Privacy Policy
We, Paniceus Gastro Systemzentrale GmbH, would like to welcome you to our website and are delighted that you are visiting and interested in our world of true passion. Not only are our Peter Pane brand and the passion for our experience ambience a matter close to our hearts, which everyone at our company is committed to every day, but the protection of your personal data is also important to us. For this reason, we will inform you below about the topic of data protection and how it is handled on our websites.
The whole thing can be a very extensive topic or simple and easy to find. We have therefore created an overview for you first. You can look at everything or jump directly to a topic that is important to you.
1) RESPONSIBLE BODY FOR DATA PROTECTION AND OUR DATA PROTECTION OFFICER
a) RESPONSIBLE ENTITY FOR THE PROCESSING OF YOUR PERSONAL DATA IS:
Paniceus Gastro Systemzentrale GmbH
Managing Director: Patrick Junge
Breite Straße 1-5
23552 Lübeck
Contact
Tel.: +49 (0) 451 989 065 60
Fax: +49 (0) 451 989 065 70
E-mail: [email protected]
b) OUR DATA PROTECTION AUTHORITY IS:
We are supported and advised by an external data protection officer.
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: https://www.dsn-group.de/
E-Mail: [email protected]
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection. If you contact our data protection officer, please also indicate the responsible body named in the legal notice.
2) WHAT ARE COOKIES AND WHAT ARE THEY USED FOR?
Cookies are stored on your computer when you use our website.
Cookies are text files that are placed and stored on a computer system via an Internet browser. As a result, information flows to the location that set the cookie. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective. A distinction is made between the following types:
Session Cookies
Diese Cookies werden automatisch nach Schließen der Webseite gelöscht.
Persistent Cookies
These cookies are automatically deleted after a specified period, which may vary depending on the cookie.
You can delete cookies at any time in the security settings of your browser. You can also configure your browser settings according to your own wishes and, for example, refuse to accept certain cookies or all cookies. However, we would like to point out that you may then not be able to use all the functions of this website.
The processing of your data for functional cookies takes place in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interest in ensuring that parts of our website function properly and that your user preferences remain known.
The legal basis for the processing of your data for cookies for statistics or marketing is your consent (see Art. 6 Abs. 1 lit. a DSGVO ).
You can also find further information on the individual cookies in our COOKIE POLICY (EU).
3) WHAT DATA IS PROCESSED FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS?
a) VISITING THE WEBSITE
If you only visit our website, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser automatically transmits to our server. This includes the Internet browser used and the version, your operating system, the URL/source of the website from which you came to us, the website and/or sub-pages you visit, your IP address, your Internet service provider, the amount of data sent (bytes) and the time and duration of your visit to our website.
This data is technically required to display our website to you and to ensure the security and compliance with the information standards of the website. We evaluate this data exclusively for statistical purposes in order to rectify possible technical errors and, if necessary, to be able to identify attacks and security risks. We cannot use it to create personal user profiles.
So you can surf our website undisturbed, inform yourself and get to know us.
The legal basis for data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR ) on the functionality and security of our website.
b) CONTACTING PETER PANE
Our website contains information that enables you to contact us quickly. This includes our general address and our e-mail address. You also have the option of contacting us via our contact form.
You have the option of getting in touch with us via our contact form. To use our contact form, we first need the data marked as mandatory fields.
We use this data on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR to answer your request.
In addition, you can decide for yourself whether you would like to provide us with further information. This information is voluntary and is not mandatory for contacting us. We process your voluntary information on the basis of your consent.
Your data will only be processed to answer your request. We will delete your data if it is no longer required and there are no legal obligations to retain it.
Insofar as your data transmitted via the contact form is processed on the basis of Art. 6 para. 1 p. 1 lit. f GDPR, you can object to the processing at any time. You can also revoke your consent to the processing of voluntary data at any time. Please contact the following e-mail address: [email protected]
WhatsApp chat with Hello Charles
For the WhatsApp chat, we use Hello Charles, a software solution from Charles GmbH, Gartenstr. 86-87, 10115 Berlin, Germany, within the framework of a data processing agreement. The WhatsApp Business API is used for this service, so WhatsApp has no access to personal data in our area of responsibility. The messages exchanged with us are encrypted when using the Business API, so that third parties have no access to the content.
The legal basis for the corresponding data processing is Art. 6 para. 1 lit. a) GDPR, as the respective user indicates by using the chat function that they wish to communicate with us via this channel and the corresponding processing of personal data is in their interest.
Hello Charles deletes or anonymizes your data as soon as it is no longer required for the purposes of processing, you ask us to delete it or revoke your consent to its storage.
You can find the corresponding privacy policy of Hello Charles at https://www.hello-charles.com/privacy-policy
The use of WhatsApp by the respective user is governed exclusively by the agreements made by the user with the WhatsApp provider.
You can find the corresponding privacy policy of Whatsapp at https://whatsapp.com/legal/business-policy/ available.
c) NEWSLETTER
If you register for our newsletter directly on the website, we will use your e-mail address to send you the newsletter, in which we regularly inform you about interesting products and services from us. You can of course register voluntarily. All you need to do is enter your name and e-mail address. You can voluntarily add your date of birth, but you do not have to.
If you register for the newsletter on Peter Bringt’s and in the reservation tools, additional data from you will also be processed (e.g. your address) in order to inform you about even more suitable products and services.
We currently still use email marketing software to send the newsletter. Therefore, the data will also be passed on to the operator of the system if necessary. This is Getresponse, Grunwaldzka 413, 80-309 Gdansk, Poland.
We are in the process of switching from Getresponse to Mautic. Mautic is an open source solution for managing newsletter lists, which is hosted by us. This allows us to divide your contacts into segments and assign them to the campaigns that are of interest to you.
We use a service from Inc, 1801 California Street, Suite 500, Denver, CO 80202, USA, to send the newsletter emails. This means that your newsletter data, such as your email address, is stored on SendGrid’s servers in the USA. SendGrid’s service allows us to organize and analyze the newsletter by determining whether you have opened a message or which link you have clicked on. It also collects technical information (e.g. time of access, IP address, browser type and operating system). This enables us to optimize our newsletter and address you in a targeted manner as well as better identify problems with delivery. You can also find more information about SendGrid directly at https://sendgrid.com/resource/general-data-protection-regulation-2/
The legal basis for the administration and sending of the newsletter is your consent (Art. 6 Abs. 1 lit. a DSGVO ).
In order to ensure your proper registration for the newsletter, i.e. to prevent unauthorized registrations in your name by someone else, we will send you a confirmation e-mail after your first newsletter registration in the so-called double opt-in procedure, in which we ask you to confirm your registration.
In connection with your newsletter registration, we also store your registration data (e-mail address, date and time of registration/confirmation of opt-in, first name and surname, as well as the city in which you are located) so that we can track and show the registration at a later date.
The legal basis for this storage of your data for proper registration is our legitimate interest (Art 6 para. 1 lit. f GDPR ). The legitimate interest is based in the obligation to prove consent.
WhatsApp newsletter dispatch via Hello Charles
For the newsletter dispatch via WhatsApp we use Hello Charles, a software solution from Charles GmbH, Gartenstr. 86-87, 10115 Berlin, Germany, within the framework of a data processing agreement. The WhatsApp Business API is used for this service, so WhatsApp has no access to personal data in our area of responsibility. The messages exchanged with us are encrypted when using the Business API, so that third parties have no access to the content. To be able to use the WhatsApp newsletter, you must first register via a CTA or a QR code.
The legal basis for the corresponding data processing is Art. 6 para. 1 lit. a GDPR , as the respective user consents to the use of the newsletter function by means of a double opt-in procedure. You can revoke your consent via a keyword you have specified within the communication.
d) credit check of voucher cards
You have the option of checking the balance on your voucher card. We compare the voucher number with our system. The data is only processed temporarily during the query. Such data transmitted voluntarily by you will only be processed by us for the purpose of the query.
The legal basis for the credit check is our legitimate interest (Art 6 para. 1 lit. f GDPR ). The legitimate interest is to offer this service in order to make the credit check as easy as possible and thus make you happy as a guest.
7. ONLINE RESERVATION
You have the possibility to reserve a table directly in one of our restaurants.
For an online reservation, we record the desired date, time, number of people and your personal data (first and last name, e-mail address and telephone number). To do this, we use the online reservation system via a programming interface, often referred to as an API for short. When you call up the page, your browser loads the required scripts into your browser cache in order to display the quick reservation function correctly. We process this data for the purpose of carrying out the reservation in accordance with Art. 6 para. 1 lit. b GDPR. If you voluntarily provide us with further data (e.g. your telephone number), we will process this data on the basis of your consent, which you can revoke at any time, and exclusively for the purpose of making the table reservation and to be able to contact you in the event of any queries regarding the reservation. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR.
For online reservations, we use a service provided by Aleno AG, Steinackerweg 18, 8047 Zurich, which supports us as a strictly instruction-bound processor. An order processing contract has been agreed.
f) LOCATION MAPS
Our website features interactive maps so that you can quickly find a Peter Pane restaurant near you. If you allow location access, data about nearby wireless access nodes and the IP address of your computer will be collected. We then pass this data on to the location service provider to determine your approximate location.
On some of our pages we use an element of uberall GmbH, Hussitenstraße 32-33, 13355 Berlin, so that you can find us even better and we can make our experience even better through your online reviews.
This element in turn integrates Google Maps. Google Places API, a map service from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) is used to display an interactive map. When using Google Maps on our website, a connection to the Google server is required. This allows Google to process data about the use of the Maps functions (including your IP address). For more information, please refer to Google’s privacy policy at https://www.google.de/intl/de/policies/privacy/.
On some other subpages we use a plugin from Leaflet, an open source JavaScript library for mobile-friendly interactive maps.
This element integrates OpenStreetMap maps. Your IP address will be sent to the OpenStreetMap server.
The OpenStreetMap Foundation is a non-profit organization registered in Great Britain. OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. Information can be found in the privacy policy of OpenStreetMap at https://wiki.osmfoundation.org/wiki/Privacy_Policy.
You can see from the footer of the location maps whether it is an element from uberall GmbH or Google Maps or the plugin from Leaflet.
The legal basis for the processing is your consent (Art. 6 Abs. 1 lit. a DSGVO ).
Please note that the embedding of some map services means that your data will be processed outside the EU or the EEA (in particular in the USA). For transfers to the USA, an adequate level of data protection is guaranteed due to Google’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).
g) VIDEOS
To make the world of Peter Pane even more authentic for you, we have included videos on our website via YouTube. YouTube is an Internet video portal that allows users to post video clips and view, rate and comment on them. The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. When you access a website in which a video has been integrated, the Internet browser on your computer will download the corresponding video from YouTube if you have voluntarily allowed this. Your IP address may also be transmitted. As a result, YouTube and Google receive information about which specific website you have visited. If you are logged in to YouTube at the same time, this data is collected and assigned to your YouTube account. If you do not wish to do this, please log out of your YouTube account beforehand. For further information, please refer to the privacy policy https://policies.google.com/privacy?hl=de&gl=de.
The legal basis for the processing is your consent (Art. 6 para. 1 lit. a GDPR).
For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).
Google Fonts
Google Fonts are fonts provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). As a rule, we have integrated these fonts locally. This prevents your data from being forwarded to Google. However, it cannot be completely ruled out that Google fonts will continue to be loaded on a website in which a YouTube video is embedded and you have voluntarily allowed the download. This means that your browser loads the required fonts from a Google server into your browser cache, whereby information from your browser flows back to Google. This is usually part of the same information as for YouTube. The fonts can display a visually improved presentation of the texts. If you do not want this, please do not allow YouTube videos. For further information, please refer to the privacy policy https://policies.google.com/privacy?hl=de&gl=de.
The legal basis for the processing is your consent (Art. 6 Abs. 1 lit. a DSGVO ).
For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).
h) MUSIC FROM THE PETER PANE
Let’s be honest, we all love the music from the Peter Pane. We have also included the radio play and our playlists on our website. We use Spotify for the integration of music and podcasts on our website. The operating company of Spotify is Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. When you access a website in which music has been integrated, the Internet browser on your computer will establish a connection to the Spotify server if you have voluntarily allowed this. Your IP address may also be transmitted. This gives Spotify knowledge of which specific website you have visited. If you are logged in to Spotify at the same time, this data is collected and assigned to your Spotify account. If you don’t want to do this, please log out of your Spotify account beforehand. For further information, please refer to the privacy policy https://www.spotify.com/de/legal/privacy-policy/.
The legal basis for being able to enjoy the playlist on Spotify is your consent (Art. 6 Abs. 1 lit. a DSGVO ).
i) INTEGRATION OF OTHER THIRD-PARTY TECHNICAL CONTENTS AND FUNCTIONS
We use the technical functions and content of third-party providers listed below to display our websites.
When you access our pages, the content of the third-party provider that provides these functions and content is loaded. As a result, the third-party provider receives the information that you have accessed our site and the usage data technically required in this context. We have no influence on further data processing by the third-party provider.
The data processing takes place either on the basis of your consent, provided that this was previously given via our banner solution, or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA (in particular in the USA). An adequate level of data protection is guaranteed for transfers to the USA on the basis of the adequacy decision (EU-U.S. Data Privacy Framework).
Cloudflare
On our website we use a so-called Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA (“Cloudflare”). A content delivery network is an online service that is used to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare’s content delivery network helps us to optimize the loading speed of our website.
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website.
We have concluded a data processing agreement with Cloudfare (Data Processing Addendum, available at https://www.cloudflare.com/de-de/cloudflare-customer-dpa/), which obliges Cloudfare to protect the data of our website visitors and not to pass it on to third parties.
Further information can be found in Cloudflare’s privacy policy at https://www.cloudflare.com/privacypolicy/
WooCommerce
We have integrated the WooCommerce open source store system as a plugin on our website. This WooCommerce plugin is based on the WordPress content management system, which is a subsidiary of Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). Due to the implemented functions, your data is stored and processed locally on our server. The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in providing our menu digitally.
j) ANALYSETOOLS
We use analysis tools on our website to offer you an even better and more targeted experience at Peter Pane, provided you have voluntarily allowed this. This way we know if a promotion was successful or if you are not interested. How we do this is listed below.
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR), provided that you have given your consent via our banner. You can revoke your consent at any time. Please follow this link and make the appropriate settings via our banner.
Google Tag Manager
We use Google Tag Manager to manage the Google tools on our website. It helps us to organize them via a simple user interface. The Google Tag Manager itself does not store any data, but only forwards it to the managed tools. However, as forwarding is also part of data processing, we will of course also explain this to you. Google Tag Manager is a tool from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can find out how the data transmitted is processed in the individual tools listed by the operator Google.
Google Analytics 4:
Google Analytics is a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use this service to process information from you and other visitors in order to evaluate behavior on our website. We do this by looking at which website you came from (so-called referrers), which subpages of the website you visited or how often and for how long you viewed a subpage. This allows us to optimize our website and address you in a targeted manner. By using the tracking service, we can identify specific user groups that have made reservations or visited our restaurant, which in turn allows us to plan more targeted campaigns. In Analytics, all IP addresses that are collected from you in the EU are deleted before they are recorded via EU domains and servers. In addition, no precise location data is provided in the EU. Instead, the following metadata is derived from IP addresses: “city” (and the derived latitude and longitude of the city), “continent”, “country”, “region”, “subcontinent” (and the ID-based equivalents). For access originating from the EU, IP address data is only used to derive location data and then deleted immediately. They are not logged, are not accessible and are not used for other applications. Google Analytics also uses cookies to enable analysis. We have explained what cookies are in the section above. This also gives Google knowledge of your data, which Google uses, among other things, to track your origin and clicks and subsequently to enable commission settlements. The cookie also stores the access time, the location from which your access originated and the frequency of your visits to our website.
If you do not want this, you can object to the setting of cookies in the settings of your browser and delete cookies that have already been set. You can also prevent your data from being used by installing a browser add-on, which will then be recognized by Google Analytics. You can find the browser add-on at https://tools.google.com/dlpage/gaoptout. Please note that if you delete, format or otherwise reinstall your computer, smartphone or other device, you will also have to reinstall the add-on. Further information can be found in the privacy policy https://www.google.de/intl/de/policies/privacy/ and https://support.google.com/analytics/answer/6004245?hl=de. The terms of use also provide more detailed information at http://www.google.com/analytics/terms/de.html.
As part of the Google Analytics service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also take place by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.
Facebook Pixel
Facebook Pixel is a code on our website. A code is a section of the readable text of our programming, i.e. the machine language. By using the Facebook pixel, we have the possibility to collect and analyze your user data. This data enables us to optimize our funnels at all levels. Funnels sounds very technical at first. However, it is really only a matter of getting to know your interests so that we can present you with the right offers, products and advertisements. Facebook can track your actions with the pixel function. The Facebook pixel becomes active, for example, when you order a product on a website. This is then noted in a cookie. We have explained what cookies are in the section above. Facebook can then use this cookie to assign your data (e.g. IP address or user ID) to your Facebook account. The operating company of Facebook is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We then receive anonymous data back from Facebook, which we can use to personalize the advertising measures and offer you a tailored experience. If you wish, you can also manage your settings yourself. You can find the setting options at https://de-de.facebook.com/help/109378269482053/?helpref=uf_share. For further information, please refer to the privacy policy https://de-de.facebook.com/about/privacy. You will also find information on what other settings you can make on Facebook to protect your privacy.
TikTok Pixel
TikTok Pixel is a code on our website. A code is a section of the readable text of our programming, i.e. the machine language. By using the TikTok pixel, we have the possibility to collect and analyze your user data. This data enables us to optimize our funnels at all levels. Funnels sounds very technical at first. However, it is really only a matter of getting to know your interests so that we can present you with the right offers, products and advertisements. With the Pixel function, TikTok can track your actions. The TikTok pixel becomes active, for example, when you order a product on a website. This is then noted in a cookie. We have explained what cookies are in the section above. With this cookie, TikTok can then assign your data (e.g. IP address or user ID) to your TikTok account. The service provider is the Chinese company TikTok. The operating company in Europe is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
We only receive summarized and aggregated data back from TikTok, which we can use to personalize the advertising measures and offer you a tailor-made experience. This means that we cannot draw any conclusions about you, but only receive the number of followers or the country or region, among other things. For further information, please refer to the privacy policy https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.
Open Web Analytics
Open Web Analytics is an open source software that we host ourselves. By using Open Web Analytics, we have the possibility to evaluate the behavior on our website. We do this with the help of a so-called heat map analysis, which visualizes the website visits. Areas in which you click the most or view for longer are displayed differently than areas that are viewed less. In addition, analyses of the mouse movement can be evaluated. This enables us to optimize our website and address you specifically. All IP addresses that are collected from you in the EU are shortened and anonymized. Open Web Analytics also uses cookies to enable the analysis. We have explained what cookies are in the section above. The cookie also stores the access time, the location from which your access originated and the frequency of your visits to our website. If you do not want this, you can object to the setting of cookies in the settings of your browser and delete cookies that have already been set.
k) COMPETITIONS
From time to time we offer you various competitions on our website. In doing so, we process personal data that you provide to us in the course of participating in the competition. This is general personal data (surname, first name, date of birth, gender and e-mail address) as well as any other information required for the competition. All participants are recorded and stored for determining winners. In the event of a win, it may be necessary for us to request further personal data from the winners after the end of the competition, such as their address, in order to be able to send the prize or to publish data, videos and pictures of you as the winner in advertising media, including social media platforms. In some cases, we may also work with third parties to select winners and provide prizes. The data will therefore also be passed on to our competition partners where necessary. For further information, please refer to the individual conditions of participation for each competition.
The legal basis for the processing of your personal data to carry out the competition and process the prizes is the fulfillment of a contract with you, as the collection of the data and its further processing is necessary in order to be able to carry out the competition in accordance with the respective conditions of participation (Art. 6 para. 1 lit. b GDPR ). If you give us your express consent to process your personal data for specific purposes (e.g. publications on our website and on our social media channels), the lawfulness of this processing is based on your consent (Art. 6 Abs. 1 lit. a DSGVO )
l) APPLICATION PROCEDURE
We use an applicant management system for the application process. Therefore, the data will also be passed on – if necessary – to the operator of the applicant management system. This is softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin. We have concluded an agreement with the service provider acc. Art. 28 GDPR concluded with the service provider.
If you are redirected to our career portal, please make sure that you are taken directly to our applicant management system. There you will find additional data protection information.
The legal basis is the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR )
4) RECIPIENTS OF YOUR DATA
We only pass on your personal data to the extent necessary. It is important to us that you know that we do not sell your personal data or trade it commercially in any other way.
A necessary scope exists, among other things, if we are legally obliged to do so or have commissioned other companies to carry out tasks. We have listed which companies these are in this data protection notice.
It will be passed on:
- within Paniceus Gastro Systemzentrale GmbH and other companies of the Peter Pane family, our affiliated companies. This is the case, for example, to answer your inquiries, to support our IT systems or as part of our franchise system or to implement our system gastronomy concept.
- Companies that we have commissioned to carry out tasks;
- Public bodies or authorities, if we are legally obliged to do so;
- to other companies if you have given us your consent to do so or have even asked us to transfer your personal data.
Of course, all of this only takes place to the extent that it is necessary for the respective fulfillment of the purposes.
5. DATA PROCESSING IN A THIRD COUNTRY
As one of the 20 best-known restaurant chains in Germany, we have our headquarters in Lübeck. Every day, ideas for new Peter products, nature conservation projects and ways to make things even more enjoyable for guests fly out from here into the Peter universe, which is spread all over Germany and now also in Vienna/Austria. This means that all our sites are located within the EU/EEA.
However, we are partly dependent on small tools and companies to support us in our daily work. The data may not be processed exclusively in the EU/EEA. If a company is not based exclusively in the EU/EEA, data may also be processed at other company locations. This can be, for example, a registered office in the United States of America or, as is the case with TikTok, Singapore.
We have listed all international data transfers in this data protection notice and have of course weighed up their use. If we transfer personal data, then only if we are guaranteed an appropriate level of data protection. This is the case if it is a safe third country that has been recognized by the European Commission as having an adequate level of protection or if we have been assured of suitable guarantees on the basis of standard data protection clauses.
However, please note that the same data protection regulations do not always apply in countries outside the EU/EEA. As a result, you may not be able to exercise all the rights to which you would be entitled in the EU/EEA.
6. STORAGE DURATION OF YOUR DATA
We only store your data for as long as is necessary. This is particularly the case if:
- the purpose for which we have stored your personal data has not yet been fulfilled;
- we still have to fulfill contractual obligations to you;
- we check and grant complaints from you;
- there is a statutory retention period;
- or you have given us your consent to store it.
For example, we have to keep invoices and accounting documents for 10 years. This is prescribed by law.
All application documents are generally stored for a maximum period of six months, unless you have expressly given us permission to store your data for a longer period or a contract has been concluded.
7. YOUR RIGHTS AS A DATA SUBJECT
Right to information (Article 15 GDPR)
You have the right to request confirmation from us as to whether we are processing your personal data. If this is the case, you have a right to information about the data concerning you.
The easiest way to do this is to contact [email protected] for more information.
Rectification (Article 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You can also have incomplete data completed. You can do this by means of a supplementary declaration.
Erasure (Article 17 GDPR)
You have the right to demand that we erase your personal data without undue delay. We are obliged to do so if the following reasons apply:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You have withdrawn your consent to the processing of your personal data and there is no other legal basis for the processing.
- You have lodged an objection to the processing with us and there are no overriding legitimate grounds.
- You have objected to direct marketing. This also applies to profiling insofar as it is associated with such direct advertising.
- We have processed your personal data unlawfully.
- We are subject to a legal obligation under Union or Member State law and must comply with it.
- Your personal data have been collected in relation to the offer of information society services referred to in 8 Abs. 1 DSGVO . This involves the consent of a child and the consent of the holder of parental responsibility.
If we are responsible for the data processing, have made the data public and are obliged to delete it, we will of course take all reasonable measures to inform everyone that you have requested the deletion of all links to your personal data or copies or replications of your personal data.
Restriction (Article 18 GDPR)
You have the right to obtain from us restriction of processing where one of the following applies
- the accuracy of your personal data is contested by you, for a period enabling us to verify the accuracy of your personal data.
- the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead.
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
- you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
We will inform you before the restriction is lifted.
Data portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (e.g. as a pdf file) and you have the right to transmit those data to another controller without hindrance from us, where the processing of your data is based on your consent or on a contract with us.
Right to object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or based on our legitimate interest. This also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
To exercise your right to object, you can contact any of our employees directly.
You are also free to exercise your right to object in connection with the use of information society services (e.g. the Internet), notwithstanding the ePrivacy Directive (Directive 2002/58/EC), by means of automated procedures using technical specifications. The easiest way to do this is via e-mail [email protected].
Withdrawal of your consent (Article 7 GDPR)
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You can contact us directly at any time and let us know. The easiest way to do this is via e-mail [email protected].
You can revoke the consent you have given us for the newsletter at any time by using the corresponding link contained in each newsletter.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you believe that the processing of your personal data violates the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy.
8. automated decision making including profiling
We do not make any automated individual decisions about you that could have a legal effect on you or would significantly affect you in a similar way.
As described separately in the data protection information and provided you have given your consent, profiling only takes place in connection with direct advertising, such as the newsletter. However, this only has an influence on the content of your advertising and not on you personally.
Status June 2024