Data protection notice
The protection of your personal data is important to us, so we would like to provide you with simple and accurate information about contact options and about the data we process. First, you will receive information below about how to contact our data protection officer, and how to contact us using encryption. We then introduce the legal and technical terms that will be used in the further course. After that, we provide you with an overview of the rights of the data subject. Subsequently, you can find the details of the responsible party. Lastly, the technologies used, services and our handling and legality will be addressed.
1. Contact the data protection officer
If you have any questions or would like information, you can contact our external data protection officer at any time, the contact details are:
Oliver Offenburger, M.Sc.
eye-i4 GmbH Department of Data Protection
Phone: 07721 69724 00
Fax: 07721 69724 01
Our preferred method of communication is by email. However, you are also welcome to contact the Data Protection Officer by post or telephone. Should you wish to encrypt your e-mail to our data protection officer, we recommend that you read the following section
Notes on inquiries:
If you send an inquiry by email within regular business hours, we will confirm receipt of the message on the same day. If you do not receive confirmation, please contact us by phone.
If you make a postal request, we will send you confirmation of receipt on the same day of delivery, but no later than one day after delivery. If you do not receive a confirmation, we ask you to contact us by telephone.
For a telephone request, we ask you to use the direct the telephone number of our data protection partner, the eye-i4 GmbH.
1.1 Encryption of emails to our data protection officer
We are advocates of encrypted transmission via email. Therefore, to maintain confidentiality and integrity, we offer to encrypt your requests to the Data Protection Officer.
We use PGP for encryption. You can find information about free usage options and the setup on the website of our data protection partner, see the following link:
You can download our PGP key via the following link:
[Icon] [Link to PGP key]
If you wish to have the fingerprint verified, please contact our data protection partner, eye-i4 GmbH, by telephone.
If you have any further questions about encryption, you may contact our data protection officer.
2. Terms in the legal context
Before we go into legal matters in the further course, we would first like to introduce you to the related terms:
2.1 EU-DSGVO (also referred to as DSGVO)
The term EU-DSGVO (hereinafter also referred to as "DSGVO") means the General Data Protection Regulation. It is a basic regulation of the European Union, which regulates how personal data may be processed. For information, the legal text of the DSGVO can be viewed via the following link:
2.2 Responsible party
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
2.3 Personal data and data subject
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The data subject is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.4 Processing 2.4.2.
2.5 Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The "recipient" is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as Recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection legislation, in accordance with the purposes of the processing.
2.8 Third Party
"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data.
"Consent" of the data subject meant any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject indicates his or her agreement to the processing of personal data relating to him or her.
2.10 Personal data breach
"Personal data breach" means a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data that has been transmitted, stored or otherwise processed.
2.11 Health Data
"Health data" means personal data relating to the physical or mental health of a natural person, including the provision of health care services, and revealing information about that person's health.
" Company" means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations regularly engaged in an economic activity.
2.12 Supervisory Authority.
2.13 Supervisory Authority
The "supervisory authority" shall mean an independent governmental body established by a Member State pursuant to Article 51.
2.14 Relevant and reasoned objection
The "relevant and reasoned objection" means an objection with regard to whether or not there is a breach of this Regulation or whether the intended measure against the controller or processor is in compliance with this Regulation, clearly indicating the scope of the risks posed by the draft decision in relation to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union.
3. Terms in the technical context
Before discussing technical matters in the further course, we would first like to introduce the related terms:
3.1 File system
The "file system" is any structured collection of personal data that can be accessed according to certain criteria, regardless of whether this collection is maintained centrally, decentrally, or according to functional or geographical aspects.
Cookies are text files that are stored on your terminal device by a website using your browser. These text files can be intended to realize technical matters such as a shopping cart mechanism or to identify your visitor behavior. For this purpose, the text files can be provided with identification features and additional information.
You have the option in the browser of your end device to disable the storage of cookies. Possibly, there are technical restrictions in the use of the website when cookies are disabled.
3.3 Server logs
Server logs are log files that are created by the web server and document access to a website. In a log entry, a variety of information can be collected, such as the access time, the browser type, the IP address of the visitor, etc.
The referrer refers to the website through which one has reached the page of the responsible person. In server logs, for example, the referrer can be identified.
4. Rights of the data subject
The rights of the data subject are derived from the GDPR as well as from the respective national legal provisions on data protection. If you wish to assert your rights, we ask you to contact our data protection officer via the option described above. In the following, we would like to inform you of your rights, which arise from the GDPR, in particular Chapter 3:
4.1 Duty to inform
The data subject has a right to receive information about the stored personal data of the data subject, if the collection of the data from the data subject has taken place or if the data was not collected from the data subject. This is regulated accordingly in Chapter 3 Art. 13 and 14 DSGVO.
4.2 Right of access
The data subject has the right to request confirmation from the controller as to whether personal data relating to him or her are being processed; if this is the case, he or she has a right of access to such personal data and to further information pursuant to Art. 15 GDPR.
4.3 Right to rectification
The data subject has the right to obtain rectification of inaccurate personal data concerning him or her from the controller without undue delay.
Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
4.4 Right to erasure
The data subject has the right to request that the controller erases personal data concerning him or her without undue delay, and the controller is obliged to erase personal data without undue delay, if one of the grounds under Article 17 of the GDPR applies.
4.5 Right to restriction of processing
The data subject has the right to request the controller to restrict processing if one of the conditions in Art. 18 DSGVO applies.
4.6 Notification obligation
The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Art. 16, Art. 17(1) and Art. 18 DSGVO, unless this proves impossible or involves a disproportionate effort.
The controller shall inform the data subject of such recipients if the data subject so requests.
4.7 Right to data portability
The data subject has the right to receive the personal data concerning him or her that he or she has provided to a controller in a structured, commonly used and machine-readable format, and has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.
4.8 Right to object
The data subject has the right to object at any time, for reasons relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f); this also applies to profiling based on these provisions. The controller shall no longer process the personal data, unless he can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
4.9 Complaint to supervisory authority
Pursuant to Art. 77 DSGVO, it is your right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the headquarters of the responsible party for this purpose.
Our competent supervisory authority is:
State Commissioner for Data Protection and Freedom of Information, Stuttgart
5. Information about the responsible person
The responsible person according to Art. 24 DSGVO is listed below:
Schwanog Sigfried Güntert GmbH
Niedereschacher Str. 36
For more information about the responsible person, please see the imprint:
6. Web technologies used
6.1 Encryption of data transmission
We use the SSL (Secure Socket Layer) procedure to encrypt the transmission and request for data sent to our website. For this purpose, we use a 265-bit key.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
6.2 Server logs
In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):
- Anonymized IP address,
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access status/HTTP status code,
- Amount of data transferred in each case,
- Website from which the request comes (referrer),
- Operating system and its interface,
- Language and version of the browser software.
When using our website, cookies are stored on your computer. You can configure your browser settings according to your preferences and, for example, refuse to accept third-
party cookies or all cookies. Please note that you may not be able to use all the features of this website.
This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies,
- Persistent cookies.
6.3.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
6.3.2 Persistent cookies
Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
6.4 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that it is not possible to identify a specific person. As far as the data collected about you a personal reference, this is excluded immediately and the personal data is deleted immediately.
We use Google Analytics to analyze the use of our website and to be able to improve it regularly. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield,
www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.
Preventing the use of Google Analytics is possible by activating the opt-out: Opt-Out activate.
6.5 Google Maps
On this website, we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allows you to use the map function comfortably.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
6.6 Social Media Plugins
We currently use the following social media plug-ins: Facebook, Xing, Twitter. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 3 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data is therefore transmitted from you to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.
We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DSGVO.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
- Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other as well as www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; www.xing.com/privacy.
We have integrated YouTube videos into our online offer, which are stored on www.youtube.com and can be played directly from our website.
By visiting the website, YouTube receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this statement are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile to YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Use of SalesViewer® technology
7. Other online presence
In addition to our website, we use other online presences and digital channels such as social media to engage with our prospects and customers. We list these below.
We use Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and its functionality for a social media pages and groups to present the company and to communicate with various interested parties. In the case of Facebook, joint responsibility applies between Facebook and us. Information on this can be found here: www.facebook.com/legal/terms/page_controller_addendum.
We point out that data subject rights can be asserted directly against Facebook. Only Facebook holds the direct data of users and can make a statement about this in full.
Information on fan pages can be taken specifically from this link: www.facebook.com/legal/terms/information_about_page_insights_data.
For the opt-out, please use the following link: www.facebook.com/settings as well as www.youronlinechoices.com.
Facebook has submitted to the EU-US Privacy Shield. For information, please refer to this link: www.privacyshield.gov/participant.
As a means of communication, we use the service Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). Further information on data protection can be found under the following link: twitter.com/de/privacy.
The opt-out can be performed on this page: twitter.com/settings/personalization.
Twitter has submitted to the EU Privacy Shield, you can find information on this at: www.privacyshield.gov/participant.
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers.
For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and later deleted. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
Mandatory information required to send the newsletter is only your email address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will store your data for the purpose of sending the newsletter and the promotional response. The legal basis is Art. 6 para. 1 lit. a DSGVO.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter email, [via this form on the website,] by email to [Newsletter@example.com] or by sending a message to the contact details provided in the imprint.
We would like to point out that we may evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For the
evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID.
Links included in the newsletter also contain this ID. We use the data obtained in this way to improve the service. We may link this data to actions you have taken on our website.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact channel. Moreover, such tracking is not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed to you in full and you may not be able to use all of its functions.
Your information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.
8.1 Shipping service Rapidmail
To send our newsletter, we use the offer of the provider Rapidmail (rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br.). Information on the data protection of the provider can be found in the following link: www.rapidmail.de/datenschutz.
10. Duration of storage
Unless specifically stated, we store personal data for as long as it is necessary to fulfill the purposes pursued. If the legislator prescribes retention periods, the data will continue to be stored by us as evidence, but will not be processed elsewhere and will be deleted after the expiry of the statutory retention period.
11. Disclosure to third parties
A transfer of your personal data to third parties for purposes other than those listed below will not take place.
We will disclose your personal data to third parties only if:
- You have given your explicit consent in accordance with Art. 6 para. 1 S1. lit a. DSGVO;
- the disclosure under Art. 6 para. 1 p. 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data;
- in the event that for the disclosure under Art. 6 para. 1 p. 1 lit. c DSGVO a legal obligation exists, as well as
- this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.