Privacy Policy
1. Privacy at a glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
Additional Privacy Notices
Data Collection on this Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can take their contact details from the section “Note on the responsible body” in this privacy policy.
How do we collect your data?
Your data is collected either by us receiving it directly from you. This could, for example, be data that you enter into a contact form.
Other data is automatically collected by our IT systems when you visit the website, either automatically or after your consent. These are mainly technical data (e.g., internet browser, operating system, or time of the page view). The collection of these data occurs automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure a flawless provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Moreover, you have the right to lodge a complaint with the competent supervisory authority.
For this, as well as for further questions on the topic of data protection, you can contact us at any time.
You have the right at any time to obtain information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have a right to complain to the competent supervisory authority.
For this purpose as well as for further questions on the topic of data protection, you can contact us at any time.
Analytical Tools and Third-Party Tools
When visiting this website, your surfing behavior can be statistically evaluated. This is done primarily with what are known as analysis programs.
Detailed information on these analysis programs can be found in the following privacy statement.
2. Hosting
We host the contents of our website with the following provider:
IONOS
The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files including your IP addresses. For details, please refer to IONOS's privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.
We use IONOS on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, provided that the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) in the sense of the TDDDG . Consent can be revoked at any time.
Contract processing
We have concluded a contract for order processing (AVV) to use the above-mentioned service. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
External Hosting
This website is hosted externally. The personal data collected on this website are stored on the servers of the host/hosting providers. This may primarily involve IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The external hosting is carried out for the purpose of contract fulfilment towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a safe, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG , provided that the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) in the sense of the TDDDG . Consent can be revoked at any time.
Our host(s) will process your data only to the extent necessary to fulfil their performance obligations and will comply with our instructions regarding this data.
We use the following host(s):
Profihost GmbH
Expo Plaza 1
30539 Hannover
Order processing
We have concluded a contract for order processing (AVV) to use the above service. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General Notes and Mandatory Information
Privacy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Note on the responsible party
The party responsible for data processing on this website is:
AS
Aquaristik & Heimtierbedarf GmbH & Co. KG
Gewerbering 19, 86931 Prittriching
Managing Directors:
Florian Schmager, Thomas Schuster
Telephone:
08206 96060
E-Mail: as@as-aquaristik.de
The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage duration
As long as no specific storage period is mentioned within this privacy statement, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or withdraw your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will take place after these reasons no longer apply.
General information on the legal bases for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, if special categories of data according to Art. 9 Para. 1 GDPR are processed. In the case of express consent to the transfer of personal data to third countries, data processing is also based on Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or to access information on your device (e.g., via device fingerprinting), data processing also takes place on the basis of § 25 Para. 1 TDDDG . Consent can be withdrawn at any time. If your data is required for the fulfilment of a contract or the implementation of pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if they are required to fulfil a legal obligation based on Art. 6 Para. 1 lit. c GDPR. Data processing can also be based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. The legal bases relevant in each individual case will be informed in the following paragraphs of this data protection declaration.
Data Protection Officer
We have appointed a data protection officer.
Data Protection
Team of SONNTAG IT Solutions
SONNTAG IT Solutions GmbH & Co. KG
Schertlinstraße 23 | 86159 Augsburg
E-Mail: datenschutz@as-aquaristik.de
Note on data transfer to the USA and other third countries
We use tools from companies based in the USA or other data protection non-compliant third countries. If these tools are active, your personal data can be transferred to these third countries and processed there. We note that in these countries a data protection level comparable to the EU cannot be guaranteed. For example, US companies are required to disclose personal data to security agencies, without you as the data subject being able to take legal action against it. Therefore, it cannot be excluded that US authorities (e.g., intelligence services) process your data located on US servers for surveillance purposes, evaluate and permanently store. We have no influence on these processing activities.
This website uses the translation service Google Translate via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Translate can only be used on our site based on your consent (Art. 6 Para. 1 lit. f GDPR). In order to use the features of Google Translate, it is necessary to process your IP address and device data. This information is usually transferred to a Google server in the USA and stored there. We have no control over this data transfer. Google collects, stores, and processes information to provide better services to users. This includes, for example, the language used, but also the entire surfing behavior. More information can be found in Google's privacy policy at: https://policies.google.com/privacy.
Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke any previously given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in specific cases and against direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PAR. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR SPECIFIC SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH A PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PAR. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS APPLIES ALSO TO PROFILING, AS FAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 PAR. 2 GDPR).
Right to lodge a complaint with the competent supervisory authority
In case of violations of the GDPR, data subjects have a right of appeal to a supervisory authority, especially in the member state of their habitual residence, their place of work, or the place of the alleged infringement. This right of appeal is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Information, Correction and Erasure
Under the applicable statutory provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if necessary, a right to correction or erasure of this data. For this as well as for further questions on the subject of personal data, you can contact us at any time.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing applies in the following cases:
- If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. During the review period, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is being carried out unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need them to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data may – apart from their storage – only be processed with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as a site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Advertising Emails
The use of contact data published within the framework of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
4. Data Collection on this Website
Cookies
Our websites use so-called "cookies". Cookies are small packets of data and do no harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain on your device until you delete them yourself or an automatic deletion by your web browser occurs.
Cookies can be from us (first-party cookies) or from third-party companies (so-called. third-party cookies). Third-party cookies allow the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used for evaluation of user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions desired by you (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) are stored on basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized provision of his services. If consent to storage of cookies and similar recognition technologies was requested, processing is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG ); the consent is revocable at any time.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, reject cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.
Which cookies and services are used on this website, you can take from this privacy policy.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- used operating system
A combination of this data with other data sources will not be carried out.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free display and optimization of his website - for this, the server log files must be collected.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form including the contact data you provided there will be stored for the purpose of processing the request and in case of follow-up questions. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data entered by you in the contact form remains with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after completed processing of your request). Mandatory legal provisions – especially retention periods – remain unaffected.
Enquiry via email, phone or fax
If you contact us via email, phone or fax, your enquiry, including all resulting personal data (name, enquiry), will be stored and processed by us for the purpose of handling your request. We will not share this information without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data sent by you to us via contact requests remains with us until you request us to delete, revoke your consent to storage or the purpose for data storage lapses (e.g. after your request has been processed). Mandatory statutory provisions - especially statutory retention periods - remain unaffected.
5. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. Additional data will not be collected or will only be collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
The processing of the data entered into the newsletter subscription form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, the email address, and their use for sending the newsletter at any time, e.g. via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data provided by you for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of the newsletter service provider after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest according to Art. 6 para. 1 lit. f GDPR.
Data stored with us for other purposes remains unaffected by this.
After your removal from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider, if necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in compliance with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
6. eCommerce and Payment Providers
Processing of Customer and Contract Data
We collect, process and use personal customer and contract data for the establishment, content design and modification of our contractual relationships. We collect, process, and use personal data about the use of this Website (usage data) only insofar as this is necessary to enable or bill the user for the use of the service. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of any existing legal retention periods. Statutory retention periods remain unaffected.
Used eCommerce Software - Shopware
Data Processing
As an eCommerce solution, we use shopware. When you use the webshop , your personal data will be collected and processed by us and shopware.
The webshop
collects all data that you provide/use when using the webshop
(e.g., email address, phone number, order process/purchase data).
Furthermore, shopware processes technical data necessary for
communication between the browser and server and stored in the browser. In addition to the IP address and IDs in relation to the
order process, the following data is processed.
Cookies (Session, CSRF): Shopware stores cookies in the visitor's browser to
ensure the basic functions of the shop. The cookies, for example,
contain the contents of the shopping cart, the login status, and also enable CSRF protection.
Without allowing cookies in the browser, Shopware cannot be used.
IMPORTANT: Shopware always only stores IDs in the customer's browser, the
assignment to the respective information takes place in the application area.
Session: Based on the session cookie, Shopware decides whether the respective user
has an active shopping cart and whether the user is logged in. It thus serves
as identification between the browser and server. No other information
other than the Session-ID is stored in the browser. The handling of sessions
is controlled by PHP on the server side and is independent of Shopware.
CSRF: In addition, Shopware generates an individual CSRF cookie when
visiting the shop, so that the customer can operate the individual areas of the shop.
Please note that we do not have full control over the data processing operations of the software used. For further information on data processing by Shopware, please refer to the privacy information at https://docs.shopware.com/de/shopware-6-de/tutorials-und-faq/dsgvo?category=shopware-6-de/tutorials-und-faq/eu-regelungen#welche-ip-adressen-werden-gespeichert .
Purpose and Legal Basis
The
personal data is processed for the purpose of carrying out an order in
the webshop. The legal basis is the fulfillment of the contract according to Art. 6 Abs. 1b
GDPR. If you do not provide any personal data, an
order in our online shop is not possible.
The storage of CSRF tokens, IP address and time of order/visit
is for the purpose of ensuring the security of our systems.
The legal basis for processing is a legitimate interest in accordance with Art. 6 Abs.
1f GDPR.
Storage Duration
The personal
data you provide is stored for the duration of the contract fulfillment
(order, purchase). These personal data are not merged
with other data sources.
Data is transferred to third parties as far as this is necessary for the fulfillment of the contract
(e.g., to payment service providers, IT service providers,
shipping companies). A transfer to a third country or an
international organization is not planned.
7. Audio and Video Conferences
Data Processing
For the communication with our customers, we use among other things online conference tools. The tools we use in detail are listed below . If you communicate with us via video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/use to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required for the execution of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speakers, as well as the type of connection.
In case contents within the tool are exchanged, uploaded, or otherwise provided, they are also stored on the servers of the tool providers. Such contents include in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are primarily determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection statements of the tools used, which we have listed below this text.
Purpose and Legal Basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the use of the respective tools is based on this consent; the consent can be revoked at any time with effect for the future.
Storage Duration
The data directly collected by us via the video and conference tools are deleted from our systems as soon as you request us to delete them, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage duration of your data that are stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
Conference Tools Used
We use the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in Microsoft Teams' privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Contract processing
We have concluded a contract for order processing (COP) for the use of the service mentioned above. This is a legally required contract that ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
8. Our Services
Handling of applicant data
We offer you the opportunity to apply with us (e.g., by email, post, or via an online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure that the collection, processing and use of your data are in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.
Scope and purpose of data collection
If you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes taken during job interviews, etc.) as far as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 Para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 Para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.
Data retention period
If we cannot make you a job offer, you decline a job offer, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular for evidential purposes in the event of a legal dispute. If it becomes apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for the further retention no longer applies.
A longer retention may also occur if you have given the corresponding consent (Art. 6 para. 1 lit. a GDPR) or if legal retention obligations prevent deletion.
Admission to the Applicant Pool
If we cannot make you a job offer, there may be the option to include you in our applicant pool. In the event of admission, all documents and information from the application will be transferred to the applicant pool, in order to contact you in case of suitable vacancies.
The admission to the applicant pool is solely based on your express consent (Art. 6 para. 1 lit. a GDPR). The granting of consent is voluntary and has no relation to the current application process. The affected person can revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after the consent has been given.
Our Social Media Presence
This privacy policy applies to the following Social Media Presences
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The social networks we use can be found further below.
Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:
If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. This data collection occurs in this case, for example, via cookies stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you both inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection regulations of the respective social media portals.
Legal Basis
Our social media appearances aim to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Controller and Assertion of Rights
If you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) in principle both against us and against the operator of the respective social media portal (e.g., against Facebook).
Please note that despite our shared responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our possibilities are largely determined by the corporate policy of the respective provider.
Storage Duration
The data we collect directly through our social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no influence on the storage duration of your data, which are stored by the operators of social networks for their own purposes. For details, please refer directly to the operators of the social networks (e.g., in their privacy policy, see below).
Your Rights
You have the right at any time to obtain information about the origin, recipient, and purpose of your stored personal data free of charge. You also have the right to object, to data portability and a right of complaint to the competent supervisory authority. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
Social Networks in Detail
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Meta for joint processing (Controller Addendum). This agreement defines which data processing operations we or Meta are responsible for when you visit our Facebook Page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in the Facebook's privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381
You can find details about their handling of your personal data in Instagram's privacy policy: https://help.instagram.com/519522125107875.