Fewo-Verwalter - Data protection
Data protection information (information obligations according to Art. 13 DSGVO)
In our opinion, data protection should be transparent, easy to understand and, above all, fair to all sides. Therefore, we would like to inform you in this data protection notice on the one hand about which personal data we collect from you and use, whether and, if so, to which third parties these may be passed on, how long we store the data and which rights you have if you do not agree with our responsible handling. Should any questions remain unanswered after these detailed data protection notices, please do not hesitate to contact us using the following contact details.
definitions
In order to start from the same assumptions, we would like to clarify a few definitions at this point. This ensures that everyone involved knows what we are talking about and assuming in the following notes.
Personal data: This is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: processing shall mean any operation or set of operations which is carried out with or without the aid of automated means relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or integration, qualification, erasure or destruction.
Limitation of processing: This refers to the marking of stored personal data with a view to limiting their future processing.
Profiling: Any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements of that natural person, is called profiling.
Pseudonymisation: Pseudonymisation involves the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
controller: a natural or legal person, public authority, agency or any other body which alone or jointly with others decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his designation may be laid down by Union law or by the law of the Member States.
]
Recipient: any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing.
nbsp]
Third party: a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent: This is any expression of will voluntarily given by the data subject in the particular case, in an informed and unequivocal manner, in the form of a statement or other unequivocal affirmative act, by which the data subject indicates his or her consent to the processing of his or her personal data.
1. name and contact details of the responsible person
The person responsible for data processing is
Xsigns GmbH & Co. KG
Karl-Göx-Str. 7
27356 Rotenburg
You can reach us by post, by email at info@xsigns.de or by phone +49 4261 818340.
2. data protection officer
In our company, all employees are obliged to handle your data responsibly. A data protection officer cannot currently be appointed, as less than 10 people work in our company.
3. collection of personal data during informational use
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f DSGVO):
nbsp]
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
Data volume transferred in each case -
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software.
4. use of cookies
(1) Cookies are also stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.
We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.
a) This website uses the following types of cookies, the scope and function of which are explained below:
- Transient Cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
e) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you will have to log in again for each visit.
(2) This stored information will be stored separately from any other data we may provide. In particular, the cookie data will not be linked to your other data.
(3) You can object to this data processing at any time with effect for the future.
5. use of functions of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must usually provide further personal data which we use to provide the respective service. If additional voluntary information is possible, it is marked accordingly.
(2) When you contact us by e-mail or using the contact form, your e-mail address and, if you so provide, your name, address, telephone number and e-mail address will be used to contact us.
(2) When you contact us via e-mail or the contact form, we will store your e-mail address and, if you provide it, your name, address, telephone number and any other information you provide on the contact form in order to answer your questions.
6th Newsletter
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a DSGVO.
nbsp]
(4) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can withdraw your consent by sending an e-mail to info@xsigns.de or by sending a message to the contact details given in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For evaluation purposes, we link the data mentioned in section 3 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click in them and infer your personal interests from this. We link this data with the actions you take on our website.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. The information is stored as long as you have subscribed to the newsletter. After you have unsubscribed, we store the data purely statistically and anonymously.
7. data transfer to third parties
(1) We will only pass on your personal data to third parties if we offer participation in promotions, competitions, bookings or contracts together with a third party provider. In this case, you will be informed separately of the transfer to third parties before your data is passed on.
(2) In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us in writing. They are bound by our instructions and are regularly checked by us. The service providers will not pass this data on to third parties. If these service providers are located in the USA, we will inform you of this in connection with the respective functions. This data processing also takes place in accordance with the applicable legal situation.
7.1 Use of Google Maps
(1) On this website we use the services of Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.
(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in paragraph 3 of this declaration will be transmitted. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7.2 Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(4) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f DSGVO.
(5) Third-party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, Privacy Statement: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Statement: http://www.google.de/intl/de/policies/privacy.
(6) This website also uses Google Analytics for a cross-device analysis of visitor flows conducted through a User ID. You can deactivate the cross-device analysis of your use in your customer account under "My data", "Personal data".
7.3 Use of Google Adwords Conversion
(1) We use the services of Google Adwords to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the interest of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of advertising costs.
(2) These advertising media are delivered by Google via so-called "Ad Servers". We use Ad Server Cookies for this purpose, which can be used to measure certain parameters such as the display of ads or clicks by users. If you access our website via a Google advertisement, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values.
(3) These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not yet expired, Google and the customer may recognize that the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.
(5) You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third party cookies so that you do not receive advertisements from third parties; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to make full use of all the functions of this offer.
(6) The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. f DSGVO. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org . Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7.4 Remarketing
Besides Adwords Conversion we use the application Google Remarketing. This is a process with which we would like to address you again. With this application, you can be shown our advertisements after visiting our website when you continue to use the Internet. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behaviour when you visit various websites. This allows Google to determine your previous visit to our website. According to Google's own statements, the data collected during remarketing is not merged with your personal data, which may be stored by Google. In particular, according to Google, a pseudonymisation is used for remarketing.
Integration of third party services
(1) We have included YouTube videos in our online offering which are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.]
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in paragraph 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in the Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8. recipients or categories of recipients
If we pass on your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, we also use external service providers for the technical and organisational processing, with whom we have concluded corresponding contract processing agreements as defined by Art. 28 DSGVO (until 25.5.2018, § 11 BDSG). These are, for example, service providers for web hosting, sending e-mails and letters, maintenance and servicing of our IT systems, etc.
9. storage duration
Your data will be stored as long as it is absolutely necessary for the achievement of the respective purpose, but at the latest as long as any legal regulations require us to do so (e.g. under commercial law we are obliged to keep business letters, including e-mails, for 10 years).
As soon as the storage purpose no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data are routinely blocked or deleted.
10. your rights
In this section we would like to inform you in detail about the rights you are entitled to.
10.1 Right to information
You have the right to request information from us at any time as to whether we process personal data concerning you. If this is the case, you are entitled to information regarding the information specified in Art. 15 para. 1 2nd HS DSGVO.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.
10.2 Right to rectification
Furthermore, according to Art. 16 DSGVO, you have the right to demand from us immediately the correction of the incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
10.3 Right to cancellation ("right to be forgotten")
You also have the right to demand that we delete personal data concerning you immediately. We are obliged to comply with this request and to delete personal data unless we are legally obliged or entitled to further process your data. For details please refer to Art. 17 DSGVO.
10.4 Right to limitation of processing
You have the right to demand from us the restriction of the processing, provided that the legal prerequisites according to § 18 DSGVO are present.
10.5 Right to information
Pursuant to Art. 19 DSGVO you have asserted the right to rectify, delete or limit the processing to us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion or limitation of the processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients.
10.6 Right to data transferability
If your data is processed by us with your consent or on the basis of a contract, you have the right to receive your personal data in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible, provided that the legal requirements according to Art. 20 DSGVO are met.
10.7 Right of opposition
Right of objection in individual cases
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions.
We will no longer process your personal data unless we can prove that there are compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for direct marketing purposes
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right to object in relation to the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
10.9 Automated decision making in individual cases including profiling
They shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on them or which similarly significantly affects them. This shall not apply where the decision
is necessary for the conclusion or performance of a contract between you and the person responsible,
is authorised by legislation of the Union or of the Member States to which the person responsible is subject and contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in a. and c., the person responsible shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his own position and to challenge the decision.
10.10. Right of appeal
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the DSGVO.
The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection Lower Saxony
Prinzenstrasse 5
30159 Hanover, Germany
Phone 0511-120 4500
Fax 0511-120 4599
11. legal basis of the processing
Insofar as not already mentioned in the individual processing operations under the previous numbers, we will show below the legal bases on which we carry out the data processing.
If we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis.
Art. 6 para. 1 lit. b DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
12. duration of storage of personal data
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.