­lic in­terest on the part of the Uni­on or a mem­ber state.
If the pro­cessing re­stric­tion is car­ried out un­der the above-men­tioned con­di­tions, you will be in­formed by the re­spons­ible party pri­or to any lift­ing of the re­stric­tion.

4. Right to de­le­tion
a) De­le­tion re­spons­ib­il­ity
You can de­mand that the re­spons­ible party im­me­di­ately de­lete the per­son­al in­form­a­tion con­cern­ing you, and the re­spons­ible party is re­quired to de­lete these data provided that one of the fol­low­ing reas­ons ap­plies:
(1) The per­son­al in­form­a­tion con­cern­ing you is no longer needed for the pur­poses for which it was col­lec­ted or oth­er­wise pro­cessed.
(2) You re­voke your con­sent on which the pro­cessing is based in ac­cord­ance with Art. 6 Par. 1 lett. a or Art. 9 Par. 2 lett. a GDPR and no oth­er leg­al basis for the pro­cessing ex­ists .
(3) You file an ob­jec­tion to the pro­cessing in ac­cord­ance with Art. 21 Par. 1 GDPR and there are no over­rid­ing reas­ons for the pro­cessing, or you file an ob­jec­tion to the pro­cessing in ac­cord­ance with Art. 21 Par. 2 GDPR.
(4) The per­son­al in­form­a­tion con­cern­ing you was un­law­fully pro­cessed.
(5) The de­le­tion of the per­son­al in­form­a­tion con­cern­ing you is re­quired for ful­fill­ment of a leg­al ob­lig­a­tion un­der Uni­on law or the law of a mem­ber state to which the re­spons­ible party is sub­ject.
(6) The per­son­al in­form­a­tion con­cern­ing you was col­lec­ted in re­la­tion to provided in­form­a­tion so­ci­ety ser­vices in ac­cord­ance with Art. 8 Par. 1 GDPR.
b) Dis­clos­ing in­form­a­tion to third parties
If the re­spons­ible party has dis­closed the per­son­al in­form­a­tion con­cern­ing you and if that party is re­quired to de­lete the in­form­a­tion in ac­cord­ance with Art. 17 Par. 1 GDPR, the party must in­form those re­spons­ible for pro­cessing these data that, as a per­son con­cerned, you have de­man­ded the de­le­tion of all links to this per­son­al in­form­a­tion or from cop­ies or rep­licas of this per­son­al in­form­a­tion.
c) Ex­cep­tions
The right to de­le­tion does not ex­ist if the pro­cessing is re­quired
(1) for ex­er­cise of the right of free­dom of ex­pres­sion and in­form­a­tion;
(2) to ful­fill a leg­al ob­lig­a­tion re­quir­ing the pro­cessing un­der the law of the Uni­on or its mem­ber states to which the re­spons­ible party is sub­ject, or to carry out a duty in the pub­lic in­terest or in the ex­er­cise of of­fi­cial au­thor­ity gran­ted to the re­spons­ible party;
(3) for reas­ons of pub­lic in­terest in the area of pub­lic health in ac­cord­ance with Art. 9 Par. 2 letts. h and i and Art. 9 Par. 3 GDPR;
(4) for archiv­ing pur­poses in the pub­lic in­terest, sci­entif­ic or his­tor­ic­al re­search pur­poses in ac­cord­ance with Art. 89 Par. 1 GDPR to the ex­tent that the right des­ig­nated un­der sec­tion a) is ex­pec­ted to pre­clude or ser­i­ously af­fect the achieve­ment of the goals of this pro­cessing, or
(5) to as­sert, ex­er­cise or de­fend against leg­al claims.

5. Right to in­form­a­tion
If you have as­ser­ted against the re­spons­ible party your right to rec­ti­fy or de­lete the data or re­strict its pro­cessing, that party is ob­lig­ated to com­mu­nic­ate to all re­ceiv­ers of the data this rec­ti­fic­a­tion or de­le­tion of the data or re­stric­tion of its pro­cessing un­less this proves to be im­possible or in­volves dis­pro­por­tion­ate ef­fort.
You have the right to be in­formed by the re­spons­ible party re­gard­ing these re­ceiv­ers.

6. Right to data port­ab­il­ity
You have the right to re­ceive in a struc­tured, cur­rent and ma­chine-read­able format the per­son­al in­form­a­tion con­cern­ing you that the re­spons­ible party has made avail­able to you . In ad­di­tion, you have the right to trans­fer to an­oth­er re­spons­ible party the per­son­al in­form­a­tion con­cern­ing you without in­ter­fer­ence from the re­spons­ible party to which the per­son­al in­form­a­tion was made avail­able, provided that (1) the pro­cessing is based either on a con­sent in ac­cord­ance with Art. 6 Par. 1 lett. a GDPR or Art. 9 Par. 2 lett. a GDPR or on a con­tract in ac­cord­ance with Art. 6 Par. 1 lett. b GDPR and (2) the data are pro­cessed us­ing auto­mated pro­ced­ures.
In the ex­er­cise of this right, you have a fur­ther right to have the per­son­al in­form­a­tion con­cern­ing you dir­ectly trans­ferred from one re­spons­ible party to an­oth­er re­spons­ible party to the ex­tent tech­nic­ally pos­sible. The freedoms and rights of oth­er per­sons may not be af­fected in this pro­cess.
The right to data port­ab­il­ity does not ap­ply to the pro­cessing of per­son­al in­form­a­tion re­quired to carry out a duty in the pub­lic in­terest or in the ex­er­cise of of­fi­cial au­thor­ity gran­ted to the re­spons­ible party;

7. Right of ob­jec­tion
For reas­ons arising from your par­tic­u­lar situ­ation, you have the right at any time to file an ob­jec­tion to the pro­cessing of the per­son­al in­form­a­tion con­cern­ing you that is based on Art. 6 Par. 1 lett. e or f GDPR; this also ap­plies to any pro­fil­ing based on these pro­vi­sions.
The re­spons­ible party may no longer pro­cess the per­son­al in­form­a­tion con­cern­ing you un­less it can provide evid­ence of com­pel­ling and le­git­im­ate reas­ons for the pro­cessing that out­weigh your in­terests, rights and freedoms or the pro­cessing is in sup­port of an as­ser­tion of, ex­er­cise of or de­fense against a leg­al claim.
Where the per­son­al in­form­a­tion con­cern­ing you is pro­cessed in con­nec­tion with activ­it­ies in­volving dir­ect pro­mo­tion, you have the right at any time to file an ob­jec­tion to the pro­cessing of the per­son­al in­form­a­tion con­cern­ing you for the pur­poses of such pro­mo­tions; this also ap­plies to pro­fil­ing to the ex­tent that it is as­so­ci­ated with such dir­ect pro­mo­tion.
If you con­test the pro­cessing for pur­poses of dir­ect pro­mo­tion, the per­son­al in­form­a­tion con­cern­ing you may no longer be pro­cessed for these pur­poses.
You have the op­tion in con­nec­tion with your use of ser­vices of the in­form­a­tion so­ci­ety – not­with­stand­ing Dir­ect­ive 2002/58/EC – to ex­er­cise your right of ob­jec­tion by means of auto­mated pro­ced­ures that util­ize tech­nic­al spe­cific­a­tions.

8. Right to re­voke your de­clar­a­tion of con­sent un­der data pro­tec­tion reg­u­la­tions
You have the right at any time to re­voke your de­clar­a­tion of con­sent un­der data pro­tec­tion reg­u­la­tions. Re­voc­a­tion of con­sent does not af­fect the law­ful­ness of con­sent-based pro­cessing that took place pri­or to the re­voc­a­tion.

9. Auto­mated de­cision mak­ing in­clud­ing pro­fil­ing
You have the right not to be sub­jec­ted to a de­cision based ex­clus­ively on auto­mated de­cision mak­ing – in­clud­ing pro­fil­ing – that has leg­al ef­fect on you or sig­ni­fic­antly af­fects you in a sim­il­ar way. This does not ap­ply if the de­cision
(1) is re­quired for the con­clu­sion or ful­fill­ment of a con­tract between you and the re­spons­ible party,
(2) is al­low­able ac­cord­ing to le­gis­la­tion of the Uni­on or its mem­ber states to which the re­spons­ible party is sub­ject and this le­gis­la­tion con­tains ap­pro­pri­ate meas­ures to safe­guard your rights and freedoms as well as your jus­ti­fied in­terests or
(3) takes place with your ex­press con­sent.
These de­cisions may not be based, how­ever, on spe­cif­ic cat­egor­ies of per­son­al in­form­a­tion in ac­cord­ance with Art. 9 Par. 1 GDPR un­less either Art. 9 Par. 2 letts. a or g GDPR ap­ply and ap­pro­pri­ate meas­ures have been taken to pro­tect your rights and freedoms as well as your jus­ti­fied in­terests.
With re­spect to the cases spe­cified in (1) and (3), the re­spons­ible party must take ap­pro­pri­ate meas­ures to safe­guard rights and freedoms as well as your jus­ti­fied in­terests, min­im­ally in­clud­ing the right to a per­son­al in­ter­ven­tion on the part of the re­spons­ible party, a present­a­tion of your own po­s­i­tion and an ap­peal against the de­cision.

10. Right to ap­peal to a reg­u­lat­ory au­thor­ity
Without pre­ju­dice to oth­er ad­min­is­trat­ive sanc­tions or ju­di­cial rem­ed­ies, you are en­titled to ap­peal to a reg­u­lat­ory au­thor­ity, es­pe­cially one in the mem­ber coun­try of your res­id­ence, work­place or the site of the al­leged vi­ol­a­tion if you be­lieve that the pro­cessing of the per­son­al in­form­a­tion con­cern­ing you is con­trary to the GDPR.
The reg­u­lat­ory au­thor­ity hear­ing the ap­peal will in­form the ap­pel­lant re­gard­ing the status and out­come of the ap­peal, in­clud­ing the pos­sib­il­ity of ju­di­cial ap­peal un­der Art. 78 GDPR.