2. Personal data, purposes of their processing and legal bases

It is generally possible to use our website without having to provide personal data. The provision of personal data is voluntary.

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the identity of that natural person.

The purpose of processing data is to operate this website with information about our range of services, including contact options and online application options.

Personal data is only collected on our website if this is necessary

• for the use of the website (legal basis: Art. 6 para. 1 sentence 1 lit. a) and/or Art. 6 para. 1 sentence 1 lit. b) General Data Protection Regulation (GDPR),

• to safeguard our interest in improving the user experience and maintaining the security of use (legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR),

•  for the use of the services offered on the website as well as pre-contractual measures, in particular for form entries (legal basis: Art. 6 para. 1 sentence 1 lit. a) and/or Art. 6 para. 1 sentence 1 lit. b) GDPR) or
•  for the conclusion and performance of a contract (legal basis: Art. 6 para. 1 sentence 1 lit. a) and lit. b) GDPR)

is required.

Further details on the processing of data can be found below under the corresponding headings:

 3. Access data/server log files

When you visit our website, the servers automatically save the information that your browser sends, so-called server log files. The information includes

• Name of the website accessed,
• file,
• Date and time of access,
• Notification of successful retrieval,
• Browser type and version,
• the user’s operating system,
• referrer URL,

This data is not merged with other data sources. The information is used exclusively to analyze and maintain the technical operation of the servers and the network in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

4. Cookies

Our website stores cookies. Cookies are small files that make it possible to store specific, device-related information on the user’s access device (PC, smartphone, etc.). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they are used to collect statistical data on website usage and to analyze it for the purpose of improving the offer. You can find more detailed information in the following sections of our privacy policy. If you give your consent for cookies that are not required, the legal basis is Section 25 (1) TTDSG, Article 6 (1) sentence 1 lit. a) GDPR (consent). You can find further information on this and on the cookies and services used in our consent management tool and revoke your consent freely and without detriment at any time with effect for the future.

As a user, you can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it should be noted that the use and in particular the ease of use are restricted without cookies.

5. Contact via E-Mail

If you send us inquiries by e-mail, your details from the e-mail, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR. We will never pass on this data without your consent. We will treat the data you provide voluntarily as strictly confidential. We store and use the personal data you provide voluntarily to the extent necessary for further correspondence with you.

6. contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR. We will not pass on this data without your consent

7. BoostrapCDN

So that we can deliver our individual web pages to you quickly and flawlessly on all different devices, we use the open source CDN service of jsdelivr.com from the Polish software company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland.

A Content Delivery Network (CDN) is a service that helps to deliver the content of our online offer, in particular large media files such as graphics or scripts, faster with the help of regionally distributed servers connected via the Internet. The information transfer between your browser and our website is technically routed via the JSDelivr network. This enables JSDelivr to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. JSDelivr may also use cookies for this purpose, but these are used solely for the purpose described here. User data is processed for the aforementioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you use must connect to the CDN servers. As a result, the CDN becomes aware that our website has been accessed via your IP-address. Further information can be found in the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-com.

The use of this tool is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

8. Recipient of personal data

We disclose personal data to the following categories of recipients:

Our employees and website host. The host is

Mittwald CM Service GmbH & Co. KG
Königsberger Strasse 4-6
32339 Espelkamp.

Other than that, your personal data is not transferred to third parties without your explicit consent, unless we are obliged by law to do so within the meaning of Art. 6 (1) s. 1 lit. c) GDPR or the data transfer is crucial for performing a contractual relationship in accordance with Art. 6 (1) s. 1 lit. b) GDPR.

Please note that data transfer via the internet (e.g. when communicating via email) may have security gaps. It is impossible to entirely protect data against third-party access.

9. Storage period

We delete your personal data as soon as its purpose has been fulfilled. For example, we store the data from your emails and contact form until your enquiry has been fully processed and completed. The data is then deleted as a general rule.

We also check once a year if we are able to delete your personal data.

We automatically delete session cookies once you leave our website. Access data and server logfiles are deleted after one week.

Please note that certain data must be stored for a minimum of six (Section 257 of the German Commercial Code (Handeslgesetzbuch – HGB)) or 10 (Section 147 of the German Tax Code (Abgabenordnung – AO)) years in accordance with commercial and tax laws.

10. Rights of the data subject

You are not obligated by law to provide your personal data. However, doing so may be necessary for concluding a contract or for certain website functions. If you fail to provide your personal data, it may be impossible to provide a contract or website function.The website does not include automated decision-making processes and no profiling takes place.

The rights of data subjects are specifically stated in Art. 15 to 23 and Art. 77 GDPR as well as Sections 32 to 37 of the new German Data Protection Act (Bundesdatenschutzgesetz – BDSG).

You have the following rights regarding your personal data when dealing with us:

• Right to be informed, 15 GDPR
• Right of rectification, 16 GDPR
• Right to erasure, 17 GDPR
• Right to restrict processing, 18 GDPR
• Right to data portability, 20 GDPR.

If you have consented to the processing of personal data, you have the right to

• withdraw consent, Art. 7 GDPR

with future effect.

You further have the right to

If you are of the opinion that the processing of your personal data violates data protection laws, you have the

• right to complain

at any time to the relevant authority, see Art. 77 GDPR. Notwithstanding any other legal remedy under administrative law or before a court, you have the right to complain to a supervisory authority, particularly in the member state where you have your residence, place of work or where the violation occurred, if you are of the opinion that the processing of your personal data violates the GDPR.

You can find the contact details for the data protection officers in the federal states, government supervisory authorities, broadcasting sector, churches, in Europe and the rest of the world, as well as the virtual data protection office at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

The supervisory authority responsible for us is: Landesbeauftragte für den Datenschutz Nordrhein-Westfalen, Kavalleriestrasse 2-4, 40213 Düsseldorf.