2.1 We only process personal data of our users if this is necessary to provide a functional website, our contents and services. The processing of personal data of our users takes place only after the user has given consent to the processing. An exception applies in those cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by law.
2.2 Insofar as we obtain the consent of the user for the processing of personal data Art. 6 (1) (a) GDPR serves as the legal basis.
2.3 If the processing of personal data required for the performance of a contract to which the user is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing data in order to take steps at the request of the user prior to entering into a contract.
2.4 Insofar as the processing of personal data is necessary for compliance with a legal obligation to which the Controller is subject, Art. 6 ( 1) (c) GDPR serves as the legal basis.
2.5 In the event that processing is necessary in order to protect the vital interests of the user or of another natural person Article 6 (1) (d) GDPR serves as the legal basis.
2.6 If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
2.7 The personal data of the users will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the Controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3. Provision of the Website and Creation of Log Files
3.1 Description and scope of data processing Every time you visit our website, our system automatically collects data and information from the computer system of the visiting computer. The following data is collected:
– Information about the browser type and version used
– The user’s operating system
– The Internet service provider of the user
– The IP address of the user
– Date and time of access
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
3.2 Legal basis for data processing Legal basis for the temporary storage of personal data and the log files is Art. 6 (1) (f) GDPR.
3.3 Purpose of data processing The temporary storage of the data by the system is necessary to enable the website to be delivered to the user’s computer. For this the IP address of the user must remain stored for the duration of the session. The IP address is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR is based as well on these purposes.
3.4 Duration of storage The data will be deleted as soon as the data is no longer necessary to achieve the purpose for which the data were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
3.5 Right to object and to erase The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user.
4.2 Legal basis for data processing Legal basis for the temporary storage of personal data is Art. 6 (1) (f) GDPR.
5. Rights of the Data Subject (User)
If your personal data are processed, you are affected within the meaning of the GDPR and you have the following rights against the Controller:
5.1 Right to access You have the right to obtain from the controller confirmation as to whether or not personal data concerning you being processed, and, where that is the case, access to the personal data and the following information:
5.1.1. the purposes of the processing;
5.1.2. the categories of personal data concerned;
5.1.3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
5.1.4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5.1.5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
5.1.6. the right to lodge a complaint with a supervisory authority;
5.1.7. where the personal data are not collected from the data subject, any available information as to their source;
5.1.8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain from the controller the information as to whether or not personal data are transferred to a third country or to an international organization. Within this context you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
5.2 Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.