I. Responsible data controller
§ 1 Name and address of the controller
The “controller” within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
D-82418 Murnau am Staffelsee
represented by Collin Egly, Natalie Rechberg, Dr. Hubertus Rechberg
Tel.: +49 4421 7759000
Fax: +49 8841 487 4616
II. General information about data processing
We inform you below about the collection of personal data when using our website. Personal data is all data that can be personally referred to you, e.g. name, address, e-mail address, user behaviour.
In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot actually be obtained and the processing of the data is permitted by law.
§ 1 Legal basis for the processing of personal data
(1) Insofar as the processing of personal data requires the consent of the data subject, the legal basis is Art. 6 (1) (a) GDPR.
(2) For the processing of personal data, which serves the fulfilment of a contract and the data subject is a contractual party to this contract, the legal basis is Art. 6 (1) (b) GDPR. This also applies if the processing is necessary to carry out pre-contractual measures.
(3) Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR is the legal basis.
(4) In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR is the legal basis.
(5) If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the former interest, Art. 6 (1) (f) GDPR is the legal basis.
§ 2 Data deletion and storage period
(1) Personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies.
(2) In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the regulations mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
§ 3 Your rights
- You have the following rights with respect to the personal data concerning you:
◦Right to information
◦Right to correction or deletion
◦Right to restriction of processing
◦Right to object to the processing
◦Right to deletion
◦Right to information
◦Right to data portability
◦Right of objection
◦Right to revoke the data protection consent declaration
(2) You also have the right to lodge a complaint about the processing of your personal data by us with a data protection supervisory authority.
§ 4 Objection to processing of your data or revocation of consent
(1) If you have given your consent to the processing of your personal data, which you can revoke them at any time. Such revocation affects the admissibility of the processing of your personal data after you have given it to us, but not the processing of the data until the time of your revocation.
(2) Insofar as we base the processing of your personal data on a balance of interests, you may also object to the processing. This is the case if, in particular, the processing is not required for the fulfilment of a contract with you, which is presented by us in each case in the following description of the functions. In the event of such a disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can contact us regarding your objection under the contact details mentioned under I. § 1.
III. Collection of personal data when visiting our website
§ 1. General
(1) In the following, we will inform you about the collection of personal data when visiting our website and using various services that you can use if you are interested. To do this, you will generally need to provide additional personal data that we use to provide the service and for which the aforementioned data processing principles apply.
(2) If we use external service providers for certain functions of our offer or wish to use your data for advertising purposes, we will inform you in detail below about the respective transactions and state the specified criteria of storage duration. These service providers are carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(3) A transfer of personal data to third parties may take place if promotions, competitions, contracts or similar services are offered by us together with partners. You can receive more information about this when providing your personal data or below in the description of the offer.
(4) Insofar as our service providers or partners have their seat in a country outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.
§ 2 Provision of the website
A. Visiting our website and creation of “log files”
(1) Each time our website is accessed, our server automatically collects data and information from the computer system of the retrieving computer (informational use of the website). When you view our website, we collect the following data which is technically necessary for us to display our website and to ensure its stability and safety.
(2) The following data of the user are collected:
• Operating system of the user
• Type, language and version of the browser software
• IP address
• Internet service providers
• Date and time of the request
• Website from which the request comes
• Website through which the user accesses our website
(3) The data will also be stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.
(4) The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
(5) The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, our legitimate interest in the processing of data is pursuant to Art. 6 (1) (f) GDPR.
(6) The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the event of collection of data for providing the website, this is the case when the respective session is completed. In the event of storage of data in log files, this is the case after no more than seven days. Storage for an additional period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the requesting client is no longer possible.
(7) The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently the user may not object to such collection.
Cookies are stored on your computer when you use our website. Cookies are text files that are stored on your hard drive associated with the browser you are using and through which the body that sets the cookie (here through us) receives certain information.
Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.
(1) This website uses the following types of cookies, the scope and operation of which are explained below: Transient cookies (see (2)) and persistent cookies (see (3))
(2) Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These cookies store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
(3) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the fullest extent. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies.
(4) You can configure your browser setting according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this site in this case.
The data of the users collected in this way is pseudonymised through technical precautions. Therefore, an assignment of the data to the retrieving user is no longer possible. The data will not be stored together with other personal data of users.
(7) The Flash cookies used are not detected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not wish to process the Flash cookies, you must install the appropriate add-on (e.g. “Better Privacy” for Mozilla Firefox - https-//addons.mozilla.org/de/firefox/addon/betterprivacy/or the Adobe Flash Killer cookie for Google Chrome). You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually. The transmission of Flash cookies cannot be prevented by the settings in the browser, but by changing the settings of the Flash player.
(8) The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.
(1) A contact form is available on our website, which can be used to establish contact electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved. This data includes: Name, e-mail address of the user and message field. At the time of sending the message, the following data is also stored: (1) The IP address of the user (2) Date and time of sending the contact form. Your consent is obtained and you are referred to this privacy statement for the processing of the data in the context of the sending process. Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored. In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
(2) The legal basis for the processing of the data is in the presence of the consent of the user pursuant to Art. 6 (1) (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
(3) The processing of the personal data from the input mask serves us only for processing the contact. The required legitimate interest in the processing of the data also applies here in the case of contact by e-mail. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
(4) The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Regarding the personal data from the input mask of the contact form and data sent by e-mail, deletion occurs when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
(5) The user has the possibility at any time to revoke consent to the processing of the personal data. If the user contacts us by e-mail, the user may object to the storage of personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of contact will be deleted in this case.
D. Use of blog features
(1) You can post public comments in our blog, where we post various contributions to topics related to our product. Your comment will be posted to the post with your given username. We recommend using a pseudonym instead of your legal name. The username and e-mail address are required; all other information is optional. When you leave a comment, we will continue to store your IP address. The storage is necessary for us to defend ourselves in cases of possible publication of illegal content against liability claims. We need your e-mail address to contact you if a third party objects to your comment as unlawful. The legal bases are Art. 6 (1) (b) sent.1 and (f) GDPR. Comments will not be reviewed prior to publication. We reserve the right to delete comments if they are objected to by third parties as unlawful.
(2) When writing your comment, you can put a tick next to our e-mail service. You will then be informed when more users leave a comment on the post. For this service we use the so-called double-opt-in-procedure.This means you will receive an e-mail confirming that you own this e-mail address and wish to receive the notifications. You can unsubscribe at any time by clicking on the link contained in the e-mail. Your personal data, including e-mail address, your time of registration for the service and your IP address will be stored by us until you unsubscribe from the notification service.
E. Use of our webshop
(1) If you wish to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data that we need for the processing of your order. Mandatory information necessary for the execution of the order is marked separately; further details are voluntary. We process the data provided by you to carry out your order. We may pass on your payment data to our house bank for this purpose. The legal basis for this is Art. 6 (1) (b) sent. 1 GDPR.
You can voluntarily create a customer account, through which we can save your data for later purchases. If you create an account under “My Account”, the data you provide will be revocable. All other data, including your user account, can always be deleted by you in the customer area.
We may also process the data you provide to inform you of other interesting products from our portfolio or to send you an e-mail with technical information.
(2) Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years.
(3) In order to prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.
§ 3 Newsletter
(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.
(3) The data entered during the registration for the newsletter will be sent to us. The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the e-mail address used.
The transfer of data to third parties does not take place; the data will be used exclusively for sending the newsletter. The legal basis for this is Art. 6 (1) (a) sent. 1 GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You candeclarethe revocation by clicking on the link provided in each newsletter e-mail, via this form on the website, by e-mail firstname.lastname@example.org by sending a message to the contact details provided in the imprint. This also allows a revocation of the consent to the storage of the personal data collected during the registration process.
(6) The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active. The other personal data collected during the registration process will normally be deleted after a period of seven days.
§ 4 Use of tracking tools
A. Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator.
(2) The IP address transmitted by Google Analytics as part of Google Analytics will not be merged with other data provided by Google.
(3) You can prevent the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link - http-//tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are processed in a shortened form so association with a person is not possible. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.
(5) We use Google Analytics to analyse and regularly improve the use of our website. Using these statistics, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US, Google has agreed to the EU-US Privacy Shield,https://www.privacyshield.gov/EU-USframework. The legal basis for the use of Google Analytics is Art. 6 (1) (f) sent. 1 GDPR.
§ 5 Use of social media plugins
(1) We are currently using the following social media plug-ins: Facebook, Google+, Twitter, Instagram, Vimeo. We use the so-called two-click solution here. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The provider of the plug-in can be identified by the marking on the box above its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. The plug-in provider receives the information that you have accessed the corresponding website of our online service only if you click on the marked field and activate it. In addition, the data mentioned under § 3 of this declaration will be transmitted. Regarding Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider carries out the data collection, in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed-out box.
(2) We have no influence on the collected data and data-processing operations, nor are we aware of the full extent of the data collection, the purpose of the processing or the storage periods. We also have no information on deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses these for purposes of advertising, market research and/or tailor-made website design. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1) (f) sent. 1 GDPR.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, if you link to the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent assignment to your profile with the plug-in provider.
(5) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are provided below. There you will also find further information about your rights and settings options for the protection of your privacy.
(6) Addresses of the respective plug-in providers and URL with their privacy statements:
a) [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about the data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applicationsand http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has agreed to the EU-US Privacy Shield framework:https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has agreed to the EU-US Privacy Shield framework: https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has agreed to the EU-US Privacy Shield framework: https://www.privacyshield.gov/EU-US-Framework.
C. Inclusion of YouTube videos
(1) We have included YouTube videos in our website, whichare storedonhttp://www.YouTube.comand are directly playable from our website.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if you do not have a user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish assignment to your profile with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or custom design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact YouTube to exercise it.