This data protection declaration clarifies the type, scope and purpose ofthe processing of personal data (hereinafter referred to as „data“)in the context of the provision of our services and within our onlineoffering and the websites, functions and content associated with itas well as external online presences, such as our Social MediaProfile (hereinafter jointly referred to as „online offering“).With regard to the terms used, such as „processing“ or„person responsible“, we refer you to the definitions inArt. 4 of the Data Protection Basic Regulation (GDPR).
Link to imprint : https://www.martin-heimann.de/Imprint/
Types of data processed
– Inventory data (e.g., person master data, names or addresses).
– Contact data (e.g., e-mail, telephone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (hereinafter referred to collectively as „users“).
Purpose of processing
– Provision of the online offer, its functions and contents.
– Answering contact requests and communicating with users.
– Security measures.
– Range measurement/Marketing
„personal data“ means any information relating to an identified oridentifiable natural person (hereinafter „data subject“); anatural person who can be identified, directly or indirectly, inparticular by reference to an identifier such as a name, anidentification number, location data, online identifier (e.g. acookie) or to one or more specific characteristics which express thephysical, physiological, genetic, mental, economic, cultural orsocial identity of that natural person, is regarded as identifiable.
„processing“ means any operation carried out with or without the aid of automatedprocesses, or set of operations, involving personal data. The term isbroad and covers practically every handling of data.
„Pseudonymisation“ means the processing of personal data in such a way that the personaldata can no longer be attributed to a specific data subject withoutthe provision of additional information, provided that suchadditional information is kept separately and is subject to technicaland organisational measures ensuring that the personal data are notattributed to an identified or identifiable natural person.
„Profiling“ means any automated processing of personal data consisting of the useof such personal data to evaluate certain personal aspects relatingto a natural person, in particular to analyse or predict aspectsrelating to the work performance, economic situation, health,personal preferences, interests, reliability, conduct, whereabouts ormovements of that natural person.
The „controller“ is the natural or legal person, publicauthority, agency or other body which alone or jointly with othersdetermines the purposes and means of the processing of personal data.
„processor‘ means a natural or legal person, public authority, agency or otherbody which processes personal data on behalf of the controller.
Applicable legal bases
In accordance with Art. 13 GDPR we inform you about the legal basis of our data processing. For users from the area of application of the data protection basic regulation (GDPR), i.e. the EU and the EEC, the following applies, if the legal basis is not mentioned in the data protection explanation:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR;
The legal basis for the processing for the fulfilment of our services andthe implementation of contractual measures as well as the answeringof inquiries is Art. 6 para. 1 lit. b GDPR;
The legal basis for the processing for the fulfilment of our legalobligations is Art. 6 para. 1 lit. c GDPR;
Art. 6 para. 1 lit. d GDPR serves as the legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
The legal basis for the processing necessary to perform a task which isin the public interest or in the exercise of official authorityentrusted to the data controller is Art. 6 para. 1 lit. e GDPR.
The legal basis for the processing to safeguard our legitimate interestsis Art. 6 para. 1 lit. f GDPR.
The processing of data for purposes other than those for which they werecollected is governed by the provisions of Art. 6 (4) GDPR.
The processing of special categories of data (pursuant to Art. 9 para. 1GDPR) is governed by the provisions of Art. 9 para. 2 GDPR.
We take appropriate technical and organisational measures in accordancewith the legal requirements, taking into account the state of theart, the implementation costs and the type, extent, circumstances andpurposes of the processing, as well as the different probability ofoccurrence and severity of the risk to the rights and freedoms ofnatural persons, in order to ensure a level of protection appropriateto the risk.
Measures shall include, in particular, ensuring the confidentiality, integrityand availability of data by controlling physical access to, accessto, inputting, disclosure, securing and separation of data. Inaddition, we have established procedures to ensure the exercise ofdata subjects‘ rights, the deletion of data and the response to datathreats. Furthermore, we take the protection of personal data intoaccount as early as the development or selection of hardware,software and processes, in accordance with the principle of dataprotection through technology design and data protection-friendlydefault settings.
Cooperation with contract processors, jointmanagers and third parties
Insofar as we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfilment of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Insofar as we disclose, transmit or otherwise grant access to data to other companies of our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis corresponding to the legal requirements.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union(EU), the European Economic Area (EEA) or the Swiss Confederation) orif this is done in the context of the use of third party services ordisclosure or transfer of data to other persons or companies, thisonly occurs if it is done to fulfil our (pre)contractual obligations,on the basis of your consent, a legal obligation or on the basis ofour legitimate interests. Subject to legal or contractualpermissions, we process or leave the data in a third country only ifthe legal requirements are met. I.e. the processing takes place e.g.on basis of special guarantees, like the officially recognizedstatement of a data protection level corresponding to the EU (e.g.for the USA by the „Privacy Shield“) or observance ofofficially recognized special contractual obligations.
Rights of data subjects
You have the right to request confirmation as to whether the data inquestion will be processed and to be informed of this data and toreceive further information and a copy of the data in accordance withthe provisions of the law.
You have the right, in accordance with the law, to request the completionof the data concerning you or the rectification of the inaccuratedata concerning you.
In accordance with the statutory provisions, you have the right todemand that the data concerned be deleted immediately or,alternatively, to demand that the processing of the data berestricted in accordance with the statutory provisions.
You have the right to demand that the data concerning you which you havemade available to us be received in accordance with the statutoryprovisions and that it be transferred to other persons responsible.
You also have the right to file a complaint with the competentsupervisory authority in accordance with the statutory provisions.
Right of Withdrawal
You have the right to revoke any consent you have given with effect forthe future.
Right of objection
You may object at any time to the future processing of the dataconcerning you in accordance with the statutory provisions. Inparticular, you may object to the processing of your data for thepurposes of direct marketing.
Cookies and right of objection for directadvertising
Cookies“ are small files that are stored on the user’s computer. Differentdata can be stored within the cookies. A cookie is primarily used tostore information about a user (or the device on which the cookie isstored) during or after the user’s visit to an online service.Temporary cookies, or „session cookies“ or „transientcookies“, are cookies that are deleted after a user leaves anonline offer and closes his browser. The content of a shopping basketin an online shop or a login status, for example, can be stored insuch a cookie. Cookies are referred to as „permanent“ or„persistent“ and remain stored even after the browser isclosed. For example, the login status can be saved if users visit itafter several days. The interests of the users who are used for rangemeasurement or marketing purposes can also be stored in such acookie. Third party cookies“ are cookies that are offered byproviders other than the person responsible for operating the onlineservice (otherwise, if they are only the latter’s cookies, they arereferred to as „first party cookies“).
We may use temporary and permanent cookies and explain this in our privacypolicy.
If users do not want cookies to be stored on their computer, they areasked to deactivate the corresponding option in the system settingsof their browser. Stored cookies can be deleted in the systemsettings of your browser. The exclusion of cookies can lead tofunctional restrictions of this online offer.
Deletion of data
The data processed by us will be deleted in accordance with the statutoryprovisions or their processing will be restricted. Unless expresslystated in this data protection declaration, the data stored by uswill be deleted as soon as they are no longer required for theirintended purpose and there are no legal obligations to retain them.
If the data are not deleted because they are required for other and legallypermissible purposes, their processing will be restricted. This meansthat the data will be blocked and not processed for other purposes.This applies, for example, to data that must be stored for commercialor tax reasons.
Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our dataprotection declaration. We will adapt the data protection declarationas soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Comments and Contributions
If users leave comments or other contributions, their IP addresses maybe deleted on the basis of our legitimate interests within themeaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act.GDPR for 7 days. This is done for our security if someone leavesillegal contents (insults, forbidden political propaganda, etc.) incomments and contributions. In this case we can be prosecutedourselves for the comment or contribution and are thereforeinterested in the identity of the author.
Furthermore, we reserve the right, on the basis of our legitimate interestspursuant to Art. 6 para. 1 lit. f. GDPR to process the informationprovided by the user for the purpose of spam detection.
The personal information provided in the course of comments andcontributions, any contact and website information as well as thecontent information will be stored permanently by us until the userobjects.
Hosting and e-mail dispatch
The hosting services used by us serve the provision of the followingservices: Infrastructure and platform services, computing capacity,storage space and database services, e-mail dispatch, securityservices and technical maintenance services which we use for thepurpose of operating this online service.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this onlineservice on the basis of our legitimate interests in the efficient andsecure provision of this online service in accordance with Art. 6Para. 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of anorder processing contract).
Collection of access data and log files
We, and/or our hosting service partne, raise on basis of our entitled interestsin the sense of the art. 6 Abs. 1 lit. f. GDPR collects data on eachaccess to the server on which this service is located (so-calledserver log files). The access data includes the name of the websiteaccessed, file, date and time of access, amount of data transferred,notification of successful access, browser type and version, theuser’s operating system, referrer URL (the previously visited page),IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to clarify abuse or fraud actions) for a maximum period of 7 days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
Jetpack (WordPress Stats)
On the basis of our legitimate interests (i.e. interest in the analysis,optimisation and economic operation of our online offer in the senseof Art. 6 Para. 1 lit. f. of the German Civil Code), we make use ofthe information provided on this website. GDPR) the Plugin Jetpack(here the subfunction „WordPress Stats“), which includes atool for statistical evaluation of visitor access and from AutomatticInc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses„cookies“, which are text files placed on your computer, tohelp the website analyze how users use the site.