As the operator of the www.hitschler.de website and as the body responsible, we take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data-protection provisions as well as this Data Protection Declaration.
I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection legislation of the member states as well as other data protection-law provisions is:
hitschler International GmbH & Co.KG
An der Hasenkaule 10
Tel.: +49 (0) 22 1 – 460 16 0
Fax: +49 (0) 22 1 – 460 16 55
If you have any queries regarding the subject of data protection, you are welcome to contact our data protection officer, quoting the keywords “data protection website”. Please direct your query to firstname.lastname@example.org.
II. General information regarding data processing
1. Scope of the processing of personal data
As a matter of principle, we only process our users’ personal data insofar as this is necessary to provide a functional website as well as the content and services. Processing personal data is usually done only after consent has been granted by the respective user. An exception applies in cases where prior obtaining of consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.
2. Legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for the processing of personal data, Article 6 paragraph 1 a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary in order to perform a contract to which the data subject is a contract party, Article 6 paragraph 1 b of the GDPR serves as the legal basis. This also apples for processing which is necessary for the implementation of pre-contractual measures.
Insofar as processing personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Article 6 paragraph 1 c of the GDPR serves as the legal basis.
In the event that crucial interests of the data subject or of another natural person make it necessary to process personal data, Article 6 paragraph 1 d of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a justified interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the party affected do not outweigh that justified interest, then Article 6 paragraph 1 f of the GDPR serves as the legal basis for the processing.
3. Data deletion and storage duration
The data subject’s personal data is deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can go beyond this if this is provided for by the European or national legislator in Union-law ordinances, laws or other provisions to which the controller is subject. Blocking or deleting the data is also done if a storage period prescribed by the norms named expires, unless there is a necessity for further storage of the data for entry into or performance of a contract.
III. Providing the website and generating log files
1. Description and scope of the data processing
Whenever our website is accessed, automated data and information from the computer accessing it is collected. The following data is collected in this context:
(1) information about the browser type and the version used
(2) the user’s operating system
(3) the user’s Internet service provider
(4) the user’s IP address
(5) date and time of the access
(6) websites from which the user’s system arrives at our website
(7) websites which are accessed by the user’s system via our website
(8) HTTP status code.
The data is also saved in our system's log files. This data is not stored together with other personal data of the user’s.
2. Legal basis for the data processing
The legal basis for the provisional storage of the data and the log files is Article 6 paragraph 1 f of the GDPR.
3. Purpose of the data processing
The provisional storage of the IP address by the system is necessary in order to make it possible to deliver the website to the user's computer. For this purpose, the user’s IP address must be saved for the duration of the session.
Saving is done in log files in order to ensure the functionality of the website. Moreover, we use the data in order to optimise the website and to guarantee the security of our information-technology systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also include our justified interest in data processing pursuant to Article 6 paragraph 1 f of the GDPR.
4. Duration of the storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of the collection of the data in order to make the website available, this is the situation when the respective session has come to an end.
In the case of storage of the data in log files, this is the situation after a maximum of seven days. Storage going beyond this is possible. In such case, the IP addresses of the users are deleted or transformed so that it is no longer possible to allocate them to the accessing clients.
5. Objection and removal option
Collecting the data in order to make the website available and storing the data in log files are absolutely essential for the operation of the website. As a consequence, it is not possible for the user to object thereto.
IV. Using cookies
1. Description and scope of the data processing
2. Legal basis for the data processing
The legal basis for the processing of personal data using technically-necessary cookies is Article 6 paragraph 1 f of the GDPR.
Insofar as cookies are placed for the analysis of user behaviour, this is done on the basis of consent pursuant to Article 6 paragraph 1 a of the GDPR.
3. Purpose of the data processing
The user data collected by means of technically-necessary cookies is not used to generate user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we ascertain how the website is used and can thus continuously optimise our offer.
4. Duration of the storage, objection and removal option
5. Cookie consent with Borlabs Cookie
Our website uses the cookie-consent technology of Borlabs Cookie in order to obtain your consent to storage of certain cookies in your browser and to document this in a data protection-compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter referred to as “Borlabs”).
When you access our website, a Borlabs Cookie is stored in your browser, in which the consents granted by you or the revocations of those consents are saved. This data is not passed on to the provider of Borlabs Cookie.
The data collected is stored until you make a deletion request to us or delete the Borlabs Cookie yourself or the purpose for the data storage ceases to exist. Mandatory statutory storage periods remain unaffected. You can find details about the data processing of Borlabs Cookie at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
V. Contact form and email contact
1. Description and scope of the data processing
Our website has a contact form which can be used for making contact electronically. If a user makes use of this option, then the data entered into the form will be transmitted to us and stored. This data is:
- user’s first and last names
- your email address
- your address
- your telephone number
- any additional personal data supplied by you in the framework of your message.
Moreover, the following data is saved at the point in time when the message is sent:
- user’s IP address
- date and time of the registration.
For the processing of the data in the framework of the dispatch process, your consent is obtained and reference is made to this Data Protection Declaration.
Alternatively, it is possible to make contact via the email address provided. In such case, the user’s personal data transmitted with the email is stored.
The data is not passed on to third parties in this context. The data is exclusively used in order to process the conversation.
2. Legal basis for the data processing
If consent has been granted by the user, the legal basis for the processing of the data is Article 6 paragraph 1 a of the GDPR.
The legal basis for the processing of the data which is transmitted in the course of sending an email is Article 6 paragraph 1 f of the GDPR. If the aim of the email contact is to enter into a contract, then an additional legal basis for the processing is Article 6 paragraph 1 b of the GDPR.
3. Purpose of the data processing
The processing of the personal data from the form serves only for us to process the contact by you. In the case of contact by email, the requisite justified interest in processing the data is also present therein.
The other personal data processed during the dispatch process serves to prevent the contact form from being misused and to guarantee the security of our information-technology systems.
4. Duration of the storage
The data will be deleted as soon as it is no longer required to achieve the purpose of its collection. For the personal data in the contact form and the data which is sent by email, this is the case if the respective conversation with the user has come to an end. The conversation is at an end if it can be inferred from the circumstances that the pertinent set of facts has been finally clarified.
The personal data additionally collected during the dispatch process is deleted at the latest after a period of seven days.
5. Objection and removal option
The user has the option at all times to revoke his or her consent to the processing of the personal data. If the user contacts us by email, then s/he can object at any time to the storage of his or her personal data. In such a case, the conversation cannot be continued.
The user can object to the processing of his or her data by email or by mail. All personal data which is saved in the course of making contact is deleted in such case.
VI. Comment function on this website
On our website, we offer a comment function with which you can make blog contributions.
Using this comment function requires a name to be inserted, and you can choose a pseudonym here. The email address also has to be inserted. Giving an email address is necessary in order that we can forward to you any complaints about your comments in the blog and can ask you for a statement in this respect. You cannot use the comment function without providing these details. When publishing your comments, the email address given by you will be saved but not published. For the comment function on this website, in addition to your comments, the name given and the email address, details about the time of the making of the comments and about the IP address are saved.
The legal basis for the processing of the data which is transmitted when using the comment function for blog contributions is Article 6 paragraph 1 a of the GDPR.
Your data will be deleted as soon as it is no longer required to achieve the purpose of its collection. The comments and the data associated therewith will remain on this website until a conversation with you about any complaint is over, the content commented on has been completely deleted, or the comments must be deleted for legal reasons (e.g. insulting comments).
The comments are stored on the basis of your consent (Article 6 paragraph 1 a of the GDPR). You have the ability at all times to revoke your consent to the processing of the personal data. An informal message by email to us is sufficient for this purpose. The revocation does not affect the lawfulness of the data processing already done before the revocation. After a revocation, we will delete your personal data within 7 days.
With your consent you can subscribe to our "Good-Newsletter", with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. You can decide to subscribe to the hitschler newsletter on our landing page. For this purpose you have to tick the box in front of the declaration of consent to the newsletter.
For the subscription to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the given e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis is Art. 6 I lit. f DS-GVO as our interest in functioning an secure IT is concened..
Only your e-mail address and your name are required to send the newsletter. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is your consent as stated in Art. 6 I 1 lit. a DS-GVO.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to email@example.com or by sending a message or by sending an e-mail to the contact details given in the imprint.
1. Newsletter Tracking:
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons, also called “tracking pixels”. These are one-pixel image files that link to our website and thus enable us to evaluate your user behavior. This is done by collecting the data mentioned in this declaration as well as web beacons that are assigned to your e-mail address and linked to your own ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to provide you with the newsletter tailored to your interests. We record when you read our newsletters, which links you click in them and conclude from this your personal interests. We link this data to actions you take on our website. The newsletter provider stores the information collected in this way on its server in the USA.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us at firstname.lastname@example.org.
Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the tracking mentioned above will take place.
2. Use of MailChimp
This website uses the services of MailChimp for sending newsletters. Provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used to organize and analyze the sending of newsletters. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on the servers of MailChimp in the USA.
MailChimp ensures a comparable level of data protection during data transfer by concluding so-called standard data protection contract clauses (SCC) according to Article 46 paragraph 2 lit. c GDPR. For further information please visit: https://mailchimp.com/legal/data-processing-addendum/
With the help of MailChimp we can analyze our newsletter campaigns. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web-beacon) connects to the servers of MailChimp in the USA. This way it can be determined whether a newsletter message was opened and which links were clicked on, if any. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
The data you provided to us for the purpose of subscribing to the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data which is stored for other purposes (e.g. e-mail addresses for the member area) remains unaffected.
Use of MailChimp is based on our legitimate interest in advertising and efficient administration of our services, which in turn is based on the professional and entrepreneurial freedom according to Article 15 paragraph 1 and Article 16 GrCh. Since we inform you about this processing and no special data except your e-mail address will be transmitted, we base our processing on the existing legitimate interest according to art. 6 par. 1 p. 1 lit. f DSGVO.
For further details please refer to the data protection regulations of MailChimp at: https://mailchimp.com/legal/terms/.
VIII. Passing data on to the USA
Inter alia, tools from companies with their headquarters in the USA are integrated into our website. When these tools are active, your personal data can be passed on to the respective companies’ servers in the USA. We hereby draw your attention to the fact that the USA is not a safe non-EU country in the sense of EU data protection law. US-American companies are obliged to deliver personal data to security authorities without you as the data subject being able to take action against this in court. Accordingly, it cannot be excluded that US-American authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on US-American servers for surveillance purposes. We have no influence on those processing activities.
IX. Google Analytics
Insofar as you have granted your consent, Google Analytics, a web analysis service of Google LLC. (“Google”), is used on this website. Google Analytics uses so-called “Cookies”, text files which are stored on your computer and which enable an analysis of your usage of the website. The information generated by the cookie about your usage of this website is usually transferred to a Google server in the USA and stored there.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result thereof, IP addresses are processed further in abbreviated form, which precludes people from being identified. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is therefore deleted without delay.
On our behalf, Google will use this information in order to compile reports about the website activities and in order to render further services associated with the website usage and Internet usage to us as the website operator. We use Google Analytics in order to be able to analyse and regularly improve the usage of our website. Via the statistics acquired, we are able to improve our offer and configure it in a more interesting way for you as a user. The IP address transmitted by your browser in the framework of Google Analytics is not conflated with other data by Google.
Google Analytics cookies are stored on the basis of Article 6 paragraph 1 a of the GDPR. Consent is obtained in the framework of asking for your consent to the placement of cookies.
You have several ways of objecting to the collection of your data by Google Analytics and/or the prevention thereof: opt-out cookie: Place an opt-out cookie, which prevents collection of your data when visiting this website in future. Use the following link for this: deactivate Google Analytics. You will find more information about the treatment of user data by Google Analytics in Google's data protection declaration:
You can also prevent your data from being collected by not granting any consent to cookies for marketing purposes in the framework of our cookie-consent process. If you have granted consent, you can revoke this at any time. See section IX below in this respect. Moreover, you can prevent the collection of the data generated by the cookie and related to your usage of the website (including your IP address) to Google, as well as the processing of that data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We have entered into a contract with Google regarding order data processing and fully implement the strict stipulations issued by the German data-protection authorities in connection with Google Analytics usage.
External provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
X. Google reCAPTCHA
We use Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Using reCAPTCHA is intended to check whether data is being entered onto our website (for example, in a contact form) by a human or by automated software. For this purpose, reCAPTCHA analyses the website visitor’s behaviour on the basis of various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, how long the website visitor spends on the website, or mouse movements made by the user). The data collected in connection with the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data processing takes place on the basis of Article 6 paragraph 1 f of the GDPR. As the website operator, we have a justified interest in the determination of individual responsibility on the Internet and the prevention of misuse and spam.
You can access further information regarding Google reCAPTCHA as well as Google's data protection declaration at the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.
XI. Google Maps
Our website contains the integrated service "Google Maps" of the provider Google. The processed data may include in particular your IP address and location data, which will not be collected without your consent. This data may also be transferred to the USA. In this respect, Section VIII applies.
XII. Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/
If you do not have a Facebook account, you can deactivate any user based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.
XIII. Facebook fanpage
Pursuant to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) in the sense of data protection law for the processing of personal data which is collected when visiting our Facebook page (https://de-de.facebook.com/hitschler.DE/).
When you visit our profile page, Facebook automatically collects personal data from you as a visitor to the page, without us being able to influence this. You will find further information regarding the collection of data by Facebook in Facebook’s data protection declaration at https://www.facebook.com/privacy/explanation.
- https://www.facebook.com/settings?tab=ads (log-in necessary)
Facebook provides us with various anonymised statistics about the visitors to our profile page, in the framework of the so-called Page Insights. We have no influence on the generation of that information. In particular we are unable to stop the collection and processing by Facebook. We are provided with the following anonymised data by Facebook with regard to our profile page for a selectable period as well as for each of the categories of fans, subscribers, people reached and interacting people:
total number of page accesses, “like me” details, page activities, post interactions, scope, video views, post scope, comments, shared content, replies, proportion of men and women, origin related to country and city, language, accesses and clicks in the shop, clicks on route planner, clicks on telephone numbers. You can obtain more information about Page Insights on Facebook’s corresponding website at
We use that information in order to make our profile page and the content therein more attractive to visitors to our profile page. This also constitutes our justified interest in the sense of our legal basis for this processing pursuant to Article 6 paragraph 1, sentence 1 f) of the GDPR.
The reciprocal obligations with regard to joint responsibility are set out in the Page Insights addendum with regard to the controller at https://www.facebook.com/legal/terms/page_controller_addendum. Therein, Facebook assumes primary responsibility in the sense of the GDPR for the processing of Insights data and declares fulfilment of all of the obligations arising out of the GDPR with regard to the processing of Insights data (inter alia Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR, and Articles 32 to 34 of the GDPR). Only Facebook can make and implement decisions with regard to the processing of Insights data. Because Facebook makes decisions solely in its discretion as to how its obligations arising out of this agreement are fulfilled, we have no influence on the fulfilment of the data protection-law obligations by Facebook. If we receive queries in connection with the Insights data, we are obliged to forward all relevant information to Facebook.
XIV. Instagram fanpage
Pursuant to the case law of the European Court of Justice, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) in the sense of data protection law for the processing of personal data which is collected by Facebook when our Instagram fanpage is visited.
When you visit our Instagram fanpage, Facebook automatically collects personal data from you as a visitor to the respective fanpage, without us being able to influence this. You will find further information regarding the collection of data by Facebook in Instagram’s data protection declaration.
- https://www.facebook.com/settings?tab=ads (log-in necessary)
In the event that Facebook passes personal data on to its parent company, Facebook Inc., Menlo Park, California, U.S.A., (Facebook Inc.), Facebook Inc. is certified pursuant to the EU-US Privacy Shield and makes the commitment thereby to complying with European data protection standards.
- You can obtain more information about the Privacy Shield from https://www.privacyshield.gov.
- You can obtain information about the status of Facebook’s certification from https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Facebook provides us with various anonymised statistics about the visitors to our Instagram fanpage, in the framework of the so-called Page Insights. We have no influence on the generation of that information. In particular we are unable to stop the collection and processing by Facebook. We are provided with the following information by Facebook in the form of anonymised data with regard to the respective fanpage for a selectable period:
- Activity: In this area, insights are provided regarding our profiles, including interactions (such as profile visits and website clicks) as well as regarding the subject of discovery (how many people have seen our content and where did they find this).
- Content: We are given insights into posts, stories and promotions.
- Public: Here we find out more about our subscribers and our public.
You can find more information at https://help.instagram.com/788388387972460?helpref=faq_content.
We use that information in order to make our fanpages and the content therein more attractive to visitors to our fanpages. This also constitutes our justified interest in the sense of our legal basis for this processing pursuant to Article 6 paragraph 1, sentence 1 f) of the GDPR.
We endeavour to enter into an agreement with Facebook also concerning the Instagram service with regard to joint responsibility. So far, Facebook has not yet responded with regard to the Instagram service. It remains the case, however, that only Facebook can make and implement decisions with regard to the processing of Insights data. We have no influence on this whatsoever. If we receive queries in connection with the Insights data, we will forward them directly to Facebook.
XV. Facebook and Instagram social-media plug-ins
So-called social plug-ins for Facebook and Instagram social media are used on our website, which enable content to be shared and liked. You can usually recognise these plug-ins on the basis of the respective social-media logos.
We use the Shariff solution on our website in order to protect your privacy. With Shariff, the connection between you and the social network’s server is only generated if you actually click the respective button of the social network. Then your browser establishes a direct connection to the respective social network, and the social network receives at least the information that you have accessed the corresponding page of our online offer, and when, plus your IP address, and details about the browser used, the operating system and the language settings. Activating the plug-in constitutes consent in the sense of Article 6, paragraph 1 a of the GDPR. You can revoke this declaration of consent at any time, with effect for the future.
If you do not want the social network to collect data about you through this online offer, you must not click the button. If you are logged into the social network, the social network can also allocate the information after the activation of the button directly to your account with the social network.
You will find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. You will find more details about Facebook's data processing and about configuration options to protect your privacy at http://www.facebook.com/about/privacy/. For Instagram, you will find this information at https://instagram.com/about/legal/privacy/.
XVI. Usage of YouTube plug-ins
1. About the plug-in:
We use YouTube to embed videos. YouTube is operated by YouTube LLC with its headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The YouTube plug-in used on our website in this context is only activated if you click on the “activate YouTube now” button and thus consent to the use of YouTube. Upon your consent being granted, a connection to the YouTube servers is created and the plug-in shown. By doing so, it is transmitted to the YouTube servers which of our website pages you have visited. If you are logged in as a member of YouTube, YouTube allocates that information to your personal user account. When using the plug-in, e.g. by clicking on the “start” button of a video, this information is also allocated to your user account. You can prevent this allocation by logging out of your YouTube user account and out of other user accounts associated with YouTube LLC and Google Inc. and deleting the corresponding companies’ cookies before you use our website.
Please see YouTube’s data protection information at www.google.de/intl/de/policies/privacy/ for the purpose and scope of the data collection and the further processing and usage of the data by YouTube as well as your rights and configuration options in this respect with regard to the protection of your privacy.
2. Permission cookie:
The legal basis for the processing of personal data using cookies is Article 6 paragraph 1 a of the GDPR.
Analysis cookies are used for the purpose of improving the quality of our website and its contents, as well as to increase user-friendliness.
In order to lease our Candybar, we use the booking system of bookingkit GmbH, Sonnenallee 233, 12059 Berlin (“bookingkit”). If you enter a booking on our website, you declare that you are in agreement with the storage and processing of your personal data by bookingkit.
Your personal data is forwarded to bookingkit and processed. The purpose of this storage and processing of data is to assist with and process your orders, your authentication, execution of the payment transaction, and improvement of bookingkit’s services. You will find more details about usage conditions and data protection and the possible instructing of third parties with the data processing by bookingkit at https://bookingkit.net/de/datenschutzerklaerung/.
If you lodge a job application with us electronically, i.e. by email or via our website form, then we collect and process your personal data for the purpose of executing the application process and for the implementation of pre-contractual measures. We use a specialised software provider for the execution of the application process. The job applicant portal is run by Personio GmbH, Rundfunkplatz 4, 80335 Munich, with which we have entered into a contract regarding order data processing.
By sending a job application to our recruiting website, you announce your interest in wanting to be employed by us. In that context, you transmit personal data to us which we exclusively use and store for the purpose of your job search/job application. The following data in particular is collected in this context: first and last names, email address, telephone number, LinkedIn profile.
In addition, you have the option of uploading documents such as a cover letter, your curriculum vitae and references. These may contain further personal information, such as date of birth, address, etc.
Only authorised employees from the personnel department and/or employees involved in the application process have access to your data.
The personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data is stored for a period of 6 months after the end of the application process. This is usually done to fulfil legal obligations and/or to defend against any claims arising out of statutory provisions. Subsequently we are obliged to delete or anonymise your data. In such case, the data is only then available to us as so-called metadata, without direct personal reference, for statistical evaluations.
XIX. Links to other websites
Our website can contain links to third-party websites. If you follow a link to one of these websites, please note that we cannot assume any liability or give any guarantee regarding third-party content or data protection conditions. Please inform yourself about the respectively-applicable data protection conditions before you transmit personal data to these websites.
XX. Data security
Unfortunately, transferring information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted via the Internet to and via our website. However, we secure our website and other systems in the best possible manner through technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised parties.
We take precautionary measures in order to guarantee the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.
XXI. Rights of the data subject
If personal data of yours is processed, you are a data subject in the sense of the GDPR, and you are entitled to the following rights in relation to the controller:
1. Information right
You can request a confirmation from the controller as to whether personal data pertaining to you is being processed by us. If such processing is taking place, you can request details from the controller about the following information:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data which are processed;
(3) the recipients and/or the categories of recipients to whom the personal data pertaining to you has been disclosed or will be disclosed;
(4) the planned duration of the storage of the personal data pertaining to you or, if no specific details are possible in this respect, criteria for the determination of the storage period;
(5) the existence of a right to correction or deletion of the personal data pertaining to you, a right to limit the processing by the controller or a right to object to this processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information concerning the origin of the data, if the personal data is not collected from the data subject.
You are entitled to the right to request information about whether the personal data pertaining to you will be transmitted to a non-EU state or to an international organisation. In this context, you can request to be informed about the suitable guarantees pursuant to Article 46 of the GDPR in connection with the transmission.
2. Right to correction
You have a right to correction and/or completion against the controller insofar as the processed personal data pertaining to you is incorrect or incomplete. The controller is obliged to make the correction without undue delay.
3. Right to restrict processing
Subject to the following prerequisites, you can request restriction of the processing of the personal data pertaining to you:
(1) if you dispute the correctness of the personal data pertaining to you for a period which enables the controller to check the correctness of the personal data;
(2) if the processing is unlawful and you refuse deletion of the personal data and instead request restriction of the usage of the personal data;
(3) the controller no longer requires the personal data for the purposes of the processing but you require it for the assertion, exercise or defence of legal claims; or
(4) if you have filed an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and it is not yet certain whether the controller’s justified reasons outweigh your reasons.
If the processing of the personal data pertaining to you is restricted, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the right of another natural person or legal entity or for reasons of an important public interest of the Union or a member state.
If the restriction of the processing has been restricted pursuant to the abovementioned prerequisites, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You can ask us to delete the personal data pertaining to you without undue delay, and we are obliged to delete that data without undue delay, if one of the following reasons applies:
(1) The personal data pertaining to you is no longer necessary for the purposes for which it was collected or processed in another way.
(2) You revoke your consent on which the processing pursuant to Article 6 paragraph 1 a or Article 9 paragraph 2 a of the GDPR was based and there is a lack of another legal basis for the processing.
(3) You file an objection to the processing pursuant to Article 21 paragraph 1 of the GDPR and there are no overriding justified reasons for the processing, or you file an objection to the processing pursuant to Article 21 paragraph 2 of the GDPR.
(4) The personal data pertaining to you has been processed unlawfully.
(5) The deletion of the personal data pertaining to you is necessary in order to fulfil a legal obligation pursuant to the law of the Union or the member state(s) to which the controller is subject.
(6) The personal data pertaining to you was collected in connection with services offered by the information company pursuant to Article 8 paragraph 1 of the GDPR.
b) Information to third parties
If we have made public the personal data pertaining to you and if we are obliged pursuant to Article 17 paragraph 1 of the GDPR to delete that data, then taking consideration of the available technology and the implementation costs we take appropriate measures, including of a technical nature, to inform parties responsible for the data processing who process the personal data that you as a person affected have requested from them the deletion of all links to that personal data or of copies or reproductions of that personal data.
The right to deletion does not exist insofar as the processing is necessary
(1) to exercise the right to free expression of opinion and information;
(2) to fulfil a legal obligation which requires processing pursuant to the law of the Union or the member states to which the controller is subject, or to perform a task which is in the public interest or in exercise of public authority which has been transferred to the controller;
(3) for reasons of the public interest in the area of public health pursuant to Article 9 paragraph 2 h and i as well as Article 9 paragraph 3 of the GDPR;
(4) for archive purposes in the public interest, scientific or historic research purposes, or for statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, insofar as the right named in a) probably makes realisation of the aims of this processing impossible or seriously detrimentally impacts thereon; or
(5) for the assertion, exercise or defence of legal claims.
5. Right to information
If you have asserted the right to correction, deletion or limitation of the processing, we are obliged to notify all of the recipients to whom the personal data pertaining to you has been disclosed about that correction or deletion of the data or limitation of the processing, unless this transpires to be impossible or is associated with disproportionate expenditure.
You are entitled to the right against the controller to be informed about those recipients.
6. Right to data transferability
You have the right to receive in a structured, common and machine-readable format the personal data pertaining to you which you have provided to us. In addition, you have the right to transmit this data to another controller without impediment by the controller to whom the personal data has been provided, insofar as
(1) the processing is based on a consent pursuant to Article 6 paragraph 1 a of the GDPR or Article 9 paragraph 2 a of the GDPR or on a contract pursuant to Article 6 paragraph 1 b of the GDPR, and
(2) the processing is done with the assistance of automated processes.
In exercise of this right, you also have the right to procure that the personal data pertaining to you is transmitted directly by one controller to another controller insofar as this is technically feasible. No freedoms or rights of other parties may be detrimentally affected thereby.
The right to data transferability does not apply for processing of personal data which is necessary in order to carry out a task which is in the public interest or in exercise of official authority which has been transferred to the controller.
7. Objection right
You have the right for reasons which arise from your special situation to file an objection at any time to the processing of the personal data pertaining to you which is done on the basis of Article 6 paragraph 1 e or f of the GDPR.
We no longer process the personal data pertaining to you, unless we can prove mandatory protection-worthy reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves in the assertion, exercise or defence of legal claims.
If the personal data pertaining to you is processed in order to execute direct advertising, then you have the right to file an objection at any time to the processing of the personal data pertaining to you for the purposes of such advertising.
If you object to the processing for the purposes of direct advertising, then the personal data pertaining to you will no longer be processed for those purposes.
You have the option of exercising your objection right in connection with the usage of services by the information company – irrespective of Directive 2002/58/EC – by means of automated processes where technical specifications are used.
8. Right to revocation of the data protection-law consent declaration
You have the right to revoke your data protection-law consent declaration at any time. The revocation does not affect the lawfulness of the processing which took place on the basis of the consent until the revocation. To revoke a consent or to make an objection, a simple message is sufficient by email to us at: email@example.com.
9. Right to complain to a supervisory authority
Irrespective of contrary administrative-law or judicial legal remedies, you are entitled to the right to complain to a supervisory authority, particularly in the member state of your place of residence, your workplace or the location of the alleged breach, if you are of the view that the processing of the personal data pertaining to you breaches the GDPR.
The supervisory authority to which the complaint is submitted will inform the complainant about the status and the outcome of the complaint, including the possibility of a judicial legal remedy pursuant to Article 78 of the GDPR.
XXII. Changes to the data protection provisions
We reserve the right to adjust this Data Protection Declaration at any time with effect for the future, in order that it always conforms to the current legal requirements or in order to incorporate changes to our services in the Data Protection Declaration, e.g. if we introduce new services. For this reason, please look again at the Data Protection Declaration during your next visit.