Data Protection Information
Since May 25, 2018, uniform regulations of the EU General Data Protection Regulation (GDPR) apply to data protection across Europe. In the following data protection information, we inform you about the processing of personal data carried out by us in accordance with the GDPR and the Federal Data Protection Act (BDSG).
Controller
The controller for data processing – the entity that decides on the purposes and means of processing personal data – in connection with the services is:
Axel Lehmann
Goldberger Str. 81a
18273 Güstrow
Phone: +49 3843-229133
Email: moin@datenschutz-nordost.de
Scope
This privacy policy applies to our online offering on the websites operated by us.
Use of our Websites
Each time you access our websites, information is sent to the server of our website by the respective internet browser of your device and temporarily stored in log files. The data records stored may include the following data, which are stored until automatically deleted:
Date and time of access
Name of the accessed page
IP address of the requesting device
Referrer URL (origin URL from which you accessed our websites)
Transferred data volume
Loading time
Product and version information of the browser used, your operating system, and the name of your access provider.
******
The legal basis for processing this data is Art. 6(1)(f) GDPR.
Our legitimate interests arise from:
Ensuring smooth connection establishment
Ensuring convenient use of our websites
Evaluating system security and stability
An immediate inference about your identity is not possible based on the information and will not be drawn by us. You can object to the processing of your personal data based on our legitimate interests at any time.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements to ensure a level of protection appropriate to the risk. In doing so, we take into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the likelihood and severity of the threat to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to data, as well as access, input, transmission, securing availability, and separation of data. Furthermore, we have established procedures to exercise the rights of data subjects, delete data, and respond to data threats. We also consider data protection in the development and selection of hardware, software, and procedures through data protection by design and by default.
Below, we describe further processing operations and services that we use in this context:
IP Address Truncation: When we or the service providers and technologies we use process IP addresses and processing of the full IP address is not required, the IP address is truncated (“IP masking”). This involves removing the last two digits or the last part of the IP address after a period or replacing them with placeholders. Truncating the IP address is intended to prevent or at least significantly hinder identification of a person based on their IP address.
TLS/SSL Encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is a standard technology that ensures the security of internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. You can recognize that a website is protected by an SSL/TLS certificate by the display of Hyper Text Transfer Protocol Secure (HTTPS) in the URL.
*****
Transmission of Personal Data
As part of our processing of personal data, it may occur that we transfer or disclose this data to other entities, companies, legally independent organizational units, or individuals. This includes, for example, service providers responsible for IT tasks, or providers of services and content integrated into our website. In such cases, we comply with legal requirements and, in particular, conclude contracts or agreements with the recipients of your data to ensure the protection of your data.
Below, we describe further processing operations and services that we use in this context:
Data Transmission within our Organization: Within our organization, we may transmit personal data to other departments or entities or grant access to this data. If this transfer is for administrative purposes, it is based either on our legitimate business and operational interests, the fulfillment of our contractual obligations, consent of the data subject, or legal permission.
International Data Transfers
Data Processing in Third Countries: The transfer of data to third countries, i.e., countries outside the European Union, is strictly in accordance with the legal admissibility requirements.
If the data transfer to a third country does not serve the fulfillment of our contract with you, we do not have your explicit consent, the transfer is not necessary for the assertion, exercise, or defense of legal claims, and no derogation under Article 49 of the General Data Protection Regulation (GDPR) applies, your data will only be transferred to a third country if either an adequacy decision pursuant to Article 45 GDPR exists, or suitable safeguards pursuant to Article 46 GDPR are met.
By concluding the EU Standard Contractual Clauses issued by the European Commission with the receiving entity, we fulfill the requirements for verifying appropriate safeguards under Article 46(2)(c) of the GDPR, as well as for ensuring an adequate level of data protection in the third country. You can download the EU Standard Contractual Clauses from the European Commission’s website [here](link).
EU-US Trans-Atlantic Data Privacy Framework: As part of the Data Privacy Framework (DPF), the EU Commission has also certified certain companies from the USA with a secure level of data protection through an adequacy decision dated 10/07/2023. Further information on this DPF and a list of certified companies can be found on the website of the US Department of Commerce at [https://www.dataprivacyframework.gov/](link).
Data Deletion
In accordance with legal requirements, the data processed by us will be deleted as soon as the original consent for processing is revoked or if other legal prerequisites cease to exist (e.g., if the purpose of processing no longer exists or the data is no longer required for this purpose). If the data cannot be deleted because it is needed for other legally permissible purposes, its processing will be restricted to these specific purposes. This means that the data will be blocked and used exclusively for such purposes. This may include data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. Information on the retention and deletion of data applicable to specific processing purposes may be included in our privacy notices.
Change and Update of Privacy Policy
When we make changes to our data processing processes, we also adjust the privacy policy accordingly. We will inform you if such changes require your participation (e.g., consent) or individual notification from you. For all other changes, please regularly review our privacy policy to stay informed about its contents.
Please note that the addresses and contact details of companies and organizations provided in our privacy policy may change over time. Therefore, before contacting us, we kindly ask you to verify the information.
Your Rights
In connection with the processing of personal data by us, you have rights as data subjects. For example, you have the right to request information about the data stored about you by us. You can also revoke consents given to us and object to individual data processing activities. Furthermore, you have the right to have incorrect data corrected and to request that we transmit certain data to you in a common electronic format. You also have the right to have data stored about you by us deleted. Please note that for legal reasons, we may be obliged to continue storing the data despite your request for deletion. Additionally, in individual cases, we may have an interest in continuing to store your data that outweighs your interest in its deletion (e.g., if we still have outstanding claims against you).
Your Rights in Detail
The rights you are entitled to against us (controller) can be asserted directly against us or against our data protection officer. The respective contact details can be found above in this statement.
In addition to the right to revoke your consent given to us, you have the following additional rights under the respective legal conditions:
The right to information about your personal data stored by us (Article 15 GDPR), in particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it was not collected directly from you;
The right to correct inaccurate or complete correct data (Article 16 GDPR),
The right to have your data stored by us deleted (“right to be forgotten”) (Article 17 GDPR), provided that no legal or contractual retention periods or other legal obligations or rights to further storage by us must be observed,
The right to restrict the processing of your data (Article 18 GDPR), insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion; we no longer need the data, but you need it to assert, exercise, or defend legal claims, or you have objected to the processing in accordance with Article 21 GDPR,
The right to data portability pursuant to Article 20 GDPR, i.e., the right to receive selected data stored by us about you in a common, machine-readable format or to request its transmission to another controller
The right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters (see below) for this purpose.
Right to Object
Under the conditions of Article 21(1) of the GDPR, data processing can be objected to for reasons arising from the particular situation of the data subject.
The aforementioned general right to object applies to all processing purposes described in this privacy information that are processed on the basis of Article 6(1)(f) of the GDPR. Unlike the specific right to object to data processing for advertising purposes, we are only obligated under the GDPR to implement such a general objection if you provide us with reasons of overriding importance for it (e.g., a possible danger to life or health).
Right of Withdrawal
If we process data based on consent given by you, you have the right to withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Supervisory Authority and Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Vorpommern
Lennéstraße 1
19053 Schwerin
Phone: +49 385 59494-0
Email: info@datenschutz-mv.de
Website: www.datenschutz-mv.de
The use of cookies on our website is intended to improve and personalize the user experience by collecting information about user behavior and interactions. These cookies may process various personal data, such as your IP address, browser type and version, interactions with the website, preferences, and login information.
The legal basis for processing this data is either your consent pursuant to Article 6(1)(a) of the GDPR or our legitimate interests pursuant to Article 6(1)(f) of the GDPR. We may also share your data with third-party providers such as service providers or partners who assist us in analyzing and optimizing our website.
You have the right to revoke your consent at any time and to object to processing in accordance with legal requirements. This can be done, for example, through your browser settings. However, please note that this may affect the functionality of our website. You can also object to the use of cookies for online marketing purposes through special opt-out pages.
When you visit our website for the first time, a cookie banner appears informing you about the use of cookies and requesting your consent. Your consent is stored to avoid repeated queries and to comply with legal requirements. The storage takes place either on the server or in a cookie and can last for up to two years.
If you have any further questions about the use of cookies or data protection, we are at your disposal.
Nachfolgend beschreiben wir weitere Verarbeitungsprozesse und Dienste, die wir in diesem Zusammenhang einsetzen:
Markforschung und betriebswirtschaftliche Auswertungen: Zu betriebswirtschaftlichen Analysezwecken und zur Marktforschung können wir die uns vorliegenden Daten zu Geschäftsvorgängen, Verträgen, Anfragen usw. auswerten. Dabei können Sie als Vertragspartner, Interessent, Kunde, oder sonstiger Nutzer unseres Onlineangebots betroffen sein. Die Analysen können betriebswirtschaftlichen Auswertungen sowie Marketingmaßnahmen (zum Beispiel zur Bildung von Kundengruppen zur zielgerichteten Werbeansprache) dienen. Diese Analysen bleiben intern und werden nicht Dritten weitergegeben, es sei denn es handelt sich um anonyme Analysen mit zusammengefassten und anonymisierten Werten. Wir achten auch auf Ihre Privatsphäre und verwenden die Daten für Analysezwecke möglichst pseudonymisiert oder, wenn möglich, anonymisiert, zum Beispiel als aggregierte Daten. Rechtsgrundlage für diese Datenverarbeitung sind berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).
When you enter into a contract with us or contact us via our website to initiate a contract, we process the data necessary for the establishment, execution, and/or termination of the contract with you. This includes:
Master/contact data (e.g., names, addresses)
Payment data (e.g., bank details, invoices, payment history)
Contract data (e.g., subject matter of the contract, term)
Usage and communication data (e.g., IP addresses, visited websites, access times)
The legal basis for this is Art. 6 para. 1 lit. b) GDPR, meaning you provide us with the data on the basis of the respective contractual relationship (e.g., contract processing) between you and us. Furthermore, we process your data based on legal obligations (Art. 6 para. 1 lit. c) and on the basis of legitimate interests (Art. 6 para. 1 lit. f) GDPR).
The purpose of processing is to provide the agreed services and fulfill our contractual obligations. Additionally, we take security measures to ensure the integrity and confidentiality of the data. For smooth operations, we use office and organizational procedures. Inquiries are managed and answered by us. To measure the effectiveness of our marketing activities, we conduct success analyses. Furthermore, we may create user profiles to provide personalized content.
Data stored in connection with the conclusion, execution, and/or termination of the contract with you will be deleted after the expiry of statutory warranty and similar obligations. Typically, this period is 4 years, unless the data is stored in a customer account, e.g., due to statutory retention obligations. Tax-relevant documents such as commercial books, inventories, opening balance sheets, annual financial statements, as well as the corresponding instructions, organizational documents, and booking documents are kept for 10 years. Received commercial and business letters as well as copies of sent letters are kept for 6 years. The retention period begins at the end of the calendar year in which the last entry was made, the inventory was created, the annual financial statement or management report was created, the letter was received or sent, or the booking document was created, and the record was made or the other documents were created.