§1 information on the collection of personal data, controller, data protection officer
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour. We only process personal data of our users as far as this is necessary to provide a functional website and our contents and services.
When you visit our website, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g. whether you were able to access a website or received an error message), the use of website functions, the search terms you may have entered, the frequency with which you access individual web pages, the name of files accessed, the amount of data transferred, the website from which you accessed our website and the web page that you visit from our website, whether by clicking on links on our website or by entering a domain directly in the input field of the same tab (or window) of your browser in which you opened our website. In addition, for security reasons, in particular to prevent and detect attacks on our website or attempts at fraud, we store your IP address and the name of your Internet Service Provider for a period of seven days.
We only store other personal data if you provide us with this information, e.g. as part of registration, a contact form, a survey, a competition or to implement a contract, and in these cases only to the extent that we are permitted to do so by your consent or under the applicable legal provisions (for more information, please refer to § 2 “Legal basis of processing”).
(2) Controller in accordance with art. 4 para. 7 EU Data Protection Basic Regulation (GDPR) is Funkwerk AG, Im Funkwerk 5, D-99625 Kölleda/Thuringia, e-mail: email@example.com (see our imprint). You can contact our data protection officer at firstname.lastname@example.org or at our postal address with the addition “the data protection officer”.
§2 legal basis of processing
(1) Unless a legal basis for a processing operation is mentioned elsewhere, processing operations shall be carried out on the relevant basis specified in the following paragraphs.
(2) If you have given us your consent to process your personal data, this constitutes the legal basis for the processing (Art. 6 para. 1 letter a GDPR).
(3) Article 6 para. 1 letter b GDPR is the legal basis for processing personal data for the purpose of initiating or fulfilling a contract with you.
(4) Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g. for the storage of data), we are obliged to do so in accordance with Art. 6 para. 1 letter. c GDPR.
(5) Furthermore, we process personal data for the purpose of safeguarding our legitimate interests as well as the legitimate interests of third parties in accordance with Art. 6 para. 1 letter f GDPR. Such legitimate interests include maintaining the functionality of our IT systems, but also the marketing of our own and third-party products and services and the legally required documentation of business contacts.
§3 right of withdrawal and possibility of objection
(1) If you have given your consent to process your data, you can revoke it at any time. An informal notification by e-mail to email@example.com is sufficient for the revocation. Such a revocation influences the per-missibility of the processing of your personal data after you have expressed it to us. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(2) Insofar as we base the processing of your personal data on the weighing of interests, you can object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
§4 data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
§5 cooperation with processors
We use external service providers to handle our business transactions. These will only act in accordance with our instructions and have been contractually obliged to comply with the data protection regulations in accord-ance with Art. 28 GDPR. If personal data is passed on by us to our subsidiaries or is passed on to us by our sub-sidiaries (e.g. for advertising purposes), this is done on the basis of existing contract processing relationships.
§6 duration of data storage and deletion of your data
Insofar as no explicit storage period is specified during collection (e.g. in the context of a declaration of con-sent), your personal data will be deleted insofar as they are no longer required to fulfil the purpose of storage, unless statutory storage obligations (e.g. commercial and fiscal storage obligations) prevent deletion.
§7 conditions of transfer of personal data to third countries
Within the scope of our business relations, your personal data may be passed on or disclosed to third parties. These companies may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the purpose of fulfilling contractual and business obligations and for maintaining your business relationship with us. We will inform you about the respective details of the disclosure in the following at the relevant points.
The European Commission certifies some third countries by so-called adequacy decisions a data protection comparable to the EEA standard (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).
However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data pro-tection is sufficiently guaranteed. This is possible by means of binding corporate rules, standard data protection clauses adopted by the European Commission for the protection of personal data, certificates or approved codes of conduct.
§8 your rights
(1) You have the following rights in relation to the personal data concerning you:
- Right to information as to which personal data has been stored,
- The right to rectification, cancellation or limitation of the processing of personal data (in so far as this does not conflict with legal obligations or the necessity of the processing for the fulfilment of the busi-ness relationship),
- Right to object to the processing (see also §3),
- Right to transfer the personal data we have stored in a machine-readable format
To exercise the above rights, please contact our data protection officer.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The supervisory authority responsible for us is the:
Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
PO Box 900455, 99107 Erfurt
§9 collection of personal data when visiting our website
When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to guar-antee stability and security (legal basis is Art. 6 para. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
§10 Contact form
(1) On our website there is also a contact form which can be used for electronic contact in case of inquiries. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are mandatory:
- Name and first name of the contact person,
- e-mail addresses
In addition, the following data can be transmitted to us voluntarily, which will then also be stored:
- Position, division,
At the time of sending the message, the data listed in § 3 will also be stored.
(2) The legal basis for the processing of the data is our legitimate interest in the processing of the contact re-quest, Art. 6 para. lit. f GDPR. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
(3) The processing of the personal data from the input mask serves us only to process the support request. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
§11 third-party offers on our website
Our website may also contain offers from third parties. If you click on such an offer, we will transfer data to the respective provider to the required extent (e.g. information that you have found this offer with us and, if ap-plicable, further information that you have already provided for this purpose on our website).
- integration of YouTube videos
(1) Our website uses plugins from the YouTube site operated by the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have included YouTube videos in our online offering, which are stored at http://www.youtube.com and can be played directly from our website. These are all embedded in “enhanced privacy mode”, which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos the data mentioned in para. 2 below will be transferred. We have no influence on this data transfer. YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
(2) By visiting the website, YouTube receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under § 9 of this declaration is transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or de-mand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide advertising tailored to your needs and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
§12 evaluation of usage data and usage-based information
(1) We would like to tailor the content of our website as closely as possible to your interests and thus improve our services for you. In order to identify usage preferences and particularly popular areas of the website, we use the analysis tool Google Analytics. This is a web analysis service of Google Inc. (“Google”). When using this analysis tool, data can be transferred to servers located in the USA and processed there. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f GDPR. Please note that from the perspective of the European Union there is no “adequate level of protection” for the processing of personal data in the USA that meets EU standards. However, this level of protection can be replaced by measures according to art. 44 et. seq. GDPR. Google is certified according to the EU-U.S. Privacy Shield. Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of the use of our website. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This allows IP addresses to be further processed in a shortened form, thus excluding the possibility of personal references. If the data col-lected about you contains a personal reference, this is immediately excluded and the personal data is immedi-ately deleted.
Information about the cookies we use and their functions can be found in our Cookie notes.
§14 Changes to our privacy statement
Within the framework of the further development of data protection law and technological or organisational changes, our data protection declaration is regularly checked for the need for adaptation or supplementation. You will find the current version of our data protection declaration at: https://funkwerk.com/datenschutz/.