Privacy Policy

We are very delighted that you have shown inter­est in our enter­prise. Data protec­tion is of a partic­u­larly high prior­ity for the manage­ment of the Mia Elysia. The use of the Inter­net pages of the Mia Elysia is possi­ble without any indica­tion of personal data; however, if a data subject wants to use special enter­prise services via our website, process­ing of personal data could become neces­sary. If the process­ing of personal data is neces­sary and there is no statu­tory basis for such process­ing, we gener­ally obtain consent from the data subject.

The process­ing of personal data, such as the name, address, e‑mail address, or telephone number of a data subject shall always be in line with the General Data Protec­tion Regula­tion (GDPR), and in accor­dance with the country-specific data protec­tion regula­tions applic­a­ble to the Mia Elysia. By means of this data protec­tion decla­ra­tion, our enter­prise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Further­more, data subjects are informed, by means of this data protec­tion decla­ra­tion, of the rights to which they are entitled.

As the controller, the Mia Elysia has imple­mented numer­ous techni­cal and organi­za­tional measures to ensure the most complete protec­tion of personal data processed through this website. However, Inter­net-based data trans­mis­sions may in princi­ple have security gaps, so absolute protec­tion may not be guaran­teed. For this reason, every data subject is free to trans­fer personal data to us via alter­na­tive means, e.g. by telephone.

1. Defin­i­tions

The data protec­tion decla­ra­tion of the Mia Elysia is based on the terms used by the European legis­la­tor for the adoption of the General Data Protec­tion Regula­tion (GDPR). Our data protec­tion decla­ra­tion should be legible and under­stand­able for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the termi­nol­ogy used.

In this data protec­tion decla­ra­tion, we use, inter alia, the follow­ing terms:

• a) Personal data

  Personal data means any infor­ma­tion relat­ing to an identi­fied or identi­fi­able natural person (“data subject”). An identi­fi­able natural person is one who can be identi­fied, directly or indirectly, in partic­u­lar by refer­ence to an identi­fier such as a name, an identi­fi­ca­tion number, location data, an online identi­fier or to one or more factors specific to the physi­cal, physi­o­log­i­cal, genetic, mental, economic, cultural or social identity of that natural person.

 

• b) Data subject

  Data subject is any identi­fied or identi­fi­able natural person, whose personal data is processed by the controller respon­si­ble for the processing.

 

• c) Process­ing

  Process­ing is any opera­tion or set of opera­tions which is performed on personal data or on sets of personal data, whether or not by automated means, such as collec­tion, record­ing, organ­i­sa­tion, struc­tur­ing, storage, adapta­tion or alter­ation, retrieval, consul­ta­tion, use, disclo­sure by trans­mis­sion, dissem­i­na­tion or other­wise making avail­able, align­ment or combi­na­tion, restric­tion, erasure or destruction.

 

• d) Restric­tion of processing

  Restric­tion of process­ing is the marking of stored personal data with the aim of limit­ing their process­ing in the future.

 

• e) Profil­ing

  Profil­ing means any form of automated process­ing of personal data consist­ing of the use of personal data to evalu­ate certain personal aspects relat­ing to a natural person, in partic­u­lar to analyse or predict aspects concern­ing that natural person’s perfor­mance at work, economic situa­tion, health, personal prefer­ences, inter­ests, relia­bil­ity, behav­iour, location or movements.

 

• f) Pseudo­nymi­sa­tion

  Pseudo­nymi­sa­tion is the process­ing of personal data in such a manner that the personal data can no longer be attrib­uted to a specific data subject without the use of additional infor­ma­tion, provided that such additional infor­ma­tion is kept separately and is subject to techni­cal and organ­i­sa­tional measures to ensure that the personal data are not attrib­uted to an identi­fied or identi­fi­able natural person.

 

• g) Controller or controller respon­si­ble for the processing

  Controller or controller respon­si­ble for the process­ing is the natural or legal person, public author­ity, agency or other body which, alone or jointly with others, deter­mines the purposes and means of the process­ing of personal data; where the purposes and means of such process­ing are deter­mined by Union or Member State law, the controller or the specific crite­ria for its nomina­tion may be provided for by Union or Member State law.

 

• h) Proces­sor

  Proces­sor is a natural or legal person, public author­ity, agency or other body which processes personal data on behalf of the controller.

 

• i) Recip­i­ent

  Recip­i­ent is a natural or legal person, public author­ity, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public author­i­ties which may receive personal data in the frame­work of a partic­u­lar inquiry in accor­dance with Union or Member State law shall not be regarded as recip­i­ents; the process­ing of those data by those public author­i­ties shall be in compli­ance with the applic­a­ble data protec­tion rules accord­ing to the purposes of the processing.

 

• j) Third party

  Third party is a natural or legal person, public author­ity, agency or body other than the data subject, controller, proces­sor and persons who, under the direct author­ity of the controller or proces­sor, are autho­rised to process personal data.

 

• k) Consent

  Consent of the data subject is any freely given, specific, informed and unambigu­ous indica­tion of the data subject’s wishes by which he or she, by a state­ment or by a clear affir­ma­tive action, signi­fies agree­ment to the process­ing of personal data relat­ing to him or her.

2. Name and Address of the controller

Controller for the purposes of the General Data Protec­tion Regula­tion (GDPR), other data protec­tion laws applic­a­ble in Member states of the European Union and other provi­sions related to data protec­tion is:

Mia Elysia

c/o BesD e.V.
Köpenicker Straße 187/188
10997 Berlin
Mail: mia@me-escort.de
Fon: 01577 922 44 66

 

3. Cookies

The Inter­net pages of the Mia Elysia use cookies. Cookies are text files that are stored in a computer system via an Inter­net browser.

Many Inter­net sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identi­fier of the cookie. It consists of a charac­ter string through which Inter­net pages and servers can be assigned to the specific Inter­net browser in which the cookie was stored. This allows visited Inter­net sites and servers to differ­en­ti­ate the individ­ual browser of the dats subject from other Inter­net browsers that contain other cookies. A specific Inter­net browser can be recog­nized and identi­fied using the unique cookie ID.

Through the use of cookies, the Mia Elysia can provide the users of this website with more user-friendly services that would not be possi­ble without the cookie setting.

By means of a cookie, the infor­ma­tion and offers on our website can be optimized with the user in mind. Cookies allow us, as previ­ously mentioned, to recog­nize our website users. The purpose of this recog­ni­tion is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remem­bers the articles that a customer has placed in the virtual shopping cart via a cookie.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corre­spond­ing setting of the Inter­net browser used, and may thus perma­nently deny the setting of cookies. Further­more, already set cookies may be deleted at any time via an Inter­net browser or other software programs. This is possi­ble in all popular Inter­net browsers. If the data subject deacti­vates the setting of cookies in the Inter­net browser used, not all functions of our website may be entirely usable.

4. Collec­tion of general data and information

The website of the Mia Elysia collects a series of general data and infor­ma­tion when a data subject or automated system calls up the website. This general data and infor­ma­tion are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operat­ing system used by the access­ing system, (3) the website from which an access­ing system reaches our website (so-called refer­rers), (4) the sub-websites, (5) the date and time of access to the Inter­net site, (6) an Inter­net proto­col address (IP address), (7) the Inter­net service provider of the access­ing system, and (8) any other similar data and infor­ma­tion that may be used in the event of attacks on our infor­ma­tion technol­ogy systems.

When using these general data and infor­ma­tion, the Mia Elysia does not draw any conclu­sions about the data subject. Rather, this infor­ma­tion is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its adver­tise­ment, (3) ensure the long-term viabil­ity of our infor­ma­tion technol­ogy systems and website technol­ogy, and (4) provide law enforce­ment author­i­ties with the infor­ma­tion neces­sary for crimi­nal prose­cu­tion in case of a cyber-attack. There­fore, the Mia Elysia analyzes anony­mously collected data and infor­ma­tion statis­ti­cally, with the aim of increas­ing the data protec­tion and data security of our enter­prise, and to ensure an optimal level of protec­tion for the personal data we process. The anony­mous data of the server log files are stored separately from all personal data provided by a data subject.

5. Subscrip­tion to our newsletters

On the website of the Mia Elysia, users are given the oppor­tu­nity to subscribe to our enterprise’s newslet­ter. The input mask used for this purpose deter­mines what personal data are trans­mit­ted, as well as when the newslet­ter is ordered from the controller.

The Mia Elysia informs its customers and business partners regularly by means of a newslet­ter about enter­prise offers. The enterprise’s newslet­ter may only be received by the data subject if (1) the data subject has a valid e‑mail address and (2) the data subject regis­ters for the newslet­ter shipping. A confir­ma­tion e‑mail will be sent to the e‑mail address regis­tered by a data subject for the first time for newslet­ter shipping, for legal reasons, in the double opt-in proce­dure. This confir­ma­tion e‑mail is used to prove whether the owner of the e‑mail address as the data subject is autho­rized to receive the newsletter.

During the regis­tra­tion for the newslet­ter, we also store the IP address of the computer system assigned by the Inter­net service provider (ISP) and used by the data subject at the time of the regis­tra­tion, as well as the date and time of the regis­tra­tion. The collec­tion of this data is neces­sary in order to under­stand the (possi­ble) misuse of the e‑mail address of a data subject at a later date, and it there­fore serves the aim of the legal protec­tion of the controller.

The personal data collected as part of a regis­tra­tion for the newslet­ter will only be used to send our newslet­ter. In addition, subscribers to the newslet­ter may be informed by e‑mail, as long as this is neces­sary for the opera­tion of the newslet­ter service or a regis­tra­tion in question, as this could be the case in the event of modifi­ca­tions to the newslet­ter offer, or in the event of a change in techni­cal circum­stances. There will be no trans­fer of personal data collected by the newslet­ter service to third parties. The subscrip­tion to our newslet­ter may be termi­nated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newslet­ter, may be revoked at any time. For the purpose of revoca­tion of consent, a corre­spond­ing link is found in each newslet­ter. It is also possi­ble to unsub­scribe from the newslet­ter at any time directly on the website of the controller, or to commu­ni­cate this to the controller in a differ­ent way.

6. Newslet­ter-Track­ing

The newslet­ter of the Mia Elysia contains so-called track­ing pixels. A track­ing pixel is a minia­ture graphic embed­ded in such e‑mails, which are sent in HTML format to enable log file record­ing and analy­sis. This allows a statis­ti­cal analy­sis of the success or failure of online market­ing campaigns. Based on the embed­ded track­ing pixel, the Mia Elysia may see if and when an e‑mail was opened by a data subject, and which links in the e‑mail were called up by data subjects.

Such personal data collected in the track­ing pixels contained in the newslet­ters are stored and analyzed by the controller in order to optimize the shipping of the newslet­ter, as well as to adapt the content of future newslet­ters even better to the inter­ests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respec­tive separate decla­ra­tion of consent issued by means of the double-opt-in proce­dure. After a revoca­tion, these personal data will be deleted by the controller. The Mia Elysia automat­i­cally regards a withdrawal from the receipt of the newslet­ter as a revocation.

7. Contact possi­bil­ity via the website

The website of the Mia Elysia contains infor­ma­tion that enables a quick electronic contact to our enter­prise, as well as direct commu­ni­ca­tion with us, which also includes a general address of the so-called electronic mail (e‑mail address). If a data subject contacts the controller by e‑mail or via a contact form, the personal data trans­mit­ted by the data subject are automat­i­cally stored. Such personal data trans­mit­ted on a volun­tary basis by a data subject to the data controller are stored for the purpose of process­ing or contact­ing the data subject. There is no trans­fer of this personal data to third parties.

8. Comments function in the blog on the website

The Mia Elysia offers users the possi­bil­ity to leave individ­ual comments on individ­ual blog contri­bu­tions on a blog, which is on the website of the controller. A blog is a web-based, publicly-acces­si­ble portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.

If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as infor­ma­tion on the date of the commen­tary and on the user’s (pseudo­nym) chosen by the data subject. In addition, the IP address assigned by the Inter­net service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, there­fore, in the own inter­est of the data controller, so that he can excul­pate in the event of an infringe­ment. This collected personal data will not be passed to third parties, unless such a trans­fer is required by law or serves the aim of the defense of the data controller.

9. Routine erasure and block­ing of personal data

The data controller shall process and store the personal data of the data subject only for the period neces­sary to achieve the purpose of storage, or as far as this is granted by the European legis­la­tor or other legis­la­tors in laws or regula­tions to which the controller is subject to.

If the storage purpose is not applic­a­ble, or if a storage period prescribed by the European legis­la­tor or another compe­tent legis­la­tor expires, the personal data are routinely blocked or erased in accor­dance with legal requirements.

10. Rights of the data subject

• a) Right of confirmation

  Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller the confir­ma­tion as to whether or not personal data concern­ing him or her are being processed. If a data subject wishes to avail himself of this right of confir­ma­tion, he or she may, at any time, contact any employee of the controller.

 

• b) Right of access

  Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller free infor­ma­tion about his or her personal data stored at any time and a copy of this infor­ma­tion. Further­more, the European direc­tives and regula­tions grant the data subject access to the follow­ing information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recip­i­ents or categories of recip­i­ents to whom the personal data have been or will be disclosed, in partic­u­lar recip­i­ents in third countries or inter­na­tional organisations;
  • where possi­ble, the envis­aged period for which the personal data will be stored, or, if not possi­ble, the crite­ria used to deter­mine that period;
  • the existence of the right to request from the controller recti­fi­ca­tion or erasure of personal data, or restric­tion of process­ing of personal data concern­ing the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a super­vi­sory authority;
  • where the personal data are not collected from the data subject, any avail­able infor­ma­tion as to their source;
  • the existence of automated decision-making, includ­ing profil­ing, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaning­ful infor­ma­tion about the logic involved, as well as the signif­i­cance and envis­aged conse­quences of such process­ing for the data subject.

  Further­more, the data subject shall have a right to obtain infor­ma­tion as to whether personal data are trans­ferred to a third country or to an inter­na­tional organ­i­sa­tion. Where this is the case, the data subject shall have the right to be informed of the appro­pri­ate safeguards relat­ing to the transfer.

  If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

 

• c) Right to rectification

  Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller without undue delay the recti­fi­ca­tion of inaccu­rate personal data concern­ing him or her. Taking into account the purposes of the process­ing, the data subject shall have the right to have incom­plete personal data completed, includ­ing by means of provid­ing a supple­men­tary statement.

  If a data subject wishes to exercise this right to recti­fi­ca­tion, he or she may, at any time, contact any employee of the controller.

 

• d) Right to erasure (Right to be forgotten)

  Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller the erasure of personal data concern­ing him or her without undue delay, and the controller shall have the oblig­a­tion to erase personal data without undue delay where one of the follow­ing grounds applies, as long as the process­ing is not necessary:

  • The personal data are no longer neces­sary in relation to the purposes for which they were collected or other­wise processed.
  • The data subject withdraws consent to which the process­ing is based accord­ing to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the process­ing pursuant to Article 21(1) of the GDPR and there are no overrid­ing legit­i­mate grounds for the process­ing, or the data subject objects to the process­ing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlaw­fully processed.
  • The personal data must be erased for compli­ance with a legal oblig­a­tion in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of infor­ma­tion society services referred to in Article 8(1) of the GDPR.

  If one of the afore­men­tioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the Mia Elysia, he or she may, at any time, contact any employee of the controller. An employee of Mia Elysia shall promptly ensure that the erasure request is complied with immediately.

  Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of avail­able technol­ogy and the cost of imple­men­ta­tion, shall take reason­able steps, includ­ing techni­cal measures, to inform other controllers process­ing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or repli­ca­tion of, those personal data, as far as process­ing is not required. An employ­ees of the Mia Elysia will arrange the neces­sary measures in individ­ual cases.

 

• e) Right of restric­tion of processing

  Each data subject shall have the right granted by the European legis­la­tor to obtain from the controller restric­tion of process­ing where one of the follow­ing applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The process­ing is unlaw­ful and the data subject opposes the erasure of the personal data and requests instead the restric­tion of their use instead.
  • The controller no longer needs the personal data for the purposes of the process­ing, but they are required by the data subject for the estab­lish­ment, exercise or defence of legal claims.
  • The data subject has objected to process­ing pursuant to Article 21(1) of the GDPR pending the verifi­ca­tion whether the legit­i­mate grounds of the controller override those of the data subject.

  If one of the afore­men­tioned condi­tions is met, and a data subject wishes to request the restric­tion of the process­ing of personal data stored by the Mia Elysia, he or she may at any time contact any employee of the controller. The employee of the Mia Elysia will arrange the restric­tion of the processing.

 

• f) Right to data portability

  Each data subject shall have the right granted by the European legis­la­tor, to receive the personal data concern­ing him or her, which was provided to a controller, in a struc­tured, commonly used and machine-readable format. He or she shall have the right to trans­mit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the process­ing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the process­ing is carried out by automated means, as long as the process­ing is not neces­sary for the perfor­mance of a task carried out in the public inter­est or in the exercise of official author­ity vested in the controller.

  Further­more, in exercis­ing his or her right to data porta­bil­ity pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data trans­mit­ted directly from one controller to another, where techni­cally feasi­ble and when doing so does not adversely affect the rights and freedoms of others.

  In order to assert the right to data porta­bil­ity, the data subject may at any time contact any employee of the Mia Elysia.

 

• g) Right to object

  Each data subject shall have the right granted by the European legis­la­tor to object, on grounds relat­ing to his or her partic­u­lar situa­tion, at any time, to process­ing of personal data concern­ing him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profil­ing based on these provisions.

  The Mia Elysia shall no longer process the personal data in the event of the objec­tion, unless we can demon­strate compelling legit­i­mate grounds for the process­ing which override the inter­ests, rights and freedoms of the data subject, or for the estab­lish­ment, exercise or defence of legal claims.

  If the Mia Elysia processes personal data for direct market­ing purposes, the data subject shall have the right to object at any time to process­ing of personal data concern­ing him or her for such market­ing. This applies to profil­ing to the extent that it is related to such direct market­ing. If the data subject objects to the Mia Elysia to the process­ing for direct market­ing purposes, the Mia Elysia will no longer process the personal data for these purposes.

  In addition, the data subject has the right, on grounds relat­ing to his or her partic­u­lar situa­tion, to object to process­ing of personal data concern­ing him or her by the Mia Elysia for scien­tific or histor­i­cal research purposes, or for statis­ti­cal purposes pursuant to Article 89(1) of the GDPR, unless the process­ing is neces­sary for the perfor­mance of a task carried out for reasons of public interest.

  In order to exercise the right to object, the data subject may contact any employee of the Mia Elysia. In addition, the data subject is free in the context of the use of infor­ma­tion society services, and notwith­stand­ing Direc­tive 2002/58/EC, to use his or her right to object by automated means using techni­cal specifications.

 

• h) Automated individ­ual decision-making, includ­ing profiling

  Each data subject shall have the right granted by the European legis­la­tor not to be subject to a decision based solely on automated process­ing, includ­ing profil­ing, which produces legal effects concern­ing him or her, or similarly signif­i­cantly affects him or her, as long as the decision (1) is not is neces­sary for enter­ing into, or the perfor­mance of, a contract between the data subject and a data controller, or (2) is not autho­rised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legit­i­mate inter­ests, or (3) is not based on the data subject’s explicit consent.

  If the decision (1) is neces­sary for enter­ing into, or the perfor­mance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the Mia Elysia shall imple­ment suitable measures to safeguard the data subject’s rights and freedoms and legit­i­mate inter­ests, at least the right to obtain human inter­ven­tion on the part of the controller, to express his or her point of view and contest the decision.

  If the data subject wishes to exercise the rights concern­ing automated individ­ual decision-making, he or she may, at any time, contact any employee of the Mia Elysia.

 

• i) Right to withdraw data protec­tion consent

  Each data subject shall have the right granted by the European legis­la­tor to withdraw his or her consent to process­ing of his or her personal data at any time.

  If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the Mia Elysia.

11. Data protec­tion provi­sions about the appli­ca­tion and use of Google Analyt­ics (with anonymiza­tion function)

On this website, the controller has integrated the compo­nent of Google Analyt­ics (with the anonymizer function). Google Analyt­ics is a web analyt­ics service. Web analyt­ics is the collec­tion, gather­ing, and analy­sis of data about the behav­ior of visitors to websites. A web analy­sis service collects, inter alia, data about the website from which a person has come (the so-called refer­rer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analyt­ics are mainly used for the optimiza­tion of a website and in order to carry out a cost-benefit analy­sis of Inter­net advertising.

The opera­tor of the Google Analyt­ics compo­nent is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

For the web analyt­ics through Google Analyt­ics the controller uses the appli­ca­tion “_gat. _anonymizeIp”. By means of this appli­ca­tion the IP address of the Inter­net connec­tion of the data subject is abridged by Google and anonymised when access­ing our websites from a Member State of the European Union or another Contract­ing State to the Agree­ment on the European Economic Area.

The purpose of the Google Analyt­ics compo­nent is to analyze the traffic on our website. Google uses the collected data and infor­ma­tion, inter alia, to evalu­ate the use of our website and to provide online reports, which show the activ­i­ties on our websites, and to provide other services concern­ing the use of our Inter­net site for us.

Google Analyt­ics places a cookie on the infor­ma­tion technol­ogy system of the data subject. The defin­i­tion of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individ­ual pages of this Inter­net site, which is operated by the controller and into which a Google Analyt­ics compo­nent was integrated, the Inter­net browser on the infor­ma­tion technol­ogy system of the data subject will automat­i­cally submit data through the Google Analyt­ics compo­nent for the purpose of online adver­tis­ing and the settle­ment of commis­sions to Google. During the course of this techni­cal proce­dure, the enter­prise Google gains knowl­edge of personal infor­ma­tion, such as the IP address of the data subject, which serves Google, inter alia, to under­stand the origin of visitors and clicks, and subse­quently create commis­sion settlements.

The cookie is used to store personal infor­ma­tion, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Inter­net site, such personal data, includ­ing the IP address of the Inter­net access used by the data subject, will be trans­mit­ted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the techni­cal proce­dure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corre­spond­ing adjust­ment of the web browser used and thus perma­nently deny the setting of cookies. Such an adjust­ment to the Inter­net browser used would also prevent Google Analyt­ics from setting a cookie on the infor­ma­tion technol­ogy system of the data subject. In addition, cookies already in use by Google Analyt­ics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possi­bil­ity of object­ing to a collec­tion of data that are gener­ated by Google Analyt­ics, which is related to the use of this website, as well as the process­ing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analyt­ics through a JavaScript, that any data and infor­ma­tion about the visits of Inter­net pages may not be trans­mit­ted to Google Analyt­ics. The instal­la­tion of the browser add-ons is consid­ered an objec­tion by Google. If the infor­ma­tion technol­ogy system of the data subject is later deleted, format­ted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analyt­ics. If the browser add-on was uninstalled by the data subject or any other person who is attrib­ut­able to their sphere of compe­tence, or is disabled, it is possi­ble to execute the reinstal­la­tion or reacti­va­tion of the browser add-ons.

Further infor­ma­tion and the applic­a­ble data protec­tion provi­sions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analyt­ics is further explained under the follow­ing Link https://www.google.com/analytics/.

12. Data protec­tion provi­sions about the appli­ca­tion and use of Instagram

On this website, the controller has integrated compo­nents of the service Insta­gram. Insta­gram is a service that may be quali­fied as an audio­vi­sual platform, which allows users to share photos and videos, as well as dissem­i­nate such data in other social networks.

The operat­ing company of the services offered by Insta­gram is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

With each call-up to one of the individ­ual pages of this Inter­net site, which is operated by the controller and on which an Insta­gram compo­nent (Insta button) was integrated, the Inter­net browser on the infor­ma­tion technol­ogy system of the data subject is automat­i­cally prompted to the download of a display of the corre­spond­ing Insta­gram compo­nent of Insta­gram. During the course of this techni­cal proce­dure, Insta­gram becomes aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Insta­gram, Insta­gram detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Inter­net site—which specific sub-page of our Inter­net page was visited by the data subject. This infor­ma­tion is collected through the Insta­gram compo­nent and is associ­ated with the respec­tive Insta­gram account of the data subject. If the data subject clicks on one of the Insta­gram buttons integrated on our website, then Insta­gram matches this infor­ma­tion with the personal Insta­gram user account of the data subject and stores the personal data.

Insta­gram receives infor­ma­tion via the Insta­gram compo­nent that the data subject has visited our website provided that the data subject is logged in at Insta­gram at the time of the call to our website. This occurs regard­less of whether the person clicks on the Insta­gram button or not. If such a trans­mis­sion of infor­ma­tion to Insta­gram is not desir­able for the data subject, then he or she can prevent this by logging off from their Insta­gram account before a call-up to our website is made.

Further infor­ma­tion and the applic­a­ble data protec­tion provi­sions of Insta­gram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

13. Data protec­tion provi­sions about the appli­ca­tion and use of Twitter

On this website, the controller has integrated compo­nents of Twitter. Twitter is a multi­lin­gual, publicly-acces­si­ble microblog­ging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 charac­ters. These short messages are avail­able for every­one, includ­ing those who are not logged on to Twitter. The tweets are also displayed to so-called follow­ers of the respec­tive user. Follow­ers are other Twitter users who follow a user’s tweets. Further­more, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operat­ing company of Twitter is Twitter Inter­na­tional Company, One Cumber­land Place, Fenian Street Dublin 2, D02 AX07, Ireland.

With each call-up to one of the individ­ual pages of this Inter­net site, which is operated by the controller and on which a Twitter compo­nent (Twitter button) was integrated, the Inter­net browser on the infor­ma­tion technol­ogy system of the data subject is automat­i­cally prompted to download a display of the corre­spond­ing Twitter compo­nent of Twitter. Further infor­ma­tion about the Twitter buttons is avail­able under https://about.twitter.com/de/resources/buttons. During the course of this techni­cal proce­dure, Twitter gains knowl­edge of what specific sub-page of our website was visited by the data subject. The purpose of the integra­tion of the Twitter compo­nent is a retrans­mis­sion of the contents of this website to allow our users to intro­duce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Inter­net site which specific sub-page of our Inter­net page was visited by the data subject. This infor­ma­tion is collected through the Twitter compo­nent and associ­ated with the respec­tive Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this infor­ma­tion to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives infor­ma­tion via the Twitter compo­nent that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regard­less of whether the person clicks on the Twitter compo­nent or not. If such a trans­mis­sion of infor­ma­tion to Twitter is not desir­able for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applic­a­ble data protec­tion provi­sions of Twitter may be accessed under https://twitter.com/privacy?lang=en.

14. Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for process­ing opera­tions for which we obtain consent for a specific process­ing purpose. If the process­ing of personal data is neces­sary for the perfor­mance of a contract to which the data subject is party, as is the case, for example, when process­ing opera­tions are neces­sary for the supply of goods or to provide any other service, the process­ing is based on Article 6(1) lit. b GDPR. The same applies to such process­ing opera­tions which are neces­sary for carry­ing out pre-contrac­tual measures, for example in the case of inquiries concern­ing our products or services. Is our company subject to a legal oblig­a­tion by which process­ing of personal data is required, such as for the fulfill­ment of tax oblig­a­tions, the process­ing is based on Art. 6(1) lit. c GDPR.
In rare cases, the process­ing of personal data may be neces­sary to protect the vital inter­ests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insur­ance data or other vital infor­ma­tion would have to be passed on to a doctor, hospi­tal or other third party. Then the process­ing would be based on Art. 6(1) lit. d GDPR.
Finally, process­ing opera­tions could be based on Article 6(1) lit. f GDPR. This legal basis is used for process­ing opera­tions which are not covered by any of the above­men­tioned legal grounds, if process­ing is neces­sary for the purposes of the legit­i­mate inter­ests pursued by our company or by a third party, except where such inter­ests are overrid­den by the inter­ests or funda­men­tal rights and freedoms of the data subject which require protec­tion of personal data. Such process­ing opera­tions are partic­u­larly permis­si­ble because they have been specif­i­cally mentioned by the European legis­la­tor. He consid­ered that a legit­i­mate inter­est could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

15. The legit­i­mate inter­ests pursued by the controller or by a third party

Where the process­ing of personal data is based on Article 6(1) lit. f GDPR our legit­i­mate inter­est is to carry out our business in favor of the well-being of all our employ­ees and the shareholders.

16. Period for which the personal data will be stored

The crite­ria used to deter­mine the period of storage of personal data is the respec­tive statu­tory reten­tion period. After expira­tion of that period, the corre­spond­ing data is routinely deleted, as long as it is no longer neces­sary for the fulfill­ment of the contract or the initi­a­tion of a contract.

17. Provi­sion of personal data as statu­tory or contrac­tual require­ment; Require­ment neces­sary to enter into a contract; Oblig­a­tion of the data subject to provide the personal data; possi­ble conse­quences of failure to provide such data

We clarify that the provi­sion of personal data is partly required by law (e.g. tax regula­tions) or can also result from contrac­tual provi­sions (e.g. infor­ma­tion on the contrac­tual partner).

Sometimes it may be neces­sary to conclude a contract that the data subject provides us with personal data, which must subse­quently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provi­sion of the personal data would have the conse­quence that the contract with the data subject could not be concluded.

Before personal data is provided by the data subject, the data subject must contact any employee. The employee clari­fies to the data subject whether the provi­sion of the personal data is required by law or contract or is neces­sary for the conclu­sion of the contract, whether there is an oblig­a­tion to provide the personal data and the conse­quences of non-provi­sion of the personal data.

18. Existence of automated decision-making

As a respon­si­ble company, we do not use automatic decision-making or profiling.

This Privacy Policy has been gener­ated by the Privacy Policy Gener­a­tor of the German Associ­a­tion for Data Protec­tion that was devel­oped in cooper­a­tion with Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.