Data privacy

Data privacy statement

We would like to thank you for visiting our website (www.doppstadt.de, www.doppstadt.com, www.doppshop.de) and are very pleased that you are interested in our group of companies. Data protection is particularly important for the management of Doppstadt Beteiligungs GmbH. Our website can usually be used without providing any personal information. If a data subject would like to make use of particular services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

Personal data such as the name, address, e-mail address or phone number of a data subject are always processed in accordance with the EU’s General Data Protection Regulation and in accordance with the country-specific data privacy regulations that are applicable for Doppstadt Beteiligungs GmbH. With this privacy policy we aim to inform you about the type, scope and purpose of the personal data that we collect, use and process. In addition to that, this privacy policy also informs data subjects about their rights.

As controller, Doppstadt Beteiligungs GmbH has implemented a number of technical and organizational measures in order to ensure the most seamless protection for personal data processed via this website. That said, internet-based data transfers can generally involve security vulnerabilities, making it impossible to guarantee complete protection. For this reason, every data subject is free to communicate personal data to us in an alternative manner at their discretion, for instance, by phone.

1. Definitions

The privacy policy of Doppstadt Beteiligungs GmbH is based on terms used by the European regulators and legislators when enacting the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand both for the general public and for our customers and business partners. To ensure this, we would like to explain the terms that are used here in advance. In our privacy policy, we use the following terms, among others:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter called “data subject concerned” or “data subject”). An identifiable natural person is one, who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Affected person

An affected person is any identified or identifiable natural person, whose personal data are processed by the controller.

c) Processing

(4) Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Blocking of processing

Blocking of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling is any type of automated processing of personal data that comprises the use of personal data to evaluate certain personal aspects relating to a natural person, especially in order to analyze or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change in location of this natural person.

f) Pseudonymization

Pseudonymization means the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and subject to technical and organizational measures ensuring that the personal data cannot be assigned to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, institution or any other body, while alone or jointly with others determines the purposes and means of processing personal data. If the purposes and means of such processing are specified on the basis of European Union law or the law of the member states, the controller or the specific criteria for his or her designation can be provided in accordance with European Union law or the law of the member states.

h) Processor

Processor means a natural or legal person, public authority, institution or any other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, institution or any other body, to which personal data are disclosed, regardless of whether it is a third party or not. Public authorities which possibly receive personal data as part of a specific investigation mandate under European Union law or the law of the member states, are not deemed as recipients.

j) Third party

A third party is a natural or legal person, public authority, institution or any other body other than the data subject concerned, the controller, the processor and the persons, who are authorized to process the personal data under the direct responsibility of the controller or the processor.

k) Consent

Consent is any declaration of intent voluntarily given by the data subject for the specific case in an informed manner and unambiguously in the form of a declaration or any other recognizable affirmative act, with which the data subject indicates that they agree with the processing of their personal data.

2. Name and address of the controller and contact details of the data security officer

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of data protection nature is the:

Doppstadt Beteiligungs GmbH
Steinbrink 4
D-42555 Velbert
Tel. +49 2052 889-0
Fax. +49 2052 889-144
e-mail: info[at]doppstadt.de
Internet: www.doppstadt.de

The controller has appointed a data security officer who can be reached as follows:

Doppstadt Beteiligungs GmbH
Data security officer Stephan Viehoff
Steinbrink 4
D-42555 Velbert
Tel. +49 2052 889-0
Fax. +49 2052 889-144
e-mail: datenschutz[at]doppstadt.de

Every data subject is entitled to contact our data security officer directly at any time with any questions and suggestions he or she may have relating to privacy protection.

3. Collection of general data and information when visiting our website

Our website collects some general data and information every time it is accessed by a data subject or an automated system. Such general data and information are stored in the server’s log files. The following may be collected

(1) the operating system used by the accessing system and its interface,

(2) the browser type used including language and version of the browser software,

(3) the website, from which an accessing system reaches our website (a so-called referrer),

(4) the sub-websites which are accessed by an accessing system on our website,

(5) the date and the time of access to the website (including time zone difference to Universal Time Coordinated (UTC),

(6) the amount of data transferred in each respective case,

(7) the internet protocol address (IP address),

(8) the internet service provider of the accessing system

(9) other similar data and information that serves to avert risks in case of attack on our information technology systems.

When using such general data and information, Doppstadt Beteiligungs GmbH does not draw any conclusions about the data subject. This information is needed to

(1) correctly provide the contents of our website,

(2) optimize the contents of our website and the advertising for it,

(3) ensure the permanent functionality of our information technology systems and the technology of our website,

(4) provide law enforcement authorities with the necessary information for prosecution purposes in case of a cyber attack.

This anonymously collected data and information are thus evaluated on the one hand statistically and on the other hand with the objective of increasing data protection and security in our company in order to ultimately ensure an optimum level of security for the personal data that we process. The anonymous data from server log files are stored separately from all personal data provided by a data subject.

4. Cookies

We use cookies on our website. Cookies are small text files that are saved locally on your computer by your web browser (e.g., Mozilla Firefox or Internet Explorer) when you visit our website. They are only saved there for a session ("session cookie") or longer ("persistent cookie").

Many websites and servers use cookies. Many cookies contain a “cookie ID,” which is a unique identifier that consists of a string of characters that websites and servers use to associate cookie with the specific web browser on which the cookie is stored. This allows the visited websites and servers to distinguish the data subject's individual browser from other web browsers that contain other cookies. The specific web browser can be recognized and identified by the unique cookie ID.

By using cookies, we can provide the users of our website with more user-friendly services that would not be possible without cookies.

The information and offers on our website can be optimized to the user using a cookie. As we have already mentioned, cookies allow us to recognize our users when they revisit the website. The purpose of this recognition feature is to make it easier for users to use our website.

Some of our website's features cannot be offered without the use of technically required cookies. On the other hand, other cookies allow us to perform various analyses. Among other things, we use cookies to make our website more user-friendly and effective for you, for example, by tracking your use of our website and identifying your preferences. If third parties process information using cookies, they will collect the information directly via your browser. Cookies do not damage your end device. They cannot execute programs and do not contain viruses.

Our website uses different cookies whose nature and function are explained in more detail below.

Type of cookies used:

Type 1: Session cookies

Our website uses session cookies, which are automatically deleted as soon as you close your browser. These types of cookies are technically necessary to enable you to use our website.

Type 2: Persistent cookies

Our website also uses persistent cookies. Persistent cookies are cookies that, even if you close your browser, continue to be stored in your browser or on your hard drive for a longer period of time. They are activated each time you revisit the web page that has set the cookie or are recognized in some other way, for example, by an advertising network. The information stored in the persistent cookie is then transmitted to the website or advertising network. The storage period varies depending on the cookie. You can delete persistent cookies through your browser settings.

Origin of cookies:

First-party cookies

First-party cookies are created by the operator of the website that the user is visiting and cannot be read across websites.

Third-party cookies

Third-party cookies are not created by the operator of the website that the user is currently visiting, but rather by a third party who sets his own cookie through the operator's website. We will let you know in this data privacy policy if a third party sets cookies through our website.

Functions of the used cookies:

Function 1: Required cookies

These cookies are required for technical reasons so that you can visit our website and use the features we offer. This applies, for example, to cookies that ensure that your user-defined configuration of functionalities you have set up on our website is maintained across sessions. In addition, these cookies contribute to safe and proper use of the website.

Function 2: Performance-related cookies

These cookies allow us to analyze website use and improve the performance and functionality of our website. For example, cookies collect information about how our website is used by visitors, which pages of the website are accessed the most frequently, or whether error messages are displayed on certain pages.

Function 3: Cookies for marketing:

Advertising cookies (third party providers) allow various offers to be displayed that are tailored to your interests. These cookies can be used to track the user's web activity over a longer period of time. The cookies may even recognize you on several of the end devices you use.

Cookies based on function 2 and 3 will only be activated if you have given your consent. You can give your consent by actively clicking on "Accept" in the displayed notice (if necessary after selecting individual cookies or groups of cookies for which you give your consent). You can revoke your consent at any time by, for example, revisiting this consent banner and changing your settings. Your revocation does not affect the legality of the processing that was performed based on the previously granted consent until you revoked it.

Note: if you elect to use your right of objection to the use of these cookies, an opt-out cookie will be set in your browser that blocks the operator of the website or a third party from collecting any more data via advertising cookies. If you delete this opt-out cookie, the operator or third party will once again be able to collect your data. Make sure that you check the useful life of an opt-out cookie.

If you have given us your consent to use cookies based on the notice displayed on the website ("cookie banner"), the legality of the use shall also be based on Article 6 (1) clause (1) (a) of the GDPR. The legal basis for technically required cookies (in other words, those that are necessary for the smooth functioning of our website) is Article 6 (1) (c) of the GDPR.

Most browsers are designed to accept cookies by default; however, you can configure your respective browser to accept only certain cookies or no more cookies at all. Please be aware that you may not be able to use functions of our website and may instead receive warning or error messages on our website when cookies are deactivated in your browser settings.

You can also delete cookies that are already stored in your browser through your browser settings. It is also possible to set your browser to notify you before storing cookies. Since the various browsers may differ in their respective functionalities, we ask you to refer to your browser's Help menu for the configuration options. Information about the most common web browsers can be found here:

If you would like a comprehensive overview of all third-party access to your web browser, we recommend installing plug-ins that have been specially developed for this.

We recommend that you completely unsubscribe after you have finished using a device that you share with others if the browser is set to allow cookies.

5. Contact

You have the option of contacting us by mail, phone fax or e-mail.

If you contact us by mail, we can process in particular your address data (e.g. first and last name, address, place of residence, postal code), date and time of receipt of your correspondence and any data that are provided in your correspondence.

If you have contacted us, it is possible that a secretary service may also process your data and send that to us after receipt of your communication. Depending on the data that you provide her, we will contact you either by phone, fax or e-mail and call you back or write you if necessary.

If you contact us by phone, your phone number in particular and, if required, your name, e-mail address, time of the call and details relating to the reason for your call will be processed during the call upon request.

If you contact us by fax, the fax number or the sender ID as well as the data resulting from the fax will be processed in particular.

When contacting us via e-mail, your e-mail address, time of the e-mail and any data resulting from the text (including documents possibly attached) will be processed in particular.

The purpose of processing the above data is to process your contact request and to be able to contact you in order to answer your request. The legal basis for the above-described processing of personal data is Art. 6 Para. 1 (f) of GDPR. It is our legitimate interest to offer you the opportunity to contact us at any time and to respond to your inquiries.

The personal data will only be processed for as long as is necessary to process the contact request.

6. Registration on our website

You have the opportunity of registering on your website by providing your personal data. The personal data transmitted to us are determined by the respective entry screen that is used for registration. The personal data provided by you will only be collected and stored for our internal use and for our own purposes. We can transfer such data to one or more processors, e.g. a parcel service, who also uses personal data exclusively for use, which can be attributed to us.

When registering on our website, the IP address assigned by your Internet Service Provider (ISP), the date and the time of your registration are also saved. These data are stored in light of the fact that the misuse of our services can only be prevented in this manner and such data also enable the investigation of crimes committed if necessary. In this respect, the storage of such data is necessary for our own security. In general, such data are not provided to third parties, unless there is a legal obligation to do or the provision is used for law enforcement purposes.

Your registration takes place subject to voluntary disclosure of your personal data to us in order to offer you contents or services, which can only be offered to registered users as a result of the nature of the matter. Registered persons are free to change the personal data provided during registration at any time or to have such data deleted from the database in full.

Upon request, we will provide every data subject with information about the personal data that we have saved with regard to them. We moreover correct or delete personal data on request or at your notice, unless stipulated otherwise by statutory safekeeping obligations. All of our employees are available to you as contact in this context.

7. Use of our webshop

If you would like to place an order in our webshop at www.doppshop.de, it is necessary for completing the contract that you provide the personal data that we need for processing your order. Mandatory information which is necessary for processing contracts shall be marked separately, additional information is voluntary. We process the data provided by you in order to take care of your order. To do this, we are able to send your payment information to our main bank or a payment service provider. The legal basis for this is Art. Art. 6 Para. 1 Cl. 1 (b) of GDPR.

You can voluntarily create a customer account by allowing us to save your data for later purchases. When creating an account, the data provided by you will be stored revocably. You can also delete all other data, including your user account, at any time in the customer section.

We can also process the data that you provide in order to inform you about other interesting products in our product range or send you e-mails with technical information.

Due to commercial and tax regulations, we are obligated to store your address, payment information and order details for a period of ten (10) years.

To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

8. Use of data when registering for the e-mail newsletter

On the website of Doppstadt Beteiligungs GmbH, users have the opportunity to subscribe to our company’s newsletter. The personal data transmitted to during the subscription to our newsletter come from the entry screen used for this purpose.

Doppstadt Beteiligungs GmbH regularly informs its customers and business partners about the company’s range of products by way of a newsletter. In general, our company’s newsletter may only be received by the data subject if

(1) the data subject has a valid e-mail address and

(2) the data subject has registered to receive the newsletter.

For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by the data subject initially when subscribing to the newsletter on the basis of a double-opt-in process. This confirmation e-mail is used to check whether the owner of the e-mail address as data subject has authorized the receipt of the newsletter.

When registering to receive the newsletter, we moreover save the IP address assigned by the internet service provider (ISP) for the computer system used by the data subject at the time of registering as well as the time and date of registration. The collection of such data is necessary in order to be able to track any (possible) misuse of a data subject’s e-mail address at a later date and thus serves to provide legal protection for the controller.

The personal data collected during the registration to receive the newsletter are used exclusively to send our newsletter. Moreover, subscribers to the newsletter could be informed via e-mail if this is necessary for operating the newsletter service or for a registration in this regard, as may be the case in the event of changes to the newsletter offer or changes in technical factors.

Personal data collected as part of the newsletter service are not passed on to third parties. The data subject is entitled to cancel the subscription to our newsletter at any time. Consent to store personal data that the data subject has provided us for sending newsletters can be revoked at any time. Every newsletter contains a corresponding link for revoking this consent. Moreover, it is possible to unsubscribe from the newsletter directly on our website at any time or to inform us in this regard in another manner.

9. Newsletter tracking

The newsletters of Doppstadt Beteiligungs GmbH contain so-called tracking pixels. A tracking pixel is a miniature graphic element that is embedded in e-mails which are sent in HTML format in order to allow for a recording and analysis of the log file. It enables a statistical evaluation of the success or failure of online marketing campaigns. Based on embedded tracking pixels, Doppstadt Beteiligungs GmbH is able to recognize whether and when an e-mail has been opened by a data subject and which links in the e-mail have been clicked by the data subject.

Such personal data collected using a tracking pixel contained in a newsletter are stored by us and evaluated in order to optimize the sending of newsletters and to even better adapt the contents of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are entitled to revoke at any time the declaration of consent given separately in this regard using the double-opt-in procedure. After revoking the consent, the personal data will be deleted by us. Unsubscribing from our newsletters automatically means for Doppstadt Beteiligungs GmbH revocation of consent.

10. Contact option on our website

Due to statutory regulations, the website of Doppstadt Beteiligungs GmbH contains information that enables visitors to quickly contact us electronically and communicate directly with us, which also include a general e-mail address. If you contact us by e-mail or by using the contact form, the personal data that you provide will be saved automatically. Such personal data provided to us on a voluntary basis are saved for processing purposes or to be able to contact you. Such personal data are not passed on to third parties.

11. Routine deletion and blocking of personal data

We process and store your personal data only for the period that is necessary to attain the purpose of storage or if this has been provided for by the European regulators and legislators or another legislator in laws or regulations to which we are subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European regulators and legislators or another legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

12. Rights of the data subject

a) Right to confirmation

Every data subject has the right as granted by European regulators and legislators to request confirmation from the controller with regard to whether personal data relating to the data subject are processed. If a data subject would like to make use of this right to confirmation, they are entitled to contact an employee of the controller at any time.

b) Right to information

Any person affected by the processing of personal data has the right granted by European regulators and legislators to obtain information free of charge about their personal data stored and receive a copy of such information from the controller at any time. Moreover, the European regulators and legislators have granted affected persons to receive the following information:

  • Purposes of processing
     
  • Categories of personal data that are processed
     
  • The recipients or categories of recipients, to whom the personal data have been or will be disclosed, in particular for recipients in third countries or for international organizations
     
  • If possible, the planned duration, for which the personal data are stored, or if that is not possible, the criteria for determining this duration
     
  • The existence of a right to correct or delete the personal data relating to the data subject or to restrict the processing of personal data by the controller or a right to object to such processing
  • The existence of a right to file a complaint with a supervisory authority
     
  • If the personal data are not collected from the data subject concerned: All available information about the origin of the data
     
  • The existence of an automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 of GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and the desired effects of such processing for the data subject.

Moreover, the data subject also has the right to be informed as to whether the personal data were transferred to a third country or an international organization. If this is the case, the data subject is also entitled to receive information about the appropriate guarantees in connection with the transfer.

If a data subject would like to make use of this right to information, they are entitled to contact an employee of the controller at any time.

c) Right to correction

Every data subject affected by the processing of personal data has the right granted by European regulators and legislators to request immediate correction of any incorrect personal data relating to them. Moreover, the data subject is entitled to request completion of incomplete personal data, even by means of a supplementary statement, while taking into account the purposes of processing.

If a data subject would like to make use of this right to correction, they are entitled to contact an employee of the controller at any time.

d) Right to deletion (Right to be forgotten)

Every data subject affected by the processing of personal data has the right as granted by European regulators and legislators to request that the controller immediately delete the personal data relating to them if one of the following reasons applies and as far as processing is not necessary:

  • The personal data were collected for such purposes or processed in another manner for which the data are no longer needed.
     
  • The data subject revokes their consent, which processing was based on under Art. 6 Para. 1 (a) of GDPR or Art. 9 Para. 2 (a) of GDPR, and there is no other legal basis for the processing.
     
  • The data subject objects to the processing in accordance with Art. 21 Para. 1 of GDPR, and there are no overriding legitimate reasons for the processing, or the date subject objects to the processing in accordance with Art. 21 Para. 2 of GDPR.
     
  • The personal data were processed unlawfully.
     
  • The deletion of personal data is necessary for fulfilling a legal obligation under EU law or the law of member states, to which the controller is subject.
     
  • The personal data were collected with regard to offered services of the information society in accordance with Art. 8 Para. 1 of GDPR.

If one of the aforementioned reasons applies and a data subject wants to have their personal data stored by Doppstadt Beteiligungs GmbH deleted, they can contact an employee of the controller at any time. The employee of Doppstadt Beteiligungs GmbH will arrange for the immediate compliance with the deletion request.

If the personal data were disclosed or released by Doppstadt Beteiligungs GmbH and our company as controller is obligated under Art. 17 Para. 1 of GDPR to delete the personal data, then Doppstadt Beteiligungs GmbH shall undertake appropriate measures, including those of a technical nature, while taking into account the available technology and implementation costs, in order to inform other controllers who are processing the disclosed personal data that the data subject has requested the deletion of all links to the personal data or copies or replications of the relevant personal data by these other data controllers, provided that the processing thereof is not necessary. The employee of Doppstadt Beteiligungs GmbH will take the necessary steps in individual cases.

e) Right to restrict processing

Every data subject affected by the processing of personal data has the right as granted by European regulators and legislators to request that the controller restrict processing if one of the following prerequisites has been satisfied:

  • The accuracy of the personal data is disputed by the data subject, for a period of time that enables the controller to check the accuracy of the personal data.
     
  • The processing is unlawful, the data subject declines the deletion of personal data and instead requests the restriction of the use of personal data.
     
  • The controller no longer needs the personal data for processing purposes, but the data subject requires such information to assert, exercise or defend any legal claims.
     
  • The data subject has objected to processing in accordance with Art. 21 Para. 1 of GDPR and it is not yet clear whether the controller’s legitimate reasons outweigh those of the data subject.

If one of the aforementioned requirements has been fulfilled and a data subject wants to have their personal data stored by Doppstadt Beteiligungs GmbH deleted, they can contact an employee of the controller in this regard at any time. The employee of Doppstadt Beteiligungs GmbH will take the necessary steps to restrict processing.

f) Right to portability of personal data

Every data subject affected by the processing of personal data has the right as granted by European regulators and legislators to receive the personal data that they have provided to the controller in a structured, standard and machine-readable format. The data subject moreover has the right to transfer such personal data to another controller without any hindrance on part of the controller, who had received the personal data, provided that the processing is based on the consent given in accordance with Art. 6 Para. 1 (a) of GDPR or Art. 9 Para. 2 (a) of GDPR or on a contract under Art. 6 Para. 1 (b) GDPR and processing is carried out with the aid of automated processes if the processing is not necessary for carrying out a task that is in the interest of the general public or in the exercise of official authority, which was transferred to the controller.

Moreover, the data subject has the right when exercising their right to portability of the personal data in accordance with Art. 20 Para. 1 of GDRP to have the personal data directly sent from one controller to another controller, provided that this is technically feasible and that that is not adversely affected by the rights and freedoms of other persons.

To assert the right to portability of personal data, the data subject may contact an employee of Doppstadt Beteiligungs GmbH at any time.

g) Right to object

Every data subject affected by the processing of personal data has the right as granted by European regulators and legislators for reasons arising from a particular situation to object at any time to the processing of personal data relating to them, which is based on Art. 6 Para. 1 (e) or (f) of GDPR. This also applies to profiling based on these provisions.

Doppstadt Beteiligungs GmbH will no longer process personal data in case of an objection, unless we are able to provide compelling legitimate reasons for such processing that outweigh the interests, rights and freedoms of the data subject or the processing serves the assertion, exercising and defense of legal claims.

If Doppstadt Beteiligungs GmbH processes personal data for direct advertising purposes, the data subject has the right to object to the processing of personal data at any time for the purpose of such advertising. This also applies to profiling insofar as it involves such direct advertising. If the data subject objects to data processing by Doppstadt Beteiligungs GmbH for the purpose of direct advertising, Doppstadt Beteiligungs GmbH will no longer process personal data for such purposes.

In addition, the data subject has the right for reasons that result from their particular situation to object to the processing of personal data relating to them, which is carried out at Doppstadt Beteiligungs GmbH for scientific or historical research purposes or for statistical purposes according to Art. 89 Para. 1 of GDPR, unless such processing is necessary for fulfilling a task in an official interest.

To assert the right to object, the data subject may contact any employee of Doppstadt Beteiligungs GmbH directly. The data subject is moreover free to assert their right to object with the aid of automated procedures subject to technical specifications in connection with the use of services of the information society, regardless of Directive 2002/58/EC.

h) Automated decisions in individual cases including profiling

Every data subject affected by the processing of personal data has the right as granted by European regulators and legislators not to be subjected to a decision based solely on automated processing – including profiling, which has a legal effect on them or similarly has a significant impact on them, provided that the decision

(1) is not necessary for forming or fulfilling an agreement between the data subject and the controller, or

(2) is admissible as a result of statutory provisions of the European Union or the member states, which the controller is subject to and these statutory provisions contain appropriate measures for safeguarding the rights and freedoms and the legitimate interests of the data subject or

(3) is made with the express consent of the data subject.

If the decision

(1) is necessary for forming or fulfilling an agreement between the data subject and the controller, or

(2) is made with the express consent of the data subject,

Doppstadt Beteiligungs GmbH takes appropriate measures for safeguarding the rights and freedoms as well as the legitimate interests of the data subject, which at least includes the right to obtain the involvement of a person on part of the controller, to present their own position and to contest the decision.

If a data subject would like to make use of rights relating automated decisions, they are entitled to contact an employee of the controller in this regard at any time.

i) Right to revoke consent under data privacy laws

Every data subject affected by the processing of personal data has the right as granted by European regulators and legislators to revoke consent to processing of personal data at any time.

If a data subject would like to assert their right to revoke consent, they are entitled to contact an employee of the controller in this regard at any time.

j) Right to file a complaint with a supervisory authority

If you are of the opinion that the processing of personal data concerning you violates the GDPR, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the location of the alleged infringement without prejudice to any other administrative or judicial remedy.

The supervisory authority, to whom the complaint was submitted, shall inform the complainant about the status and the results of the complaint, including the possibility of any judicial remedy in accordance with Art. 78 of GDPR.

Contact details for the competent supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit
(State Official for Data Privacy and Freedom of Information)
North Rhine Westphalia
Helga Block
Postfach 20 04 44
40102 Düsseldorf
Kavalleriestraße 2-4
40213 Düsseldorf
Tel.: +49(0)2 11/384 24-0
Fax: +49(0)2 11/384 24-10
e-mail: poststelle[at]ldi.nrw.de
Homepage: http://www.ldi.nrw.de

13. Data protection for applications and in the application process

We collect and process the personal data of applicants in order to carry out the job application process. Processing can able carried out electronically. This is especially the case if an applicant sends us the relevant application documents electronically, e.g. by e-mail or by using a web form via our website.

If we enter into an employment agreement with an applicant, the data transferred are stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not enter into an employment agreement with the applicant, the application documents will be automatically deleted six (6) months of announcing the rejection, provided that there are not any other legitimate interests on our part preventing a deletion. Other legitimate interests in this sense is, e.g., an obligation to provide proof in a process based on the Allgemeines Gleichbehandlungsgesetz (AGG: Germany’s General Law on Non-discrimination).

14. Use of Facebook Custom Audiences including Facebook Pixel

This website uses the remarketing function "Custom Audiences" from Facebook Inc. ("Facebook"). This enables users of the website to be shown interest-based advertisements ("Facebook ads") when visiting the social network Facebook or other websites that also use the method. We are therefore interested in showing you advertisements that are of interest to you in order to make our website more interesting for you. Your express consent is required for this.
Facebook Custom Audiences is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland; The parent company is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you are visiting our website Accessed the website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered on Facebook or have not logged in, there is a possibility that the provider will find out and save your IP address and other identification features.
With the help of the Facebook pixel, Facebook is able, on the one hand, to determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who have shown an interest in our online offer or who have certain that we transmit to Facebook ("Custom Audiences"). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and do not have a nuisance. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were forwarded to our website after clicking on a Facebook advertisement (so-called "conversion").
Furthermore, when using the Facebook pixel, we use the additional function "extended comparison" (this includes data such as telephone numbers, email addresses or Facebook IDs of the users) to form target groups ("custom audiences" or "look alike audiences") ) transmitted to Facebook (encrypted). You can find further information on "extended comparison" at https://www.facebook.com/business/help/611774685654668.
The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

 

Revocation of your consent

We only use Facebook Custom Audiences with your consent. You can withdraw your consent once you have done so by clicking

  • prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent;
  • Deactivate your consent using our consent tool;
  • As a logged in user, deactivate the "Facebook Custom Audiences" function at https://www.facebook.com/settings/?tab=ads#_.

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.
 

15. Privacy notice for our Facebook fan page

We maintain a fan page on the Facebook social media platform. Facebook Ireland Ltd (“Facebook”) provides us as “administrator” with “Facebook Insights”. These involve different statistics that provide us with information about the use of our Facebook fan page by visitors. More information in this regard can be found at
https://www.facebook.com/business/pages/manage#page_insights.

Facebook processes various information (including personal data) in order to generate these statistics.

In accordance with Art. 26 of GDPR, Facebook and we share a joint responsibility when it comes to the processing of Insights data. For the in-depth regulation of the respective responsibility, Facebook has prepared an updated Page Insights addendum that took effect on November 28, 2019 and shall apply to further use of Facebook pages as of this date.

We provide you with this information from Facebook in words as part of the required transparency below; You can also find this directly on Facebook’s page at
https://www.facebook.com/legal/terms/page_controller_addendum.

 

* * *

 

Information about Page Insights

If people use Facebook products like pages, among other things, Facebook (including “we” or “us”) collects information as described in Facebook’s Data Policy under “What kinds of information do we collect?” (Information about how we use cookies and similar technologies can be found in our Cookie Policy).

This also includes information about how people use Facebook products, e.g. the types of contents the people view or with whom they interact, or the actions they take (see under “Thins you and others do and provide” in Facebook Data Policy) as well as information about the devices you use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in Facebook’s Data Policy). The information that Facebook actually collects depends on whether and how people use the Facebook Products.

As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information in order to provide analytical services, so-called Page Insights, for page administrators, so that they have information about how people interact with their pages and the associated contents. The processing of personal data for Page Insights may be subject to the following agreement on shared responsibility (Pages Insights Controller Addendum).

Data processing for Page Insights

Page Insights are compiled statistics that are generated on the basis of certain events that are logged by Facebook servers if people interact with pages and contents associated with them. Such events consist of varying data points, which include, e.g., the following, depending on the specific event:

  • An action. This includes actions like the following (you can see the actions that are available for your page in the Insights section of your page):
    • Viewing a page, a post, a video, a story or other contents associated with a page
    • Interacting with a story
    • Following or unfollowing a page
    • Liking or unliking a page or a post
    • Recommending a page in a post or comment
    • Commenting on, sharing or reacting to a page’s post (including the type of reaction)
    • Hiding a page’s post or reporting it as spam
    • Moving the mouse over a link to a page or its name or the profile picture of a page in order to preview the page’s contents
    • Clicking on the website, phone number, “Get directions” button or another button on a given page
    • Viewing the event on a page, reacting to an event (including the type of reaction), clicking on an link for event tickets
    • Starting a Messenger communication with the page
    • Viewing or clicking on items in a page’s shop
       
  • Information about the action, the person taking the action, and the browser/app used for that. These are for example:
    • Date and time of action
    • Country/city (estimated from IP address or imported from user profile in case of logged-in users)
    • Language code (from the browser’s http header and/or language setting)
    • Age/gender group (from the user profile, only for logged-in users)
    • Previously visited websites (from the browser’s http header)
    • Whether the action was taken from a computer or a mobile device (from the browser’s user agent or from app attributes)
    • Facebook user ID (only for logged-in users)

We determine whether people are logged-in users of Facebook via cookies in accordance with our Cookie Policy. Only a few events can be triggered by people who are not logged into Facebook. This includes, among other things, visiting a page or clicking on a photo or video in a post to view it.

Page administrators do not have access to personal data that are processed as part of events but only access to the aggregated Page Insights. Events that are used to generate Page Insights do not store any IP addresses, cookie IDs or any other identifiers associated with people or their devices aside from a Facebook user ID for people logged into Facebook.

The events logged by Facebook to generate Page Insights are determined exclusively by Facebook and cannot be set, changed or otherwise influenced by page administrators.

Pages Insights Controller Addendum

Where an interaction of people with your page and the content associated with it triggers the creation of an event for Page Insights which includes personal data for whose processing you (and/or any third party for whom you are creating or administering the page) determine the means and purposes of the processing jointly with Facebook Ireland Limited, you acknowledge and agree on your own behalf (and as agent for and on behalf of any such other third party) that this Page Insights Controller Addendum ("Page Insights Addendum") applies:

  • You and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook Ireland”, “we” or “us”; together the “Parties”) acknowledge and agree to be joint controllers in accordance with Art. 26 of GDPR for the processing of personal data in events for Page Insights (“Insights Data”). The joint controllership covers the creation of those events and their aggregation into Page Insights that are provided to page administrators. The Parties agree that for any other processing of personal data in connection with a page and/or the content associated with it for which there is no joint determination of the purposes and means, Facebook Ireland and, as the case may be, you, remain separate and independent controllers.
  • The processing of Insights Data is subject to the provisions of this Page Insights Addendum. They apply to all activities in the course of which Facebook Ireland, its employees or processor(s) process Insights Data.
     
  • Facebook Ireland's and your responsibilities for compliance with the obligations under the GDPR with regard to the processing of Insights Data are determined as follows:
    • Facebook Ireland: Facebook Ireland will ensure that it has a legal basis for the processing of Insights Data, which are set out in the Data Policy of Facebook Ireland (see under “What is our legal basis for processing data?”). Unless specified otherwise in this Page Insights Addendum, Facebook Ireland assumes the responsibility for compliance with the applicable obligations under the GDPR for the processing of Insights Data (including, but not limited to, Art. 12 and 13 of GDPR, Art. 15 to 21 of GDPR, Art. 33 and 34 of GDPR). Facebook Ireland will implement appropriate technical and organizational measures to ensure the security of the processing in accordance with Art. 32 of GDPR. This does include the measures listed in the Annex below (as updated from time to time, for example to reflect technological developments). All employees of Facebook Ireland involved in the processing of Insights Data are bound by appropriate obligations to maintain the confidentiality of Insights Data.
    • Page administrators: You should ensure that you also have a legal basis for the processing of Insights Data. In addition to the information provided to data subjects by Facebook Ireland via the Information about Page Insights, you should identify your own legal basis including the legitimate interests you pursue, if applicable, the responsible data controller(s) on your side including their contact details as well as the contact details of the data protection officer(s) (Art .13 Para. 1 (a – d) of GDPR), if any.
       
  • Facebook Ireland will make the essence of this Page Insights Addendum available to data subjects (Art. 26 Para. 2 of GDPR). This is currently done via the Information about Page Insights data, which can be accessed from all pages.
     
  • Facebook Ireland decides in its sole discretion how to comply with its obligations under this Page Insights Addendum. You acknowledge and agree that only Facebook Ireland has the power to implement decisions about the processing of Insights Data. You also acknowledge and agree that the lead supervisory authority for the joint processing is the Irish Data Protection Commission (notwithstanding Article 55(2) of GDPR, where applicable).
  • This Page Insights Addendum does not grant you any right to request the disclosure of personal data of Facebook users that is processed in connection with Facebook Products, including especially for Page Insights that we provide to you.
     
  • The Parties designate the communication channels referenced in the Information about Page Insights data or in any subsequent document as contact points for data subjects.
     
  • If data subjects exercise their rights under GDPR with regard to the processing of Insights Data against you (Art. 26(3) of GDPR), or you are contacted by a supervisory authority with regard to the processing of Insights Data, each a "Request", you will forward all relevant information regarding such Requests to us promptly but within a maximum of seven calendar days. For this purpose, you can submit this form. Facebook Ireland agrees to answer Requests from data subjects in accordance with our obligations under this Page Insights Addendum. You agree to take all reasonable endeavors in a timely manner to cooperate with us in answering any such Request. You are not authorized to act or answer on Facebook Ireland’s behalf.
     
  • If you use a Page, you agree that any claim, cause of action or dispute that you have against us, which arises out of or relates to this Page Insights Addendum, must be resolved exclusively in the courts of Ireland, that you irrevocably submit to the jurisdiction of the Irish courts for the purpose of litigating any such claim and that the laws of Ireland will govern this Page Insights Addendum, without regard to conflict of law provisions. If you are a consumer who habitually resides in a member state of the European Union, only 4.4 of our Terms of Service applies.
     
  • We may need to update the Page Insights Addendum from time to time. By continuing any use of Pages after any notification of an update to this Page Insights Addendum, you agree to be bound by it. If you do not agree to the updated Page Insights Addendum, please stop all use of Pages. If you are a consumer who habitually resides in a member state of the European Union, only 4.1 of our Terms of Service applies.
     
  • If any portion of this Page Insights Addendum is found to be unenforceable, the remaining portion will remain in full force and effect. If we fail to enforce any portion of this Page Insights Addendum, it will not be considered a waiver. Any amendment to or waiver of these terms requested by you must be made in writing and signed by us.
  • This Page Insights Addendum applies only to the processing of personal data within the scope of Regulation (EU) 2016/679 (“GDPR”). “Personal data”, “processing”, “controller”, “processor”, “supervisory authority” and “data subject” in this Page Insights Addendum have the meanings set out in GDPR.

Annex: Security

“Applicable Products” includes Facebook Pages and Pages Insights.

1. Organization of Information Security

Facebook has a designated security officer with overall responsibility for security in the organization. Facebook has personnel responsible for oversight of security of the Applicable Products.

2. Physical and Environmental Security

Facebook’s security measures include controls designed to provide reasonable assurance that physical access to data processing facilities is limited to authorized persons and that environmental controls are established to detect, prevent, and control destruction due to environmental hazards. The controls include:

a. Logging and auditing of physical access to the data processing facility by employees and contractors; b. Camera surveillance systems at the data processing facility;c. Systems that monitor and control the temperature and humidity for the computer equipment in the data processing facility;d. Power supply and backup generators at the data processing facility;e. Procedures for secure deletion and disposal of data, subject to the Applicable Products Terms; andf. Protocols requiring ID cards for entry to all Facebook facilities for all personnel working on the Applicable Products.

3. Personnel

  • a. Training. Facebook ensures that all personnel with access to Insights Data undergo security training.
     
  • b. Screening and Background Checks. Facebook has a process for:
    • I. verifying the identity of the personnel with access to Insight Data, and
    • (II.) performing background checks, where legally permissible, on personnel working on or supporting aspects pertaining to the Applicable Products in accordance with Facebook standards.
  • c. Personnel Security Breach. Facebook takes disciplinary action in the event of unauthorized access to Insights Data by Facebook personnel, including, where legally permissible, punishments up to and including termination.

4. Security Testing

Facebook performs regular security and vulnerability testing to assess whether key controls are implemented properly and are effective.

5. Access Control

  • a. Password Management. Facebook has established procedures for password management for its personnel, designed to ensure passwords are personal to each individual, and inaccessible to unauthorized persons, including at minimum:
    • I. password provisioning, including procedures designed to verify the identity of the user prior to a new, replacement, or temporary password;
    • II. cryptographically protecting passwords when stored in computer systems or in transit over the network;
    • III. altering default passwords from vendors;
    • IV. strong passwords relative to their intended use; and
    • V. education on good password practices.
  • b. Access Management. Facebook also controls and monitors its personnel’s access to its systems using the following:
    • I. established procedures for changing and revoking access rights and user IDs, without undue delay;
    • II. established procedures for reporting and revoking compromised access credentials (passwords, tokens etc.);
    • III. maintaining appropriate security logs including where applicable with user ID and time stamp;
    • IV. synchronizing clocks with NTP; and
    • V. logging the following minimum user access management events:
      • Authorization changes;
      • Failed and successful authentication and access attempts; and
      • Read and write operations.

6. Communications Security

  • a. Network Security
    • I. Facebook employs technology that is consistent with industry standards for network segregation.
    • II. Remote network access to Facebook systems requires encrypted communication via secured protocols, and use of multi-factor authentication.
  • b. Protection of Data in Transit. Facebook enforces use of appropriate protocols designed to protect the confidentiality of data in transit over public networks.

7. Vulnerability Management

Facebook institutes and maintains a vulnerability management program covering the Applicable Products that includes definitions of roles and responsibilities for vulnerability monitoring, vulnerability risk assessment, and patch deployment.

8. Security Incident Management

  • a. Facebook maintains a security incident response plan for monitoring, detecting, and handling possible security incidents affecting Insights Data. The security incident response plan at least includes definitions of roles and responsibilities, communication, and post mortem reviews, including root cause analysis and remediation plans.
  • b. Facebook monitors its systems for any security breaches and malicious activity affecting Insights Data.

 

* * *

 

Below you will find the key details relating to the agreement formed between Facebook and us in accordance with Art. 26 of GDPR.

Joint controllers are

Facebook Ireland Ltd
4 Grand Canal Square
Dublin 2
Ireland

and

Doppstadt Beteiligungs GmbH
Steinbrink 4
D-42555 Velbert
Tel. +49 2052 889-0
Fax. +49 2052 889-144
e-mail: info[at]doppstadt.de
Internet: www.doppstadt.de

Facebook has assumed primary responsibility for all obligations under GDPR for data processing. This implies in particular:

  • Facebook assumes the necessary information obligations (e.g. according to Art. 13 of GDPR),
  • Data subject rights can be asserted against Facebook (e.g. right to information or deletion, objection to data processing or revocation of a given consent),
  • Safeguarding of technical and organizational measures for data processing.

Facebook provides detailed information about data processing at www.facebook.com (Art. 13 of GDPR). To provide you with an overview of the essential information, we also make reference to the content and links provided there by Facebook within the framework of this privacy policy.

Regardless of Facebook’s primary responsibility, you may also assert your rights against us directly in accordance with GDPR. We will then forward your request to Facebook using the provided form.

Facebook’s legal bases and purposes of processing can be found at
https://www.facebook.com/about/privacy/legal_bases and https://de-de.facebook.com/policy.php.

We have a legitimate interest in being able to track user behavior on our Facebook fan page; accordingly, the legal basis for processing data is Art. 6 Para. 1 (f) of GDPR. In this way, it is possible for us to extend the scope and effectiveness of our activities such as campaigns and posts with processed statistics. For instance, we are able to continuously optimize our website and offer as needed, which also represents the purpose of processing in accordance with GDPR.

Facebook may also process in particular the following data:

  • User interaction, such as click behavior, posts, likes, viewing of videos, page views, etc.
  • Cookies
  • Demographic characteristics, such as age, gender, state, etc.
  • IP address
  • System and device information (browser type, operating system, etc.)

When visiting our Facebook fan page, the exact processing of your personal data depends on whether you have a Facebook account or not. If you have a Facebook account, Facebook is able to permanently assign the data to your account in order to learn more about you.

Even if you do not have a Facebook account, Facebook is able to save your data. This can happen through the use of cookies. They allow Facebook to save and process information about you, even without you having a Facebook account. You will find more information about Facebook cookies at https://de-de.facebook.com/policies/cookies/.

We only receive from Facebook anonymized statistics about the use of our fan page. We can only see how many users have carried out which interactions, but no which user has carried out a specific action. The statistics of the Insights data do not allow us to draw any conclusions about a specific person.

In an appendix on the information about page Insights, Facebook also provides information about the technical and organizational measures taken in accordance with Art. 32 of GDPR to protect your data.

In case of joint responsibility, you can assert your rights as already mentioned directly against Facebook or us.

At https://de-de.facebook.com/policies/cookies/, you can also configure your settings for the use of cookies. You will find under the sections “If you have a Facebook account” (Facebook account present) and “Public” (no Facebook account present) information about how you may advise Facebook that you object to processing.

Using your browser, you can set the storage period for the respective cookies if you view the cookies (usually by clicking on the “i” next to the address bar, e.g. in Firefox or Google Chrome).

16. Use of Social Media Plug-ins or Links

We currently use the following social media plug-ins: Facebook, Instagram, YouTube. In this context, we use the so-called two-click solution. In other words, when you visit our website, no personal data are passed on initially to the providers of the plug-ins. The provider of the plug-ins can be identified by the mark on the box above its first letter or the logo. We offer you the opportunity to directly communicate with the provider of the plug-in by using the button. The plug-in provider only receives information that you have accessed the corresponding website of our online offering if you click on the highlighted field, thus activating it. Other data will also be transmitted. In the case of Facebook, IP addresses are anonymized immediately after their collection according to the relevant service provider in Germany. By activating the plug-ins, personal data are transmitted by you to the respective plug-in provider and stored there (at US providers in the US). Since the plug-in provider carries out the data collection with the aid of cookies in particular, we recommend you to delete all cookies using your browser's security settings.

We have no control over the collected data and the data processing operations nor do we know the full extent of the data collection, the purpose of processing and the respective storage periods. We also do not have any information relating to the deletion of data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and utilizes these for advertising purposes, market research and/or to tailor its website to address requirements. Such an evaluation is carried out in particular (even for users not signed in) to provide requests-oriented advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the creation of such user profiles, whereas you have to contact the respective plug-in provider to assert your objection. Plug-ins give us an opportunity to interact with social networks and other users, allowing us to improve our offering and make our presentation more interesting for you as a user. The use of plug-ins is legally permitted under Art. 6 Para.. 1 (1) f) of GDPR.

The data disclosure takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data collected about you from us are directly assigned to your existing account with the plug-in provider. If you press the activated button and link, e.g., the page, the plug-in provider stores this information in your user account as well and publicly shares that with your contacts. We recommend that you regularly log out when you are done using a social network, especially prior to activating the button, since this will help to prevent an assignment to your profile with the plug-in provider.

If, alternatively, only links to the services are included, you will be redirected to our respective page after clicking the link, i.e. only then will the data be transferred to the relevant service.

For more information about the purpose and scope of the data collection and their processing by the plug-in provider, consult the respective providers’ privacy policies listed below. There you will also find more information about your rights in this regard and possible settings to protect your privacy.

Addresses of the respective plug-in providers and URLs with their privacy policies:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for more information about data collection::
http://www.facebook.com/help/186325668085084,
http://www.facebook.com/about/privacy/your-info-on-other#applications and
http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066 USA; subsidiary of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; https://help.instagram.com/155833707900388; https://www.instagram.com/about/legal/privacy/.

17. Use and Implementation of Font Awesome

Our website uses the font Awesome for uniform display of fonts and icons. Provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA. According to the company and its Privacy Policy, Fonticons, Inc. observes the European regulations of GDPR.

When accessing a page, your browser loads the necessary web fonts and icons into your browser cache to facilitate the correct displaying of texts, fonts and icons. It is possible that the following data may be transferred to Fonticons, Inc.:

  • IP address
  • Operating system
  • Browser name + language settings
  • Name of browser used
  • Website, from which the request was triggered
  • Operating system
  • Screen resolution

By integrating the font Awesome, we pursue the objective of being able to display uniform fonts on your device.

The legal basis for the above-described processing of personal data is Art. 6 Para. 1 (f) of GDPR. Our legitimate interest which is required for this is in the great benefit provided by a uniform presentation of fonts. As a result of the option of a uniform presentation, we are able to keep the design expenditure lower than if we had to react to the font standards of different operating systems or browser with our own graphically adapted websites.

The privacy policy of Fonticons, Inc. can be found at https://fontawesome.com/privacy and for more information at https://fontawesome.com/help. If your browser does not support the font Awesome, your device will use the default font.

18. Information about Google Services

We use various services from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, on our website. More information about the individual services of Google that we use on this website can be found below in this privacy policy.

By integrating Google services, Google may collect and process information (including personal data). It cannot be excluded that Google sends the information to a server in a third country.

As can be seen from Google’s Privacy Shield certification (this can be found at https://www.privacyshield.gov/list using the search term “Google”; also see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI), Google has agreed to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework on the collection, use and storage of personal data from EU member states and Switzerland. Google (including Google LLC and its wholly owned subsidiaries in the US) has shown with this certification that it complies with the Privacy Shield principles. More information in this regard can be found at https://www.google.de/policies/privacy/frameworks/.

We ourselves cannot influence the data that Google actually collects and processes. Google does state, however, that the following information (including personal data) may in principle be processed as well:

  • Protocol data (in particular IP address)
  • Location-related information
  • Unique application numbers
  • Cookies and similar technologies

If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data. More information in this regard can be found at https://www.google.de/policies/privacy/ partner.

Google moreover states in this regard the following:

“We may link personal data from one service with information and personal data from other Google services. By doing so, we make it easier for you to share, e.g., contents with friends and acquaintances. Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google.” (https://www.google.com/intl/de/policies/privacy/index.html)

You can prevent such data from being directly added by logging out of your Google account or by making the appropriate account settings in your Google account.

You can also change your cookie settings (e.g. delete, block, etc.). You can find more information in Google’s privacy policy, which is available at: https://www.google.com/policies/privacy/.

You can find information about Google’s privacy settings athttps://privacy.google.com/take-control.html.

19. Use and implementation of Google Ads for conversion tracking

We have integrated Google Ads and conversion tracking as part of Google Ads on this website. Google Ads is an internet ad service that allows advertisers to place ads both in the results of the Google search engine and in Google advertising network. Google Ads allows advertisers to define certain keywords in advance, by means of which an advertisement is displayed exclusively in Google’s search engine results when the user uses the search engine to search for a keyword-relevant search result.

In Google’s advertising network, the ads are placed on topic-relevant websites using an automatic algorithm while taking the previously defined keywords into account.

Google Ads is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google Ads is to promote our website by displaying interest-based advertisements on the websites of third-party companies and in the results of Google’s search engine and by displaying a third-party advertisement on our website. The legal basis for processing your data is the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.

Withdrawal of your consent

We only use Google Ads subject to your consent. You can withdraw your consent by

  • preventing the storage of cookies by implementing the corresponding settings in your browser; please note however that you will not be able to utilize all the functions of our website to the full extent;
  • deactivating your consent by using our consent tool;
  • accessing the link www.google.de/settings/ads in any web browser that you use and by configuring the required settings there.

If you access our website via a Google ad, Google will place a a so-called conversion cookie on your device or system. A conversion cookie loses it validity after thirty (30) days and is not used to identify you. If the conversion cookie has not yet expired, it is used to determine whether certain sub-pages, such as the shopping cart from an online shop system, have been accessed on our website. With the conversion cookie, both Google and we are able to see whether a data subject who came to our website via an advertisement has generated sales, i.e. completed or cancelled the purchase of a product.

The data and information collected due to the use of the conversion cookie are used by Google to generate visitor statistics for our website. These visitor statistics in turn are used by us to determine the total number of users who were referred to us via ads, i.e. in order to determine the success or lack of success of the respective ads and to optimize our ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify you.

The conversion cookie is used to store personal information, e.g., the websites that you visit. Every time that you visit our website, personal data, including the IP address of the internet connection you use, are transmitted to Google in the United States. Such personal data are stored by Google in the United States. Google may transmit such personal data collected via the technical process to third parties.

20. Use and implementation of Google Analytics for website analysis

We have integrated Google Analytics (with anonymization functionality) on this website. Google Analytics is an online analytical service. This online analysis involves the collection and evaluation of data about visitor behavior with regard to websites. The online analytical service collects, among other things, data relating to the website from which a data subject visits another website (so-called referrer), which sub-pages of the website were accessed or how frequently and for how long a sub-page was viewed. An online analysis is used primarily to optimize a website and to analyze the cost/benefit of online advertising.

Google Analytics is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

We use Google Analytics only with activated IP anonymization (“anonymize IP”). With this addition, the IP address of your internet connection will be shortened and anonymized by Google if our website is accessed from an EU member state or from another signatory state of the European Economic Area Treaty.

The purpose of Google Analytics is to analyze the flow of visitors on our website. Google uses the obtained data and information, among other things, for evaluating the use of our website in order to compile on our behalf online reports that show the activities on our website and provide other services associated with the use of our website.

The legal basis for processing your data is the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.

Google Analytics places a cookie on your system. By placing the cookie, Google is able to analyze the use of our website. Every time one of the individual pages of the website that is operated by us and on which a Google Analytics component has been integrated is accessed, the web browser on your system is automatically triggered by the respective Google Analytics component to send data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as your IP address, which Google uses, among other things, to see the origin of visitors and clicks and subsequently generate commission statements.

Cookies are used to store personal information, such as access time, location, from which access was made and frequency of your visits to our website. Every time that you visit our website, such personal data, including the IP address of your internet connection, are transmitted to Google in the United States. Such personal data are stored by Google in the United States. Google may transmit such personal data collected via the technical process to third parties.

You can prevent our website from setting cookies at any time by configuring your web browser accordingly and thus permanently object to the setting of cookies. Configuring the web browser you use in such a manner would also prevent Google from placing a cookie on your system. In addition, a cookie already set by Google Analytics can be deleted at any time via the web browser or another software program.

You also have the opportunity to object to and prevent the collection of data generated by Google Analytics with regard to the use of this website and the processing of such data by Google. To do so, you need to download and install a browser add-on at https://tools.google.com/dlpage/ gaoptout. This browser add-on tells Google Analytics using JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. Google regards the installation of the browser add-on as an objection. If you system is deleted, formatted or reinstalled at a later time, it is necessary to reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by you or another person who is in your sphere of control, you can reinstall or reactivate the browser add-on.

Further information and the valid privacy policy of Google can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in further detail at https://www.google.com/intl/de_de/analytics/.

Withdrawal of your consent

We only use Google Analytics subject to your consent. You have the right to revoke your consent by

  • preventing the storage of cookies by implementing the corresponding settings in your browser; please note however that you will not be able to utilize all the functions of our website to the full extent;
     
  • downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
     

removing consent from Google Analytics in the consent tool to prevent Google Analytics from collecting data on our website in the future. By doing so, an opt-out cookie is placed in your browser. Note that you must activate the opt-out cookie in every browser that you use on all of your end devices and also have to reactivate it if you delete all cookies in a browser.

21. Integration of Google Maps

We have integrated Google Maps on our website. This allows us to show you interactive maps directly on the website and make the use of the map function as convenient as possible.

Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google processes your data in the US and has agreed to comply with the EU-US Privacy Shield. More information in this regard can be found at https://www.privacyshield.gov/EU-US-Framework.

By visiting the website, Google receives information about the fact that you have accessed the corresponding sub-page of our website. This happens regardless of whether you have a Google user account that are logged into it or do not have a user account. If you are logged into Google, your data are directly assigned to your account.

You can find more information about Google’s data processing in its privacy policy: https://policies.google.com/privacy. There you can also change your personal privacy settings in the data protection center. Additional terms and conditions of use for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps/.

The legal basis for processing your data is the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.

Withdrawal of your consent

We only use Google Maps subject to your consent. You have the right to revoke your consent by

  • preventing the storage of cookies by implementing the corresponding settings in your browser; please note however that you will not be able to utilize all the functions of our website to the full extent;
     
  • deactivating your consent by using our consent tool;
     
  • deactivating JavaScript in your browser settings. In such case, you cannot use our website or only to a limited extent

If you would prefer the use not to be associated with your Google profile, you need to log out of Google prior to actuating the button. Google stores the data collected about you as usage profiles and utilizes such data for advertising purposes, market research and/or to tailor its website to address requirements. Such an evaluation is carried out in particular (even for users not signed in) to provide requests-oriented advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the creation of such user profiles, whereas you have to contact Google in order to assert your objection.

We do not collect any personal data by integrating Google Maps.

Your personal data are provided voluntary, solely based on your consent. Should you opt to prevent access, this may result in limited functionality on the website.

22. Use and Implementation of Google reCAPTCHA

This website uses Google reCAPTCHA, a Captcha service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google reCAPTCHA is used to ensure that entries made on our website are actually made by real people and are not automated, e.g. by software (so-called robots).

For this purpose, reCAPTCHA (No CAPTCHA reCAPTCHA) shows you a clickable “I am no a robot” checkbox. reCAPTCHA uses various characteristics to analyze the user’s behavior as soon as he or she visits the website. If applicable, you may also see various images shown after clicking the checkbox, where you are asked to select by clicking the applicable images that match a given motif (e.g. select all images with cars).

reCAPTCHA is integrated via an interface (“API:) to the Google services. By integrating reCAPTCHA, Google may collect and process information (including personal data). It cannot be excluded that Google sends the information to a server in a third country.

reCAPTCHA may use cookies that are stored on your device and which enable an analysis of the use of websites that you visit. In addition, reCAPTCHA also uses web beacons, i.e. a small pixel or graphics. The information possibly generated by the cookie in conjunction with the web beacon with regard to your use of this website (including your IP address) is transmitted to a Google server, possibly in the US or other third countries, and stored there.

You will find more information about the functionality of reCAPTCHA at: https://developers.google.com/recaptcha/.

By integrating reCAPTCHA, we pursue the objective of determining whether entries made on our website are actually provided by a real person or by a bot. The automated check of whether a real person or a bot makes the entries, speeds up and simplifies our workload and increases the degree of reliability of the provided entries. It also prevents any abuse.

The legal basis for processing your data is the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.

Withdrawal of your consent

We only use Google reCAPTCHA subject to your consent. You have the right to revoke your consent by

  • preventing the storage of cookies by implementing the corresponding settings in your browser; please note however that you will not be able to utilize all the functions of our website to the full extent;
     
  • deactivating your consent by using our consent tool.

24. Use and implementation of Instagram

We have integrated Instagram service components on this website. Instagram is a service that can be qualified as an audiovisual platform and allows users to share photos and videos and further share such data on other social media networks.

Instagram is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Every time one of the individual pages of the website that is operated by us and on which an Instagram component (Insta button) has been integrated is accessed, the web browser on your system is automatically triggered by the respective Instagram component to download a presentation of the corresponding Instagram component. As part of this technical process, Instagram is informed about which specific sub-page you visit on our website.

If you are logged into Instagram at the same time, Instagram recognizes the specific sub-page you have visited every time you access our website and during the entire duration of your visit to our website. Such information is collected by the Instagram component and associated by Instagram with your Instagram account. If you actuate one of the Instagram buttons integrated on our website, the resulting data and information are associated with your personal Instagram account and stored and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website if you are also logged into Instagram at the time you access our website; i.e. this happens regardless of whether you click on the Instagram component or not. If you do not want this information to be sent Instagram, you can prevent this from happening by logging out of your Instagram account before accessing our website.

Further information and Instagram’s valid privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

25. Integration of YouTube videos

We have integrated YouTube components on this website. YouTube is an online video portal that allows video publishers to post video clips free of charge and other users to view, evaluate and comment on such free of charge. YouTube permits the publication of all types of videos, which is why it is possible to access entire films and TV programs as well as music videos, trailers or videos made by users themselves via the online portal.

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Every time one of the individual pages of the website that is operated by us and on which a YouTube component (YouTube video) has been integrated is accessed, the web browser on your system is automatically triggered by the respective YouTube component to download from YouTube a presentation of the corresponding YouTube component.

You can find more information about YouTube at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google is informed about which specific sub-page you visit on our website.

If you are logged into YouTube at the same time, YouTube recognizes the specific sub-page that you visit on our webpage every time you access a sub-page that contains a YouTube video. This information will be collected by YouTube and Google and associated with your YouTube account.

YouTube and Google always receive information via the YouTube component that you have visited our website if you are also logged into YouTube at the time you access our website; i.e. this happens regardless of whether you click on a YouTube component or not. If you do not want this information to be sent YouTube and Google, you can prevent this from happening by logging out of your YouTube account before accessing our website.

The privacy policy published by YouTube at https://www.google.de/intl/de/policies/privacy/ provides detailed information about the collection, processing and use of personal information by YouTube and Google.

26. Use and implementation of PayPal

We have integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed using PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments using credit cards if a user does not have a PayPal account. We also utilize PayPal for the payment methods “on receipt of invoice” and “installments”. A PayPal account is managed using an e-mail address, which is why there are no typical account numbers. PayPal enables users to make online payments to third parties or even receive payments. PayPal also acts like a trustee and offers buyer protection services.

PayPal is operated in Europe by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

If you select “PayPal” as payment option during the order transaction in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you agree to the transmission of personal data required for processing the payment.

The personal data transferred to PayPal usually include first name, last name, address, e-mail address, IP address, phone number, mobile phone number or other data, which are necessary for processing the payment. Such personal data that relate to the respective order are also necessary for processing the purchase agreement.

The purpose of transmitting the data is to process the payment and prevent fraud. We will transmit personal data to PayPal especially if there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be sent by PayPal to credit reporting agencies. The purpose of this transmission is to verify one’s identity and creditworthiness.

PayPal may transmit the personal data to affiliated companies and service providers or subcontractors, provided that this is necessary for fulfilling the contractual obligations or the data should be processed on its behalf.

You have the option of withdrawing the consent for the handling of personal data vis-a-vis PayPal at any time. A revocation does not affect the personal data that have to be processed, used or transmitted for (contractual) processing of payments.

PayPal’s current privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

27. Legal basis of processing

Art. 6 Para. 1 (a) of GDPR forms the legal basis for our company and processing operations, during which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for fulfilling a contract, to which the data subject is a party, as is the case, e.g., with processing operations that are necessary for delivering goods or performing any other service or service in return, the processing is based on Art. 6 Para. 1 (b) of GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, e.g., in case of inquiries relating to our products or services.

If our company is subject to a legal obligation, which requires the processing of personal data, such as to fulfill tax obligations, processing is based on Art. 6 Para. 1 (c) of GDPR.

Ultimately processing operations could be based on Art. 6 Para. 1 (f) of GDPR. Processing operations that are not covered by any of the aforementioned legal principles are based on this legal basis if the processing is necessary for safeguarding the legitimate interest of our company or a third party, provided that the interests do not outweigh the fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because the European legislator has mentioned them specifically. In this context, it is of the opinion that a legitimate interest may be assumed if the data subject is a customer of the controller (Recital 47 (2) to GDPR).

If the processing of personal data is based on Art. 6 I (f) of GDPR, our legitimate interest is to ensure the efficient performance of our business operations for the well-being of our employees and shareholders.

28. Storage period of personal data

The criteria for the storage period of personal data is the respective statutory retention period. After the deadline has elapsed, the corresponding data will be routinely deleted, provided that they are no longer necessary for fulfilling or initiating a contract.

Otherwise, the specific criteria for the retention period are listed in the individual section of this privacy policy.

29. Updating/deletion of your personal data

You have the opportunity to check, change or delete the personal data provided to us at any time by sending an e-mail to us at datenschutz[at]doppstadt.de. In this manner, you can also exclude the receipt of any further information for the future.

You also have the right to withdraw your consent at any time with effect for the future.

The stored personal data will be deleted if you withdraw your consent for storage.

We process and store your personal data only for the period that is necessary to attain the purpose of storage or if this has been provided for by the European regulators or another legislator in laws or regulations to which we are subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European regulators or another legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

30. Legal or contractual regulations on the provision of personal data

We will inform you that the provision of personal data are in part required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. Information about the contractual partner). Sometimes, it may be necessary for forming a contract that a data subject provides us with personal data that must be processed subsequently by us. For instance, the data subject is obligated to provide us with personal data if our company forms a contract with that data subject. Failure to provide personal data could mean that a contract may not be formed with the data subject.

Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of personal data is required by law or the contract or is necessary for forming a contract, whether there is an obligation to provide personal data, and what the consequence would be for failing to provide personal data.

31. Existence of automated decision-making

As a responsible company, we waive the use of automated decision-making or profiling.

 

32. Announcement of changes

Changes in laws or changes in our internal processes may make it necessary to adapt this privacy policy.

In case of such a change, we will notify you in this regard no later than six (6) weeks before the change takes effect. You are generally entitled to withdraw your consent.

Note that the current version of the privacy policy is the valid version (unless you assert your right of withdrawal).

Note: This privacy policy was drawn up using a wide variety of sources, including the links provided here. Current jurisprudence and interpretations as well as commentaries were taken into account, as far as we know.