In the following you will find our privacy statement.
In the European General Data Protection Regulation (GDPR), the protection of personal data is given the status of a fundamental right that each and every one of us is entitled to. Data protection laws give us all the right to know at all times what is happening with our personal data, for what purposes it is being used and what rights we have as the owners of our data. This is all in the following data protection declaration. Here you can easily find out what happens to your data when you visit our website. If you have any further questions, please contact the responsible body mentioned.
Who is responsible for data collection?
The website operator is responsible for data processing on this website. You can find their contact details in the “Responsible body” section under 4. General information and mandatory information in this data protection declaration.
How is your data collected?
Some of your data is automatically recorded by our IT system when you access our website. Here we are talking about technical or functional data, e.g. B. Type of your internet browser, your operating system or the time the page was accessed. We need your consent to collect other data. You can give this consent e.g. B. if you agree to the use of so-called cookies. We receive other data because you provide it to us voluntarily, for example by entering it into a contact form.
What do we use your data for?
Some of the data is collected to ensure that the website is provided error-free. These are the technical or functional data described above. Other data may be used to analyze your user behavior.
What rights do you have regarding the processing of your data?
The General Data Protection Regulation (GDPR) grants you various rights with regard to data processing concerning you. You have the right at any time to receive information free of charge about the origin, recipient and purpose of processing your personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with future effect. You also have the right to request that the processing of your personal data be restricted under defined circumstances. You also have the right to complain to the responsible supervisory authority if you believe that your data is being processed unlawfully. (see sections “Right to complain to the responsible supervisory authority”) If you have any further questions, you can contact the person responsible at any time.
Analytics and Third Party Tools
When you visit this website, your surfing behavior can be statistically analyzed. Detailed information about these analysis programs can be found in the following sections of this data protection declaration.
Our website is hosted (hosted) by a website hosting provider. When you visit our website, this provider collects various data including your IP addresses. The legal basis for this hosting is Section 6 (1) (f) GDPR. We have a legitimate interest in an error-free and reliable presentation of our website. We have concluded an order processing contract (AVV) with the provider. This contract ensures that your personal data will only be processed according to our specifications and in compliance with the relevant data protection laws.
We treat your personal data confidentially and comply with all data protection laws. However, we would also like to point out that data transmission over the Internet cannot be completely secure. Unfortunately, it is not possible to completely protect the data from access by third parties.
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing your personal data. The responsible body for data processing on this website is:
Dr.-Ing. Matthias Staab
Data Protection Officer
We have appointed an external data protection officer for our company:
From a data protection perspective, the question of how long the processed documents may be retained is important. Pursuant to Article 5 Paragraph 1 Letter b of the GDPR, personal data may only be processed and therefore stored for specified, clear and legitimate purposes. If the purpose limitation no longer applies, data may no longer be processed. This creates a direct obligation to delete. However, the obligation to delete is subject to statutory retention periods. These are e.g. B. specified in the Tax Code (AO), the Commercial Code (HGB) and other laws and regulations. The retention periods form a new legitimate purpose limitation. This means that the originally processed personal data must be further processed and stored, even if the original purpose no longer exists.
Information on the legal basis for data processing on this website
In Article 13 of the GDPR we are obliged to inform you of the legal basis for processing your personal data. Unless this is stated separately in the individual sections of our data protection declaration, the following legal bases apply:
If you have given us your consent to process certain data, we will also process this on the basis of Art. 9 Para. 1 GDPR if it concerns special categories of data. If you have agreed to the storage of personal data, data processing will also be carried out on the basis of Section 25 Paragraph 1 TTDSG. You can revoke your consent at any time. However, this only works in the future, not retroactively. You can find out which other legal bases apply in addition and in individual cases in the following sections of this data protection declaration.
Note on data transfer to the USA and other third countries
We use, among other things, tools from companies (e.g. Google) based in the USA or other third countries that are not secure in terms of data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
Right to lodge a complaint with the responsible supervisory authority
In the event of a data protection violation, you as the person affected have the right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority in Hesse is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
PO Box 31 63
Right to data portability
You have the right to have data that we process automatically based on your consent or another legal basis handed over to you or to a third party in a common, machine-readable format. However, if you request the data to be transferred directly to another person responsible, this must be technically feasible.
SSL or TLS encryption
Our website is provided with SSL or TLS encryption for security reasons and to protect against the transmission of confidential content that you send to us. This means that data that you transmit to us cannot be read by third parties.
Information, deletion and correction
The current data protection regulations grant you the right to request free information at any time about your stored personal data, its origin and recipient as well as the purpose of data processing. You may have the right to correct or delete this data. You can contact us at any time about this.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. The right to restriction of processing exists in the following cases:
For example, if you doubt the accuracy of your personal data stored by us, we need sufficient time to verify it. For the duration of this review, you have the right to request that the processing of your personal data be restricted. If we have processed your personal data unlawfully, you can request that data processing be restricted instead of deletion. If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion. If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. You have the right to request that the processing of your personal data be restricted as long as it is not yet clear whose interests prevail. If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
Cookies have different functions. Some are technically necessary to enable certain website functions. Other cookies are used to evaluate user behavior or display advertising. Cookies are small text files that are stored on your device temporarily for the duration of a session (session cookies) or permanently (permanent cookies) without causing any damage to your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them. In some cases, cookies from third-party companies may also be stored on your device when you access our site (third-party cookies). These enable us or you to use certain third-party services.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions you require or to optimize the website are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG). Consent can be revoked at any time.
Server log files
We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:
This data will not be merged with other data sources. This data is collected on the basis of Article 6 Paragraph 1 Letter f GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website and the server log files must be recorded for this purpose.
Inquiries by email, telephone or fax
If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request, etc.), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR), if this was queried. The data you send to us will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
With our presence on Instagram and Facebook we want to present our company on the internet. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. All further processing by the social networks may have other legal bases, which must be stated and assumed by their operators. Responsible party and assertion of rights If you visit us on Facebook or Instagram, we, together with the operator, are responsible for the data processing operations triggered by this visit. You can exercise your rights (information, correction, deletion, restriction of processing, Data portability and complaints) can generally be asserted both with us and with the operator of the respective social media portal. Despite our shared responsibility, we cannot have any comprehensive influence on the data processing operations of the social media portals. Our options are largely based on their usage guidelines.
We delete the data we collect directly via the social media presence if you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. This only applies if no other legal regulations prevent deletion. Saved cookies remain on your device until you delete them yourself.
Further information on Facebook and Instagram
The provider of these services is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). We have concluded an agreement on joint data processing (Controller Addendum) with Meta. This agreement defines the responsibilities when you visit our Facebook or Instagram presence. You can read this agreement here: www.facebook.com/legal/terms/page_controller_addendum. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and dede.facebook.com/help/566994660333381. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: www.dataprivacyframework.gov/s/participantsearch/participant-detail.
This website uses the open source web analysis service Matomo. With the help of Matomo we are able to collect and analyze data about the use of our website. This allows us to find out, for example, when which page views were made and from which region they came. We also collect various log files (e.g. IP address, referrer URL, browsers used and operating systems) and can measure whether our website visitors take certain actions (e.g. clicks, purchases, etc.). Matomo uses technologies that enable the user to be recognized across pages to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server and partially anonymized. We use Matomo exclusively on our own servers, so all analysis data remains with us and is not passed on. The use of this analysis tool is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit . B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. When analyzing with Matomo, we use IP anonymization. Your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
YouTube with extended data protection
This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the passing on of data to YouTube partners. This means that YouTube connects to the Google DoubleClick network regardless of whether you are watching a video. As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Further information about data protection at YouTube can be found in their data protection declaration at: policies.google.com/privacy.
This site uses Font Awesome to display fonts and symbols uniformly. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA. We have stored these fonts locally on our servers so that no data is transferred to the provider.
We reserve the right to adapt this data protection declaration at any time and in compliance with changing legal regulations.
Creator of this data protection declaration:
Merz-Datenschutz, Südertoft 26, 24986 Mittelangeln