A. Data Protection Declaration as per the GDPR
We take the protection of your personal
data seriously and are compliant with the Data Protection Regulations. Personal
data will only be collected on this website where necessary for technical
reasons. Under no circumstance will any data collected be sold or illegally
forwarded to third parties.
The following declaration gives you an insight into which data is collected,
for what purpose and how we intend to ensure the protection of your data. This
data protection declaration as per the GDPR informs you of the nature, scope
and purpose of the processing of personal data within our company as well as
its related online offers and external online services such as e.g. Social
Media Profiles. The terminology in the following is defined in Article 4 of the
General Data Protection Regulation (GDPR).
I. Name and Address of the Person Responsible
The
responsible person as per the General Data Protection Regulations and other
national data protection laws is:
Wahlsdorf
Apartment
Thomas März
Wahlsdorf 124
15936 Dahme/ Mark
Deutschland
Tel.: 0171 4206067
E-Mail: info@wahlsdorf-apartment.de
Website: www.wahlsdorf-apartment.de
II. The Data Protection Officer of the
Responsible Person is:
There is no data protection officer ordered. Information is given by the
responsible person.
III. General Information about Data Processing
1. Scope of the processing of personal data
We collect and process personal data of our users only where necessary for the
provision of a functioning website / online shop including all content and
services or as necessary for the completion of a transaction as requested by
the client. Collection and processing of personal data is based on consent of
the user. Exceptions are permissible in cases where prior consent is not
possible in advance and where legislation provides for the processing of such
data.
Personal data processed within the online offers includes basic information
(such as e.g. names and addresses of clients), contract details (e.g. services
provided, names of administrators, payment information), user statistics (such
as e.g. which websites of our online offers were visited, interest in our
products) and content data (e.g. entry data in an online contact form).
The term „User“ includes all categories of persons affected by data processing.
This includes our business partners, clients, interested individuals and other
visitors of our online offers. The terminology is to be interpreted as gender
neutral.
We process personal data of users only in compliance with the relevant data
protection regulations. This means that user data is processed only where legal
permission applies. This includes where data processing is essential or a legal
requirement in order to fulfil our contractual service obligations, consent by
the user has been given as well as our legitimate interests such as interest in
market analysis, optimisation and sustainable operations and security of our
online offers as per Art. 6(1) of the GDPR. This applies in particular for the
measuring of reach, profiling for advertising and marketing purposes and the
collection of access data and use of third party services.
Please refer to Art. 6(1) lit. a. and Art. 7 of the GDPR for the legal basis in
relation to consent, Art. 6(1) lit. b. for the processing and fulfilment of
services and fulfilment of contractual services. The legal basis for processing
and compliance is outlined in Art. 6(1) lit. c. of the GDPR and the legal basis
for the processing of data to protect our legitimate interests is dealt with in
Art. 6(1) lit. F. of the GDPR.
2. Security Measures
We take operational, contractual and technical security measures in line with
the latest technology available to us to ensure that we comply with the
regulations as per legislation and to protect data processed by us from
intentional or unintentional manipulation, loss, destruction or access by
unauthorised persons.
One part of the security measures is the
encrypted transfer of data between your browser and our server.
2.1 SSL-Encryption
For security reasons and to protect the transfer
of confidential content, such as messages you send to us as site owners via the
contact form, this website uses SSL Encryption. You can recognise an encrypted
connection by the change in the address line from "http://" to https:// and the display of a padlock
in your browser line. Once the SSL encryption is activated, data you are
transmitting to us cannot be accessed by third parties.
3. Legal basis for the processing of personal data
Where we receive consent by the affected person
to process personal data, Art. 6(1) lit. a of the GDPR serves as the legal
basis.
For processing of personal data of a contractual party as a necessity to fulfil
contractual obligations, Art. 6(1) lit. b of the GDPR serves as the legal
basis. This applies also to processing necessary for pre-contractual measures.
Where the processing of personal data is a legal obligation applicable to our
company, Art. 6(1) lit. c of the GDPR shall form the legal basis.
In the case of vitally important interests of persons affected or any other
person making the processing of personal data necessary, Art 6. 1 lit. d of the
GDPR shall form the legal basis. If the processing becomes necessary to protect
a legitimate interest of our company or a third party which are not outweighed
by the interests, fundamental rights and freedom of the affected person, Art. 6(1)
lit. f of the GDPR forms the legal basis for processing.
4. Data Deletion and Storage Duration
Personal data of affected persons are being deleted or invalidated as soon as
the purpose of the data retention is removed. Data Storage is admissible where
provisions are made in legislation by European or National legislator in union
rights regulations, laws or other legally binding protocols applicable to the responsible
person. The invalidation or deletion of
data will be carried out also if the storage duration regulations as per above
expire, unless a necessity for continued data storage is identified as
necessary to fulfil or complete a contract.
IV. Provision of the website and the compilation of log files
1. Description and scope of data processing
Each visit to our website is captured with our system automatically compiling
data and information of the requesting device.
The following data are included in this compilation:
- Information about the browser type and the
version used
- The operating system of the user
- The Internet Service Provider of the user
- The user’s IP address
- Date and Time of access
- Websites through which the user’s system accesses
our website
- Websites which are accessed through our website
by the user’s system
This data is also saved in our system’s log
files. This data is not saved along with or correlated with other, personal
data of the user.
2. Legal Basis for data processing
Art. 6(1) lit. f of the GDPR forms the legal basis for temporary storage
and the log files.
3. Purpose of data processing
The temporary storage of the user’s IP address is necessary to provide access
to the website by the user’s device. For this purpose, the user’s IP address
must remain saved for the duration of the session.
The saving of log files ensures the continued functioning of the website. In
addition, this data allows us to optimise the website and to monitor the
security capability of our IT systems. An analysis of data for marketing
purposes is not carried out under this context.
For this purpose, our legitimate interest for data processing has its legal
basis in Art. 6(1) lit. f GDPR.
4. Storage Duration
Data will be deleted as soon as they are no longer necessary for the purpose
for which they were collected. In the case of data collection for the provision
of the website, this means that data will be deleted once the relevant session
is completed.
In the case of retention of log file data, this happens generally after seven
days. An extension for the retention is possible. In this case, the IP address
of the user is either deleted or pseudonymised in order to ensure that data cannot be allocated to a
specific client. If further retention is necessary, the deletion of stored data
shall be suspended until the final clarification of the matter.
5. Objection and Removal options
The capture of data and storage of log file data is essential for the provision
and operation of our website. Therefore, the user does not have the option to
object in this matter.
V. Use of Cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files which are saved on the user’s internet
browser or onto the user’s computer system by the browser. If a user accesses a
website, a cookie can be saved on the operating system of the user. This cookie
includes unique code which will allow the identification of the browser if the
website is accessed again.
We use cookies to design our website more user
friendly. Some elements of our website require that the accessing browser can
be identified even after a page change.
Cookies save and transfer the following data:
- Language settings
- Item saved in basket
- Log in information
- Session ID
Furthermore, we use cookies on our website which
allow us to analyse the browsing behaviour of users.
The following data can be transmitted this way:
- Search keywords entered
- Frequency of website access
- Accessing of website functions and services
User data collected this way is pseudonymised by technological precautions which prohibits the
identification of a user based on the data. This data is not being saved in
conjunction with other, personal identifying data of the user.
When accessing our website, users are advised of
the use of cookies for analysis purposes and referred to the Data Protection
Declaration by an info banner. In conjunction with this, users are also advised
how to deny cookies in the browser settings.
2. Legal Basis for data processing
The legal basis for
the processing of personal data via the use of cookies is covered in Art. 6(1) lit. f GDPR.
3. Purpose of data processing
The purpose of using technologically essential cookies is to simplify the use
of websites for the user. Several functions of our website cannot be provided
without the use of cookies. For those, it is essential for the browser to be
recognisable following a page change.
The following applications require Cookies:
- Basket
- Adaption to Language settings
- Memorising search key words
Data collected by technologically essential
cookies are not used for the preparation of user profiles.
The use of analysis cookies serves the continuous improvement of our website
and its contents. Analysis cookies let us know how the website is being used
and allows us to optimise our offers.
This also refers to our legitimate interest
concerning the processing of personal data according to Art. 6(1) lit. F GDPR.
4. Storage duration, objection and deletion options
Cookies are saved on the user’s device and transmitted to our website from
there. As user, you are in full control over the use of cookies. An adjustment
in your browser settings deactivates or restricts the transmission of cookies,
whilst saved cookies can be deleted at any stage. These settings are also
available on an automated basis. Should you choose to deactivate the cookies
for our website, it is possible that some functions are no longer fully
available.
VI. Newsletter
1. Description and scope of data processing
Our website offers the option to subscribe to a free newsletter. Upon
registration, data entered into the form will be transferred to us.
This data generally includes the e-mail address and as per request by the user
also the first name and surname in order to personalise the address line of the
newsletter where applicable.
Additionally, the following data is collected at registration:
- IP address of the accessing device
- Date and time of registration
To process data, your consent is sought via
Double Opt-In during the registration process which also refers to this data
protection declaration.
When you purchase goods or services on our website and leave your e-mail
address, we are permitted to subscribe you to our newsletter. In such a case,
the newsletter contains advertising exclusively for our similar goods or
services.
Regarding the data processing for the distribution of newsletters, no data is
forwarded to third parties. This data is used exclusively for the distribution
of the newsletter.
Newsletter – Distribution Service Provider
The distribution of the newsletters is carried out via distribution service
provider Jegasoft Media e.K., Berliner Chaussee 20, 15907 Lübben, Germany. You can view the General Data Protection
Regulations for the Distribution Service Provider here: www.jegasoft.de/datenschutz. The Distribution Service
Provider operates on the basis of our legitimate interest as per Art. 6(1)
lit.f of the GDPR and activated as a contractual service provider according to
Art. 28 3 1 GDPR.
The distribution service provider can use personal data of users to optimise or
improve the service provision in pseudonymised form, which prevents the allocation of personal data to a
specific user. Use of data is only permitted for technological optimisation of
the distribution, the appearance of the newsletter or for statistical use. The distribution service provider
is not permitted to use data of our newsletter recipients to commence direct
mailing or to share data with a third party.
Newsletter – Performance measurement
Newsletters may contain a so called tracking pixels which is a pixel sized file
which is accessed upon opening of the e-mail through our server or the server
of our distribution service provider where applicable. This access allows data
collection of technical information such as your browser and your systems as
well as your IP address and date and time of the access.
This information is used for technical improvement of the service based on
technical data or the target groups and their reading behaviour based on the
access locations (which can be determined with the IP address). Statistical
data also includes whether and when the newsletter was opened and which links
were clicked on. This information could technically be allocated to the
individual newsletter recipients, however it is not our intention, nor that of
the distribution service provider, to observe individual users. The analysis
serves as a way for us to recognise our user’s reading behaviour and adjust our
content or a variety of topics according to the user’s interests.
2. Legal basis for data processing
Art. 6(1) lit. a of the GDPR forms the legal basis for the processing of data
following the registration for the newsletter by the user, implying user
consent.
The legal basis for sending the newsletter following a sale of goods or
services is addressed in Art.7(3) UWG.
3. Purpose of data processing
The collection of the user’s e-mail address serves the purpose of sending the
newsletter to the user.
The collection of other personal data within the
registration process serves the purpose to avoid misuse of services or the
user’s e-mail address and to improve the individual’s user experience.
4. Storage duration
Data is deleted once it is no longer necessary for its purpose following
collection. The e-mail address as well as additional optional information given
will be retained for as long as the user’s subscription to the newsletter
remains active.
Additional personal data collected during the registration process is generally
deleted after a seven-day period.
5. Objections and unsubscribe options
The subscription to the newsletter can be cancelled by the user at any stage.
For this purpose, each newsletter provides a link to unsubscribe.
VII. Registration
1. Description and scope of data processing
Our website offers users the option to register with personal data. During this
process, data is entered into the input mask and transmitted to us where it is
saved. No data will be forwarded to this parties. During registration, the user
is advised of mandatory and optional information for the provision of
service. Data entered during registration
will be used for the type of usage of our offers and saved.
Additionally, at the time of registration, the
following data is saved:
- The user’s IP address
- Date and time of registration
During the registration process, the user’s consent for the processing of data
is sought.
2. Legal basis for data processing
The legal basis for the processing of this data with user consent is covered in
Art. 6(1) lit. a in the GDPR.
If the registration serves the purpose of contract fulfilment with one of the
contractual parties being the affected user or the purpose of pre-contractual
obligations, Art. 6(1) lit. b of the GDPR applies in addition.
3. Purpose of data processing
Registration by the user is necessary for the provision of certain content and
services on our website.
4. Storage duration
Data is deleted once it is no longer necessary for its purpose following
collection. Additional personal data collected during the registration process
is generally deleted after a seven-day period.
This applies to data collected during the registration process where
registration to our website was suspended or amended.
5. Objections and deletion options
As user, you have the right to cancel the registration. Personal data about you
can be amended at any stage either on request or by yourself through the
customer account facilities.
VIII. Contact (e.g. via contact form, e-mail, telephone or social media)
1. Description of scope and processing of your data
At each contact with us, whether it is via contact from, e-mail, telephone or
social media, data provided by the user is processed in order to process the
enquiry and its further actions required according to Art.6(1) lit. b of the
GDPR. The data entry by the user can be saved and processed in a CRM (“Customer
Relationship Management System “) or similar administrative software.
Furthermore, our website provides a contact form which can be utilised to
contact us electronically. If a user chooses this form of contact, data entered
into the input mask will be transmitted to and saved by us. The data entry by
the user can be saved and processed in a CRM (“Customer Relationship Management
System“) or similar administrative software. During the completion process, the
user is advised of mandatory entry fields.
At the time of sending the message, the following details are being captured
in addition:
- The user’s IP address
- Date and time of contact
For the processing of your data, consent is
sought within the contact form process and the user is referred to this data
protection declaration.
Alternatively, contact may be made through the provided e-mail address, telephone
number or linked social media. In this case, the user’s personal data advised
with the relevant enquiry will be saved.
Regarding this process, no data shall be forwarded on to third parties. Data is
being used exclusively for the processing of the conversation.
2. Legal basis for data processing
Art. 6(1) lit. a GDPR forms the legal base for the processing of data with user
consent.
In addition, processing of data which has been transmitted via telephone,
social media or via e-mail, is covered in Art. 6(1) lit. f GDPR. If the contact
intends to enter a contractual agreement, Art. 6(1) lit. b GDPR forms an
additional legal base for the processing of personal data.
3. Purpose of data processing
The processing of personal data from user submitted data serves us exclusively
for contacting the user. In the case of contact being made by e-mail, we also
have a legitimate interest to process the data. Other processed personal data
during the sending process are to ensure misuse of the contact form and the
ongoing security of our IT systems.
4. Duration of storage
Personal data is deleted as soon as it is no longer necessary for the purpose
of its collection. For personal data collected via the input mask of the
contact form and those sent by e-mail, this is the case once the conversation
with the user has ended. The conversation has ended once circumstances indicate
that the relevant issue has been clarified or rectified and closed.
Any additional personal data collected during the sending process are deleted
within seven days.
5. Objection and deletion options
The user has the option to withdraw consent for processing of personal data at
any stage. If the user contacts us by e-mail, an objection to saving personal
data can be made at any stage. In this case, the conversation cannot be
continued from the stage of consent withdrawal.
The objection to consent of personal data processing can be directed to us at
any stage by e-mail or by post.
Any and all personal data saved during contact will be deleted in response.
IX. Comments on our blog and/or guestbook
Our page provides you with an opportunity to comment on selected content.
In doing so, your IP address of the contributor / connection owner will be
captured. This capture serves us as security in the case of the contributor
affecting a third party’s rights and / or illegal content is added. This
constitutes our legitimate interest for the saved data of the contributor,
especially as we can be found liable for such illegal actions in certain
circumstances. No data will be shared with a third party. The saved data will
not be correlated with other existing data on file.
X. Webanalysis with Google Analytics
1. Scope of personal data processing
Based on our legitimate interests (i.e. interest for analysis, optimisation and
economic operations of our online offers as per Art 6.(1) lit. f of the GDPR),
we use Google Analytics, a web analysis service by Google LLC („Google“) on our
website. Google uses cookies. The information about the usage of our online
offers by users, as generated by the cookie, are generally transmitted to a
Google server in the U.S.A. and saved there.
Google is certified with the privacy shield framework and through this offers a
guarantee to comply with the European data protection legislation. More
information about this can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google will use this information on our behalf to analyse the usage of our
online offers by users, to compile and submit reports about activities within
the online offers and to provide us with further, online offer and internet
usage related services. Processed data of users can be utilised to compile pseudonymised user profiles for this
purpose.
We use Google Analytics with an active anonymous IP. This means that the IP
address of the user will be shortened by Google within the European member
states and other countries subscribed to the European Union agreement. Only in
exceptional circumstances is the full IP address transmitted to the U.S.A. by
Google and shortened on arrival.
The user’s IP address as transmitted by the browser will not be correlated with
other Google data. Users can prevent saved cookies with the appropriate setting
in their browser software.
Please visit Google’s website for further information about data use by
Google, settings and objection options:
https://www.google.com/intl/de/policies/privacy/partners (data usage by Google)
http://www.google.com/policies/technologies/ads (data usage for advertising purposes)
http://www.google.de/settings/ads (information administration for the purpose of pop up advertising
used by Google)
2. Legal basis for processing of personal data
The legal basis for the processing of personal data of users is Art. 6(1) lit.
f GDPR.
3. Purpose of data processing
The processing of personal data of users allows us to analyse our users‘
browsing behaviour. With data gained from the evaluation, we are in a position
to compile information about the use of individual components of our website.
This assists us to improve our website and its user friendliness on a
continuous basis. In this regard, we have a legitimate interest in the
processing of data as per Art. 6(1) lit. f GDPR. Using anonymous IP addresses
satisfies the use’s rights for the protection of personal data.
4. Duration of storage
Analysis data is being deleted as soon as it is no longer necessary. We assess
the metrics for every two years; additionally, legal archiving duties and
regulations apply.
5. Objections and deletion options
Cookies are saved on the user’s device and transmitted to us from there. As
user, you therefore have full control over the use of cookies. By adjusting the
settings on your browser, you can reduce or deactivate the use of cookies at
any stage. Saved cookies can be deleted at any time. This can also be arranged on an automated
basis. If cookies are deactivated for our website, you may no longer be able to
use all functions of the website. Users can also prevent the capture of data
via the cookie and their data about usage of the online offers by Google as
well as the processing of such data by Google by following the below link and
downloading and installing the browser plug in contained herein: http://tools.google.com/dlpage/gaoptout?hl=de
XI. Marketing Services & Social Plugins
1. Google-Re/Marketing Services
On the basis of our legitimate interest (i.e. analysis, optimisation and
operations of our company), we may use the Marketing and remarketing services
(in short „Google Marketing Services“) of Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA, („Google“) as per Art. 6.(1) lit. f. GDPR).
Google is certified with the privacy shield framework and through this offers a
guarantee to comply with the European data protection legislation. More
information about this can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google Marketing Services allow us to display advertisement for and on our
website in a more targeted manner, with the aim of showing the user advertisements
in line with the user’s interest. If a user is shown an advertisement for a
product, having expressed an interest for same on a different website, the term
remarketing applies. For this purpose, upon visiting our and other websites with
activated Google Marketing Services, Google initiates a code and so called
(re)marketing tags will be added to the website. These are invisible graphics or
code, also called pixel tags which allow the downloading of a cookie or
comparable technology, i.e. a small file. Cookies can be installed by a variety
of domains including google.com, doubleclick.net, invitemedia.com, admeld.com,
googlesyndication.com or googleadservices.com. This file monitors which
websites the user visits, which content is of interest and which offers were
clicked on as well as technical information about the browser and operating
system, linking websites, duration of visit and further details about the usage
of online content. The user’s IP address
is also captured and we can advise that IP addresses within the European Union
or other participating countries within the agreement of the European Economic
Area are transmitted in shortened version and only in exceptional circumstances
transmitted in full to a Google Server in the U.S.A. where the shortening will
then take place upon transmission. The IP address will not be correlated with
other personal data of the same person from other Google offers. The above
mentioned information can be compiled by Google by accessing alternative
sources. When the user visits other websites, advertisements can be displayed
according to the identified interests of the user.
Within Google Marketing Services, user data is processed under pseudonyms,
i.e. Google saves and processes e.g. not the name or e-mail address of the user
but instead the relevant data captured by cookies under pseudonymised user
profiles. This means that from Google’s perspective, personal data is not saved
and displayed for any one identifiable person but for the owner of the cookie,
regardless of who the owner is. This is not valid if a user has given express
consent to Google to process this data without the need for pseudonymisation.
Information about the user collected by Google Marketing Services are
transmitted to Google and saved on Google’s servers in the U.S.A.
One of the Google Marketing Services used by us is the online advertising application
“Google AdWords“. In this application, each AdWords customer receives an individual
conversion cookie. Cookies can therefore not be tracked through the AdWords
client websites. The information collected in this manner serves to compile
conversion statistics for AdWords clients who chose conversion tracking.
AdWords clients receive the overall number of users who clicked on their
advertisement and who were referred to a page fitted with a conversion tracking
tag. No personal identifying information about the user is received by the
client. The Google Marketing Service AdSense allows us to offer third party
advertisements. AdSense uses cookies which allow Google and its partner
websites the display of advertisements based on user visits on this and other
websites.
Furthermore, we can use the Google Tag Manager to utilise and administer Google
analysis and marketing services on our website.
More information about the use of data by Google for marketing purposes can
be found here: https://www.google.com/policies/technologies/ads Google‘s Data Use declaration can be viewed here: https://www.google.com/policies/privacy
If you wish to object to the use of data related to your interests for
marketing purposes by Google, please use the opt in options and settings as
provided by Google: http://www.google.com/ads/preferences.
2. Facebook-Pixel, Custom Audiences and Facebook Conversion
Based on our legitimate interest for analysis, optimisation and economical
operations of our online services, our online offers may use the so called
Facebook pixel of the social media Facebook which is operated by Facebook Inc.,
1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU,
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2,
Ireland.
Facebook is certified by the Privacy Shield Framework and provides a guarantee
to abide by European Data Protection Regulations: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
The processing of data by Facebook is carried out within Facebook’s Data Usage
guidelines. For general information about the display of Facebook ads, please
see Facebook’s Data Usage guidelines here: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its
functionality is available within Facebook’s Help section: https://www.facebook.com/business/help/651294705016616.
You have the right to object to data capture by the Facebook pixel and the use
of your data for the purpose of targeted advertising. To change your settings
and decide which type of advertisements can be displayed to you within Facebook,
please click the following link to follow the guide on how to change settings
for user based advertising: https://www.facebook.com/settings?tab=ads. These settings are not platform specific and apply to your Facebook
profile on all devices such as desktop, mobile devices etc.
You have the right to object to the use of cookies for the purposes of
measuring reach and advertising by visiting the deactivation page of the
network advertising initiative (http://optout.networkadvertising.org), also via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices).
3. Google Translate
To allow you to use our websites in other languages, we may offer you the
option to activate Google Translate. In line with data protection regulations,
we have deactivated Google Translate on our pages as a default setting. The
relevant text “Choose Language“ is therefore highlighted in grey. In this
default setting, no data is transmitted to Google. Once you click on the text
to activate Google Translate, transmission of data to Google commences. This
data includes the URL of the relevant visited page as well as your IP address.
Please note that we do not have any authority or influence in relation to the
use of your data by Google. Please find the relevant data protection
information by Google products at https://www.google.com/intl/de/policies/.
4. Online presence in social media
We maintain an online presence within several social networks and platforms to
communicate and interact with customers, interested parties and users who are
active on the relevant platforms about our available services. When visiting
networks and platforms, the terms, conditions and data usage guidelines of the
relevant operators apply. If not specifically stated otherwise in our data use
declaration, we process data of users who communicate with us through social
networks and platforms, including contributions in form of comments or articles
as well as private messages.
XII. Embedding of third party services and content
Our online services, based on our legitimate interest (i.e. the interest in
analysis, optimisation and economical operations of our online offers as per
Art. 6(1) lit. f. GDPR), may include content or service offers of third parties
in order to embed their content or services such as videos or font types
(referred to as „Content“ in the following).
Said third party provider requires the user’s IP address in order to transmit
the content to the browser. The transmission of your IP address is therefore a
necessary requirement for access to this content. We endeavour to only use such
content whose providers use the IP address only for the delivery of relevant
content. Third parties can also use so called pixel tags which are invisible
graphics for statistical or marketing purposes. Pixel tags allow the evaluation
of information such as site traffic figures. This pseudonymised data can be
saved on to the user’s device and can contain technical information about the
browser and operating system, linked websites, visiting statistics and further
details about the usage of our online service. This information can also be correlated
with information from other sources.
1. Embedding of Google Maps
(1.1) This website uses the
services of Google maps. This allows us to show you interactive maps directly
embedded into the website and ensure an easy access and comfortable use of the
maps for you.
(1.2) When visiting the website, Google receives the information that you
accessed the relevant subsection of our website. Additionally, data as defined in
Art. 3 of this declaration is transmitted, regardless of Google providing a
user account via which you are logged in or if there is no user account. Once
logged into Google, your data is allocated directly to your account. If you do
not wish the allocation of data to your profile, you will need to log out prior
to the button activation. Google saves your data as usage profile and utilises
data for the purpose of advertising, market research and/or user related design
of its website. Such an analysis occurs specially to bring you relevant
advertising and to advise other social network users of your activity on our
website, regardless of you being logged in or not. You have the right to object
to the development of your user profile. Please contact Google directly to
arrange this.
(1.3) Further information for the purpose and scope of data capture and
processing via the plug in provider is available in the provider’s data
protection declaration. You will also be able to access further information
relating to your rights and setting options for the protection of your privacy
here: http://www.google.de/intl/de/policies/privacy. Google processes your personal data in the U.S.A.
also and has subscribed to the EU – US Privacy Shield Framework https://www.privacyshield.gov/EU-US-Framework.
Opt-Out: https://adssettings.google.com/authenticated.
2. Vimeo
We embed videos of the platform „Vimeo“ by provider Vimeo Inc., Attention:
Legal Department, 555 West 18th Street New York, New York 10011, USA. Please
see their data protection declaration here: https://vimeo.com/privacy.
3. YouTube
We embed videos of the platform „YouTube“ by provider Google LLC, 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA. Please see their data
protection declaration here: https://www.google.com/policies/privacy,
Opt-Out: https://adssettings.google.com/authenticated.
4. Google Fonts
We embed font types ("Google Fonts") by provider Google LLC, 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA.
Please see their data protection declaration here: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.
5. Google ReCaptcha
We embed the function for the recognition of bots e.g. at entry in online ("ReCaptcha")
by provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA.
Please see their data protection declaration here: https://www.google.com/policies/privacy/,
Opt-Out: https://adssettings.google.com/authenticated.
6. jQuery
We use Ajax and jQuery technologies to optimise loading speeds amongst other
functions on this website. In order to do so, Google server programme libraries
are accessed and Google’s CDN (content delivery network) used. If you had
needed jQuery on another Google CDN page previously, your browser will access
the previously filed copy in your cache. If this does not apply, a download is
required during which data from your browser will be transmitted to Google.
Your data will then be transmitted to the U.S.A. More information is available
on the pages of your provider. Please see their data protection declaration
here: https://www.google.com/policies/privacy/
The external code of the JavaScript framework
„jQuery“ is provided by third party provider jQuery Foundation: https://jquery.org.
7. Google Calendar
For this embedded diary, we use the relevant service by Google LLC, registered
at Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Please see
here for Google Inc.‘s data protection declaration: https://www.google.com/intl/de/policies/privacy/.
8. Adobe Flash
Within our online services, so called Adobe Flash technologies by Adobe can be
utilised, accessing Flash Player as installed on your device where appropriate.
During this process, System Shared Objects (or "Flash Cookies") may
be embedded. These can be administered and deleted where appropriate by
accessing the settings for cookies and rules about cookies. Flash cookies are
browser independent, meaning that users can still be identified when using a
different browser as long as the same device is being used.
In any case, you can control and delete Flash Cookies if applicable, using
the setting managers of your Flash Player. Further advice about how to change
settings in the settings manager can be found here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html
9. Smartlook
To improve our website, we use the analysis tool “Smartlook“ by Smartsupp.com,
s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic which allows anonymous
evaluation of the use of zalvus.com. Anonymous usage protocols are saved
according to legal requirements and automatically deleted after three days.
Further information is available within Smartsupp’s data protection
declaration: https://www.smartsupp.com/privacy
10. Use of social media plugins
(9.1) For social media
plugins, we use the so called two click solution which means that when you
visit our page for the first time, no personal data is forwarded to the plugin
providers. The provider of the plugin can be recognised by its first initial or
logo. We provide the option for you to communicate directly with the provider
by selecting the logo box. Only if you click and activate the marked button
will the provider receive the information that you visited the relevant website
of our online services. Additionally, the data as outlined in Art. 3 of this
declaration will be transmitted. In the case of Facebook and Xing, according to
their German offices, the IP address is anonymised immediately after capture.
Activating the plugins also transmits your personal data to the relevant plugin
provider and saved there (in the U.S.A. for US providers). As the plugin
provider captures data particularly through cookies, we would recommend you to
delete all cookies in your security settings prior to clicking onto the grey filled
box.
(9.2) We have no authority or influence over the captured data and data
processing protocols, neither are we aware of the full extent of data capture,
purpose or storage duration, neither do we have any information in relation to
deletion of the captured data by the plugin provider.
(9.3) The plugin provider saves the data captured about you as a usage
profile which is utilised for the purpose of advertising, market research
and/or user related design of their website. This analysis serves in particular
to select relevant advertising, even if the user is not logged in, as well as
to inform other users of the social network about your activity on our website.
You have a right to object against the creation of these user profiles. Please
contact the relevant plugin provider directly in order to action this. Through
plugins, we allow you to interact with social networks and other users and
therefore improve the relevance and presentation of our services. The legal
basis for the use of plugins is included in Art. 6(1) S. 1 lit. f GDPR.
(9.4) The forwarding of data is actioned regardless of you having an
account with the plugin provider or whether you are logged in. When you are
logged in with the plugin provider, the data we capture is automatically
allocated to your existing account with the plugin provider. Once you click and
activate the button and e.g. link to the site, the plugin provider saves this
information within your user account and shares it with your contacts. We
recommend that you routinely log out after use of social networks, in
particular however prior to activating the plugin button to avoid the
allocation of data to your profile with the plugin provider.
(9.5) Further information about the purpose and scope of the capturing and
processing of data by the plugin provider can be accessed in the following data
protection declarations of the relevant plugin providers. Further information
about your rights and setting options for the protection of your privacy are
also discussed here:
(9.6) Addresses of the relevant plugin providers and URL for their data
protection advice:
Facebook Inc., 1601 S California Ave, Palo Alto, California
94304, USA; http://www.facebook.com/policy.php; further information about data capture: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications or http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has subscribed to the EU-US Privacy
Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview,
California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has subscribed to the EU-US Privacy
Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco,
California 94103, USA; https://twitter.com/privacy. Twitter has subscribed to the EU-US Privacy
Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
T3N, yeebase media GmbH, Kriegerstr. 40, 30161
Hannover, Deutschland; https://t3n.de/store/page/datenschutz.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View,
California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has subscribed to the EU-US Privacy
Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
Flattr Network Ltd. Registered at 2nd Floor, White Bear Yard 114A,
Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Great Britain; https://flattr.com/privacy.
Instagram, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Instagram’s
Data protection declaration: http://instagram.com/about/legal/privacy/
Pinterest, Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
Pinterest‘s Data protection declaration: https://about.pinterest.com/de/privacy-policy.
Immobilien Scout 24, Immobilien Scout GmbH, Andreasstr. 10, 10243
Berlin, Deutschland. ImmobilienScout’s data protection declaration: https://www.immobilienscout24.de/agb/datenschutz.html
Tripadvisor, Tripadvisor Inc., 141 Needham Street, Newton, MA
02464, USA
Tripadvisor‘s data protection declaration: https://tripadvisor.mediaroom.com/DE-privacy-policy
Whatsapp, WhatsApp Inc. 650 Castro Street, Suite 120-219 Mountain View, California,
94041 USA. An overview of the WhatsApp-Plugins can be accessed here: www.whatsappbrand.com. WhatsApp’s data protection declaration: www.whatsapp.com/legal.
If you do not wish for your
visits to our pages to be recorded in your WhatsApp user account by Whatsapp,
please log out of your WhatsApp user account.
XIII. Rights of affected persons
If personal identifying data about you is being processed, you are an affected
person as per the GDPR and you then have the following rights in respect of the
responsible person:
1. Right to information
You can request confirmation of the responsible person, whether personal
identifying data in regards to your person is processed by us.
If such processing is applicable, you have the right to information from
the responsible person about the following:
The purposes for which the
personal identifying data is being processed;
- The categories of personal identifying data which
is being processed;
- The recipients or categories of recipients with
past, present or future access to the personal identifying data related to
you;
- The scheduled duration of storage for personal
identifying data related to you. If exact dates are unavailable in this
respect, criteria for the duration of storage duration will suffice;
- The right to request correction or deletion of
personal identifying data related to you and the right to request
restricted processing by the responsible person and to object the
processing by the responsible person.
- About the right to complain through the
regulatory authority;
- All available information in relation to the
source of the data, if the personal identifying data was not captured
through the affected person;
- About the existence of automated decision making
including profiling as per Art. 22(1) and (4) GDPR and – at least in these
cases- meaningful information as to the logic, scope and targeted results
of such a process for the affected person.
You have the right to request information
whether the personal identifying data related to you is being transmitted to a
different country or an international organisation. In this respect, you can
request to be advised of the relevant guarantees as per Art. 46 GDPR concerning
the transmission.
2. Right to correction
You have the right to request correction and / or completion by the responsible
person where the processed personal identifying data relating to you is
incorrect or incomplete. The responsible person has the obligation to action
the correction immediately.
3. Right to restricted use for processing
You can request restricted processing of personal identifying data relating to
you in the following circumstances:
- If you dispute the accuracy of personal
identifying data relating to you for a period of time in order to allow
the responsible person to verify the relevant personal data;
- If the processing is illegal and you decline the
deletion of your personal data and request the restriction of processing
of your personal data instead;
- If the responsible person no longer requires
personal identifying data relating to you, however you still require them
for the purpose of legal assertion, exercise or defence in legal disputes
or
- If you objected against the processing as per Art.
21 1 GDPR and a decision on the legitimate reasons of the responsible
person remains pending insofar that a decision whether the responsible
person’s legitimate reasons outweigh your reasons has not been reached yet.
If the processing of personal identifying data
relating to you has been restricted, aside from storage, it may only be
processed with your consent or to enforce, transact or defend legal
entitlements of another individual or judiciary person or on grounds of
important public interest of the union or one of its member states.
If the restriction of processing was carried out based on the above mentioned
conditions, the responsible person will notify you prior to the restriction
being lifted.
4. Right to deletion
a) Duty to delete
You can request immediate deletion of personal identifying data relating to you
from the responsible person. The person responsible is legally obliged to
immediately delete the data, if one of the following reasons is applicable:
- The personal identifying data relating to you is
no longer necessary for the purpose of its capture or other processing.
- You remove your consent for the processing as per
Art. 6(1) lit. a or Art. 9(2) lit. a GDPR and no other legal basis for
processing is applicable.
- You object against the processing as per Art. 21(1)
GDPR and no other overriding reasons are applicable for the processing or
you object against the processing as per Art. 21(2) GDPR.
- The personal identifying data relating to you was
processed illegally.
- The deletion of personal identifying data
relating to you is required to comply with a legal obligation as per union
rights or the rights of one of its member states to which the responsible
person is subject to.
- The personal identifying data relating to you was
captured in relation to offered services of the information society as per
Art. 8(1) GDPR.
b) Information to third parties
Where the responsible person has made personal identifying data relating to you
publicly accessible and is obliged to delete said data as per Art. 17(1) GDPR,
all reasonable measures must be taken, in consideration of available
technological and implementation costs, including the type of technology, to
advise the persons responsible for the processing of your personal identifying
data of your request to delete all links, copies or replications to this
personal identifying data.
c) Exceptions
The right to deletion is not applicable when processing of the data is
necessary
- To exercise the right to freedom of speech and
information;
- To fulfil a legal obligation requiring the
processing as per the laws of the union or one of its member states of
which the responsible person is subject to, or to fulfil a task which
serves public interest or public authority as transferred to the
responsible person.
- For reasons of public interest in the area of
public health as per Art. 9(2) lit. h and i as well as Art. 9(3) GDPR;
- For archiving purposes in the public interest,
scientific or historical research purposes or for statistical purposes as
per Art. 89(1) GDPR, as well as per section a named right is expected to
make the achievement of the goals of this processing impossible or hinders
same, or
- To enforce, exercise or defend legal
entitlements.
5. Right to information
If you have activated the right to correction, deletion or restriction of the processing
with the responsible person, the responsible person is responsible to notify
all recipients of your personal identifying data of the correction, deletion or
processing restriction, unless this proves to be impossible or is associated
with a disproportionate effort.
You have the right to be advised of such recipients by the responsible person.
6. Right to transferability
You have the right to receive the personal identifying data relating to you, as
provided to the responsible person, in a structured, established and machine
readable format. Furthermore, you have the right to transfer this data to
another responsible person, without hindrance by the responsible person who
initially received your data, as long as
- The processing is either based on consent as per Art.
6(1) lit. a GDPR or Art. 9 2 lit. a GDPR or on a contract as per Art. 6(1)
lit. b GDPR and
- The processing is actioned by automated processes
When activating this right, you furthermore have
the right to request for personal identifying data relating to you to be
transferred directly from one responsible person to another responsible person
where it is possible to do so. Freedom and other rights of any other person may
not be infringed in this process.
The right to transferability is not
applicable for the processing of
personal identifying data which is necessary for the fulfilment of a task, is
in the public interest or public authority as transferred to the responsible
person.
7. The right to withdraw
You have the right to withdraw your consent or object against the processing of
personal identifying data relating to you at any stage on the grounds of your
particular circumstances as per Art. 6(1)
lit. e or f GDPR; this also applies to profiling based on these regulations.
In this case, the responsible person no longer processes the personal
identifying data relating to you unless compelling reasons worthy of protection
apply for the processing which outweigh your interests, rights and freedom or
where the processing serves the enforcement, exercising or defence of legal
entitlements.
Where personal identifying data relating to you is processed for the purpose of
direct advertising, you have the right to withdraw your consent from processing
your personal identifying data for the purpose of such advertising at any time;
this also applies for profiling when in connection with such direct
advertising.
Once you withdraw your consent for the processing for purposes of direct
advertising, such personal identifying data is no longer used for that purpose.
By using the information society’s services, you
have the option to exercise your right to withdraw via automated processes
which use technical specifications, regardless of guideline 2002/58/EG.
8. Right to withdraw your consent declaration as per data protection
regulation
You have the right to withdraw your consent
declaration as per the data protection regulation. By withdrawing your consent
declaration, the legal grounds for the processing of data up until the time of
withdrawal is not affected.
9. Individual automated decision making including profiling
You have the right not to be subjected to a decision making process, including
profiling, based solely on automated mechanisms where it removes or partially
removes your rights or affects you significantly in a similar manner. This does
not apply in cases where
- It is necessary for the completion or fulfilment
of a contract between you and the responsible person,
- It is admissible based on legislation of the
union or its member states for which the responsible person is subject to
and where these regulations provide for the safeguarding of your rights,
freedom and legitimate interests
- The process is carried out with your express
consent.
Please note that these decisions cannot be
formed on the grounds of special categories of personal identifying data as per
Art. 9(1) GDPR, unless Art. 9(2) lit. a or g GDPR apply and appropriate
safeguards for the protection of freedom and rights as well as your legitimate
interests are in place.
In relation to the aforementioned cases (1) and (3), the responsible person puts
in place appropriate safeguards to protect the rights, freedom and legitimate
interests, including the right to intervention by a person, the right to voice
one’s own perspective and the right to object to the decision.
10. Right to complain to the regulatory authority
Where no other legal administrative proceedings or judicial reviews apply, you
have the right to complain to a regulatory authority, particularly in the
member state of your residence, your place of work or the place of the alleged
violation if you are of the opinion that the processing of the personal
identifying data relating to you is in violation with the GDPR.
XIV. Contracted processor
We use the services of external providers
(contracted processor) e.g. for the dispatch of goods, newsletters or payment
transactions. We subscribed to an agreement with the service provider
separately in relation to the processing of personal data to ensure the
protection of your personal identifying data.
We work with the following service providers:
Data Center &
Domain and Web Services, Marketing and PR Services
Jegasoft Media e.K., Berliner Chaussee 20, 15907 Lübben, Deutschland.
Privacy Policy: www.jegasoft.de/datenschutz.