The protection of your personal data is important to us, therefore we would like to inform you as simply and as accurately as possible of contact details and the data subjects’ data.
In the following you will first get the contact details of our data protection officer as well as information on possibilities of encrypted contacting. Then we will define the legal and technical terms used in the following text. Afterwards you will get an overview of the data subject’s rights. Following this, you will find information on the controller. Last we will detail the technologies and services used as well as our handling.
1 Contact details of the data protection officer
Should you have any questions or wish to obtain information, please do not hesitate to contact our external data protection officer at any time. The contact details are:
Oliver Offenburger, M.Sc.
Phone: 07721 69724 00
Fax: 07721 69724 01
Our preferred form of contact is via e-mail. However, you can also contact our data protection officer per post or by telephone. If you wish to encrypt your e-mail to our data protection officer, we advise you to read the following section.
Notes on enquiries:
Should you send an enquiry via e-mail within the usual business hours, we will confirm receipt of the message still on the same day. If you do not receive any confirmation, please contact us by telephone.
Should you send an enquiry per post, we will send you the confirmation of receipt still on the day of delivery, however one day after delivery at the latest. If you do not receive any confirmation, please contact us by telephone.
For any enquiries by telephone we ask you to use the telephone number of our data protection partner eye-i4 GmbH directly.
1.1 Encryption of e-mails to our data protection officer
We support an encrypted transmission via e-mail. Therefore we provide you with the possibility to encrypt your enquiries to the data protection officer in order to maintain confidentiality and integrity.
We use PGP for the encryption. Information on the free use and the institution can be found on our data protection partner’s website; please see the following link:
You can download our PGP key using the following link:
[Icon] [Link to the PGP key]
If you wish to verify the fingerprint, please contact our data protection partner eye-i4 GmbH by telephone.
Should you have any further questions regarding the encryption, please do not hesitate to contact our data protection officer.
2 Terms in the legal context
Before going into details on legal issues we would first like to define the associated terms:
2.1 EU-GDPR (also called GDPR)
The term “EU-GDPR” (in the following referred to as “GDPR”) refers to the General Data Protection Regulation. This is a general regulation of the European Union which stipulates how personal data may be processed. For information, the legislative text of the GDPR can be viewed using the following link:
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.3 Personal data and data subject
“Personal data” means any information relating to an identified or identifiable natural person (in the following referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
2.5 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing
2.8 Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.10 Personal data breach
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.11 Data concerning health
“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
“Enterprise” means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
2.13 Supervisory authority
“Supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51.
2.14 Relevant and reasoned objection
“Relevant and reasoned objection” means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
3 Terms in the technical context
Before going into details on technical issues we would first like to define the associated terms:
3.1 Filing system
“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Cookies are text files which are saved by a website on your terminal device using your browser. These text files may be intended to realise technical matters like shopping cart mechanisms or to identify your visitor behaviour. For this purpose, the text files can be provided with identification features and additional information.
You have the possibility to inhibit the browser of your terminal from saving any cookies. If cookies are deactivated, there may be technical restrictions when using a website.
3.3 Server logs
Server logs are log files which are created by the web server and document the access to a website. A log entry may contain a large amount of information, such as access time, browser type, the visitor’s IP address, etc.
The referrer designates the URL that linked to the controller’s page. Server logs serve to read out the referrer, for instance.
4 Rights of the data subject
The data subject’s rights arise from the GDPR as well as the relevant national legal provisions on data privacy. If you want to assert your rights, please contact our data protection officer using the contact details specified at the beginning. In the following we would like to inform you of your rights arising from the GDPR, particularly from chapter 3:
4.1 Information obligation
The data subject shall have a right to obtain information on the personal data stored, if the data were collected from the data subject or if the data were not obtained from the data subject. This is regulated by Chapter III Article 13 and 14 GDPR.
4.2 Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information pursuant to Art. 15 GDPR.
4.3 Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.4 Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds pursuant to Art. 17 GDPR applies.
4.5 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the prerequisites pursuant to Art. 18 GDPR applies.
4.6 Notification obligation
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform the data subject about those recipients if the data subject requests it.
4.7 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
4.8 Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
4.9 Complaint with a supervisory authority
Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. For this purpose you can approach the supervisory authority of your habitual residence, place of work or the controller’s place of business.
Our competent supervisory authority is:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit (state commissioner for data protection and freedom of information), Stuttgart
5 Information on the controller
The controller pursuant to Art. 24 GDPR is:
Siegfried Güntert GmbH
Niedereschacher Str. 36
Further information on the controller is provided in the imprint:
[Link to the imprint]
6. Web technologies used
6.1 Encryption of the data transmission
We use the SSL (Secure Socket Layer) method to encrypt the transmission and data enquiry to our website. For this purpose we use a 128-bit key with SHA256 hash.
Besides we employ suitable technical and organisational safety measures to protect your data against any accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our safety measures are continuously improved in accordance with the technological evolution.
6.2 Server logs
If the website is used for purely informational purposes, i.e. if you do not sign up or otherwise transfer any information to us, we only collect the personal data transmitted to us by your browser. If you want to view our website, we collect the following data which are technically necessary for us to display our website and to guarantee its stability and security (legal basis is Art. 6(1) Cl. 1 lit. f GDPR):
- anonymised IP address,
- date and time of the enquiry,
- time zone difference to Greenwich Mean Time (GMT),
- contents of the request (specific page),
- access status/HTTP status code,
- amount of data transferred in each case,
- website from which the request came (referrer),
- operating system and its interface,
- language and version of the browser software.
Cookies are stored on your computer when using our website. You can configure your browser settings according to your wishes and reject the acceptance of third-party cookies, for instance, or all cookies. We would like to point out that you might not be able to use all the functions of this website.
This website uses the following types of cookies, the scope and functionality of which are explained in the following:
- transient cookies,
- persistent cookies.
6.3.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include particularly the session cookies. They store a so-called session ID by which different requests from your browser can be matched with the joint session. In this way your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
6.3.2 Persistent cookies
Persistent cookies are automatically deleted after a specified period which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
6.4 Google Maps
On this website we use the offer of Google Maps. In this way we can directly display interactive maps in the website for you and enable you to use the comfortable map function.
By visiting the website, Google receives the information that you viewed the respective sub-page of our website. This happens regardless of whether Google provides a user account via which you are logged in or whether there is no user account. If you are logged in with Google, your data are directly assigned to your account. If you do not want Google to assign this information to your profile, you must log out before activating the button. Google saves your data as a usage profile and uses them for the purpose of advertising, market research and/or need-based design of their website. The data are evaluated particularly (also for unlogged users) in order to provide need-based advertisements and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of these user profiles, where you have to address yourself to Google in order to assert this right.
Further information on the purpose and scope of data collection and data processing carried out by the plug-in provider is available in the data privacy statements of this provider. There you can also obtain further information on your rights in this respect and setting options in order to protect your privacy: www.google.de/intl/de/policies/privacy. Google processes your personal data also in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
We have included YouTube videos in our online offering, which are saved at www.youtube.com and can be played back directly from our website.
By visiting the website, YouTube receives the information that you viewed the respective sub-page of our website. This happens regardless of whether YouTube provides a user account via which you are logged in or whether there is no user account. If you are logged in with Google, your data is directly assigned to your account. If you do not want YouTube to assign this information to your profile, you must log out before activating the button. YouTube saves your data as a usage profile and uses them for the purpose of advertising, market research and/or need-based design of their website. Such an evaluation is done in particular (even for users who are not logged in) to provide need-based advertising and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of these user profiles, where you have to address yourself to YouTube in order to assert this right
Further information on the purpose and scope of data collection and data processing carried out by YouTube is available in its data privacy statements. There you can also obtain further information on your rights in this respect and setting options in order to protect your privacy.https://www.google.de/intl/de/policies/privacy Google processes your personal data also in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
With your consent you can subscribe to our newsletter by which we inform you of our current interesting offers. The advertised goods and services are specified in the declaration of consent.
For the registration for our newsletter we use the so-called double opt-in procedure. It means that after your registration we will send you an e-mail to the indicated e-mail address asking you for confirmation that you want to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. Furthermore we save your IP addresses used and the times of registration and confirmation. The purpose of the procedure is to prove your registration and, where necessary, to be able to clarify a potential misuse of your personal data.
9. Transfer to third parties
Transfer of your personal data to third parties other than for the purposes listed below shall not take place.
We shall only transfer your personal data to third parties if:
- you have given us your express consent to do so in line with Article 6, Paragraph 1, Sentence 1, Letter a of the GDPR,
- transfer is necessary in line with Article 6, Paragraph 1, Sentence 1, Letter f of the GDPR for the assertion, exercise or defence of legal claims and there is no grounds for assuming that you have an overriding legitimate interest in the non-disclosure of your data.
- transfer is subject to a legal obligation in line with Article 6, Paragraph 1, Sentence 1, Letter c of the GDPR as well as
- being legally permissible and required in line with Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR for the processing of the contractual relationship with you.