(1) Below you will find information about how we process personal data when you use our website.
(2) Pursuant to Article 4(1) GDPR, personal data includes all information relating to an identified or identifiable natural person, such as a name, address, e-mail address, user behaviour, etc. The term ‘processing’ includes but is not limited to obtaining, collecting, organising, arranging, storing, altering, changing, reading, querying, using, transmitting, erasing or destroying your personal data pursuant to Article 4(2) GDPR.
(3) The controller pursuant to Article 4(7) GDPR is:
Marschnerstraße 52, 22081 Hamburg, Germany
Telephone: +49 40 609 451 090
You can contact our data protection officer at: email@example.com
II. Processing your data when you contact us
(1) If you contact us via the contact form or by e-mail (firstname.lastname@example.org), we collect and store the data you send (your full name, e-mail address and/or telephone number). Processing serves the purpose of facilitating targeted communication with you and being able to process your concern promptly and comprehensively.
(2) Processing your personal data for the purpose of making contact takes place on the basis of Article 6(1) sentence 1 lit. a GDPR, if you have given your consent voluntarily. When filling out the contact form, you are requested to provide us with consent to process the data given on the contact form. You can withdraw this at any time by contacting us (more information can be found in point VII paragraph 7). We use this data exclusively for the purpose stated here, i.e. to respond to your request.
III. Processing your personal data when visiting our website
(1) If you use our website for purely informational purposes and do not get in touch with us, we automatically collect personal data that your web browser sends to our servers and temporarily saves in server logfiles. This includes the following information:
- the IP address;
- the date and time of the request (UTC time);
- the access path for the file retrieved (e.g. URL);
- the browser used, including version and operating system you use;
- the protocol;
- the HTTP status code(s).
(2) The processing of this data by us serves the purpose of a fault-free connection with our website as well as a comfortable use. In addition, we require this data to evaluate the stability and security of the system and for other administrative purposes. The legal basis of this data processing is Article 6(1) sentence 1 lit. f GDPR. The stated purposes also constitute our legitimate interest in processing your data. We never use your data to draw conclusions about you personally in any way.
IV. Data security
(1) We use technical and organisational security measures to protect your personal data against unauthorised access by third parties, manipulation, loss or destruction, and we constantly update these in line with technological progress.
(2) We use the following encryption levels when you visit our website:
- TLS 1.2
- AES 128 bit
You can recognise that our website is being transmitted securely by the lock symbol in your browser’s status bar.
V. Sharing your data with third parties
(2) Your data is only shared with third parties if this is required to process your request, if you have been informed of the respective processes and you have given your explicit consent to this (pursuant to Article 6(1) sentence 1 lit. a GDPR), or if there is a legal obligation to share the data pursuant to Article 6(1) sentence 1 lit. c GDPR, or if it is required to process contractual relationships with you pursuant to Article 6(1) sentence 1 lit. b GDPR. In doing so, we specify the criteria established for the storage period. If our service providers or partners are based in a state outside the European Economic Area (EEA), we will inform you of this in advance.
VI. Data storage period and/or erasure of your data
(1) In principle, we only store your personal data for as long as it is required to achieve the purposes specified in this policy, or we observe the legally prescribed storage periods. We take into account the principles of data minimisation and data economy outlined in Article 5 GDPR.
(2) We only store data collected in the context of your contact with us if it is required and we consider it to be necessary to get in touch with you in relation to your request. The maximum storage period for your data is 12 months. Before the respective purpose ceases to apply, data is erased or blocked if you submit a legitimate request to erase the data and no legal retention obligations prevent this.
(3) Personal data that is collected by visiting our website is stored for a period of 14 days and is then erased via an automated process.
VII. Your rights as a data subject
You have the following rights with respect to your personal data:
(1) Right of access pursuant to Article 15 GDPR
You are entitled to obtain from us confirmation as to whether or not personal data concerning you is being processed and to what extent. You also have the right to request from us the respective purposes of processing, the categories of personal data, the recipient(s) of your data or categories of recipients (also including third countries), the planned storage period, information about the right to rectification, restriction or erasure of processing, the right to object, the right to lodge a complaint with a supervisory authority, the origin of your data (if it was not collected from you) and the existence of automated decision making, including profiling.
(2) Right to rectification – Article 16 GDPR
You have the right to request that inaccurate or incomplete data stored by us is rectified without undue delay.
(3) Right to erasure – Article 17 GDPR
You have the right to request that the data stored by us is erased, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest, or to assert, exercise or defend legal claims.
(4) Right to restriction of processing – Article 18 GDPR
You are entitled to request that the processing of your personal data is restricted if the accuracy of the data is disputed by you or if processing is unlawful, and you have objected to such data being erased or we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing pursuant to Article 21(1) GDPR.
(5) Right to data portability – Article 20 GDPR
You have the right to receive from us personal data concerning you in a structured, commonly used and machine-readable format or have it transmitted to another controller, if the other conditions of Article 20 GDPR have been met.
(6) Right to lodge a complaint with a relevant supervisory authority – Article 77 GDPR
You have the right to lodge a complaint with a data protection supervisory authority relating to how we process your personal data. The relevant supervisory authority here is generally the Hamburg supervisory authority (The Hamburg Commissioner for Data Protection and Freedom of Information, ‘Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit’).
(7) Withdrawing your consent – Article 7(3) GDPR
You have the right to withdraw the consent you have given us at any time. To do so, simply send an e-mail to: email@example.com. When you withdraw your consent, the lawfulness of processing previously carried out on the basis of consent will not be affected.
(8) Right to object – Article 21 GDPR
If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1) sentence 1 lit. f GDPR, you have the right to object against your personal data being processed, provided that there are reasons relating to your particular situation or provided that the objection is against direct marketing. In the latter case, you have a general right to object, which means that you are not required to disclose details relating to your particular situation. When exercising such an objection, we kindly ask that you provide a brief description of the reasons why you no longer want us to process your personal data. To exercise your right to object, please send an e-mail to: firstname.lastname@example.org
VIII. Google Maps API
1) On our website we are using the Google Maps (API) service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to provide you our location. By visiting our website your personal data (IP address) could be transferred to, stored and analysed by Google’s server in the USA or other countries outside the EEA. This is independent of the existence of an own google account.
Our duty to inform you about processing your personal data pursuant to Art. 12 and the following articles of the General Data Protection Regulation for our customers, suppliers, applicants and interested parties you will find at: