DATA PROTECTION

LEGAL MATTERS

Thank you for visiting our homepage and for your interest in our company. We attach great importance to the protection of your data. Our website can be used without any provision of personal data. However, processing personal data could become necessary if a user wishes to use the company’s special services via this website. We shall generally obtain the consent of the data subject if the processing of personal data is necessary and there is no legal basis for such processing.

You may revoke your consent at any time with effect for the future. You will find the necessary contact details of the responsible persons at the end of this privacy policy. The personal data (name, address, e-mail address or telephone number) of a user of this website shall, at all times, be processed based on the General Data Protection Regulation and in accordance with the applicable national data protection regulations. In this data protection policy, DI Hotel Chemnitz Nr. 30 GmbH & Co. KG publicly provides information about the type, purpose and scope of the personal data it processes. In addition, data subjects are informed in this data protection policy about the rights to which they are entitled.

This data protection policy uses the following terms, which were defined when the EU General Data Protection Regulation was adopted. These terms are explained here to keep the data protection policy simple and understandable.

Personal data – in accordance with Article 4(1) GDPR this is:

Any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Any identified or identifiable natural person whose personal data are processed by the controller.

Processing – in accordance with Article 4(2) GDPR this is:

Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

The marking of stored personal data with the aim of limiting their future processing.

Profiling – in accordance with Article 4(4) GDPR this is:

Any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Pseudonymisation

The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information provided such additional information is kept separately and is subject to technical and organisational measures, which ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller – in accordance with Article 4(7) GDPR this is:

The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Recipient

A natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

Third parties

A natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Processor – in accordance with Article 4(8) GDPR this is:

A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Consent – in accordance with Article 4(11) GDPR this is:

Any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Name and address of the person responsible for the processing:

DI Hotel Chemnitz Nr. 30 GmbH & Co. KG
Kölnstrasse 91
D-52351 Düren
E-mail: info@co56.de
Internet: www.co56.de

Registration on our website

The data subject has the option of registering on the data controller’s website by providing personal data. The personal data forwarded to the data controller in the process is determined by the respective entry window used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for their own purposes. The responsible party may arrange for the data to be forwarded to one or more processors, for example a mailing service provider that will also use the personal data exclusively for an internal use attributable to the responsible party.

By registering on the data controller’s website, the IP address assigned by the data subject’s internet service provider (ISP), the date and the time of registration are also stored. This data are stored against the background that only in this way can the misuse of our services be prevented and, if necessary, this data facilitates the clarification of criminal offences that have been committed. In this respect, the storage of this data is necessary to safeguard those responsible. As a matter of principle, such data are not forwarded to third parties unless there is a legal obligation to do so or the forwarding serves the purpose of criminal prosecution.

The registration by the data subject by voluntarily providing personal data enables the data controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or have it completely erased from the data stock of the controller. The controller shall provide any data subject at any time, upon request, with information about what personal data is stored about the data subject. Furthermore, the controller shall rectify or erase personal data at the request or notice of the data subject provided that this does not conflict with any statutory storage obligations. All the controller’s employees are available to the data subject as contact persons in this context.

Subscription to our newsletter

On our website, users are given the opportunity to subscribe to our hotel’s newsletter. The personal data forwarded to the controller when the newsletter is ordered is specified in the entry window used for this purpose. c/o56 informs its customers and business partners at regular intervals by means of a newsletter about company offers. Our company’s newsletter can essentially only be received by the data subject, if

  1. The data subject has a valid e-mail address, and

  2. The data subject registers for the newsletter mailing.

For legal reasons, a confirmation e-mail is sent to the e-mail address registered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail is aimed at verifying whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.

When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration as well as the date and time of registration, which is assigned by the internet service provider (ISP). Collecting such data is necessary to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves the legal protection of the responsible body.

The personal data collected in the context of a registration for the newsletter are used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter service or changes in the technical circumstances. No personal data collected as part of the newsletter service shall be forwarded to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter dispatch, can be withdrawn at any time. A corresponding link can be found in each newsletter for the purpose of withdrawing consent. Furthermore, customers can unsubscribe from the newsletter mailing directly on the website of the responsible party at any time or inform the responsible party of this in another way.

Newsletter tracking

The c/o56 newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails that are sent in HTML format in order to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, c/o56 may see if and when an e-mail was opened by a data subject, and which links contained in the e-mail were called up by the data subject. Such personal data collected via the tracking pixel contained in the newsletters are stored and analysed by the responsible party to optimise the newsletter dispatch and to better adapt the content of future newsletters in line with the data subject’s interests. This personal data shall not be forwarded to third parties. Data subjects are entitled at any time to withdraw the separate declaration of consent given in this regard via the double opt-in procedure Following withdrawal, such personal data shall be deleted by the responsible office. The responsible body automatically interprets a cancellation of the receipt of the newsletter as a withdrawal.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all resulting personal data (name, enquiry) shall be stored and processed by us for the purpose of processing your enquiry. We shall not forward such data without your consent.

Such data shall be processed on the basis of Article 6, sub-section 1, Point b, GDPR, provided your enquiry is associated with executing a contract or is necessary to adopt pre-contractual measures. In all other cases, the processing shall be based on our justified interest in the effective processing of the enquiries directed to us (Article 6, sub-section 1, Point f, GDPR) or your consent (Article 6, sub-section 1, Point a, GDPR) provided this was requested.

We shall retain the data you have forwarded to us in the contact questions until you ask us to delete such data, withdraw your consent to the storage of such data or the purpose for the data storage becomes inapplicable (e.g. once the processing of your enquiry has been completed). This does not affect compulsory statutory provisions – in particular statutory storage periods.

Data forwarding from forms

The data subject has the option of registering on the data controller's website by providing personal data for data forwarding via forms. The personal data forwarded to the data controller responsible for the processing is determined by the respective entry window used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller responsible for the processing and for their own purposes. As a matter of principle, data forwarded from forms is encrypted.

The controller responsible for the processing may arrange for the data to be forwarded to one or more processors (for example a parcel service provider that will also use the personal data exclusively for an internal use attributable to the party responsible for the controlling).

The data forwarding on the controller's website also saves the IP address assigned by the internet service provider (ISP) of the data subject, the date as well as the time of the forwarding. This data are stored against the background that only in this way can the misuse of the offered services be prevented and, if necessary, this data facilitates the clarification of criminal offences that have been committed. In this respect, the storage of such data is necessary to protect the data controller. As a matter of principle, such data are not forwarded to third parties unless there is a legal obligation to do so or the forwarding serves criminal or legal prosecution purposes.

Entries of the data subject by voluntarily providing personal data enables the controller responsible for the processing to offer the data subject content or services which, due to the nature of the matter, can only be offered to these users. Such data shall be processed on the basis of Article 6, sub-section 1, Point b, GDPR, provided your enquiry is associated with executing a contract or is necessary to adopt pre-contractual measures. In all other cases, the processing shall be based on our justified interest in the effective processing of the enquiries directed to us (Article 6, sub-section 1, Point f, GDPR) or your consent (Article 6, sub-section 1, Point a, GDPR) provided this was requested.

We shall retain the data you have forwarded to us in the contact questions until you ask us to delete such data, withdraw your consent to the storage of such data or the purpose for the data storage becomes inapplicable (e.g. once the processing of your enquiry has been completed). This does not affect mandatory statutory provisions, in particular statutory retention periods

Contact

Personal data shall also be processed by DI Hotel Chemnitz Nr. 30 GmbH & Co. KG if you provide them of your own accord. This applies, for example, every time you contact us. We shall, of course, use the personal data forwarded in this way exclusively for the purpose for which you provide such data when contacting us. Any communication of this information applies expressly on a voluntary basis and with your consent. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via such a communication channel, where necessary, to respond to your request.

Internet Booking Engine / bookNG booking system

On our website you have the option of making a reservation via bookNG. Booking Engine is a service of Next Gen Opti Ltd, Unit 4 Langham, Barn Business Centre, by way of which you have the option of making reservations. An entry window will open if you click on the corresponding button. You can enter your reservation data there. Next Gen Opti Ltd shall process the data you enter on our behalf. This may be the following data: First and last name, credit card details, address, telephone numbers, date of birth.

Your personal data shall then be used to process your booking and shall be deleted once the legal storage periods have expired.

We receive anonymised aggregated statistical data from Next Gen Opti Ltd, e.g. country statistics, agency reports and sales reports, which are aimed at improving our services. Use of Next Gen Opti Ltd. is based on Article 6(1), Point f, GDPR. It occurs in the legitimate interest of a customer-friendly booking possibility of our services, and to subsequently honour your reservation in accordance with Article 6(1), Point b, GDPR.

Data protection provisions on the use and application of The Hotels Network S.L.P.

The controller uses products of the company The Hotels Network, S.L.P. GmbH, Muntaner 262, 3°, 08021 Barcelona, Spain. The processing of data with 'BenchDirect' by The Hotels Network is, at all times, GDPR-compliant and subject to commissioned data processing in accordance with Article 28 GDPR. The personal data processed with BenchDirect are processed exclusively on an anonymous basis. The data are processed exclusively within the EU. For further information about data protection, please see the details on the manufacturer’s website:https://www.thehotelsnetwork.com/de/privacy-policy

Data forwarding to payment providers

Your data shall only be forwarded via secure SSL encryption to the payment provider you select during the ordering process for the purpose of payment processing. Forwarding your data to the payment provider is based on Article 6(1), Point a, GDPR (Consent) and Article 6(1), Point b, GDPR (Processing to enter into a contract). You have the option of withdrawing your consent to data processing at any time. Withdrawal does not affect past data processing operations.

Payment by Visa, Mastercard, American Express

If you pay by credit card, the payment will be processed by the payment provider Concardis GmbH, Helfmann-Park 7, D-65760 Eschborn, Germany. The data required for this (card number, validity and verification number) are forwarded to the payment provider in encrypted form and cannot be viewed by the website operator. Electronic payment by credit card is PCI-DSS certified and offers the customer the highest possible data security.

Links to other websites

This website contains links to other websites (so-called external links). DI Hotel Chemnitz Nr. 30 GmbH & Co. KG is responsible as a provider for its own content in accordance with the applicable European and national legal regulations. Links to content provided by other providers are to be distinguished from such own content. We do not exert any influence on whether or not the operators of other websites comply with the applicable European and national legal provisions. Please refer to the data protection policies provided on the respective website for more information. DI Hotel Chemnitz Nr. 30 GmbH & Co. KG assumes no responsibility for external content that is made available for use via links and is specifically marked, and does not adopt such content as its own. The provider of the site to which the link leads bears sole liability for illegal, incorrect or incomplete content and for damage caused by use or non-use of information.

Collection of general data and information

The website of DI Hotel Chemnitz Nr. 30 GmbH & Co. KG collects a series of general data and information with each call-up of the website by a data subject or automated system. Such general data and information are stored in the server’s log files. The following may be recorded

  1. The browser types and versions used,
  2. The operating system used by the accessing system,
  3. The website from which an accessing system arrives at our website (so-called referrer),
  4. The sub-websites which are accessed via an accessing system on our website,
  5. The date and time of an access to the website,
  6. An internet protocol address (IP address),
  7. The Internet service provider of the accessing system and
  8. Other similar data and information that are aimed at averting danger in the event of attacks on our information technology systems.

DI Hotel Chemnitz Nr. 30 GmbH & Co. KG does not draw any conclusions about the data subject when using these general data and information. Rather, this information is required

  1. To provide our website content correctly,
  2. To optimise and advertise our website content,
  3. To ensure the long-term functionality of our information technology systems and the technology of our website, and
  4. To provide law enforcement authorities with the information required for prosecution in the event of a cyber attack.

Such anonymously collected data and information are, therefore, used by DI Hotel Chemnitz Nr. 30 GmbH & Co. KG statistically on the one hand, and on the other with a view to ensuring the protection of personal data and the processing of personal data. The anonymous data in the server log files are stored separately from any personal data provided by a data subject.

Routine erasure and blocking of personal data

The controller processes and stores the data subject’s personal data only for the period of time necessary to achieve the purpose of storage or where provided for by the European directive and regulation body or other legislator in laws or regulations to which the controller is subject. If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data shall be routinely blocked or deleted in accordance with the statutory provisions.

Rights of the data subject

Right to confirmation

Every data subject has the right, as granted by the European directive and regulation body, to obtain confirmation from the controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact any employee of the controller.

Right to information

Any person concerned by the processing of personal data has the right, granted by the European directive and regulation body, to obtain at any time from the controller, free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European directive and regulation body has granted the data subject access to the following information:

  • The processing purposes
  • The categories of personal data that are processed
  • The recipients or categories of recipients to whom the personal data have been or shall be disclosed, in particular in the case of recipients in third countries or international organisations
  • Where possible, the planned duration for which the personal data shall be stored or, if this is not possible, the criteria for determining this duration
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject by the controller or to object to such processing
  • The existence of a right of appeal to a supervisory authority, if the personal data are not collected from the data subject: Any available information about the origin of the data
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information about the appropriate safeguards in relation to the forwarding. If a data subject wishes to exercise this right of access, he or she may contact an employee of the controller at any time.

Right to rectification

Every person affected by the processing of personal data has the right granted by the European directive and regulation body to demand the immediate rectification of any inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact an employee of the controller.

Right to erasure (right to be forgotten)

Any person concerned by the processing of personal data has the right, granted by the European directive and regulation body, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not required:

  • The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
  • The data subject withdraws the consent on which the processing was based in accordance with Article 6(1), Point a, GDPR, or Article 9(2), Point a, GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Article 21(1), GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21(2), GDPR.
  • The personal data have been processed unlawfully.
  • The personal data are to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1), GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by DI Hotel Chemnitz Nr. 30 GmbH & Co. KG, he or she may, at any time, contact any employee of the controller. The employee of DI Hotel Chemnitz Nr. 30 GmbH & Co. KG shall arrange for the deletion request to be complied with immediately.

If the personal data was collected by the DI Hotel Chemnitz Nr. 30 GmbH & Co. KG has been made public and our company is obligated to delete the personal data in accordance with Article 17(1), GDPR, DI Hotel Chemnitz Nr. 30 GmbH & Co. KG shall implement appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform other data controllers which process the published personal data that the data subject has requested from those other data controllers the erasure of all links to the personal data or to copies or replications of the personal data, unless the processing is necessary. The employee of DI Hotel Chemnitz Nr. 30 GmbH & Co. KG shall arrange the necessary action in individual cases.

Right to restriction of processing

Any person concerned by the processing of personal data has the right, granted by the European directive and regulation body, to obtain from the controller the restriction of processing where one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs such data for the assertion, exercise or defence of legal claims.
  • The data subject has objected to the processing in accordance with Article 21(1), GDPR, and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
  • If one of the aforementioned preconditions applies, and a data subject wishes to request the restriction of personal data stored by DI Hotel Chemnitz Nr. 30 GmbH & Co. KG, he or she may, at any time, contact any employee of the controller. The employee of DI Hotel Chemnitz Nr. 30 GmbH & Co. KG will arrange the restriction of the processing.

Right to data portability

Every data subject concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided the processing is based on consent in accordance with Article 6(1), Point a, GDPR, or Article 9(2), Point a, GDPR, or on a contract in accordance with Article 6(1), Point b, GDPR, and the processing is performed by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising the right to data portability in accordance with Article 20(1), GDPR, the data subject shall have the right to obtain the direct transfer of personal data from one controller to another controller where technically feasible and provided this does not adversely affect the rights and freedoms of other persons.

To assert the right to data portability, the data subject may at any time contact any employee of DI Hotel Chemnitz Nr. 30 GmbH & Co. KG at any time.

Right to object

Any person affected by the processing of personal data has the right granted by the European directive and regulation body to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which applies on the basis of Article 6(1), Point e or Point f, GDPR. This also applies to profiling based on these provisions.

DI Hotel Chemnitz Nr. 30 GmbH & Co. KG shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

If DI Hotel Chemnitz Nr. 30 GmbH & Co. KG processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data processed for such marketing. This also applies to profiling provided it is associated with such direct advertising. If the data subject objects to DI Hotel Chemnitz Nr. 30 GmbH & Co. KG processing for the purposes of direct marketing, DI Hotel Chemnitz Nr. 30 GmbH & Co. KG shall no longer process the personal data for such purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by DI Hotel Chemnitz Nr. 30 GmbH & Co. KG for scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1), GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may directly contact any employee of DI Hotel Chemnitz Nr. 30 GmbH & Co. KG or another employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject is free to exercise his or her right to object by automated means using technical specifications.

Automated decisions in individual cases, including profiling

Any person concerned by the processing of personal data shall have the right, granted by the European Parliament and the Council, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision

  1. Is not required to enter into or execute a contract concerning him or her, or
  2. Is authorised by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
  3. Applies with the express consent of the data subject.

If the decision

  1. Is necessary for entering into, or the execution of, a contract between the data subject and the data controller, or
  2. It is made with the explicit consent of the data subject,

DI Hotel Chemnitz Nr. 30 GmbH & Co. KG shall adopt suitable measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a data subject on the part of the responsible person, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact any employee of the controller.

Right to withdraw consent in accordance with data protection law

Any person affected by the processing of personal data has the right granted by the European directive and regulation body to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

Data protection provisions on the application and use of Google Maps

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "Cookies", text files that are stored on your computer and which facilitate an analysis of how you use the website. The information created by the cookie about how you use this website is normally transferred to a Google server in the USA and stored there. However, in the case of the IP anonymization on this website, your IP address will be shortened by Google before it is transmitted. This applies within the member states of the European Union or in other signatory states to the European Economic Area. Only in exceptional cases will the entire IP address be sent to a Google server in the USA and shortened there. By order of the operator of this website, Google shall use this information to evaluate your use of the website, to put together reports on the website activities and to render additional services associated with the website and internet use for the website operator. The IP address forwarded as part of Google Analytics from your browser shall not be grouped together with other data from Google.

You can prevent the storing of Cookies by making appropriate settings in your browser. However, we would like to point out that by doing so you may not be able to use the full functionality of our website. Furthermore, you can prevent the recording of the data created by the cookie and related to your use of the website (including your IP address) and forwarding to Google as well as the processing of such data by Google by downloading and installing the browser plug-in via the following link:

https://tools.google.com/dlpage/gaoptout?hl=en-GB.

This website uses Google Analytics with the "_anonymizeIp()" extension. As a result, IP addresses are processed in abbreviated form, which means that personal references can be ruled out. If the data collected about you are related to a person, this is immediately excluded and the personal data are deleted immediately.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. Google has submitted to the EU-US Privacy Shield, https:// www.privacyshield.gov/EU-US-Framework for the exceptional cases in which personal data are forwarded to the USA. The legal basis for the use of Google Analytics is Article 6(1), Sentence 1, Point a, GDPR.

Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms and conditions of use: https://policies.google.com/terms?hl=en, Data protection overview: http://www.google.com/intl/de/analytics/learn/ privacy.html, and the data protection policy: http://www.google.de/intl/de/policies/privacy.

This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

https://myaccount.google.com/

User and event level data associated with cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick Cookies, Android advertising ID, IDFA [Apple advertiser identifier]) are retained by us for 14 months before being automatically deleted.

Data protection provisions on the application and use of Google Tag Manager

Use of Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a Cookie-free domain and does not collect any personal data. The tool ensures the triggering of other tags that may, under some circumstances, collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Data protection provisions on the application and use of web fonts

This site uses web fonts from Monotype GmbH (fonts.com or fast.fonts.net) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache. For this purpose, your browser connects to the servers of fonts.com. fonts.com may log this call. This means that fonts.com will associate your IP address with our website. The use of these web fonts is in the interest of a uniform and appealing presentation. This constitutes a justified interest within the meaning of Article 6(1), Point f, GDPR.

If your browser does not support web fonts, a standard font from your computer will be used. You can find further information on fonts.com at https://www.fonts.com/info/legal and in the Fonts.com privacy policy: https://www.fonts.com/info/legal/privacy/ and in the data protection policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy/

Data protection provisions on the application and use of OpenStreetMap and Maptiler

This site uses the OpenStreetMap mapping service via an API. The provider is the OpenStreetMap Foundation, St. John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. Maptiler is a map service of Maptiler AG, Höfnerstrasse 98, Unterägeri, Zug, 6314, Switzerland. Your IP address needs to be stored to use the functions of OpenStreetMap or Maptiler. This information is usually forwarded to a server of OpenStreetMap in Great Britain and stored there. The provider of this site exerts no influence on such data forwarding. Use of OpenStreetMap and Maptiler is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a justified interest within the meaning of Article 6(1), Point f, GDPR. More information on the handling of user data can be found in the privacy statements of OpenStreetMap and Maptiler, which can be found at: Privacy Policy – OpenStreetMap Foundation (osmfoundation.org) or Privacy policy – MapTiler .

Legal basis of the processing

Article 6 I, Point a, GDPR, serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is required to execute a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I, Point b, GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I, Point c, GDPR. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 I, Point d, GDPR. Ultimately, processing operations could be based on Article 6 I, Point f, GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to perform such processing operations, in particular, because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, Sentence 2, GDPR).

Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I, Point f, GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

Duration for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. Following expiry of the period, the corresponding data are routinely deleted if they are no longer required to honour or initiate the contract.

Statutory or contractual provisions for the provision of personal data; necessity for entering into the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is, on occasion, required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information about the contractual partner). On occasion, to enter into a contract, it may be necessary for a data subject to provide us with personal data that needs to be subsequently processed by us. For example, the data subject undertakes to provide us with personal data if our company enters into a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be entered into. The data subject is required contact one of our employees before providing personal data. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Existence of automated decision-making

We refrain from using automated decision-making or profiling.

Competent supervisory authority

State Commissioner for Data Protection and Freedom of Information:
North Rhine-Westphalia
Kavalleriestrasse 2-4
D-40213 Düsseldorf
E-mail: poststelle@ldi.nrw.de
Internet: www.ldi.nrw.de
Name and address of the data protection officer:
Andreas Lüerßen | AL Datenschutz e.K.
Im Riedegrund 30 a
D-30952 Ronnenberg
E-mail: info@al-datenschutz.de
Internet: www.al-datenschutz.de

If you have any questions regarding data protection, please contact our data protection officer directly.. We reserve the right to change our privacy practices and this policy to comply with changes in relevant laws or regulations or to better meet your requirements. Any changes to our privacy practices shall be posted here. Please note the current version date of the privacy policy.