Privacy Policy
1. Data Protection at a Glance
General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website.
Personal data refers to all information that can be used to identify you personally.
Detailed information on the subject of data protection can be found in the privacy policy set out below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator.
You can find the operator’s contact details in the section “Notice concerning the Responsible Party” in this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us — for example, data you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website. This includes primarily technical data (e.g., browser type, operating system or time of page access). The collection of this data takes place automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website.
Other data may be used to analyse your user behaviour.
Where contracts can be initiated or concluded via the website, transmitted data will also be processed for the purpose of preparing or executing offers, orders, or other service enquiries.
What rights do you have regarding your data?
You have the right to obtain information, free of charge, about the origin, recipients, and purpose of your stored personal data at any time.
You also have the right to request the correction or deletion of this data.
If you have consented to data processing, you may withdraw this consent at any time for the future.
Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data.
Additionally, you have the right to lodge a complaint with the competent supervisory authority.
You may contact us at any time regarding this and other questions concerning data protection.
2. Hosting
We host the content of our website with the following provider:
All-Inkl
Provider: ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl”).
Details can be found in All-Inkl’s privacy policy: https://all-inkl.com/datenschutzinformationen/
The use of All-Inkl is based on Article 6(1)(f) GDPR.
We have a legitimate interest in the most reliable possible presentation of our website.
Where consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) of the German Telecommunications-Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TDDDG.
Consent may be withdrawn at any time.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with the provider named above.
This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Information and Mandatory Disclosures
Data Protection
The operators of these pages take the protection of your personal data very seriously.
We handle your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.
When you use this website, various personal data will be collected.
Personal data refers to data that can be used to identify you personally.
This privacy policy explains which data we collect, how we collect it, and for what purpose.
It also explains how and for what purpose this occurs.
Please note that data transmission via the Internet (e.g. communication by email) may be subject to security vulnerabilities.
A complete protection of data from third-party access is not possible.
Notice Concerning the Responsible Party
The party responsible for data processing on this website is:
Eckhard Friedrich Steinhorst
Strählerweg 47
76227 Karlsruhe
Germany
Telephone: +49 (0) 721 / 43 9 33
Email: kontakt@eckhard-steinhorst.de
The “responsible party” is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Retention Period
Unless a specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for which the data was collected no longer applies.
If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted provided we have no other legally permissible reasons for retaining your personal data (e.g. statutory retention periods under tax or commercial law).
In such cases, the data will be deleted once these reasons no longer apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, insofar as special categories of data under Article 9(1) GDPR are processed.
In the case of explicit consent to the transfer of personal data to third countries, processing will also take place on the basis of Article 49(1)(a) GDPR.
If you have consented to the storage of cookies or to access information on your device (e.g. via device fingerprinting), processing will additionally be based on § 25(1) TDDDG.
Consent may be withdrawn at any time.
If your data are required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR.
Furthermore, we process your data where this is necessary to fulfil a legal obligation pursuant to Article 6(1)(c) GDPR.
Data processing may also be based on our legitimate interest pursuant to Article 6(1)(f) GDPR.
The relevant legal basis for each individual case is specified in the following sections of this privacy policy.
Notice Regarding Data Transfers to Non-Secure Third Countries and to US Companies Not Certified Under the Data Privacy Framework (DPF)
We use tools provided by companies based in countries that are not considered secure from a data-protection perspective, as well as certain US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF).
When these tools are active, your personal data may be transferred to these countries and processed there.
Please note that in such countries, a level of data protection comparable to that in the EU cannot be guaranteed.
The United States is considered a secure third country with a data-protection level comparable to that of the EU.
A data transfer to the US is permissible if the recipient holds a certification under the EU-US Data Privacy Framework (DPF) or provides suitable additional safeguards.
Information on data transfers to third countries, including recipients, can be found in this privacy policy.
Recipients of Personal Data
As part of our business operations, we cooperate with various external entities.
This may involve the transfer of personal data to such third parties.
We only share personal data with external entities where this is necessary for contractual fulfilment, where required by law (e.g. disclosure to tax authorities), where we have a legitimate interest under Article 6(1)(f) GDPR, or where another legal basis permits such data transfer.
Where we use data processors, we only disclose personal data of our customers on the basis of a valid Data Processing Agreement (DPA).
In the case of joint processing, a Joint Controller Agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data-processing operations are only possible with your explicit consent.
You may withdraw consent already given at any time.
The legality of the data processing carried out before withdrawal remains unaffected by the withdrawal.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Article 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, AT ANY TIME AND ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA, INCLUDING ANY PROFILING BASED ON THESE PROVISIONS.
THE RELEVANT LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY.
IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).
WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING.
IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement.
The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to receive data which we process automatically on the basis of your consent or in fulfilment of a contract, in a commonly used, machine-readable format, and to have such data transferred to yourself or to a third party.
Where you request the direct transfer of the data to another controller, this will only be done where technically feasible.
Access, Rectification and Erasure
Within the framework of applicable legal provisions, you have the right to obtain, at any time and free of charge, information about your stored personal data, their origin, recipients and the purpose of the data processing, as well as, where applicable, a right to rectification or erasure of such data.
For this purpose, and for further questions regarding personal data, you may contact us at any time.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data.
You may contact us at any time to exercise this right.
The right to restriction of processing applies in the following circumstances:
- If you contest the accuracy of your personal data held by us, we usually need time to verify this. During this period, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data has been or is being carried out unlawfully, you may request restriction instead of deletion.
- If we no longer require your personal data but you need them to establish, exercise or defend legal claims, you have the right to request restriction instead of deletion.
- If you have objected pursuant to Article 21(1) GDPR, an assessment must be made as to whose interests prevail. As long as this assessment has not been completed, you have the right to request restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data – apart from their storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us as the site operator, this site uses SSL or TLS encryption.
An encrypted connection can be recognised by the address line of the browser changing from “http://” to “https://” and by the padlock symbol appearing in your browser bar.
When SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
4. Data Collection on This Website
Cookies
Our website uses so-called “cookies.” Cookies are small data files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device.
Session cookies are automatically deleted once you leave the website.
Persistent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
Cookies may originate from us (first-party cookies) or from third-party companies (third-party cookies).
Third-party cookies enable the integration of certain services provided by third parties within websites (for example, cookies for handling payment services).
Cookies serve a variety of functions.
Many cookies are technically necessary, as certain website features would not function without them (e.g. the shopping basket or video display functions).
Other cookies may be used for analysing user behaviour or for advertising purposes.
Cookies that are required for carrying out the electronic communication process, for providing certain functions requested by you (e.g. the shopping basket function) or for optimising the website (e.g. measuring web audiences) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimised provision of its services.
Where consent to the storage of cookies and comparable recognition technologies has been obtained, processing is carried out solely on the basis of this consent (Article 6(1)(a) GDPR and § 25(1) TDDDG).
Consent may be withdrawn at any time.
You can configure your browser to inform you when cookies are placed, to allow cookies only in specific cases, to exclude the acceptance of cookies in certain situations or in general, and to activate the automatic deletion of cookies when closing the browser.
If cookies are disabled, the functionality of this website may be limited.
Details regarding which cookies and services are used on this website can be found in this privacy policy.
Server Log Files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data will not be merged with other data sources.
The collection of this data is based on Article 6(1)(f) GDPR.
The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, server log files must be recorded.
Contact Form
If you submit enquiries to us via the contact form, the details you provide, including the contact data you enter there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.
We do not share this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR if your enquiry relates to the fulfilment of a contract or is required for pre-contractual measures.
In all other cases, processing is based on our legitimate interest in the effective handling of enquiries (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), where this has been requested.
Consent may be withdrawn at any time.
The data you provide via the contact form will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for data storage ceases to apply (e.g. after completion of your enquiry).
Mandatory statutory provisions – particularly retention periods – remain unaffected.
Enquiries by Email, Telephone or Fax
If you contact us by email, telephone or fax, your enquiry, including any personal data derived therefrom (e.g. name, enquiry details), will be stored and processed by us for the purpose of handling your request.
We do not share this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR if your enquiry relates to the performance of a contract or is necessary for pre-contractual measures.
In all other cases, processing is based on our legitimate interest in the efficient handling of enquiries (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), where this has been requested.
Consent may be withdrawn at any time.
Data transmitted to us via contact enquiries remain with us until you request deletion, withdraw your consent to storage, or the purpose of storage no longer applies (e.g. once your request has been dealt with).
Mandatory legal provisions – especially statutory retention requirements – remain unaffected.
5. Plugins and Tools
Google Fonts (Local Hosting)
This site uses so-called Google Fonts for the uniform display of typefaces.
Google Fonts are provided by Google LLC.
The Google Fonts used on this website are installed locally; no connection to Google’s servers takes place.
Further information on Google Fonts can be found at:
https://developers.google.com/fonts/faq
and in Google’s Privacy Policy:
https://policies.google.com/privacy?hl=en
SolidWP
We use SolidWP on this website.
The provider is iThemes Media LLC, 1720 South Kelly Avenue, Edmond, OK 73013, USA (hereinafter “SolidWP”).
SolidWP serves to protect our website against unauthorised access and malicious cyber-attacks.
For this purpose, SolidWP collects, among other things, your IP address, the time and source of login attempts, and log data (e.g. browser used).
SolidWP is installed locally on our servers.
SolidWP transmits the IP addresses of recurring attackers to a central SolidWP database in the United States (“Network Brute Force Protection”) in order to prevent such attacks in the future.
The use of SolidWP is based on Article 6 (1) (f) GDPR.
The website operator has a legitimate interest in the most effective protection possible of its website against cyber-attacks.
Where corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined in the TDDDG.
Consent may be withdrawn at any time.
Source: https://www.e-recht24.de
