Privacy policy and cookies


We appreciate your visit and your interest in our website. The protection of your personal data is very important to us and therefore of utmost importance. In the following, we would like to inform you about the collection, processing and use of your personal data as well as our use of cookies when you visit our website.

 

Please note that this privacy policy may be updated from time to time due to the implementation of new technologies and/or changes in the law. We will draw your attention to this in an appropriate manner. It goes without saying that we will always take your legitimate interests into account when making any changes.

 

A. Data protection

I.  Responsible party

  1. The responsible party in accordance with Art. 4 No. 7 of the EU General Data Protection Regulation (‘GDPR’) is

Lawyer Susanne Tölke

Susanne Tölke

Füchteler Str. 8

49377 Vechta

rainsusanne.toelke@t-online.de


2. If you have any questions or comments about this privacy policy or about data protection in general, please contact

Susanne Tölke at rainsusanne.toelke@t-online.de.


II. General information on the storage period

Unless this policy specifies otherwise with regard to the storage of personal data, we will store the data for as long as we

 

  1. need it to fulfil the stated purpose, or
  2. there is a statutory retention period (e.g. under tax or commercial law).


III. Collection of personal data when visiting our website

  1. Server log files

a. When using our website for informational purposes only, i.e. when you visit our website solely to retrieve information, it is generally not necessary for you to provide personal data. In such a case, we only collect and use the data that your internet browser transmits to our server. The following data is collected and used when you visit our website:

  • IP address
  • Date and time of access to our website
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system used and its interface
  • Language and version of the browser software

b. The temporary storage of the IP address by the system is necessary to enable the delivery of the web pages to the user's end device. For this purpose, the user's IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the websites. In addition, the data is used to optimise the website and to ensure the security of our information technology systems.

For this purpose, the server log files (including the IP address) are stored for one year to protect the system and the cloud environment of our hosting service provider/its subcontractor. This serves to detect and ward off potential attacks and security-related events on this infrastructure using access logs (keyword: ‘advanced persistence threads’). The data is not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

2.   Website maintenance and hosting

a.We use an external service provider, Websmart GmbH & Co. KG, Fürst-Leopold-Platz 1, 46284 Dorsten, which can access your data. This service provider is used as a so-called processor and thus guarantees the secure handling of your data, even in the event of transfer to sub-processors.

The website is hosted/operated on servers within the EU (e.g. servers from Amazon Web Services ‘AWS’).

b. In addition, we use a so-called content delivery network (CDN) via our service provider, which stores content in over 275 globally distributed ‘points of presence’ for reasons of data security/data protection against data loss, but also to be able to provide content quickly. We currently use the CDN ‘AWS CloudFront’.

We currently use the CDN ‘AWS CloudFront’, a service provided by Amazon Web Services EMEA SARL, based at 38 Avenue John F. Kennedy, L-1855, Luxembourg. AWS CloudFront enables users to configure CDN settings in compliance with the GDPR; see https://aws.amazon.com/de/compliance/gdpr-center/, https://aws.amazon.com/de/managed-services/ and https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html.

c. The legal basis for data collection and use of the CDN is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in professional website maintenance, hosting and availability.


IV. Use of plug-ins

  1. Cookiebot

a. We use the ‘Cookiebot’ cookie banner from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cybot”), which has merged with Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich (‘Usercentrics’), on our website. To ensure functionality, a necessary cookie is automatically set when our website is accessed and data (depending on the selected cookie preferences) is transferred to Cybot/Usercentrics, such as date and time, browser and device information, location and cookie preferences. Cybot/Usercentrics are used as so-called processors and thus ensure the secure handling of personal data, even in the event of transfer to sub-processors.

b. We use Cookiebot to obtain the preferences and, where applicable, the consent of our website visitors regarding the use of cookies. You can find more information about cookies in the cookie banner and in our cookie policy.

c. The legal basis for the use of a so-called consent management tool when using cookies that require consent is the fulfilment of our legal obligation under Art. 7 (1) GDPR. The use of Cookiebot is in our legitimate interest pursuant to Art. 6 (1) (f) GDPR in providing a service with comprehensive cookie-related information and options, as well as with server locations within Germany.

d. Information about Cookiebot is available at https://www.cookiebot.com/de/.


2.   OpenStreetMap map service

a. We use interactive maps on our website. The map material from OpenStreetMap is used for this purpose. OpenStreetMap is available as ‘open data’ under the Open Data Commons Open Database Licence (ODbL). OpenStreetMap is operated by the OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, on behalf of the OSM community and provides map material for finding geographical information. The map material is provided by a server from OSFM and integrated via Mapbox, Inc., 740 15th St Nw Suite 500 Washington, DC 20005, USA (hereinafter referred to as ‘Mapbox’). Mapbox is used as a so-called sub-processor and thus guarantees the secure handling of your data.

b. Only when you agree to the use of ‘marketing’ cookies in the cookie banner will your browser establish a connection to the interactive map. If you agree, technically speaking, no cookie is set, but instead a so-called plug-in is integrated. Data is then collected and stored, in particular your IP address and other web server log files for statistical evaluation. Further statistical evaluations can also be carried out through the additional use of web analysis software; in particular, this may involve the geographical recording of your location.

c. The legal basis for the use of OpenStreetMap is our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR in integrating a map service in order to offer users the opportunity to interact with OpenStreetMap, so that we can improve our website and make it more interesting for you. The legal basis for data transfer is your consent given by activating the marketing cookies in the cookie banner in accordance with Art. 6 (1) (a) or Art. 49 (1) (a) GDPR.

Further information on the purpose and scope of data collection and its processing by OpenStreetMap can be found in the OpenStreetMap privacy policy at https://wiki.osmfoundation.org/wiki/Privacy_Policy and for Mapbox at https://www.mapbox.com/legal/privacy.

 

3.   Google Fonts

a. We have integrated certain fonts provided by Google into this website for display purposes. When you visit a page, your browser does not load these fonts from a Google server, but from a server provided by our hosting service provider (see ‘Website maintenance and hosting’ above) (so-called local hosting of Google Fonts). Only server locations within the European Economic Area are used for this purpose. This means that no data, including your IP address, is transferred to a Google server when you use these locally hosted Google Fonts.

b. The legal basis for the use of locally hosted Google Fonts and the servers used for this purpose within the EEA is therefore our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the attractive presentation of our website content using a selection of numerous, licence-free fonts.


V. Input forms and contact options

 

  1. Email

You have the option of contacting us by email. In this case, we will store your email address and any other data you voluntarily provide for the periods specified in section II, depending on the content of your enquiry. The processing of the data entered by e-mail is carried out, depending on the content of the enquiry, on the basis of your consent in accordance with Art. 6 (1) (a) GDPR or in accordance with Art. 6 (1) (b) GDPR insofar as contractual obligations or the implementation of pre-contractual measures exist.

 

2.   Contact form

Our contact form is designed to give you the opportunity to get in touch with us. We require the following data to process your enquiry: name, email address, telephone number and any optional information provided in the free text field. The data you provide will be stored for the periods specified in II, depending on the content of your enquiry. The data entered in the contact form will be processed, depending on the content of the enquiry, on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR or in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR insofar as contractual obligations or the implementation of pre-contractual measures exist. In addition, your contact form data is also processed on the basis of Art. 6 (1) (f) GDPR due to our legitimate economic, intellectual and technical interest in providing and using a modern information medium.

 

3.   Google reCAPTCHA

a. We use Google reCAPTCHA to protect our input forms. reCAPTCHA is a service provided by   Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

b. reCAPTCHA enables us to distinguish whether the respective processing operation is based on a human input request or an automated machine action (so-called ‘bot’). By using reCAPTCHA, your IP address and other data relating to your usage behaviour are collected, analysed and stored by Google: referrer URL (website from which the visitor comes), operating system and interface used, browser and plug-ins used, date, time and language settings, server-side cookies, screen resolution, mouse and keyboard behaviour, canvas fingerprinting based on/and JavaScript objects (this creates a snapshot of the device used, including the settings used, taking into account the installed graphics card and drivers as well as the user settings). Google analyses this data even before the user clicks the ‘I am not a robot’ checkbox.

The user can then be individualised based on this data, and this individualisation enables reCAPTCHA to distinguish between humans and bots. While requests from humans are accepted when filling out online forms, those from bots are rejected. Information about reCAPTCHA is available at https://developers.google.com/recaptcha/.

Through IP anonymisation on our website, your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area (EEA). Only in exceptional cases is the full IP address transferred to a Google server in the USA, such as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (USA), where it is truncated. Google points out that it operates servers all over the world, in particular in the United States of America. We cannot therefore rule out the possibility that the information may be transferred to a server outside the EU and stored there. Google guarantees that it will comply with European data protection law in all cases. Insofar as data is transferred by Google to third countries without an adequacy decision by the EU Commission, Google refers to the use of standard contractual clauses to ensure adequate protection of the data of EU citizens.

Further information about Google's transfer of personal data to third countries can be found at https://policies.google.com/privacy/frameworks. Overall, data transfers to third countries can generally involve risks. We would like to draw your attention to the risks that exist according to our information (no guarantee of completeness): US authorities can access cloud storage for law enforcement purposes on the basis of the Electronic Communications Privacy Act of 1986 (ECPA) without judicial review. In addition, US intelligence agencies can access cloud storage on the basis of the USA PATRIOT Act for counterterrorism purposes.

Insofar as data is transferred to other third countries without an adequacy decision by the EU Commission, we would like to point out that this data transfer may involve a risk for you in that you cannot influence the processing or storage of your personal data, nor can you enforce your rights as a data subject under the GDPR with regard to this data processing.

The data collected and transmitted to Google, as well as the truncated IP address, will only be merged with other Google data if you are logged into your Google account at the time of using Google reCAPTCHA. If you do not want this to happen, you should always log out of your Google account when surfing the Internet.

eCAPTCHA is also used to digitise books, magazines, house numbers and street names from Google Street View. In addition, various browsers allow you to configure settings that prevent tracking by canvas fingerprinting by specifying randomly selected incorrect parameters when generating the canvas image.

c. The legal basis for the use of Google reCAPTCHA is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in protecting our website from automated machine-generated input requests in order to ensure the functionality and stability of our website and to keep our contact forms free of spam messages and bot attacks by means of a user-friendly application in which the user only has to click the checkbox requested by reCAPTCHA without having to first go through several other steps, as is the case with various other captcha services. bot attacks through a user-friendly application in which the user only has to click the checkbox requested in reCAPTCHA without first having to verify their human identity through several levels of image/text recognition, as is the case with various other captcha services.

d. Information on Google's use of standard contractual clauses can be found at https://policies.google.com/privacy/frameworks?hl=de;

information on reCAPTCHA can be found at https://developers.google.com/recaptcha/.

Further information on Google's data protection can be found via the following links:


4.   Other forms/promotions

We may offer services or run special promotions on our website or via pop-up windows. Depending on the offer, personal data may be requested and processed via integrated forms. We request the data necessary for processing and handling. The data you provide will be stored for the periods specified in II, depending on the content of the request. The processing of the data entered in the form is based on your consent in accordance with Art. 6 (1) (a) GDPR for the initiation/execution of a contract -execution in accordance with Art. 6 (1) (b) GDPR and also on the basis of Art. 6 (1) (f) GDPR due to our legitimate economic, ideological and technical interest in the provision and use of a modern offer format.

 

VI. Your rights

  1. You have the following rights vis-à-vis us with regard to your personal data, free of charge:
  • Right to information (Art. 15 GDPR),
  • Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to withdraw your consent (Art. 7(3) GDPR). Withdrawal of consent does not affect the lawfulness of data processing based on consent before withdrawal.
  • Right to object to processing (Art. 21 GDPR). If we base data processing on Art. 6(1)(f) GDPR, you have the right to object to the processing of personal data concerning you on grounds relating to your particular situation. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for direct marketing purposes, we will no longer process this data for these purposes. Please address your objection to the office mentioned in A. I. 2.

 

2. You also have the right to complain to a data protection supervisory authority about our processing of your personal data.


B. Use of cookies

We use cookies when you use our website. Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored on your computer for later retrieval. n addition to determining the frequency of use and number of users and analysing the behaviour of our website users, cookies also serve to make our website more user-friendly overall. If cookies other than ‘necessary cookies’ are used, this is only done with your express consent (cookie banner opt-in).

 

A complete list of all cookies used can be found in the tables in our cookie policy.

 

Third-party cookies

If you give your consent, we use so-called third-party cookies, some of which serve marketing, tracking and analysis purposes. In addition to the complete list of cookies in our cookie statement, you will find information and explanations about some of these third-party cookies both above under ‘Data protection’ and below:

 

If, when using these cookies, data is transferred to third countries where the GDPR does not apply without an adequacy decision by the EU Commission pursuant to Art. 45 (3) GDPR (= countries without an adequate level of data protection) or without suitable safeguards pursuant to Art. 46 GDPR (= guarantee that the data of the data subjects is nevertheless protected and that they can effectively enforce their rights), we refer to the exceptions in Art. 49 GDPR. If the use of the respective services is necessary because there are currently no comparable services for e.g. video solutions and the presentation of our services serves to initiate a contract, Art. 49 (1) lit. b) GDPR is the legal basis. In addition, various services, in particular tools integrated via cookies, are only integrated with the express consent of the data subject within the meaning of Art. 49 (1) (a) GDPR and after informing them about the risks associated with a possible transfer to third countries. This is usually done by activating the corresponding services in the cookie banner. In this regard, we would like to draw your attention to the risks that exist according to our information (no guarantee of completeness): US authorities can gain access to cloud storage for law enforcement purposes on the basis of the Electronic Communications Privacy Act of 1986 (ECPA) without judicial review. In addition, US intelligence agencies can access cloud storage on the basis of the USA PATRIOT Act for counterterrorism purposes.

 

Insofar as data is transferred to other third countries without an adequacy decision by the EU Commission,  we would like to point out that this data transfer to such a third country may involve a risk for the data subject that they cannot influence the processing or storage of their personal data, nor can they enforce their rights as a data subject under the GDPR with regard to this data processing.

Cookie-Bestimmungen