Data Protection Declaration
Thank you for your interest in our website. The protection of your privacy in the processing of personal data and the security of all business data is an important matter for us, which we consider in our business processes. This is to inform you in detail about how your data is handled.
Responsible Entity as per Art. 4 Para. 7 EU General Data Protection Regulation (GDPR)
Tullastr. 64, D-76131 Karlsruhe
T +49 721 96456 – 0
F +49 721 96456 – 10
Responsible Entity’s Data Protection Officer
§ 1 Legal Framework for the Processing of personal Data
(1) Insofar as we obtain the consent for the processing of personal data from the subject person, Art. 6, para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis.
(2) For the processing of personal data required for the fulfillment of a contract whose contractual party is the subject person, Art. 6 Para 1 lit. b EU General Data Protection Regulation (GDPR) serves as legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.
(3) Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6, para 1 lit. c EU General Data Protection Regulation (GDPR) serves as legal basis.
(4) In the event that vital interests of the subject person or of another natural person require the processing of personal data, Art. 6, para 1 lit. d EU General Data Protection Regulation (GDPR) serves as legal basis.
(5) If processing is necessary to safeguard a legitimate interest of our company or of a third party and if these interests, fundamental rights and freedoms of the subject do not outweigh the interests of the former, Art. 6, para 1 lit. f EU General Data Protection Regulation (GDPR) serves as legal basis for processing.
§ 2 Deletion of Data and Storage Time
(1) The personal data of the subject person will be deleted or blocked as soon as the purpose of the storage ceases to apply.
(2) In addition, data may be stored if this was intended by the European or National legislator in EU regulations, laws or other provisions to which the responsible entity is subject.
(3) The data will also be blocked or deleted when a storage period stipulated by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
§ 3 Information on the Collection of personal Data
(1) Below you will find information on the collection of personal date when using our website. Personal data includes all data that is relatable to you personally, i. e. name, address, E-Mail addresses, user behavior.
(2) When you contact us by E-Mail or via a contact form, we will store the data you provide (your E-Mail address, if necessary your name and your telephone number) in order to answer your questions. We will delete the data arising from this context once the storage is no longer necessary or limit the processing if statutory storage periods exist.
(3) If we use contracted service providers for individual functions of our offer or if we want to use your data for advertising purposes, we will inform you in detail on the respective processes as stated below. This will include the defined criteria for the storage period.
Collection of personal Data when visiting our Website
For purely informational use of the website, i. e. if you don’t register or otherwise provide us with information, we only collect personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is a technical requirement for us in order to display our website to you and to guarantee stability and security (Art. 6, para 1 p. 1 lit. f GDPR serves as legal basis.)
- Host name
- Date and time of inquiry
- Time Zone difference with Greenwich Mean Time (GMT)
- Contents of the inquiry (specific page)
- Access status/HTTP status code
- Respectively transmitted amount of data
- Website from which the inquiry originated (Referrer)
- Specific pages of our website that you accessed
- Browser: type, version and set language
- Operating system: type and version
- screen resolution
- color depth
- Size of browser window
- Installed browser-plugins
- Installed browser-plugins
(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text fields that are stored on your hard disk allocated to the browser you use and through which certain information flows towards the site setting the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer overall more user-friendly and effective.
(2) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient Cookies (refer to a)
- Persistent Cookies (refer to b)
a) Transient Cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the collective session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
c) You can configure your browser setting according to your wishes e. g. decline the acceptance of third-party cookies or all cookies. So-called "Third Party Cookies" are cookies that have been set by a third party, and therefore not by the actual website on which you are currently located. Please be aware that you may not be able to use all functions of this website.
§ 4 Other Functions and Offers of our Website
(1) Besides the purely informational use of our website, we offer various services that you can use if you are interested. As a general rule, you will have to provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply. Mandatory information is marked with an asterisk. Information in fields not marked in this way is purely voluntary.
2) When you contact the service provider by e-mail or via the contact form, personal data is collected. Which data is collected in the case of a contact form is apparent from the respective contact form. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored in order to process your request.
(3) In some cases we use external service providers to process your data. These have been carefully selected and mandated by us, are bound by our instructions and examined on a regular basis.
(4) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the service.
§ 5 Rights of the subject Person
Below you will find information on your rights as a subject person according to Art. 15 GDPR. You can exercise these rights at all times and contact us directly on that account. If you claim these rights from us, we will examine them in detail under consideration of the associated legal requirements and restrictions. In this context we may ask you for further information. We will explain in detail the results of our audit and our procedure for the fulfillment of your inquiry. It is possible that we cannot fully comply with your requests in the way you wish.
This should not deter you from claiming your rights from us or asking us about them. We will be happy to answer all your questions.
(1) Right to Information
You have the right to request information from us at any time as to whether and which of your personal data is processed by us. This also includes information on the purposes of processing, if necessary on recipients to whom we have disclosed data about you, the planned storage period and, if necessary, information on the origin of this data, unless we have collected this data directly from you. In addition, you have the right to a one-time free copy of your personal data stored with us. We reserve the right to charge an appropriate administration fee for further copies.
(2) Right to Correction
You have the right to ask us for the correction of inaccurate data that we are storing with regards to your person. This also includes the right to completion of incomplete personal data.
(3) Right to Deletion
You have the right to ask us for the deletion of data that we are storing with regards to your person. If we published data about you, this also includes our obligation, as part of the “right to being forgotten” in line with Art. 17, para. 2 GDPR, to forward your request for deletion, all links to this data as well as copies or replicas concerning this data, to other responsible entities for the processing of this published personal data, taking into account available technology and the cost of implementation.
(4) Right to Restriction of Processing
You have the right to ask us for the restriction of processing of data that we are storing with regards to your person. Thereafter the processing of this data will only be possible with your consent or for selected, legally defined purposes.
(5) Right to Objection of Processing
Insofar as we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case when the processing is in particular not necessary to fulfil a contract with you, as described respectively for each function below. When exercising such objection, we ask you to explain why we should not process your personal data in the way we have done. In the event of your reasonable objection we will examine the situation and either stop or adapt the data processing or we will present you with our imperative reasons worthy of protection, on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at all times. You can inform us about your advertising objection using the contact channels listed above.
(6) Right to Revocation of Consent under Data Protection Law
If you have given your consent to the processing of your data, you can revoke it at all times. Such a revocation affects the admissibility of the processing of your personal data after you expressed it to us.
(7) Right to Transferability of Data
You have the right to receive information about yourself that you have provided to us, from us in a structured, common and machine-readable format for the purpose of transfer to another responsible entity. At your request, taking into account the available technical possibilities, this also includes the direct transfer from us to the other responsible entity.
(8) Right of Appeal to a Supervisory Authority
You have the right to complain about your processing of your personal data to a data protection supervisory authority at any time:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
T +49 711 615541 – 0
F +49 711 615541 – 15
(9) Automated Decision making including Profiling
You have the right to obtain information on the existence of automated decision-making, including profiling, in accordance with Art. 22, para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and intended effects of such processing for the subject person.
§ 6 Protection of Minors
Persons under the age of 16 may not submit any personal data to us without the approval of the legal guardian. According to Art. 8 GDPR, children under the age of 16 may only declare such approval with the consent of the legal guardian. Personal data of minors is not collected or processed consciously.
§ 7 Web Analytics
The legal basis for the use of all web analysis tools listed in this section is Art. 6 Para. 1 S. 1 lit. f GDPR, i. e. the protection of our legitimate interests in consideration of the interests of the visitors of our website. Our interest is the analysis of the use of our website by our website visitors in order to improve our offer and to make it more interesting for you as a user. If the analysis tool used also serves other purposes or if we use it for further interests, we will inform you directly in the notes of the respective analysis tool.
(1) Use of Matomo (formerly Piwik)
(1) This website uses the web analysis service Matomo. Matomo stores cookies (see § 5 for details) on your computer. The information collected in this way is stored exclusively on the responsible person's server in Germany. You can adjust the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. The prevention of the storage of cookies is possible by the respective setting in your browser. It is possible to prevent the use of Matomo by removing the following check mark and thus activating the opt-out plug-in:
(2) This website uses Matomo with the extension "AnonymizeIP". This means that IP addresses are shortened for further processing and direct personal references can be excluded. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
(3) The program Matomo is an open source project. Third-party privacy information is available at http://matomo.org/privacy/policy.
§ 8 Social Media and other Third Party Services
(1) Inclusion of Google Web Fonts
(1) This site uses so-called web fonts for the uniform representation of fonts, which are provided by Google Ireland Ltd. "Google," Gordon House, Barrow Street, Dublin 4, Ireland. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
(2) For this purpose, the browser you are using must connect to Google's servers. This will enable Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
(3) For further information please refer to https://developers.google.com/fonts/faq und in der Datenschutzerklärung von Google: https://www.google.com/policies/privacy/.
(2) Inclusion of Google Maps
(1) On this website we use the offer of Google Maps. In doing so, we are pursuing our interest in increasing the attractiveness of our website by showing you interactive maps directly on our website and allowing you to make comfortable use of the map function. The legal basis for the use of the plug-in is Art. 6 (1) sentence 1 lit. f GDPR.
(2) By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in § 5 of this declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you're logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the formation of these user profiles, but you must direct your objection directly to Google.
(3) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the data protection declaration of the provider. You can also find out more about your rights and privacy settings here: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; http://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework
(3) Inclusion of YouTube-Videos
(1) We have included YouTube videos in our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i. e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transfer. By including YouTube videos, we are pursuing our interest in making our website more interesting and attractive for our visitors and achieving a better presentation of content and facts. Legal basis for the use of the plug-in is Art. 6 Para. 1 S. 1 lit. f GDPR.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified under § 5 of this declaration will be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in at Youtube, your data will be assigned directly to your account. If you do not wish your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, but you must direct your objection directly to YouTube.
(3) For more information on the purpose and scope of your data collection and processing through YouTube, please refer to their data protection declaration. You can also find out more about your rights and privacy settings here: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy. Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.
§ 9 Reporting portal for the Whistleblower Protection Act (HinSchG)
(1) We operate a reporting portal in accordance with the Whistleblower Protection Act (HinSchG). We use a service provided by bbg bitbase group GmbH, Am Heilbrunnen 47, 72766 Reutlingen. We treat information in accordance with § 8 HinSchG confidentially. The purpose of the reporting portal for the Whistleblower Protection Act (HinSchG) is to review and documentation of reports for internal investigation and, if necessary, forwarding to authorized bodies, to remedy unlawful abuses at the company in accordance with § 2 HinSchG.
(2) Whistleblowers have the opportunity to register on our website to use the whistleblower portal to register on our website. To register, log in and contact you, we process data that is automatically transmitted by the automatically transmitted by the Internet browser and personal data that you can provide as a whistleblower can provide: Access data, title (if provided), first name and surname (if specified), contact details (e-mail address, telephone number or postal address, if specified), if applicable, personal data in the report, in particular behavioral violations with corresponding facts. You have the option of registering anonymously. You will receive a unique identification code that gives you access to a closed data protection room. Here you have the opportunity to submit your comment. It will not be passed on to third parties outside your company without your consent, unless it is required required due to legal regulations or orders such as § 9 HinSchG. Then the data may be passed on to investigating authorities or courts.
(3) The legal basis for data processing under the HinSchG is the legal obligation pursuant to Art. 6 para. 1 S.1 lit. a c) GDPR in conjunction with § 12 HinSchG. Insofar as you provide particularly sensitive data, such as data relating to your health, sexuality, origin or criminal offenses, Art. 9 and 10 GDPR must also be observed. The data will be deleted as soon as it is no longer required for the purpose for which it was collected are necessary. According to Section 11 HinSchG, this is usually the case after three years. Other storage obligations due to contractual relationships and processing to fulfill contractual or legal obligations, such as six obligations, such as six or ten-year retention obligations under commercial and tax law, remain unaffected.
§ 10 Update of the Data Protection Declaration
The data protection declaration is currently valid and is dated from 2 August 2019. As a result of the evolution of our web pages or the implementation of new technologies, it is necessary that this data protection declaration be amended to comply with current legal requirements or to implement changes in our services, e. g. in the insertion of new offers. The company reserves the right to change the data protection declaration at any time with future effect. We recommend that you review the current data protection declaration from time to time.