Privacy policy
The Hennef Sports School (hereinafter also referred to as the “Sports School”) takes the protection of your personal data very seriously and is expressly committed to data protection. This commitment forms the basis for a trusting relationship between the sports school and the users of our website.
This privacy policy explains the type, scope and purpose of the processing of personal data within our online offering (www.sportschule-hennef.de) and the associated websites, functions and content as well as external online presences, such as our social media profiles.
As the controller, the Sportschule has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by post.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the sports school, in particular the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
By means of this privacy policy, we would like to inform users and the public about the type, scope and purpose of the personal data we collect, use and process.
I. Who is responsible for data processing?
1. controller within the meaning of the GDPR
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
Fußball-Verband Mittelrhein e.V. (as sponsor of the Hennef Sports School)
Sövener Str. 60, 53773 Hennef, Tel.: 02242/918750, E-Mail: fvm(at)fvm.de
Represented by:
President: Dr. Christos Katzidis, Vice Presidents: Markus Müller, Rudi Rheinstädtler, Dr. Martin Fröhlich
Register of associations: Siegburg Local Court, VR 3338
2. data protection officer
Any data subject can contact the Fußball-Verband Mittelrhein e.V. directly at any time with all questions and suggestions regarding data protection at datenschutz(at)fvm.de:
Fußball-Verband Mittelrhein e.V., Sövener Str. 60, 53773 Hennef, Germany, e-mail: datenschutz(at)fvm.de
II. What data do we process?
You can access our websites without directly providing personal data (such as your name, postal address or e-mail address). Even in this case, we need to collect and store certain information to enable you to access our websites. We also use certain analysis procedures on our websites and have integrated functionalities from third-party providers. In addition, we offer you some functionalities on our website for which we need to collect personal data.
We collect and process personal data to the following extent:
1. types of data processed
- Inventory data (e.g. names, addresses)
- Contact details (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs, videos)
- Contract data (e.g. subject matter of the contract, term, customer category)
- Payment data (e.g. bank details, payment history) of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
2. categories of affected persons
Visitors, customers and users of the online offer (hereinafter we also refer to the data subjects collectively as “users”).
3. cookies
The Internet pages of our online services use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.
Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. The content of a shopping cart in an online store or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if the user visits the site several days later. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the online service (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and provide information about this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
You can use the following links to find out about the options for the most commonly used browsers:
- Internet Explorer: http://support.microsoft.com/gp/cookies/de
- Firefox: http://support.mozilla.org/de/kb/cookies-informationen-websitesauf-ihrem-computer
- Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
- Safari: http://www.verbraucher-sicher-online.de/anleitung/cookiesverwalten-in-apple-safari
- Opera: http://help.opera.com/Linux/12.10/de/cookies.html
4. collection of general data and information, hosting
The website of the Sportschule collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.
When using these general data and information, the Sportschule does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the Sportschule analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of 30 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
5. administration, financial accounting, office organization, contact management
We process data as part of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The basis for processing is Art. 6 para. 1 lit. c, Art. 6 para. 1 lit. f GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.
We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We generally store this data, most of which is company-related, permanently.
6. provision of our statutory and business-related services
We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b GDPR if we offer them contractual services or act in the context of existing business relationships, e.g. with members, or are ourselves recipients of services and benefits. Otherwise, we process the data of data subjects in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests, e.g. when it comes to administrative tasks or public relations work.
The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This generally includes inventory and master data of the persons (e.g. name, address, etc.), as well as contact data (e.g. e-mail address, telephone, etc.), contract data (e.g. services used, content and information provided, names of contact persons) and, if we offer services or products subject to payment, payment data (e.g. bank details, payment history, etc.).
We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant for business transactions and with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise the statutory retention obligations apply.
7. data protection information in the application process
We process the applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. Applicant data is processed to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b, Art. 6 para. 1 lit. f GDPR if data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, § 26 BDSG also applies).
The application procedure requires applicants to provide us with their application data. If we offer an online form, the necessary applicant data is marked as such, otherwise it can be found in the job descriptions and generally includes personal details, postal and contact addresses and the documents relating to the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the nature and scope set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession). Insofar as special categories of personal data within the meaning of Art. 10 GDPR (e.g. criminal convictions as part of the extended police clearance certificate) are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 10 GDPR.
If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We therefore cannot accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post.
The data provided by applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, the data will be deleted after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
8. making contact
When contacting us (e.g. by contact form, email, telephone or via social media), the user’s details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b GDPR. The user’s details may be stored in a customer relationship management system (“CRM system”) or in a comparable inquiry organization.
We delete the requests if they are no longer required. We review the necessity every three years; the statutory archiving obligations also apply.
9. Newsletter
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipient or legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user’s consent. In addition, our newsletters contain information about our offers and services and the offers and services of our partners.
Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people’s e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.
Registration data: To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name and a salutation for the purpose of addressing you personally in the newsletter.
The newsletter and the performance measurement associated with it are sent on the basis of the recipient’s consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG. § Section 7 para. 2 no. 3 UWG or on the basis of legal permission in accordance with Section 7 para. 3 UWG.
The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.
Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
Newsletter – CleverReach
The newsletter is sent by the mailing service provider CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany. You can view the privacy policy of the mailing service provider here: www.cleverreach.com/de/datenschutz/. The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.
The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for the technical optimization of the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
10. google tag manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users’ personal data, please refer to the following information on Google services.
Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
11. google analytics
We use Google Analytics, a web analysis service of Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the use of data by Google, setting and objection options, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Users’ personal data is deleted or anonymized after 14 months.
12. Facebook pixel, custom audiences and Facebook conversion
Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The processing of data by Facebook takes place within the framework of Facebook’s Data Usage Policy.
General information on the display of Facebook ads can be found in Facebook’s data usage policy: https://www.facebook.com/policy.php.
Specific information and details on the Facebook pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
13. online presence in social media
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.
III. for what purposes do we process the data?
Unless otherwise stated under II., the processing of master and contract data is carried out for the execution of existing contracts with you or for the implementation of pre-contractual measures on the basis of Art. 6 para. 1 lit. b GDPR.
We may also process master and contract data to fulfill legal obligations to which we are subject; this is done on the basis of Art. 6 para. 1 lit. c GDPR. These legal obligations include, in particular, the reports to (tax) authorities that we are required to make.
If necessary, we process your data for the performance of contracts concluded with you and the fulfillment of legal obligations, as well as to protect our legitimate interests or the interests of third parties; this is done on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interests include
- the unique identification of customers and for customer care
- the assessment of creditworthiness and collateral
- the preparation of invoices/credit notes
- the assertion of legal claims and defense in legal disputes
- the prevention and investigation of criminal offenses
- the management and further development of our business activities, including risk management, etc.
Furthermore, personal data is processed for the following purposes
- the provision of the online offer, its functions and contents
- answering contact requests and communicating with users
- Security measures
- reach measurement/marketing.
IV. What is the legal basis for processing?
If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
V. What security measures do we take?
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and its separation. We have also set up procedures to ensure that data subjects’ rights are exercised, data is deleted and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
VI. Who receives my data?
Your personal data is generally processed within the Hennef Sports School. Depending on the type of personal data, only certain areas or organizational units have access to your personal data. These include, in particular, the areas involved in the provision of our services and our IT department. A role and authorization concept limits access within our company to those functions and the scope required for the respective purpose of processing.
We may also transfer your personal data to third parties outside our company to the extent permitted by law. If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
VII. Is data transferred to countries outside the EU?
Your personal data is generally processed within the EU or the European Economic Area.
In certain cases, information may be transferred to recipients in so-called “third countries”. “Third countries” are countries outside the European Union or the Agreement on the European Economic Area in which a level of data protection comparable to that in the European Union cannot be readily assumed.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
VIII. Which plugins and tools are used to integrate third-party services and content?
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer. GDPR), we use content or service offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.
1. HRS
We integrate the availability query and booking option of HRS Hotel Reservation Service Robert Ragge GmbH, Breslauer Platz 4, 50668 Cologne, Germany. Privacy policy: https://www.hrs.com/web3/showCmsPage.do?clientId=ZGVfX05FWFQ-&cid=44-4&pageId=legals
2. youtube
We integrate the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
3. google fonts
We integrate the fonts (“Google Fonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
4 Google ReCaptcha
We integrate the function for recognizing bots, e.g. for entries in online forms (“ReCaptcha”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
5. google maps
We integrate the maps of the “Google Maps” service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
6. use of Facebook social plugins
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd. GDPR) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about them via this online offer and link it to their member data stored on Facebook, they must log out of Facebook and delete their cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
7. instagram
Functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can express their liking of the content, subscribe to the authors of the content or our posts. If the users are members of the Instagram platform, Instagram can assign the access to the above-mentioned content and functions to the users’ profiles there. Instagram privacy policy: http://instagram.com/about/legal/privacy/.
8. Matterport
We integrate the 3D tours of the “Matterport” service of the provider Matterport, LLC, 352 East Java Drive, Sunnyvale, CA 94089, USA. Privacy policy: https://matterport.com/de/privacy-policy.
IX. Is automated decision-making used?
We do not use automated decision-making or profiling. Should we use such procedures in individual cases, we will inform you of this separately to the extent required by law.
X. How long will my data be stored?
Unless otherwise stated in this privacy policy, we will store your personal data for as long as we have a legitimate interest in storing it and your interests in not continuing to store it do not outweigh our interests.
Even without a legitimate interest, we may continue to store the data if we are legally obliged to do so (e.g. to fulfill retention obligations). We will also delete your personal data without any action on your part as soon as it is no longer required to fulfill the purpose of the processing or the storage is otherwise legally inadmissible.
As a rule
- the log data is deleted within thirty days, unless further storage is required for statutory purposes such as the detection of misuse and the detection and elimination of technical faults;
- The data processed in connection with the conclusion of a contract will be deleted at the latest after expiry of the statutory retention periods.
The personal data that we must store to fulfill retention obligations will be stored until the end of the respective retention obligation. Insofar as we store personal data exclusively for the fulfillment of retention obligations, this data is generally blocked so that it can only be accessed if this is necessary with regard to the purpose of the retention obligation.
XI. What rights do I have?
1. right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If we process personal data concerning you for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right to object in relation to the use of information society services – notwithstanding Directive 2002/58/EC – by automated means using technical specifications.
2. revocation of consent
If you have given us your consent (e.g. in connection with information by e-mail, you can revoke such consent at any time with effect for the future. In our e-mail information, we usually provide you with a corresponding link in each of our newsletters. You can also contact us in any other way, e.g. by sending us a message by post, fax or e-mail via one of the contact channels listed on the first page of this data protection notice
3. further rights
As a data subject, you have the right
- to information about the personal data stored about you, Article 15 GDPR;
- to rectification of inaccurate or incomplete data, Article 16 GDPR;
- to erasure of personal data, Article 17 GDPR;
- to restriction of processing, Article 18 GDPR; and
- to data portability, Article 20 GDPR.
To exercise these rights, you can contact us at any time – e.g. via one of the contact channels specified at the beginning of this data protection notice.
If you have any questions about the processing of your data, you can also contact our data protection officer.
You are also entitled to lodge a complaint with a competent data protection supervisory authority, Article 77 GDPR.