Name and contact information of the Controller pursuant to Article 4 (7) GDPR
NASCH Media I Nadja Schaer
Wexstraße 28, 20355 Hamburg, Germany
E-Mail: info(at)the-tennis-circle.com
Note: To avoid spam e-mails, we have replaced the “@” in our e-mail address with “(at)”. Please use the “@” again instead if you wish to contact us.
Safety and protection of your personal data
It is our primary responsibility to maintain the confidentiality of the personal information you provide and to protect it from unauthorized access. That is why we use the utmost care and the latest security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that we and our external service providers comply with data protection regulations.
General information on the legal basis for data processing on this website
If you have consented to the data processing, we will process your personal data on the basis of Article 6 Paragraph 1 Letter a GDPR or Article 9 Paragraph 2 Letter a GDPR, if special data categories according to Article 9 Paragraph 1 GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also based on Article 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), data processing is also based on Section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Article 6 (1) (b) GDPR. Furthermore, we process your data if they are required to fulfill a legal obligation on the basis of Article 6 (1) (c) GDPR. Data processing can also take place on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. The following paragraphs of this data protection declaration provide information on the relevant legal bases in each individual case.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that in these countries no level of data protection comparable to that of the EU can be guaranteed. For example, US companies are obliged to release personal data to security authorities without you as the person concerned being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) will process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Definitions
The law requires personal data to be processed lawfully, fairly and in a transparent manner to the data subject (“lawfulness, fairness, transparency”). In order to ensure this, we would like to inform you about the legal definitions used in this data protection declaration:
1. Personal data
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physiological, genetic ,economic, physical, mental, social or cultural identity of the natural person.
2. Processing
“Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as collecting, organizing ,recording, storing, changing or adapting ,querying, reading out, use, disclosure through distribution, transmission or other means of making available, combination or comparison, restriction, destruction or deletion.
3. Restriction of processing
“Restriction of processing” is the marking of stored personal data with the aim of restricting their future processing.
4. Pseudonymization
“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data not be assigned to an identified or identifiable natural person.
5. Profiling
“Profiling” is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects related to health, work performance, economic situation of this person analyze or predict a natural person’s reliability, personal preferences, interests, behavior, movements or location.
6. File system
“File system” means any structured set of personal data that is accessible according to certain criteria, whether centralized, decentralized or distributed according to geographic or functional aspects.
7. Processor
“Processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.
8. Controller
“Controller” is the natural or legal person, institution, authority or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by European Union or Member State law, the person responsible or the specific criteria for his nomination can be provided for by European Union or Member State law.
9. Recipient
“Recipient” is a natural or legal person, agency, public authority or other body to which personal data is disclosed, whether a third party or not. However, public bodies that may receive personal data in accordance with European Union or Member State law as part of a specific request are not considered recipients. The processing of this data by these authorities is carried out in accordance with the applicable data protection regulations according to the purposes of the processing.
10. Third party
“Third party” is a natural or legal person, agency, public authority, or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data.
11. Consent
The “consent” of the data subject means any voluntary, informed, specific and unequivocal expression of the data subject’s will by which, by a statement or by an unequivocal act of consent, he or she gives his or her consent to the processing of personal data relating to him or her.
Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for this processing. According to Article 6 Paragraph 1 lit. a – f GDPR, the legal basis for processing can be in particular:
a. The data subject has consented to the processing of their personal data for one or more specific purposes.
b. The processing is necessary to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject.
c. Processing is necessary for compliance with a legal obligation to which the controller is subject.
d. Processing is necessary to protect vital interests of the data subject or another natural person.
e. The processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been assigned to the person responsible.
f. Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless these interests outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular when the data subject is a child.
Information regarding the collection of personal data
(1) In the following we inform you about the collection of personal data when using our website. Personal data is data with which you can be personally identified e.g. name, post address, e-mail addresses, user behavior etc.
(2) When you contact us by e-mail, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions. We delete the data collected in this way after storage is no longer necessary, processing has been restricted or there are statutory storage requirements.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
Collection of personal data when visiting our website
If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data that is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Para. 1 lit. f GDPR):
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)IP address
- Content of the request (specific page)
- Any amount of data transferred
- Access Status/HTTP Status Code
- Website from which the request originated
- Browser
- Browser software language and version
- Operating system and its user interface
This data is not merged with other data sources.
Use of Cookies
1) In addition to the data mentioned before, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
2) This website uses the following types of cookies, the scope and functionality of which are explained in the following:
- Transient cookies (see a.)
- Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
b. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
c. You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. “Third-party cookies” are cookies that have been set by a third party and therefore not by the actual website you are on. Please note that by disabling cookies you may not be able to use all the functions of this website.
Cookies that are required to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring web audience) (necessary cookies) are stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies was requested, processing takes place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG); the consent can be revoked at any time.
You can find out which cookies and services are used on this website in this data protection declaration.
Minors
The services we offer are intended exclusively for adults. Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or guardians.
Rights of data subjects
1. Revocation of consent
If your personal data is processed on the basis of consent given to us, you have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can contact us at any time to exercise your right of withdrawal.
2. Right to information
If personal data is processed, you can request information about this personal data and the following information at any time:
a. the categories of personal data that are processed.
b. the purposes of the processing.
c. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria used to determine that duration.
d. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing.
e. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations.
f. if the personal data is not collected from the data subject, all available information about the origin of the data.
g. the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing of the data topic.
h. the existence of a right of appeal to a supervisory authority.
If personal data is transmitted to a third country or to an international organization, you have the right to receive information about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission. We provide a copy of the personal data that is the subject of the processing. For any additional copies you request from an individual, we may charge a reasonable fee based on our administrative costs. If your request is submitted electronically, the information must be provided in a standard electronic format unless otherwise specified. The right to receive a copy under paragraph 3 shall not affect the rights and freedoms of other persons.
3. Right to confirmation
You have the right to request confirmation from the controller as to whether we are processing personal data relating to you. You can request this confirmation at any time using the contact details given above.
4. Right to erasure (“right to be forgotten“)
You have the right to request that the controler deletes personal data concerning you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:
a. the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
b. the data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing.
c. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
d. Erasure of the personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
e. The personal data was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
f. the personal data has been processed unlawfully.
If the controller has made the personal data public and is required to erase the personal data in accordance with paragraph 1, the controller shall take reasonable steps, including technical measures, to inform the controllers who are processing the data, taking into account the available technology and the implementation costs personal data that the person concerned has requested the deletion of all links to this personal data or copies or replications of this personal data from this person responsible.
The right to erasure (“right to be forgotten”) does not exist if the processing is necessary:
- for reasons of public interest in the area of public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR.
- to assert, exercise or defend legal claims.
- to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller.
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 paragraph 1 GDPR, insofar as the law referred to in paragraph 1 is likely to make it impossible to achieve the objectives or seriously impair this processing;
- or to exercise the right to freedom of expression and information.
5. Right to rectification
You have the right to request the immediate correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
6. Right to restriction of processing
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:
a. the processing is unlawful and the data subject refuses to have the personal data erased and instead requests that their use be restricted.
b. the controller no longer needs the personal data for the purposes of processing, but the data subject needs the data to assert, exercise or defend legal claims.
c. the data subject has lodged an objection to the processing pursuant to Article 21 Paragraph 1 GDPR, as long as it is not certain whether the legitimate reasons of the person responsible outweigh those of the data subject.
d. or the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
If the processing has been restricted according to the aforementioned conditions, this personal data – apart from its storage – may only be processed with the consent of the person concerned or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons an important public interest of the Union or of a Member State. In order to assert the right to restriction of processing, the person concerned can contact us at any time using the contact details given above.
7. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR, including the profiling based on this these provisions. In the event of an objection, the person responsible will no longer process the personal data unless the person responsible can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend of legal claims.
In the event that personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In connection with the use of information society services, you can – notwithstanding Directive 2002/58/EC – exercise your right to object by means of automated procedures using technical specifications.
You have the right to object to the processing of personal data relating to you for scientific or historical research purposes or for statistical purposes pursuant to Article 89 paragraph 1 for reasons arising from your particular situation, unless the processing is required to perform a task that is in the public interest.
You can exercise your right to object at any time by contacting the controller.
8. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another person responsible without hindrance by the person responsible for the personal data, provided to be transmitted, insofar as:
a. the processing is carried out using automated procedures and
b. the processing is based on consent pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract pursuant to Article 6 Paragraph 1 Letter b GDPR.
When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly from one controller to another controller, insofar as this is technically feasible. Exercising the right to data portability does not affect your right to erasure (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
a. is permissible on the basis of Union or Member State legislation to which the person responsible is subject and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject.
b. is based on the explicit consent of the data subject, or
c. is necessary for entering into, or the performance of, a contract between the data subject and the controller.
The controller shall implement appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. The person concerned can exercise this right at any time by contacting the controller.
10. Right to effective judicial remedy
Without prejudice to any other available administrative or judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been breached as a result of the processing of your personal data in violation of this regulation.
11. Right to lodge a complaint with a supervisory authority
You also have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you serve us as a data breacher and the data subject believes that the processing of your personal data violates this regulation.
Hosting
We host the content of our website with the following provider: IONOS The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter IONOS). When you visit our website, IONOS records various log files including your IP addresses. Details can be found in the IONOS data protection declaration: https://www.ionos.de/terms-gtc/terms-privacy.
IONOS is used on the basis of Article 6 (1) (f) GDPR. We have a legitimate interest in our website being displayed as reliably as possible. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Order processing:
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
Contact form
1. Description and scope of data processing
There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:
1) User’s name
2) User’s email address
3) User address
4) Date and time of contact
Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.
2. Legal basis for data processing
The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
3. Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and elimination
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. Storage and consent can be revoked by sending an email to info(at)the-tennis-circle.com. All personal data that was saved in the course of making contact will be deleted in this case.
Inquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried; the consent can be revoked at any time.
The data you sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
Social – network integrations
1. Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.
2. Integration of third-party services and content
We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) in order to improve their content and Integrate services such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our online offer, as well as being linked to such information from other sources.
Social media elements with Shariff
Elements from social media are used on this website (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).
You can usually recognize the social media elements by the respective social media logos. To ensure privacy on this website, we only use these elements together with the so-called “Shariff” solution. This application prevents the social media elements integrated on this website from transferring your personal data to the respective provider when you first enter the site.
Only when you activate the respective social media element by clicking on the associated button will a direct connection to the provider’s server be established (consent). As soon as you activate the social media element, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to this website to your user account.
Activating the plugin represents consent within the meaning of Article 6 Paragraph 1 lit. a GDPR and Section 25 Paragraph 1 TTDSG. You can revoke this consent at any time with effect for the future.
The service is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Article 6 (1) (c) GDPR.
Embedded content and social plugins
1) Vimeo
We embed the videos from the “Vimeo” platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.
If you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers will be established. The Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activities and will not set cookies.
Vimeo is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy. Further information on handling user data can be found in Vimeo’s data protection declaration at: https://vimeo.com/privacy.
2) Youtube
This website includes videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. This is how YouTube establishes a connection to the Google DoubleClick network, regardless of whether you are watching a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used i.a. used to collect video statistics, improve usability and prevent fraud attempts.
If necessary, after the start of a YouTube video, further data processing operations can be triggered over which we have no influence.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Article 25 Paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. You can find more information about data protection on YouTube in their data protection declaration at: https://policies.google.com/privacy/, opt-out: https://adssettings.google.com/authenticated.
3) Google Maps
We integrate the maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
4) Google ReCaptcha
We integrate the function for detecting bots, e.g. when making entries in online forms (“ReCaptcha”) from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
5) Facebook
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) we use social plugins (“plugins”) of the social network facebook.com, which operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “I like” or a “thumbs up” sign ) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
If a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to the user’s device, which integrates it into the online offer. User profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge. By integrating the plugin, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account.
If users interact with the plugins, for example by pressing the Like button or making a comment, the corresponding information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/ .
If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info /choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Insofar as personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited to collecting the data and passing it on to Facebook. The processing by Facebook after the forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for issuing data protection information when using the Facebook tool and for implementing the tool on our website in a secure manner in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert your rights (e.g. requests for information) regarding the data processed by Facebook directly on Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
6) Twitter
Within our online offer, functions and content of the Twitter service can be integrated, offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Irland. This can include, for example, content such as images, videos or text and buttons with which users can express their interest in the content, the authors of the content or subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the above-mentioned content and functions to the user profiles there. Instgram privacy policy: https://twitter.com/de/privacy. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
Insofar as consent has been obtained, the above-mentioned Service on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. You can change your data protection settings on Twitter in the account settings under Change https://twitter.com/account/settings.
7) Instagram
Functions and content of the Instagram service, offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, can be integrated within our online offer. This can include, for example, content such as images, videos or text and buttons with which users can express their liking for the content, the authors of the content or subscribe to our posts.
If the social media element is active, a direct connection will be established between your end device and the Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how it is used by Instagram.
Insofar as consent has been obtained, the above-mentioned Service on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing ( Art. 26 GDPR). Joint responsibility is limited to collecting the data and passing it on to Facebook or Instagram. The processing by Facebook or Instagram after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for issuing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a secure manner in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram can be asserted directly on Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://www.facebook.com/help/566994660333381.
For more information, see Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
8) Tumblr
This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.
If the social media element is active, a direct connection is established between your end device and the Tumblr server. Tumblr receives information about your visit to this website. The Tumblr buttons allow you to share a post or page on Tumblr or to follow the provider on Tumblr. If you access one of our websites with a Tumblr button, the browser establishes a direct connection to the Tumblr servers. We have no control over the amount of data Tumblr collects and transmits using this plugin. According to the current status, the IP address of the user and the URL of the respective website are transmitted. Insofar as consent has been obtained, the above-mentioned Service on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media. Further information on this can be found in Tumblr’s data protection declaration at: https://www.tumblr.com/privacy/.
9) Pinterest
On this website we use elements of the Pinterest social network operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
If you call up a page that contains such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies. Insofar as consent has been obtained, the above-mentioned Service on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time.
If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility on social media.
Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest’s data protection information: https://policy.pinterest.com/privacy-policy.
IONOS WebAnalytics
This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. As part of the analyzes with IONOS, e.g. Visitor numbers and behavior (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. which website the visitor comes from), visitor locations and technical data (browser and operating system versions) are analyzed. For this purpose, IONOS stores the following data in particular:
- referrer (previously visited website)
- requested website or file
- browser type and browser version
- used operating system
- used device type
- time of access
- IP address in anonymous form (only used to determine the location of access)
According to IONOS, data collection is completely anonymous so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.
The storage and analysis of the data takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Further information on data collection and processing by IONOS WebAnalytics can be found in the IONOS data protection declaration under the following link: https://www.ionos.de/terms-gtc/datenschutzerklaerung/
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.
Bunny Fonts
This website uses Bunny Fonts. Bunny Fonts is provided by the data processor Bunny net to the CDN service bunny.net based in Slovakia (EU)! Bunny Fonts are developed and hosted by BunnyWay doo – an EU based company – and are fully GDPR compliant. No logs or data are collected and shared with third parties. For more information about Bunny Fonts, visit: Address BunnyWay doo, Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia https://bunny.net/
Cloudflare
This website uses services from “Cloudflare” (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates a Content Delivery Network (CDN) and provides protection functions for the website (Web Application Firewall). The data transfer between your browser and our servers flows through Cloudflare’s infrastructure and is analyzed there to ward off attacks. Cloudflare uses cookies to enable you to access our website. Cloudflare is used in the interest of secure use of our website and to ward off harmful attacks from outside. Further information can be found in the Cloudflare data protection declaration: https://www.cloudflare.com/de-de/privacypolicy/
The Cloudflare cookies are necessary cookies.
Real Cookie Banner
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.
The legal bases for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of the personal data is not yet contractually required and is also not necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.
Automatic decision-making
We do not use any automated decision making or profiling.