Data Protection Declaration

I. Name and Address of the Data Controller

The controller in terms of the General Data Protection Regulation and other data protection legislation of the member states as well as further data protection provisions is:

Ruhr Tourismus GmbH

Centroallee 261

46047 Oberhausen

Germany

Tel.: 0208 89959100

Email: datenschutz@ruhr-tourismus.de

Website: www.ruhr-tourismus.de
 

II. Name and Address of the Data Protection Officer

The data protection officer of the controller is:

Dr. Ralf W. Schadowski

ADDAG GmbH & Co KG

Krefelder Straße 121

52070 Aachen

Germany

Tel.: 0241 446880

Email: info@addag.de

Website: www.addag.de
 

III. General Information on Data Processing

1. Scope of the Processing of Personal Data

We process the personal data of our users only insofar as this is required to maintain a functional website and present our content and services. As a general rule, we only process the personal data of our users with their consent. An exception may be made in those cases in which it is not possible to obtain such consent for de-facto reasons and the processing of the data is permitted on the basis of statutory regulations.

2. Legal Basis for the Processing of Personal Data

Point (a) of Art. 6(1) of the EU General Data Protection Regulation (GDPR) provides the legal basis for any request we may make for consent to process the personal data of data subjects. Point (b) of Art. 6(1) GDPR provides the legal basis for the processing of personal data for the fulfilment of a contract to which a data subject is the contractual party. This also applies to processing sequences that are required for the completion of precontractual measures.

Point (c) of Art. 6(1) GDPR provides the legal basis for the processing of personal data that are required to comply with a legal obligation to which our company is subject.

Point (f) of Art. 6(1) GDPR provides the legal basis where the processing of personal data is necessary in order to safeguard the legitimate interests of our company or any third party, and the interests, fundamental rights or freedoms of a data subject do not override the interests of the former.

3. Erasure of Data and Duration of Storage

The personal data of data subjects are erased or blocked as soon as the purpose for which they were stored no longer applies. Personal data may be stored for longer periods if provision for such storage has been provided by European or national legislatures in European Union regulations, laws or other regulatory requirements to which the controller is subject. Personal data are also blocked or erased if a corresponding period of retention stipulated by such regulations, laws or legal requirements expires, unless such data are required for the entry into or fulfilment of a contract.
 

IV. Provision of the Website and Creation of Logfiles

1. Description and Scope of Data Processing

Each time our internet site is accessed, our system collects data and information automatically from the computer system of the accessing computer.

In this respect, the following data are collected:

Information concerning the browser type and version used

Operating system of the user

IP address of the user (pseudonymised)

Date and time of access

The data are also stored in the logfiles of our system. A storage of such data together with other personal data of the user does not take place.

2. Hosting

The hosting services that we use have the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services which we use for the purpose of the operation of this online offering.

For this purpose, we and/or our hosting provider process the inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering according to point (f) of Art. 6(1) GDPR in connection with Art. 28 GDPR.

3. Legal Basis for the Data Processing

The legal basis for the temporary storage of the data and the logfiles is point (f) of Art. 6(1) GDPR.

4. Purpose of the Data Processing

The temporary storage of IP addresses by the system is required to allow for the delivery of the website to the computer of the user. In this respect, the IP addresses of users must be stored for the duration of the respective session.

The storage in logfiles takes place to ensure the functionality of the website. In addition, such data allows us to optimise our website and to ensure the security of our information technology systems. In this context, an evaluation of the data for marketing purposes does not take place.

For such purposes, we have a legitimate interest in the data processing according to point (f) of Art. 6(1) GDPR.

5. Duration of Storage

The aforementioned data are erased as soon as they are no longer required for achieving the purpose of their collection. In the case of data that are collected for the provision of our website, this occurs when the respective session has ended.

In the case of the storage of data in log files, this will take place within a maximum of seven days. Storage for a longer period is possible. In such cases, the IP addresses of the user are erased or pseudonymised so that they no longer permit the identification of the accessing client.

6. Possibility of Objection and Elimination

The collection of data for the provision of our website and the storage of the data in logfiles is considered a fundamental necessity for the operation of the internet site. As a result of this, the user has no possibility of objection.
 

V. Use of cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser and/or by the internet browser on the computer system of the user. Therefore, when a user visits a website, a cookie can be stored on the operating system of the user. This cookie contains a unique string of random letters that enable a clear identification of the browser when the user accesses the website again.

We use cookies to make our website more user-friendly. Certain elements of our internet site require the possibility of being able to identify the accessing browser, also subsequent to a change of page.

In this respect, the following data are stored and transferred:

Items in the shopping basket

Notepad entries

We also use cookies on our website that enable an analysis of the surfing behaviour of the user.

On this basis, the following data can be transferred:

Entered search terms

Frequency at which pages are accessed

Use of website functions

On accessing our website, the user is notified about the use of cookies for analytical purposes, and the consent of the user is obtained regarding the processing of the personal data used in this context. In this respect, reference is also made to this privacy policy.

2. Legal Basis for the Data Processing

The legal basis for the processing of personal data with the use of cookies that are required for technical reasons is point (f) of Art. 6(1) GDPR.

The legal basis for the processing of personal data with the use of cookies for analytical purposes is, with the provision of the respective consent of the user, point (a) of Art. 6(1) GDPR.

3. Purpose of the Data Processing

The purpose of using cookies is to simplify the use of websites for users. Certain functions of our internet site cannot be used without the use of cookies. In the case of these functions, it is necessary to be able to recognise the browser again when changing to a different page.

We require cookies for the following applications:

Shopping basket function

Notepad function

Website functions (e.g. playing YouTube videos)

The user data collected by such cookies that are required for technical reasons are not used in order to create user profiles.

Analytics cookies are used in order to improve the quality of our website and its content. The analytics cookies tell us how our website is being used, which contents are of interest to the visitors, and which functions are used. This allows us to optimise the website and its offering on a continuous basis.

For such purposes, we have a legitimate interest in the processing of personal data according to point (f) of Art. 6(1) GDPR.

4. Duration of Storage, Possibility of Objection and Elimination

Cookies are stored on the device of the user and transferred to our website. As the user, you therefore have complete control over the use of cookies. By changing the settings of the internet browser, the transfer of the cookies can be deactivated or restricted. Cookies that have already been placed can be disabled at any time. This process can also take place on an automated basis. If cookies are deactivated for our website, it may no longer be possible to make full use all the functions of our website.

The transfer of Flash cookies cannot be prevented through the browser settings, but can be done so by changing the settings of the Flash Player.
 

VI. Newsletter

1. Description and Scope of Data Processing

Our internet site provides users with the possibility to subscribe to a newsletter at no cost. In this respect, on registering for the newsletter, the data from the input screen are transferred to us. Such data are:

IP address of the accessing computer

Date and time of registration

Email or the ordering party

Your consent to the processing of the data is obtained and you are referred to this privacy policy during the registration process. For the purposes of sending the newsletter, the retrieved data are forwarded to rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg im Breisgau.

2. Legal Basis for the Data Processing

The legal basis for the processing of data after subscription to the newsletter by the user is, where the consent of the user has been provided, point (a) of Article 6(1) GDPR.

3. Purpose of the Data Processing

The collection of the email address of the user serves the purpose of the delivery of the newsletter.

4. Duration of Storage

The aforementioned data are erased as soon as they are no longer required for achieving the purpose of their collection. The email address of the user will be stored for as long as the newsletter subscription is active.

5. Possibility of Objection and Elimination

The subscription to the newsletter can be cancelled by the respective user at any time. A corresponding link is provided in each newsletter for this purpose.
 

VII. E-Commerce

1. Description and Scope of Data Processing

On our internet site, we provide users with the possibility to purchase the RUHR.TOPCARD, which entails the provision of their personal data. In this respect, the data are entered in an input screen, transferred to us and stored. For the purposes of the processing of the order, the data are forwarded to feratel media technologies AG, Moritschstraße 2, 9500 Villach, Austria and the logistics services provider Handwerk Industrie Dienstleistung-Service II, Wierlings Busch 9, 48249 Dülmen. The following data are collected during the registration process:

Title (Mr/Ms)

Name

First name

Address (street, postcode, location)

Email

Telephone number

In the case of (online) payments by credit card (MasterCard, VISA), PayPal or direct debit, your data will be collected and stored by DataTrans, Kreuzbühlstraße 26, CH-8008 Zurich, and only forwarded to the companies that are involved in the payment process. We do not store the credit card data.

In the event of (online) payments by direct debit or PayPal, your account data will be forwarded to telego! GmbH, creditPass® division, Mehlbeerenstraße 2, 82024 Taufkirchen, Munich. CreditPass® will transfer your data (name, address and, if necessary, date of birth) to CRIF Bürgel GmbH, Hamburg branch, Friesenweg 4, Haus 12, 22763 Hamburg, for the purpose of the credit check, to obtain information to assess the risk of non-payment based on mathematical-statistical methods using address data, and, in order to verify your address (deliverability check), to Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss; Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf; infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden; SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The legal bases for such transfers are point (b) of Art. 6(1) GDPR and point (f) of Art. 6(1) GDPR. Transfers on the basis of these provisions may only take place insofar as this is necessary in order to safeguard the legitimate interests of our company or third parties, and it does not outweigh the interests of the fundamental rights and freedoms of the data subject that otherwise require the protection of personal data. Detailed information on the credit agencies in terms of Art. 14 GDPR, i.e. information on the business purpose, the purposes of the data storage, the data recipients, the right of self-disclosure, the entitlement to erasure or rectification, etc., are provided under the following link:

www.crifbuergel.de/de/datenschutz
www.boniversum.de/EU-DSGVO
www.deutschepost.de/content/dam/dpag/images/D_d/DDP/Downloads/dp-direkt-zusatzinfo-datenschutzkonforme-adressloesungen-dsgvo.pdf
finance.arvato.com/content/dam/arvato/documents/financial-solutions/Arvato_Financial_Soultions_Art._14_EUDSGVO.pdf
www.schufa.de/de/datenschutz-dsgvo/
 

In the case of (online) payments by credit card (MasterCard, VISA), your account details (card number, verification code, duration of validity) are forwarded to Concardis GmbH, Helfmann-Park 7, 65760 Eschborn. We do not store the account data.

Your personal data can also be viewed by the respective service partners of RUHR.TOPCARD (participating leisure attractions, for example). In this respect, the service partners are not permitted to use your data for other purposes than the processing of the acceptance of RUHR.TOPCARD. The service partners are not permitted to engage in the forwarding or sale of your data.

a) PayPal as a Method of Payment

The controller has integrated components of PayPal on this internet site. PayPal is an online provider of payment services. Payments are processed via PayPal accounts, which constitute virtual private or business accounts. PayPal is also able to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there are no conventional account numbers. PayPal allows online payments to be initiated to third parties, and also allows for the receipt of payments. PayPal also assumes the role of trustee, and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.

If the data subject chooses “PayPal” as the payment option in the online shop during the ordering process, we shall automatically transfer the data of the data subject to PayPal. In selecting this payment option, the data subject agrees to the transfer of the personal data which is required for the payment processing.

The personal data transferred to PayPal usually consists of the first name, surname, address, email address, IP address, telephone number, mobile telephone number and other data necessary for the payment processing. The processing of the purchase contract also requires the personal data that are associated with the respective order.

The transfer of the data has the purpose of the payment processing and the prevention of fraud. In particular, the controller will transfer personal data to PayPal in the case of there being a legitimate interest in the transfer. Under certain circumstances, the personal data exchanged between PayPal and the controller may be transferred to credit agencies by PayPal. This transfer has the purpose of identity checks and credit checks.

PayPal may forward personal data to associated companies and service providers or subcontractors insofar as this is necessary for the fulfilment of contractual obligations or if the data are to be processed by order.

The data subject has the possibility to withdraw their consent to the processing of personal data towards PayPal at any time. Such a withdrawal does not have any effect on personal data which must be processed, used, or transferred for (the contractual) processing of payments. 

The current data protection provisions of PayPal are available at www.paypal.com/de/webapps/mpp/ua/privacy-full.

b) SSL Encryption

For security reasons and to protect the transfer of confidential contents such as orders or enquiries that you send us, this page uses SSL encryption. You can tell an encrypted connection by the fact that the address bar of your browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser bar.

When SSL encryption is active, the data you transfer to us cannot be read by third parties.

If, after the conclusion of a contract subject to charge, there is an obligation to provide us with your payment data (for example, account data for payment by credit card or direct debit), such data are required for the processing of the payment. Payment transactions via the usual methods of payment (Visa/MasterCard, direct debit) take place exclusively via an encrypted SSL connection. In the event of encrypted communication, the payment data that you transfer to us cannot be read by third parties.

2. Legal Basis for the Data Processing

If the data collected are used for the fulfilment of a contract to which the user is a party or for the implementation of pre-contractual measures, the additional legal basis for the processing of the data is point (b) of Art. 6(1) GDPR.

3. Purpose of the Data Processing

A collection of the data of the user is necessary for the fulfilment of a contract with the user, or for the implementation of pre-contractual measures.

4. Duration of Storage

The data are erased as soon as they are no longer required for achieving the purpose of their collection.
 

VIII. Contact Form and Email Contact

1. Description and Scope of Data Processing

Our internet site includes a contact form which can be used to contact us electronically. If a user makes use of this option, then the data entered on the input screen are communicated to us and stored. Such data are:

Name

First name

Email

Telephone

Street and house number

Postcode and location

Subject

Your message

The following data are also stored when the message is sent:

Date and time of registration

Your consent to the processing of the data is obtained and you are informed of this privacy policy during the sending process. For the purposes of sending items that may have been requested for postal delivery, the data will be forwarded to the logistics services provider Handwerk Industrie Dienstleistung-Service II, Wierlings Busch 9, 48249 Dülmen.

Alternatively, you can contact us using the email address provided. In this case, the user’s personal data communicated with the email are stored.

2. Legal Basis for the Data Processing

The legal basis for the processing of data is, where consent of the user has been provided, point (a) of Article 6(1) GDPR.

3. Purpose of the Data Processing

The processing of the personal data from the input screen has the sole purpose of allowing us to process the contacting. In the case of contacting us by email, this also constitutes the required legitimate interest in the processing of the data.

The other personal data that are processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of Storage

The aforementioned data are erased as soon as they are no longer required for achieving the purpose of their collection. For personal data from the input screen of the contact form and data that have been sent by email, this is the case when the relevant conversation with the user has come to an end. The conversation is also considered to have ended when it is clear from the circumstances that the relevant issue has been conclusively resolved.

 Any additional personal data collected during the sending process will be deleted after a period of fourteen days at the most.

5. Possibility of Objection and Elimination

The user is able to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by email, s/he is able to withdraw his or her consent to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.

In this respect, the user declares his or her withdrawal in writing by email on a clear basis. All personal data stored in the course of contact will be erased in this case.
 

IX. Web Analysis Services

1. Description and Scope of Data Processing

This website uses the web analytics service Google Analytics. This is a service which is provided by Google Ireland Limited (“Google”) a company which is registered and which operates according to the laws of the Republic of Ireland (register number: 368047) which is based in Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”. The information generated by the cookie about your use of our internet offering (including your shortened IP address) will be transferred to a server of Google and stored there. The processing of the data beyond the scope of application of EU law cannot be ruled out. For transfers to a third country and/or the USA, Google has concluded the standard EU data protection clauses with the companies that are based there.

2. Legal Basis for the Processing of Personal Data

The basis for the storage of Google Analytics cookies is point (f) of Art. 6(1) GDPR. The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

3. Purpose of the Data Processing

The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, please note that, in this case, you may not be able to make full use of all the functions of this website. 

4. Possibility of Objection and Elimination

You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, please note that, in this case, you may not be able to make full use of all the functions of this website. In addition, you can prevent the collection of the data created by the cookie and related to your use of the website (including your IP address) as well as the processing of such data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Deactivate Google Analytics

5. Objection to Data Collection

You can prevent Google Analytics from collecting your data on this website by clicking on the link below. An opt-out cookie will be set which will prevent any future collection of your data when you visit this website: https://adssettings.google.com/anonymous?hl=de&sig=ACi0TChVmevmsGgtwDdljrftL3IiFgyMPAyXecL6tIHU9zVeljWkqh1qD-5CARUH0OE-Thkp3vUU6Sg4MHuYN_zyroCJUguOszFkkZeYsNRNyknLcVQIP0M. You can find more information about how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
 

X Plugins & Tools

1. YouTube

Our website uses plugins by YouTube, a site operated by Google. This is a service which is provided by Google Ireland Limited (“Google”) a company which is registered and which operates according to the laws of the Republic of Ireland (register number: 368047) which is based in Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

If you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is made. In this way, this server receives information about which of our web pages you have visited.

If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

Our use of YouTube is in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR.

You can find further information about how user data are handled in the privacy policy of YouTube at: https://www.google.de/intl/de/policies/privacy.

2. Google Web Fonts

For the uniform presentation of fonts, this website uses web fonts provided by Google. When you access a page, your browser will load the web fonts required in your browser cache in order to display text and fonts correctly.

To that end, your browser needs to connect to Google’s servers. In this way, Google is made aware that our website has been accessed from your IP address. Our use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR. If your browser does not support web fonts, a standard font will be used by your computer.

You can find further information on Google Web Fonts at https://developers.google.com/fonts/faq and in the privacy policy of Google: https://www.google.com/policies/privacy/.

3. Google Maps

This site uses the map service Google Maps via an API. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

To use the functions of Google Maps, it is necessary to store your IP address. The information is usually transferred to a Google server in the USA and stored there. The provider of this page has no influence on this transfer of data.

Google Maps is used in the interests of ensuring an attractive presentation of our online offering and in ensuring that the places referred to on our website are easy to find. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR.

Further information on the management of user data is provided in the privacy policy of Google: https://www.google.de/intl/de/policies/privacy/.

4. Google reCaptcha

To protect enquiries you make using internet forms, this website uses the reCaptcha service from Google. This serves the purpose of determining whether the data was entered in the contact form by an individual person, or on a fraudulent basis by an automated computer program. For this purpose, the data to be entered is transferred to Google, where it is processed further. On the basis of the IP address and further data required for the service, Google checks whether the action was carried out by an individual person or by a computer. The IP address which is transferred will not be merged with any other data of Google. The deviating data protection provisions of the company Google apply to such data.

The use of reCaptcha takes place in the interests of the presentation of a secure website and to provide protection against automated entries (attacks).

Further information on Google reCaptcha is available at https://developers.google.com/recaptcha/ and in the privacy policy of Google: https://www.google.com/policies/privacy/.

5. Facebook Fan Page / Group

(1) The use of our Facebook Fan Page/Facebook Group requires the collection of personal data. Certain data are also collected when the user is not logged in. Specifically metadata (frequency, duration, location from which the “Like” information was provided, when users are online, which posts reach fans, which fans have interacted with posts and to what extent, information about the device used), personal data (gender, age, location, language and other demographic data) are collected by Facebook. Such personal data are used for statistical purposes. The legal basis for such use is point (f) of Article 6(1) GDPR.

(2) As a data subject, you are able to exercise your rights according to Art. 12 – 23 GDPR.

(3) Further information on the privacy policy of Facebook is available at https://www.facebook.com/about/privacy/, and specialist information on the Insight data is available at https://www.facebook.com/legal/terms/information_about_page_insights_data

(4) According to Art. 26 GDPR, there is a joint responsibility between us and Facebook regarding the Insights pages. This can be found in the form of an agreement at https://www.facebook.com/legal/terms/page_controller_addendum.
 

XI. Rights of the Data Subject

If your personal data are processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-â-vis the controller:

1. Right of Access

You can request confirmation of whether personal data concerning your person is processed by us from the controller.

If such processing takes place, you can request access to the following information from the controller:

  1.   the purposes for which the personal data are processed;
  2.   the categories of personal data that are processed;
  3.   the recipients and/or categories of recipients to whom your personal data are or have been disclosed;
  4.   the planned duration of storage for your personal data or, if definitive information cannot be provided, the criteria for the determination of the duration of storage;
  5.   the existence of a right to rectification or erasure regarding your personal data, a right to the restriction of processing by the controller or a right to object to such processing;
  6.   the existence of a right to lodge a complaint with a supervisory authority;
  7.   all available information concerning the origin of the data if the personal data are not obtained from the data subject;
  8.   the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – clear information on the logic involved and the scope and intended effects of such processing as regards the data subject.

You have the right to receive information on whether your personal data are transferred to a third country or an international organisation. In this context, you can require that we notify you of appropriate safeguards pursuant to Art. 46 GDPR in connection with any such transfer.

2. Right to Rectification

You have the right to require that the controller rectifies and/or completes your personal data insofar as the data that are processed are inaccurate or incomplete. The controller must make such changes without undue delay.

3. Right to the Restriction of Processing

You have the right to request the restriction of the processing of your personal data under the following conditions:

  1.   if you contest the accuracy of your personal data for a period sufficient to enable the controller to verify the accuracy of the respective personal data;
  2.   if the processing is unlawful and you oppose erasure of the personal data and request restriction of the use of the personal data instead;
  3.   if the controller no longer needs the personal data for the purposes of the processing, but you need the personal data to establish, exercise or defend legal claims, or
  4.   if you have objected to the processing pursuant to Art. 21(1) GDPR pending verification of whether the legitimate reasons of the controller override your reasons.

If the processing of the personal data in question has been restricted, this data – with the exception of its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of a significant public interest for the European Union or a member state.

If the restriction of processing has been restricted in accordance with the above requirements you will be notified by the controller before the restriction is lifted.

4. Right to Erasure

a) Duty to Erase

You have the right to require the controller to erase your personal data without undue delay, and the controller must then erase this data without undue delay insofar as one of the following reasons applies:

  1.   The personal data are no longer needed for the purposes for which they were originally collected or otherwise processed;
  2.   You have withdrawn your consent to processing pursuant to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR, and there is no other legal basis for such processing;
  3.   You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for such processing or you object to the processing pursuant to Art. 21(2) GDPR;
  4.   Your personal data were processed unlawfully;
  5.   Your personal data must be erased to comply with a legal obligation under European Union or member state law to which the controller is subject.
  6.   Your personal data were collected in connection with the scope of services offered by an information society pursuant to Art. 8(1) GDPR;

B) Provision of Information to Third Parties

If the controller has disclosed personal data concerning your person and is obliged to erase such data pursuant to Art. 17(1) GDPR, taking the technology and the cost of implementation into account, the controller must take reasonable steps, including technical measures, in order to inform the controllers who are processing the personal data that as the data subject, you have requested such controllers to erase all links to such personal data, or copies or replications of such personal data.

c) Derogations

The right to erasure does not apply insofar as the processing is necessary

  1.   to exercise the right to freedom of expression and information;
  2.   to comply with a legal obligation that requires processing under European Union or member state law to which the controller is subject, or for the completion of a task which is in the public interest, or to exercise official authority that has been vested in the controller;

 (3) in order to establish, exercise or defend legal claims.

5. Right to Information

If you have asserted your right to the rectification, erasure or the restriction of processing towards the controller, the controller is required to notify all recipients to whom personal data concerning your person has been disclosed of such a rectification, erasure or restriction of processing, unless such notification proves to be impossible or would entail a disproportionate amount of effort.

You have the right to be notified of such recipients by the controller.

6. Right to Data Portability

You have right to receive the personal data concerning you that you have made available to a controller in a structured, commonly used and machine-readable format. You also have the right to transfer such data to another controller without hindrance by the controller to which the personal data were provided, insofar as

  1.   the processing is based on consent pursuant to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR, and
  2.   the processing is carried out using automated processes.

In exercising this right, you also have the right to have personal data concerning your person be transferred directly from one controller to another insofar as this is feasible from a technical perspective. This may not be permitted to adversely affect the freedoms or rights of others.

The right to data portability does not apply to the processing of personal data which is required for the performance of a task which is in the public interest or in the exercising of official authority vested in the controller.

7. Right to Object

On grounds relating to your particular situation, you have the right to object to the processing of your personal data that takes place on the basis of point (e) or (f) of Art. 6(1) GDPR at any time; this also applies to a case of profiling which may be based on these provisions.

The controller will then cease to process personal data concerning your person unless it is possible to demonstrate compelling legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims.

If personal data concerning your person are processed for the purposes of direct marketing, you have the right to object to the processing of your data for such marketing purposes at any time; this will apply accordingly to any profiling that relates to such direct marketing.

If you object to processing for the purposes of direct marketing, personal data concerning your person will no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means in which technical specifications are used.

8. Right to Withdraw the Declaration of Consent under Data Protection Law

You have the right to withdraw your consent to the processing of your personal data at any time. Withdrawal of consent does not affect the legality of the processing which has been carried out on the basis of the consent before it was withdrawn.

9. Automated Individual Decision-making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – that has a legal effect on your person, or is associated with effects of a similar nature. This does not apply if the decision

  1.   is necessary for the entry into or performance of a contract between you and the controller,
  2.   is permitted under European Union or member state legislation to which the controller is subject, and such legislation includes appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  3.   is based on your explicit consent.

These decisions, however, may not be based on special categories of personal data according to Art. 9(1) GDPR, unless point (a) or (g) of Art. 9(2) GDPR applies, and appropriate measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.

As regards the cases referred to in points (1) and (3) above, the controller is required to implement appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which at least entails the right to obtain intervention by an individual person on the part of the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Regardless of any other administrative or judicial remedy, you have the right to complaint to a supervisory authority, in particular in the member state in which you are resident, the member state in which you work or in the place of the putative infringement if you are of the opinion that the processing of personal data concerning your person infringes the GDPR.

The supervisory authority with which the complaint is lodged will inform the person who lodged the complaint about the progress and the outcome of the complaint, including the possibility of a judicial remedy, pursuant to Art. 78 GDPR.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de



X. Plugins & Tools

(1) YouTube

Our website uses plugins from Google's YouTube site. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (register number: 368047) located at Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
For more information on how we handle user data, please see YouTube's privacy policy: https://www.google.de/intl/de/policies/privacy.

(2) Google web fonts

This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support the web fonts, a standard font from your computer will be used.

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google's privacy statement: https://www.google.com/policies/privacy/.

(3) Google Maps

This page uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing representation of our online offers and at an easy findability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.


(4) Google reCaptcha

To protect your request via internet form, this site uses the Google service reCaptcha. This is to dinstinguish wether the entry in the contact form is made by a human or abusive by an automated computer. For this purpose, your input will be transmitted to Google for further processing. Based on the IP address and other data required for the service, Google will check whether it is a human activity or a computer. The submitted IP address will not be merged with other data from Google. This data is subject to the deviating pivacy policies of Google.

The use of reCaptcha is in the interest of presenting a secure website and to protect us against automated input (attacks).

Fore more information about Google reCaptcha, please visit https://developers.google.com/recaptcha/ and read Google’s privacy statement: https://www.google.com/policies/privacy/.


XI. Rights of the data subject

If personal data are processed by you, you are affected in the sense of GDPR and you have the following rights against the data controller:

1. Right to information

You can ask the person in charge to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the data controller:

(1)       the purposes for which the personal data are processed;

(2)       the categories of personal data being processed;

(3)       the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

(4)       the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5)       the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;

(6)       the existence of a right of appeal to a supervisory authority;

(7)       any available information on the origin of the data if the personal data are not collected from the data subject;

(8)       the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of      such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The data controller shall make the correction without delay.

3. Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

(1)      if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;

(2)      the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3)      the data controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or

(4)      if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to cancellation

a) Deletion obligation

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

(1)      The personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.

(2)     You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.

(3)      You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.

(4)      The personal data concerning you have been processed unlawfully.

(5)      The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

(6)      The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, under consideration of technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exemptions

The right to cancellation does not exist insofar as the processing is necessary

(1)      to exercise freedom of expression and information;

(2)      for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller;

(3)      to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

You are entitled to be informed by the data controller of such recipients.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

(1)      processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2)      processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

7. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your consent to the data protection declaration at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner.

This does not apply if the decision

(1)      is necessary for the conclusion or performance of a contract between you and the person responsible,

(2)      the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or

(3)      with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.