Privacy Policy : Therme Erding

Data protection statement

1.    Name and contact details for those responsible for processing and for the in-house data protection officer

 

Controller:
THERME ERDING GmbH
Thermenallee 2
85435 Erding

 

Telephone: 08122 550 - 0
Fax: 08122 550 - 2219
Email: [email protected]


Data protection officer: You can contact our data protection officer at: [email protected]

 

2.    Scope
This data protection statement applies for the websites therme-erding.de,

galaxy-lounges.delounges.therme-erding.de and shop.therme-erding.de.

 

3.    Collection and storage of personal data and the nature of the data processing


We collect and process the following personal data about you:

  • user data
  • contact information
  • social media identifiers
  • online identifiers

 

We process your personal data for the following purposes:

  • contract performance
  • getting in touch
  • advertising
  • quality assurance
  • statistics

 

Data processing is done on the following legal basis:

  • your consent, Art. 6 (1) (a) GDPR
  • for the performance of a contract with you, Art. 6 (1) (b) GDPR
  • legitimate interest, Art. 6 (1) (f) GDPR

 

When processing your data we are pursuing the following legitimate interests:

  • improving our offer
  • protecting against misuse
  • statistics


4.    Recipients or categories of recipients for personal data


When processing your data, we work with the following service providers, who have access to your data:

  • web hosting providers
  • social media platform providers
  • advertising networks (for pop-up ads)
  • web analysis tool providers


5.    Duration for which the personal data will be stored


We store your data

  • if you have consented to processing, only until you withdraw your consent
  • if we need the data to perform a contract, only for the duration of the contractual relationship with you or until the statutory retention period lapses
  • if we are using the data based on a legitimate interest, only for as long as this is not outweighed by your interest in the deletion or anonymisation of the data

 

6.    Data transmission to third countries
Data will be transmitted to third countries outside the European Union. This is done based on legally binding contractual provisions to ensure adequate protection for your data, which you may consult on request.

 

7.    Data processing on our website

a)    Automatic storage of access data
Whenever our web pages are accessed, the access data for the relevant operation is saved in a log file. This involves general information, e.g. the page from which the file was requested, name of the requested file, date and time of the request, volume of data transmitted, protocol used and also the descriptions the internet browser sends about itself and potentially about the operating system.
This general information will be pseudonymised, in other words it will not be stored with any personal data we might possess for you, nor will it be linked with such data in any other manner. The data will only be evaluated for statistical purposes and used to improve the content and functionality of the website. This data will not be passed on to third parties for other non-commercial or commercial purposes. Access data will be stored in the log file for a maximum of 4 weeks.


b)    Contact form
If you have questions of any kind, we offer you the option of getting in touch with us via a contact form provided on our website. It is necessary to enter your name, contact details (telephone number or email address) and a message to enable us to respond. Other details can be provided on a voluntary basis.
The personal data we collect for using the contact form will be deleted automatically once your query has been dealt with unless there are other grounds (e.g. a specific order) to justify its ongoing processing.

 

c)    Email newsletter
If you have subscribed to our email newsletter, we will process the personal data you have provided in order to keep you up to date with Therme Erding news.
You consent to having regular newsletters sent by email to the specified email address. With regard to the email newsletter, a check will first be made to verify that you are the owner of the specified email address or that the owner agrees to receiving the newsletter.
You can object to this processing at any time via the unsubscribe link in every email or by sending an email to [email protected].

 

d)    Online shop
The personal data we collect will be passed on to the designated shipping company as part of order processing if this is necessary in order to supply the goods. 
As part of payment processing, we will pass on your payment data to the designated credit institution. Submissions to state institutions or public authorities will only be made as a consequence of mandatory national legal provisions. For payment via PayPal, credit card via PayPal, debit via PayPal or – if offered - "purchase on account" via PayPal, as part of payment processing we will pass your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). 
PayPal reserves the right to conduct a credit rating check for the payment methods credit card via PayPal, debit via PayPal or – if offered - "purchase on account" via PayPal. PayPal uses the result of this credit check regarding the statistical probability of non-payment to decide whether to provide the relevant payment methods. 
This credit rating information can include probability values (so-called score values). Insofar as score values are incorporated in the outcome of the credit rating, these are based on a scientifically recognised statistical technique. The data used to calculate score values includes address details. You will find further data protection information, including on the credit agencies used, in PayPal's privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. This is necessary to provide certain content and services on our website.
To display our Trusted Shops and any potential ratings, the Trusted Shops Trustbadge is incorporated in our website.
In terms of balancing interests, this serves to protect our legitimate prevailing interesting in optimal marketing for our offer in accordance with Art. 6 (1) (1) (f) GDPR. The Trustbadge and the services it advertises are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge is selected, the web server automatically saves a so-called server log file, which includes e.g. your IP address, date and time of the request, volume of data transmitted and the requesting provider (access data) and also documents the request. This access data is not evaluated and will be automatically overwritten no more than seven days after the end of your site visit.
Other personal data is only transmitted to Trusted Shops if you have consented to this, if you decide to use Trusted Shops products after the order has been completed or if you have already registered to use these products. In this case, the contractual agreement made between you and Trusted Shops is applicable.
We also process and use your data

  • to contact you, if this is desired by you or if it is necessary or legally permitted as part of the contractual relationship
  • to justify, develop the content of, modify or end a contractual relationship with you regarding services you have ordered and to meet our obligations under the terms of this contract, in particular, to process your order, perform the services ordered and to implement the payment process
  • to advertise similar services from Therme Erding by using email, provided Therme Erding obtained your email address in relation to the sale of a service and you have not objected to the use of the email address. You can object to this use of your email address at any time without any transmission costs arising other than under the basic tariffs.

 

e)    Booking a hotel or reserving a table at the hotel restaurant
If you use the website to book a hotel room or to reserve a table at the Restaurant Empire or Harbour Restaurant, the personal data you enter will be saved by Hotel Victory Therme Erding GmbH, Thermenallee 1a, 85435 Erding (hereinafter referred to as the "hotel") and processed for further contract performance, including providing the relevant service. This includes booking, ordering and payment for goods and services associated with accommodation, catering and events as well as other hotel goods and services provided to the user and also the contact with the hotel.
When implementing a booking or an order, we collect the following personal data for the order, booking process, service performance and payment:

  • customer's name (consisting of title, first name and surname)
  • guest's name (consisting of title, first name and surname)
  • company (optional)
  • contact address (consisting of street, building number, postcode, town/city, country)
  • billing address (consisting of street, building number, postcode, town/city, country)
  • special booking details (for instance information on any allergies, shoe size etc.) (optional)
  • telephone number
  • email address
  • credit card information
  • VAT ID number (optional)

We also process and use your data

  • to contact you, if this is desired by you or if it is necessary or legally permitted as part of the contractual relationship
  • to justify, develop the content of, modify or end a contractual relationship with you regarding services you have ordered at the hotel and to meet our obligations under the terms of this contract, in particular, to process your order, perform the services ordered and to implement the payment process
  • to advertise the hotel's own offers by post
  • to advertise third-party offers by post, if the body responsible for using the data can be clearly identified from this marketing approach
  • to advertise similar services from the hotel itself by using email, provided the hotel obtained your email address in relation to the sale of a service and you have not objected to the use of the email address. You can object to this use of your email address at any time without any transmission costs arising other than under the basic tariffs.

Emails associated with existing bookings and emails which may also be promotional in nature are sent out by "Revinate", an email marketing service offered by the US provider Revinate Inc., 1 Letterman Dr., Building C, Suite CM100, San Francisco, CA 94129, USA. The emails and names of our guests, in addition to other data described here, will be stored on Revinate's servers in the USA. Revinate uses this information to send and evaluate the newsletter on our behalf and also to optimise and improve its own services (e.g. technical optimisation of email distribution and newsletter presentation). When you open the newsletter, a so-called "web beacon" is used to first collect technical information, such as information about your browser and computer system and also your IP address and the time of the request. This information is used to improve the service based on the technical details or the target groups and their reading behaviour based on retrieval locations (which can be determined using the IP address) or access times. We have agreed an order processing contract with Revinate in accordance with Art. 28 GDPR, which requires Revinate to comply with adequate data privacy levels. In addition, Revinate is a participant in US Privacy Shield. Further information on this can be found at https://www.privacyshield.gov/list.


The legal basis for sending promotional emails and postal advertising materials is our legitimate interest as per Art. 6 (1) (f) GDPR in accordance with the provisions in Article 7 para. 3 UWG ("Gesetz gegen den unlauteren Wettbewerb": German law against unfair competition). Promotional emails will only be sent if you have already been a guest with us, in other words if you have benefitted from hotel services. You can opt out of receiving the newsletter at any time in future. To do this, please email [email protected]. You will find a link to cancel the newsletter at the end of each newsletter. Once you have successfully opted out, you will no longer receive any promotional emails from us.


Personal data collected by Hotel Victory Therme Erding GmbH will only be passed on to third parties insofar as this is necessary for contract performance. For each of the associated processors, as defined in Art. 4 (1) (8) GDPR, a contract is agreed in accordance with Art. 28 GDPR to ensure data is processed securely and in line with the data protection legislation. Data will not be transmitted to third countries outside the European Union.


Your rights as a data subject, which are described in item 11 of this data protection statement, can be addressed via email at any time to [email protected] This is also the contact information for the hotel's data protection officer.


In addition, for information on the legal basis for data processing, we refer you to item 3, and for the storage duration for your personal data we refer you to item 5 of this data protection statement.

 

f)    Reservation of Galaxy Lounges
If you book a lounge or private berth on the website "galaxy-lounges.de", the entered data will be processed for further contract processing including the provision of services. This includes the reservation and cancellation of the booked services and other services rendered in this context.
When making a reservation, we collect the following personal data from you for reservation, booking processing, service provision and payment:

  • Title
  • Surname, first name
  • Street, Postal Code, City, Country
  • Phone Number
  • E-Mail Address
  • Password (optional, only if a customer account is set up by you)
  • Reservation History

We process and use your data additionally

  • to create a customer account (optional, only if a customer account is set up by you);
  • to contact you - if you wish - or in the context of a contractual relationship if so needed or permitted by law.

Our processing therefore serves to implement a contract within the meaning of Art. 6 (1) (b) GDPR.


The gathered personal data will only be forwarded to third parties as long as it is needed for the contract handling. This is THERME ERDING Familienbad GmbH, Thermenallee 2, 85435 Erding, which provides services as a contractual partner.

With any involved processors a contract in accordance with Art. 28 GDPR was closed in order to guarantee a safe data processing that is compliant with data protection.

 

g) Reservation of Royal Day Spa Lounges
If you book a Royal Day Spa Lounge on the website "lounges.therme-erding.de", the entered data will be processed for further contract processing including the provision of services. This includes the reservation and cancellation of the booked services and other services rendered in this context.
While processing a reservation we will gather following personal data from you for the reservation, booking processing, service provision and payment:

  • Title
  • Surname, first name
  • Street, Postal Code, City, Country
  • Phone Number
  • E-Mail Address
  • Password (optional, only if a customer account is set up by you)
  • Reservation History

We process and use your data additionally

  • to create a customer account (optional, only if a customer account is set up by you);
  • to contact you - if you wish - or in the context of a contractual relationship if so needed or permitted by law.

Our processing therefore serves to implement a contract within the meaning of Art. 6 (1) (b) GDPR.


The gathered personal data will only be forwarded to third parties as long as it is needed for the contract handling. This is presently THERME ERDING Vital GmbH, Thermenallee 4, 85435 Erding that render a service as a contract partner.


With any involved processors a contract in accordance with Art. 28 GDPR was closed in order to guarantee a safe data processing that is compliant with data protection.

 

h)    Cookies
Based on your consent with regard to the cookie information provided, our website also uses so-called cookies, which are described in more detail below. A cookie is a text file with an identification number, which is sent to the user's computer and saved there when you use the website along with other data that is actually requested. The file is kept there for subsequent access and serves to authenticate the user.

Since cookies are just simple files and not executable programs, they do not pose any risk to your computer. Cookies do not contain any direct personal data, so your privacy is protected. Depending on your chosen browser settings, these cookies may be accepted automatically. However, this setting can be modified to disable cookies completely or to notify the user as soon as a cookie is being saved. 


Where cookies are disabled, it is possible that some website functionality may be unavailable or restricted.


i)    Use of the "Google Analytics" analysis tool
We use the Google Analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service enables analysis of the use of this website and uses cookies to do this. For this purpose, the information collected via the cookie, such as your anonymised IP address, is sent to a Google LLC server in the USA, where it is stored and evaluated. The Google Analytics technology has been upgraded to use the "gat._anonymizeIp();" function. This ensures IP addresses are saved in anonymised form. Anonymisation of your IP address is generally done by a truncation of the IP address performed by Google LLC within the European Union or within a member state of the European Economic Area (EEA). In exceptional cases, your IP address will be transmitted to a Google LLC server in the USA and only anonymised once it is there. Your IP address that is transmitted here will not be combined with other data by Google LLC.


The Google Analytics marketing function uses remarketing and service reports based on demographic characteristics and interests. These techniques are aimed at designing advertising activities to meet the interests of the relevant user more closely with the help of information regarding user behaviour. 


As part of remarketing, you may be switched to other internet sites based on your surfing habits for adverts that are personalised for our website. You may receive promotional materials for products that you have previously viewed at our website. If you have agreed to Google linking your web and app browser history to your Google account and for information from your Google account to be used to personalise advertising, Google will use this data for remarketing across all devices.


You can opt out of your data being captured by Google Analytics at any time. To do this, you have the following options:

  • Most browsers accept cookies automatically. However, you can prevent the use of cookies using the relevant browser setting. Note that in this case, it may not be possible to use all the functionality offered by the website. The settings will have to be configured separately for every browser that is used.
  • You can also prevent Google LLC from capturing your data by downloading and installing the browser add-on available from the following link: tools.google.com/dlpage/gaoptout
  • Alternatively, or for browsers on mobile devices, this can be done by clicking the following link: disable Google Analytics. This deposits an opt-out cookie for our websites on the user's device, which works for the browser currently being used. If browser cookies are deleted, you will need to click this link again.

You will find more detailed information on terms of use and privacy at www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.


j)    Use of Google AdWords
As part of our use of Google AdWords, we use Google conversion tracking. This is an analytical service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). 


If you come to our website via a Google advert, Google AdWords will place a cookie on your device ("conversion cookie"). This cookie becomes invalid after 30 days. It is not used for personal identification purposes. If this cookie has not yet expired when certain pages on our site are visited, we and Google can detect that someone clicked on the advert and was directed to our site in this way. Each AdWords customer receives a different cookie. So cookies cannot be traced via the websites by AdWords customers. 


The information obtained from the conversion cookies serves to create conversion statistics for AdWords customers who have chosen conversion tracking. AdWords customers find out the total number of users who have clicked on their advert and been transferred to a page with a conversion tracking tag. They do not receive any information that could be used to identify the user in person. If you do not wish to participate in this tracking process, you can decline the cookie required to do this – for example, by disabling cookies in general via your browser settings. You can also disable cookies for conversion tracking by configuring your browser to block cookies from the "googleadservices.com" domain.


Further information on privacy at Google is available at https://www.google.com/policies/?hl=de. Users can also disable or opt out of Google ads in their entirety or selectively at http://www.google.com/settings/ads.


k)    Use of Google remarketing for interest-based advertising
Google's remarketing technology allows users who have already visited our website to be retargeted with interest-based advertising on other sites in the Google partner network. Cookies can be used to help analyse interests when visiting the website and to subsequently offer relevant product promotions.


If users have agreed to Google linking their web and app browser history to their Google account and for information from our Google account to be used to personalise the advertising they see online, Google will combine data from these registered users with Google Analytics data to create and define remarketing content across all devices. To support this functionality, Google-authenticated IDs for these users will be saved by Google Analytics. This personal data from Google will be temporarily linked with Google Analytics data in order to form target groups.


You can find more information and options for disabling these ad placements at http://www.google.com/settings/u/0/ads/anonymous?hl=de (Link "Ad settings", then "Disable").


l)    Use of Facebook Custom Audiences
We use the remarketing function "Custom Audiences" provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). This function serves to present users of this website with interest-based advertising when visiting the Facebook social network ("Facebook ads"). To do this, Facebook's remarketing tag is used on this website. This tag enables the creation of a direct link to Facebook's servers when visiting the website. This involves notifying the Facebook servers that you have visited this website and Facebook assigns this information to the personal Facebook user account. You can find more detailed information about Facebook's collection and use of data and also about your rights in this regard and options for protecting your privacy in Facebook's privacy information at https://www.facebook.com/about/privacy/. Alternatively, you can disable the "Custom Audiences" remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. To do this, you must be registered with Facebook.


m) Online applications
If you send us personal data in our online application form as part of the application process, this data is classified into the following types of data and categories for collection, processing and/or use:

  • personal data (first name, surname, date of birth, address, school-leaving qualification)
  • communication data (telephone no., mobile no., fax no., email address)
  • report data (from third parties, e.g. credit agencies, or from public registers)
  • rating and evaluation data within the application process
  • educational data (school, vocational training, military or alternative civilian service, degree, promotion)
  • data on previous professional career, training and employer references
  • details of other qualifications (e.g. language skills, PC skills, voluntary work)
  • application photo
  • details of desired salary
  • application history

The personal data you submit will be used exclusively to process your application for the advertised position. Only individuals who are involved in the application process will be given details of your personal data. All employees involved with data processing are obliged to protect the confidentiality of your data. Your personal data is captured using the online application form and, in accordance with Article 26 GDPR, passed on to the Therme Erding company that is specified as the controller at the end of the relevant job advertisement, including their contact details, for the purposes of making a decision about establishing an employment relationship. Furthermore, your data will not be passed on to third parties.


Within six months of concluding the specific application process, your data will be deleted. This does not apply if deletion of the data is prohibited under statutory provisions requiring ongoing retention of the data as evidence, or if you have explicitly agreed to a longer storage period. No notification about the data deletion will be issued.


If the applicant matches the profile for a different job vacancy published by a company that is associated with us, we will gladly pass on the application documents. We will obtain consent from the applicant before doing this. Otherwise, the data will exclusively be used to handle the application by the relevant department and for communication purposes.

 

8.    Use of plugins
On the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in appropriate web design, we use the following plugins from the relevant third-party provider indicated in each case.

a)     Use of Facebook social plugins

Our website uses social plugins ("plugins") from the Facebook social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). These plugins are marked with a Facebook logo or the suffix "Facebook Social Plugin". You will find an overview of the Facebook plugins and their appearance here: develops.facebook.com/dox/plugins

If you visit a page on our website that includes a plugin of this kind, your browser will establish a direct connection with Facebook's servers. The content of the plugin will be transmitted by Facebook directly to your browser and incorporated into the web page.
By incorporating the plugin, Facebook receives information that you have visited the relevant page within our website. If you are logged in to Facebook, your visit can be linked with your Facebook account. If you interact with the plugins, for example by pressing the 
"like" button or entering a comment, the relevant information will be transmitted by your browser directly to Facebook, where it will be saved.
Please consult Facebook's privacy policy for details on the scope and purpose of their data collection and the additional processing and use of data by Facebook, as well as your rights in this regard and the configuration options for protecting your privacy: https://www.facebook.com/policy.php
If you do not want Facebook to collect data about you via our website, you will need to log out of Facebook before visiting our site.

 

b)    Use of Twitter social plugins

Our website uses social plugins ("plugins") from the social network Twitter, which is operated by Twitter Inc., 795 Folsom St. Sweet 600, San Francisco, CA 94107, USA ("Twitter").
By using Twitter and its "retweet" function, websites that you visit will be linked with your Twitter account and disclosed to other users. This also involves the transmission of data to Twitter.
We have no information about the content of the data transmitted nor its use by Twitter. Please consult Twitter's privacy policy for details on the scope and purpose of their data collection and the additional processing and use of data by Twitter, as well as your rights in this regard and the configuration options for protecting your privacy: https://twitter.com/privacy?lang=de

 

c)     Use of Google+ social plugins
Our website uses social plugins ("plugins") from the social network Google+ (Googleplus), which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, California, 94043 USA ("Google"). The button can be recognised by the "g+" sign on a coloured or white background. Whenever a website is requested that incorporates a "g+" button, this button prompts your browser to load and display the visual representation of the "g+" button from the Google server. This involves establishing a direct connection to the Google servers, notifying the Google server about which specific page on our site you are visiting at that moment and what content you have recommended using "g+".


If you are logged in to Google+ as a registered user during the visit to our website, Google can link your visit to your Google profile. According to Google's information, all that is required here is a request to our website. If you click the "g+" button as a registered user, Google will use your Google profile to capture, amongst other things, information about the URL you are recommending, your IP address and other browser-related information so your "g+" recommendation can be saved and made publicly available. Your "g+" recommendations can be included as information, along with your profile name and your photo, in Google services such as search results or in other locations on websites and in online advertisements.


In addition, Google reserves the right to pass on statistics gathered via the user's "g+" activities to third parties, i.e. to other users and partners such as e.g. publishers, advertisers or associated websites.
We have no influence over the extent of data that Google collects, processes or uses via the "g+" button or over Google's handling of this data. Consequently, you should consult the information from Google regarding the collection, transmission and use of your data, your rights in this regard and also your profile configuration options for protecting your privacy. This can be found by clicking the following link: https://www.google.com/intl/de/policies/privacy/ 


d)    Use of YouTube plugins
This website uses YouTube's embedding function to display and replay videos from YouTube. This uses advanced privacy mode which, according to the provider's information, only saves user details once the video is playing. If embedded YouTube videos are played, the provider deploys "YouTube" cookies to collect information about user behaviour. According to YouTube's information, these serve to capture video statistics, to improve user-friendliness and to prevent improper behaviour, amongst other things. Irrespective of whether the embedded video is played, every request to this website results in a connection to the Google "DoubleClick" network being established, which can prompt further data processing operations without our influence. You will find further information on YouTube's data protection in their privacy statement at: https://www.google.de/intl/de/policies/privacy/


e)    Use of Pinterest plugins
Our website uses plugins from the Pinterest network, which is operated by Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA ("Pinterest").


By visiting our website with the incorporated "Pin it" button, Pinterest receives information that you have requested the relevant page on our website. If you are logged in to Pinterest during your visit to our website, Pinterest can link your visit to your Pinterest account. If you click the "Pin it" button, the data transmitted will be saved by Pinterest. If you do not want this to happen, you will need to log out of Pinterest before visiting our site.


Please consult Pinterest's privacy policy for details on the scope and purpose of their data collection and the additional processing and use of data by Pinterest, as well as your rights in this regard and the configuration options for protecting your privacy: https://about.pinterest.com/de/privacy-policy-0


f)    Use of Instagram plugins
Our website uses plugins from the Instagram network, which is operated by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
If you click the Instagram button, a direct connection between your browser and the Instagram server is established via the plugin. This transmits information to Instagram, indicating that you visited our site with your IP address.
We do not have any information about the scope or purpose of this data collection, or about the further processing or use of this data by Instagram. In this regard and in terms of your rights and the configuration options to protect your privacy, you should refer to the relevant privacy policy from Instagram: https://help.instagram.com/155833707900388 

g)    Use of Foursquare plugins
Our website uses plugins from the Foursquare network, which is operated by Foursquare Labs, Inc., 568 Broadway, 10th Floor, New York, NY 10012, USA ("Foursquare").
When you click the plugin, you are transferred directly to Foursquare. It is possible that data is transmitted at the same time. We are not aware of the scope or purpose of this data collection nor do we know about the further processing and use of the data by Foursquare. In this regard and in terms of your rights and the configuration options to protect your privacy, you should refer to the relevant privacy policy from Foursquare: https://de.foursquare.com/legal/privacy

 

9.    Storage duration
The data we store will be deleted as soon as you revoke your consent or once the data is no longer required for the intended purpose, as long as there is no legitimate interest or statutory retention obligation to prevent deletion of the data. 


If the data is not deleted because it is required for other, statutory permissible purposes, the processing will be restricted. In other words, the data will be blocked and not processed for other purposes. This applies, for example, to user data that has to be retained under commercial regulations or for reasons relating to tax law.


Under the statutory provisions, the retention period is 6 years pursuant to Article 257 para. 1 HGB [Handelsgesetzbuch: German Commercial Code] (e.g. business letters, accounting documents etc.) and 10 years pursuant to Article 147 para. 1 AO [Abgabenordnung: German Tax Code] (e.g. commercial and business correspondence, tax-related documents).


10.    SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or queries sent to us as the site operator. You can tell an encrypted connection is being used by the switch from “http://” to “https://” and the appearance of the padlock symbol in the address bar.
If SSL or TLS encryption is enabled, data you send to us cannot be read by a third party.


11.    Data subject's rights


You are entitled to the following rights as a data subject:


a)    Right to information
You are entitled to demand confirmation from us as to whether your personal data is being processed.


b) Correcting/deleting/restricting processing
In addition, you have the right to ask us to

  • correct any inaccurate personal data concerning you immediately (right to rectification)
  • delete any personal data concerning you immediately (right to erasure)
  • restrict processing (right to restrict processing).

c)    Right to data portability
You have the right to obtain personal data that you have provided to us in a structured, commonplace, machine-readable format and to transmit this data to another controller.


d)    Right to revoke
You have the right to revoke your consent at any time. Revoking consent has no impact on the legality of any processing that took place based on your consent up until the time when it was revoked. 


e)    Right to object
If the processing of your personal data is necessary for the performance of a task carried out in the public interest (Art. 6 (1) (e) GDPR) or for the purpose of protecting our legitimate interests (Art. 6 (1) (f) GDPR), you have the right to object.


f)    Right to appeal
If you believe the processing of your personal data infringes GDPR, irrespective of any other judicial remedies, you are entitled to lodge an appeal with the supervisory authority.


12.    Changes to the data protection statement
We reserve the right to modify this data protection statement in the event of any potential change to the legal situation, to the service or to the data processing. However, this is only applicable to statements regarding data processing. Insofar as consent is required from the user, or where elements of the data protection statement include provisions regarding the contractual relationship with the user, any changes require approval from the user.


Users can check this data protection statement regularly for any possible changes.