Privacy policy (long version)
Table of contents
• Introduction
• Scope of application
• Definitions
• Legal basis
• Contact details of the responsible person
• Contact details of the data protection officer
• Storage period
• Rights under the General Data Protection Regulation
• Data transfer to third countries
• Data processing security
• Communication
• Cookies
• Cookie Consent Banner
• Web hosting
• YouTube
• Google Fonts Local
• Google Maps
• reCatcha
Introduction
We
have written this data protection notice in order to explain to you, in
accordance with the requirements of the
General Data Protection Regulation (EU) 2016/679
and applicable national laws (BDSG-neu), which personal data (data for short)
we process as the responsible party, will process in the future and what
lawful options you have.
The terms used are to be understood as
gender-neutral.
Data protection notices are usually very technical
and full of legal jargon. We, on the other hand, inform you in clear and
simple language that we only process personal data in the course of our
business activities if there is a corresponding legal basis.
Scope
of application
This data protection notice applies to all personal data
processed by us in the company. By personal data, we mean information within
the meaning of Art. 4 No. 1 DSGVO, such as a person's name, email address
and postal address. The processing of personal data ensures that we can offer
and invoice our services and products, whether online or offline. The scope of
this data protection notice includes:
• all online
presences that we operate
• E-mail communication
Definitions
The
data protection information of SACO Air GmbH is based on the terms used
by the European Directive and Ordinance Maker when issuing the Basic Data
Protection Regulation (DSGVO). In order to ensure consistent use of language,
we would like to explain the terms used in advance.
We use the following
terms, among others, in this privacy notice:
• (a)
personal data
Personal data means any information relating to an
identified or identifiable natural person (hereinafter "data
subject"). An identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one
or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person.
•
(b) person concerned
Data subject means any identified or
identifiable natural person whose personal data are processed by the
controller.
• c) Processing
Processing is any
operation or set of operations which is performed upon personal data, whether
or not by automatic means, such as collection, recording, organisation,
filing, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure, archiving or destruction.
•
(d) restriction of processing
Restriction of processing is
the marking of stored personal data with the aim of limiting their future
processing.
• e) Profiling
Profiling is any form
of automated processing of personal data which consists in using such personal
data to evaluate certain personal aspects relating to a natural person, in
particular to analyse or predict aspects relating to that natural
person's performance at work, economic situation, health, personal
preferences, interests, reliability, behaviour, location or change of
location.
• f) Pseudonymisation
Pseudonymisation
is the processing of personal data in such a way that the personal data can no
longer be attributed to a specific data subject without the use of additional
information, provided that such additional information is kept separately and
is subject to technical and organisational measures to ensure that the
personal data is not attributed to an identified or identifiable natural
person.
• (g) controller or person responsible for
processing
The controller or person responsible for processing is the
natural or legal person, public authority, agency or other body which alone or
jointly with others determines the purposes and means of the processing of
personal data. Where the purposes and means of such processing are determined
by Union or Member State law, the controller or the specific criteria for its
designation may be provided for under Union or Member State law.
•
(h) Processors
Processor means a natural or legal person,
public authority, agency or other body which processes personal data on behalf
of the controller.
• i) Recipient
A recipient is a
natural or legal person, public authority, agency or other body to whom
personal data are disclosed, whether or not a third party. However, public
authorities that may receive personal data in the context of a specific
investigative task under Union or Member State law shall not be considered as
recipients.
• j) Third
Third party means a natural
or legal person, public authority, agency or other body other than the data
subject, the controller, the processor and the persons authorised to process
the personal data under the direct responsibility of the controller or the
processor.
• k) Consent
Consent shall mean any
freely given specific and informed indication of the data subject's
wishes in the form of a statement or other unambiguous affirmative act by
which the data subject signifies his or her agreement to the processing of
personal data relating to him or her.
Legal basis
In the
following data protection notices, we provide you with transparent information
on the legal principles and regulations, i.e. the legal bases of the data
protection basic regulation, which enable us to process personal data.
As
far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE
EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course,
read this EU data protection basic regulation online on EUR-Lex, the access to
EU law, at
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We
only process your data if at least one of the following conditions applies:
1.
Consent (Article 6(1)(a) DSGVO): You have given us your consent
to process data for a specific purpose. An example would be the storage of
your entered data of a contact form.
2. Contract (Article
6(1)(b) DSGVO): In order to fulfil a contract or pre-contractual obligations
with you, we process your data. For example, if we conclude a sales contract
with you, we need personal information in advance.
3. Legal
obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation,
we process your data. For example, we are legally obliged to keep invoices for
accounting purposes. These usually contain personal data.
4.
Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate
interests that do not restrict your fundamental rights, we reserve the right
to process personal data. For example, we need to process certain data in
order to operate our website in a secure and economically efficient manner.
This processing is therefore a legitimate interest.
Further conditions
such as the performance of recordings in the public interest and the exercise
of public authority as well as the protection of vital interests do not
generally occur with us. If such a legal basis should be relevant, it will be
indicated at the appropriate place.
In addition to the EU Regulation,
national laws also apply - in Germany, the Federal Data Protection Act, or
BDSG-neu for short, applies.
If other regional or national laws apply, we
will inform you about them in the following sections.
Contact details of
the responsible person
If you have any questions regarding data
protection, you will find the contact details of the responsible person or
office below:
SACO Air GmbH
represented by: Andreas
Papathanasiou, Harald Pahl
North port arch 2a
22848 Norderstedt
Phone
+49 40 500 196 0
Fax +49 40 500 196 383
E-mail
info@ham.sacogroupair.com
Imprint:
https://www.sacogroupair.com/de/impressum
Contact details of the data
protection officer
Below you will find the contact details of the data
protection officer:
Frank Kowalski (FK-Datenschutz UG)
Tangstedter
Weg 38E
22851 Norderstedt
Phone +49 40 943 63 764
E-mail
kowalski@fk-datenschutz.de
Storage period
The fact that we only
store personal data for as long as is absolutely necessary for the provision
of our services and products applies as a general criterion with us. This
means that we delete personal data as soon as the reason for processing the
data no longer exists. In some cases, we are legally obliged to store certain
data even after the original purpose has ceased to exist, for example for
accounting purposes.
Should you wish your data to be deleted or revoke
your consent to data processing, the data will be deleted as soon as possible
and insofar as there is no obligation to store it.
We will inform you
about the specific duration of the respective data processing below, provided
we have further information on this.
Rights under the General Data
Protection Regulation
According to Article 13 of the GDPR, you have the
following rights to ensure fair and transparent processing of data:
•
According to Article 15 of the GDPR, you have the right to know
whether we are processing data about you. If this is the case, you have the
right to receive a copy of the data and the following information:
o
the purpose for which we carry out the processing;
o
the categories, i.e. the types of data that are processed;
o
who receives this data and if the data is transferred to third
countries, how security can be guaranteed;
o how long the
data will be stored;
o the existence of the right to
rectification, erasure or restriction of processing and the right to object to
processing;
o that you can complain to a supervisory
authority (link to this authority can be found below);
o the
origin of the data if we have not collected it from you;
o
whether profiling is carried out, i.e. whether data is automatically
evaluated to arrive at a personal profile of you.
• You
have a right to rectify data under Article 16 of the GDPR, which means that we
must correct data if you find errors.
• According to
Article 17 of the GDPR, you have the right to erasure ("right to be
forgotten"), which specifically means that you may request the deletion
of your data.
• According to Article 18 of the GDPR,
you have the right to restriction of processing, which means that we may only
store the data but not use it any further.
• According
to Article 19 of the GDPR, you have the right to data portability, which means
that we will provide you with your data in a common format upon request.
•
According to Article 21 of the GDPR, you have a right to object,
which, once enforced, entails a change in processing.
o If
the processing of your data is based on Article 6(1)(e) (public interest,
exercise of official authority) or Article 6(1)(f) (legitimate interest), you
may object to the processing. We will then check as soon as possible whether
we can legally comply with this objection.
o If data is used
to carry out direct marketing, you can object to this type of data processing
at any time. We are then no longer allowed to use your data for direct
marketing.
o If data is used to carry out profiling, you can
object to this type of data processing at any time. We are then no longer
allowed to use your data for profiling.
• You may have
the right under Article 22 of the GDPR not to be subject to a decision based
solely on automated processing (for example profiling).
The
following data protection authority is responsible for our company:
Schleswig-Holstein
Data Protection Authority
State Commissioner for Data Protection: Marit
Hansen
Address: Holstenstraße 98, 24103 Kiel
Telephone number:
04 31/988-12 00
E-mail address: mail@datenschutzzentrum.de
Website:
https://www.datenschutzzentrum.de/
Data transfer to third countries
We
only transfer or process data to countries outside the EU (third countries) if
you consent to this processing, if this is required by law or contractually
necessary and in any case only to the extent that this is generally permitted.
Your consent is in most cases the most important reason for us to have data
processed in third countries. Processing personal data in third countries such
as the US, where many software vendors provide services and have their server
locations, may mean that personal data is processed and stored in unexpected
ways.
We expressly point out that according to the opinion of the
European Court of Justice, there is currently no adequate level of protection
for data transfer to the USA. Data processing by US services (such as
GoogleMaps or Youtube) may result in data not being processed and stored
anonymously. Furthermore, US government authorities may be able to access
individual data. In addition, it may happen that collected data is linked to
data from other services of the same provider, provided you have a
corresponding user account. Where possible, we try to use server locations
within the EU, if this is offered.
We will provide you with more detailed
information about data transfers to third countries, where applicable, at the
appropriate points in this privacy notice.
Data processing security
To
protect personal data, we have implemented both technical and organisational
measures. Where possible, we encrypt or pseudonymise personal data. In this
way, we make it as difficult as possible for third parties to infer personal
information from our data.
TLS encryption with https
TLS, encryption
and https sound very technical and they are. We use HTTPS (the Hypertext
Transfer Protocol Secure stands for "secure hypertext transfer
protocol") to transfer data tap-proof on the internet. This means that
the complete transmission of all data from your browser to our web server is
secured - no one can "listen in".
In this way, we have
introduced an additional layer of security and fulfil data protection by
design of technology
Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure
data transmission on the Internet, we can ensure the protection of
confidential data.
You can recognise the use of this data transmission
protection by the small lock symbol at the top left of the browser, to
the left of the internet address (e.g. beispielseite.de) and the use of the
scheme https (instead of http) as part of our internet address.
Communication
When
you contact us and communicate by phone, email or online form, personal data
may be processed.
The data is processed for the handling and processing
of your question and the related business transaction. The data will be stored
for this duration or as long as required by law.
Persons concerned
All
those who seek contact with us via the communication channels provided by us
are affected by the aforementioned processes.
Phone
When you call
us, the call data is stored pseudonymously on the respective end device and
with the telecommunications provider used. In addition, data such as name and
telephone number can subsequently be sent by e-mail and stored for the purpose
of responding to enquiries. The data is deleted as soon as the business case
has been completed and legal requirements permit.
E-mail
If you
communicate with us by e-mail, data may be stored on the respective end device
(computer, laptop, smartphone,...) and data is stored on the e-mail server.
The data is deleted as soon as the business case has been completed and legal
requirements permit.
Registration form
You have the option of
registering for our customer portal on our homepage. For this purpose, we
require your personal data in order to be able to reasonably create you as a
customer. The data will not be passed on to third parties and will be stored
for as long as we are contractually or legally obliged to do so. If no
business transaction is concluded, your data will be deleted at regular
intervals.
Newsletter subscription
In the course of registering for
our customer portal, you also have the option of registering to receive our
newsletter. By registering, you consent to the processing of the data required
for this purpose. The data will not be passed on to third parties and will
remain stored for as long as we are contractually or legally obliged to do so.
Should no business transaction come about, your data will be deleted at
regular intervals. You can unsubscribe from the newsletter at any time. For
this purpose, you will find an "unsubscribe" link at the end of each
newsletter for easy technical implementation.
Legal basis
The
processing of data is based on the following legal bases:
•
Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store
your data and to use it for purposes related to the business case;
•
Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the
performance of a contract with you or a processor such as the telephone
provider or we need to process the data for pre-contractual activities, such
as the preparation of an offer;
• Art. 6 para. 1 lit. f
DSGVO (Legitimate Interests): We want to operate customer enquiries and
business communication in a professional framework. For this purpose, certain
technical facilities such as e-mail programmes, exchange servers and mobile
phone operators are necessary in order to be able to operate the communication
efficiently.
Cookies
What are cookies?
Our website uses HTTP
cookies to store user-specific data. Below we explain what cookies are and why
they are used so that you can better understand the following privacy
notice.
Whenever you browse the internet, you use a browser. Well-known
browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft
Edge. Most websites store small text files in your browser. These files are
called cookies.
Almost all websites use cookies. More precisely, they are
HTTP cookies, as there are also other cookies for other applications. HTTP
cookies are small files that are stored on your computer by our website. These
cookie files are automatically placed in the cookie folder, effectively the
"brain" of your browser. A cookie consists of a name and a value.
When defining a cookie, one or more attributes must also be specified.
Cookies
store certain user data about you, such as language or personal page settings.
When you return to our site, your browser transmits the
"user-related" information back to our site. Thanks to the cookies,
our website knows who you are and offers you the setting you are used to. In
some browsers, each cookie has its own file, in others, such as Firefox, all
cookies are stored in a single file.
There are both first-party cookies
and third-party cookies. First-party cookies are created directly by our site,
third-party cookies are created by partner websites (e.g. Google Analytics).
Each cookie is to be evaluated individually, as each cookie stores different
data. The expiry time of a cookie also varies from a few minutes to a few
years. Cookies are not software programmes and do not contain viruses, Trojans
or other "pests". Cookies also cannot access information on your
PC.
What are the different types of cookies?
The question of which
cookies we use in particular depends on the services used and is clarified in
the following sections of the privacy notice. At this point, we would like to
briefly discuss the different types of HTTP cookies.
One can distinguish
between 4 types of cookies:
Essential cookies
These cookies are
necessary to ensure basic website functionality. For example, these cookies
are needed when a user places a product in the shopping cart, then continues
surfing on other pages and later goes to the checkout. These cookies do not
delete the shopping cart even if the user closes his browser window.
Purposeful
cookies
These cookies collect information about user behaviour and
whether the user receives any error messages. In addition, these cookies are
also used to measure the loading time and the behaviour of the website with
different browsers.
Targeting cookies
These cookies provide a better
user experience. For example, entered locations, font sizes or form data are
saved.
Advertising cookies
These cookies are also called targeting
cookies. They are used to deliver customised advertising to the user. This can
be very practical, but also very annoying.
Purpose of processing
via cookies
The purpose ultimately depends on the cookie in question. You
can find more details about this from the manufacturer of the software that
sets the cookie.
What data is processed?
We only use essential
cookies to ensure a smooth page load.
Storage period of cookies
The
storage period depends on the cookie. Some cookies are deleted after less than
an hour, others can remain stored on a computer for several years.
Our
cookies are deleted after 4 weeks or after the end of the session.
You
can also influence the storage period yourself. You can manually delete all
cookies at any time via your browser (see also "Right of objection"
below). Furthermore, cookies that are based on consent will be deleted at the
latest after revocation of your consent, whereby the legality of the storage
remains unaffected until then.
Right of objection - how can I delete
cookies?
You decide how and whether you want to use cookies. Regardless
of which service or website the cookies come from, you always have the option
to delete, disable or only partially allow cookies. For example, you can block
third-party cookies but allow all other cookies.
If you want to find out
which cookies have been stored in your browser, if you want to change or
delete cookie settings, you can find this in your browser settings:
Chrome:
Delete, activate and manage cookies in Chrome
Safari: Managing Cookies
and Website Data with Safari
Firefox: Delete cookies to remove data that
websites have placed on your computer.
Internet Explorer: Deleting and
managing cookies
Microsoft Edge: Delete and manage cookies
If you
generally do not want cookies, you can set up your browser so that it always
informs you when a cookie is to be set. In this way, you can decide for each
individual cookie whether you allow the cookie or not. The procedure varies
depending on the browser. It is best to search for the instructions in Google
with the search term "Delete Cookies Chrome" or "Deactivate
Cookies Chrome" in the case of a Chrome browser.
Legal basis
The
so-called "Cookie Guidelines" have been in place since 2009. These
state that the storage of cookies requires your consent (Article 6 para. 1
lit. a DSGVO). Within the EU countries, however, there are still very
different reactions to these directives. In Germany, the Cookie Directives
have not been implemented as national law. Instead, this directive was largely
implemented in § 15 para.3 of the German Telemedia Act (TMG).
On 1
December 2021, the Telecommunications and Telemedia Data Protection Act
(TTDSG) came into force. This law comes alongside the scope of the GDPR and
aims to prevent unwanted access to information stored on computers, tablets or
mobile phones.
In future, consent must always be obtained when using
technologies such as cookies, web storage, browser fingerprinting, etc. -
regardless of whether personal data is processed in the process.
The
further explanations on the principles of the need for consent are described
in Section 25 (1) and (2) TTDSG.
For absolutely necessary cookies, even
where there is no consent. there are legitimate interests (Article 6(1)(f)
DSGVO), which in most cases are of an economic nature. We want to provide
visitors to the website with a pleasant user experience and for this purpose
certain cookies are often absolutely necessary.
If cookies are used that
are not absolutely necessary, this is only done with your consent. The legal
basis in this respect is Art. 6 Para. 1 lit. a DSGVO in conjunction with
§25 TTDSG.
Cookie Consent Banner
What is Cookie
Consent?
We use functions of the provider Cookie Consent on our
website.
Cookie Consent is a software product of the company TermsFeed.
The software automatically creates a DSGVO-compliant cookie notice for our
website visitors.
Why do we use Cookie Consent on our website?
We
take data protection very seriously. We want to show you exactly what is
happening on our website and which of your data is being stored. With the
Cookie consent programming code, we inform you when you first visit our
homepage that we use indispensable (technically necessary) cookies.
What
data is stored by Cookie Consent?
No cookies are stored in Cookie consent
itself. This programming code is merely an indication that necessary cookies
are being set.
The technically necessary cookies are, on the one hand, a
cookie that contains the selected language and, on the other hand, a session
ID cookie. The following data is stored here:
• IP
address (in anonymised form, the last 3 digits are set to 0)
•
Date and time of the visit
• our website
URL
• technical browser data
•
encrypted, anonymous key
How long and where is the data stored?
All
data collected is transmitted, stored and forwarded exclusively within the
European Union. The data is stored on a web server operated by us in the aws
Amazon data centre. The storage period is 4 weeks
Legal basis
We do
not require your consent for the use of the indispensable cookies. The legal
basis is the legitimate interest (Article 6 para. 1 lit. f DSGVO) to ensure a
proper course of your visit to our homepage.
Web hosting
What
is web hosting?
When you visit websites nowadays, certain information -
including personal data - is automatically created and stored, including on
this website. This data should be processed as sparingly as possible and only
with justification. By website, by the way, we mean the totality of all web
pages on a domain, i.e. everything from the home page (homepage) to the very
last subpage (like this one). By domain we mean, for example, www. beispiel.de
or www. musterbeispiel.com.
When the browser on your computer (desktop,
laptop, smartphone) connects and during data transfer to and from the web
server, personal data may be processed. On the one hand, your computer stores
data, on the other hand, the web server must also store data for a while to
ensure proper operation.
Why do we process personal data?
The
purposes of the data processing are:
1. Professional hosting
of the website and safeguarding of the operation
2. to
maintain operational and IT security
3. Anonymous evaluation
of access behaviour to improve our offer and, if necessary, for criminal
prosecution or the pursuit of claims.
What data is processed?
Even
while you are visiting our website right now, our web server, which is the
computer on which this website is stored, usually automatically stores data
such as
• the complete Internet address (URL) of the
website accessed (e.g.
https://www.beispielwebsite.de/beispielunterseite.html?tid=311881264)
•
Browser and browser version (e.g. Chrome 100)
•
the operating system used (e.g. Windows 10)
• the
address (URL) of the previously visited page (referrer URL) (e.g.
https://www.beispielquellsite.de/vondabinichgekommen.html/)
•
The host name and IP address of the device being accessed (e.g.
COMPUTERNAME and 194.23.43.121).
• Date and time
•
in files, the so-called web server log files
How long is
data stored?
As a rule, the above data is stored for a fortnight and then
automatically deleted. We do not pass on this data, but are obliged to hand
over your data to the authorities on request in the event of unlawful
conduct.
Legal basis
The lawfulness of the processing of personal
data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO
(protection of legitimate interests), because the use of professional hosting
with a provider is necessary to present the company on the Internet in a
secure and user-friendly manner and to be able to pursue attacks and claims
from this if necessary.
There is a contract on commissioned processing
between us and the hosting provider in accordance with Art. 28 f. DSGVO, which
ensures compliance with data protection and guarantees data security.
YouTube
privacy policy
What is YouTube?
We have integrated YouTube videos on
our website. This allows us to present interesting videos directly on our
site. YouTube is a video portal that has been a subsidiary of Google since
2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno,
CA 94066, USA. If you call up a page on our website that has a YouTube video
embedded, your browser connects to the YouTube or Google servers when you
watch the video. In the process, various data are transferred (depending on
the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4,
Ireland) is responsible for all data processing in Europe.
In the
following, we would like to explain in more detail what data is processed, why
we have included YouTube videos and how you can manage or delete your data.
Why
do we use YouTube videos on our website?
YouTube is the video platform
with the most visitors and the best content. We strive to offer you the best
possible user experience on our website. And of course, we can't do
without interesting videos. With the help of our embedded videos, we provide
you with further helpful content in addition to our texts and images.
What
data is stored by YouTube?
As soon as you visit one of our pages that has
a YouTube video embedded, YouTube sets at least one cookie that stores your IP
address and our URL. If you are logged into your YouTube account, YouTube can
usually assign your interactions on our website to your profile using cookies.
This includes data such as session duration, bounce rate, approximate
location, technical information such as browser type, screen resolution or
your internet service provider. Other data may include contact details, any
ratings, sharing of content via social media or adding to your favourites on
YouTube.
If you are not signed in to a Google Account or YouTube account,
Google stores data with a unique identifier associated with your device,
browser or app. For example, your preferred language setting is retained. But
a lot of interaction data can't be stored because fewer cookies are
set.
In the following list, we show cookies that were set in the browser
in a test. On the one hand, we show cookies that are set without a logged-in
YouTube account. On the other hand, we show cookies that are set with a
logged-in account. The list cannot claim to be complete because the user data
always depends on the interactions on YouTube.
Name: YSC
Value:
b9-CV6ojI5Y311881264-1
Purpose: This cookie registers a unique ID to
store statistics of the video watched.
Expiry date: after end of
session
Name: PREF
Value: f1=50000000
Purpose: This cookie also
registers your unique ID. Google gets statistics about how you use YouTube
videos on our website via PREF.
Expiry date: after 8 months
Name:
GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile
devices to track GPS location.
Expiry date: after 30 minutes
Name:
VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts
to estimate the user's bandwidth on our web pages (with embedded YouTube
video).
Expiry date: after 8 months
Other cookies that are set when
you are logged in with your YouTube account:
Name: APISID
Wert:
zILlvClZSkqGsSwI/AU1aZI6HY7311881264-
Purpose: This cookie is used to
create a profile of your interests. The data is used for personalised
advertisements.
Expiry date: after 2 years
Name: CONSENT
Value:
YES+AT.en+20150628-20-0
Purpose: The cookie stores the status of a
user's consent to use various Google services. CONSENT is also used for
security purposes to verify users and protect user data from unauthorised
attacks.
Expiry date: after 19 years
Name: HSID
Value:
AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile about
your interests. This data helps to display personalised advertising.
Expiry
date: after 2 years
Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL...
Purpose:
This cookie stores information about your login details.
Expiry date:
after 2 years
Name: SAPISID
Value:
7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely
identifying your browser and device. It is used to create a profile about your
interests.
Expiry date: after 2 years
Name: SID
Value:
oQfNKjAsI311881264-.
Purpose: This cookie stores your Google Account ID
and your last login time in digitally signed and encrypted form.
Expiry
date: after 2 years
Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose:
This cookie stores information about how you use the website and what
advertisements you may have seen before visiting our site.
Expiry date:
after 3 months
How long and where is the data stored?
The data that
YouTube receives from you and processes is stored on Google servers. Most of
these servers are located in America. You can see exactly where Google's
data centres are located at
https://www.google.com/about/datacenters/inside/locations/?hl=de. Your data is
distributed across the servers. This means that the data can be accessed more
quickly and is better protected against manipulation.
Google stores the
collected data for different lengths of time. Some data you can delete at any
time, others are automatically deleted after a limited time and still others
are stored by Google for a longer period of time. Some data (such as items
from "My Activity", photos or documents, products) stored in your
Google Account will remain stored until you delete them. Even if you are not
signed in to a Google Account, you can delete some data associated with your
device, browser or app.
How can I delete my data or prevent data
storage?
In principle, you can delete data in the Google Account
manually. With the automatic deletion function of location and activity data
introduced in 2019, information is stored depending on your decision - either
3 or 18 months and then deleted.
Regardless of whether you have a Google
account or not, you can configure your browser to delete or disable cookies
from Google. Depending on which browser you use, this works in different ways.
The following instructions show how to manage cookies in your browser:
Chrome:
Delete, activate and manage cookies in Chrome
Safari: Managing Cookies
and Website Data with Safari
Firefox: Delete cookies to remove data that
websites have placed on your computer.
Internet Explorer: Deleting and
managing cookies
Microsoft Edge: Delete and manage cookies
If you
generally do not want cookies, you can set up your browser so that it always
informs you when a cookie is to be set. In this way, you can decide for each
individual cookie whether you allow it or not.
Legal basis
By
launching the video element on YouTube, you have consented to your data being
processed and stored by embedded YouTube elements. Thus, this consent is
considered the legal basis for data processing (Art. 6 para. 1 lit. a DSGVO).
In principle, your data will also be stored and processed on the basis of our
legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good
communication with you or other customers and business partners. We use the
embedded YouTube elements after we have explicitly informed you about the data
transfer to YouTube. YouTube also sets cookies in your browser to store data.
That is why we recommend that you read our data protection text on cookies
carefully and view the data protection notice or cookie policy of the
respective service provider.
YouTube also processes data in the USA,
among other places. We would like to point out that according to the opinion
of the European Court of Justice, there is currently no adequate level of
protection for the transfer of data to the USA. This may be associated with
various risks for the legality and security of data processing.
Google
Fonts (Local)
On our website, we use Google Fonts from Google Inc. which
we have integrated locally, i.e. on our web server - not on Google's
servers. This means that there is no connection to Google servers and
therefore no data transfer or storage. In this way, we act in accordance with
data protection laws and do not send any data to Google.
Google Maps
What
is Google Maps?
We use Google Maps from Google Inc. on our website.
Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is
responsible for all Google services in Europe. Google Maps enables us to
better show you locations and thus adapt our service to your needs. By using
Google Maps, data is transmitted to Google and stored on Google servers. Here
we would like to go into more detail about what Google Maps is, why we use
this Google service, what data is stored and how you can prevent this.
Why
do we use Google Maps on our website?
All our efforts on this site are
aimed at providing you with a useful and meaningful time on our website. By
integrating Google Maps, we can provide you with the most important
information on various locations. You can see at a glance where we are
located. The directions always show you the best or fastest way to reach us.
You can call up the directions for routes by car, public transport, on foot or
by bicycle. For us, providing Google Maps is part of our customer service.
What
data is stored by Google Maps?
In order for Google Maps to be able to
offer its service in full, the company has to collect and store data from you.
This includes the search terms entered, your IP address and also the latitude
and longitude coordinates. If you use the route planner function, the start
address entered is also stored. However, this data storage happens on the
Google Maps websites. We can only inform you about this, but cannot influence
it. We explicitly point out to you at the relevant places that by activating
the slider you give your consent to the processing of data by Google Maps.
Since we have integrated Google Maps into our website, Google sets at least
one cookie (name: NID) in your browser. This cookie stores data about your
user behaviour. Google uses this data primarily to optimise its own services
and to provide you with individual, personalised advertising.
The
following cookie is set in your browser due to the integration of Google
Maps:
Name: NID
Wert: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311881264-5
Purpose:
NID is used by Google to customise advertisements to your Google search. With
the help of the cookie, Google "remembers" your most frequently
entered search queries or your previous interaction with ads. This way you
will always get tailored ads. The cookie contains a unique ID that Google uses
to collect your personal preferences for advertising purposes.
Expiry
date: after 6 months
Note: We cannot guarantee the completeness of the
data stored. Especially when using cookies, changes can never be ruled out. In
order to identify the NID cookie, a separate test page was created where only
Google Maps was integrated.
How long and where is the data stored?
Google
servers are located in data centres around the world. However, most servers
are located in America. For this reason, your data is also increasingly stored
in the USA. Here you can read exactly where the Google data centres are
located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Google
distributes the data on different data carriers. This means that the data can
be retrieved more quickly and is better protected against any attempts at
manipulation. Each data centre also has special emergency programmes. If, for
example, there are problems with Google's hardware or a natural disaster
paralyses the servers, the data will pretty much remain protected anyway.
Google
stores some data for a set period of time. For other data, Google only offers
the option to delete it manually. Furthermore, the company also anonymises
information (such as advertising data) in server logs by deleting part of the
IP address and cookie information after 9 and 18 months respectively.
How
can I delete my data or prevent data storage?
With the automatic deletion
of location and activity data introduced in 2019, location and web/app
activity information will be stored for either 3 or 18 months - depending on
your decision - and then deleted. In addition, you can also manually delete
this data from your history at any time via your Google Account. If you want
to completely prevent your location tracking, you must pause the "Web and
App Activity" section in the Google Account. Click "Data and
personalisation" and then on the "Activity setting" option.
Here you can switch the activities on or off.
You can also deactivate,
delete or manage individual cookies in your browser. Depending on which
browser you use, this always works slightly differently. The following
instructions show how to manage cookies in your browser:
Chrome: Delete,
activate and manage cookies in Chrome
Safari: Managing Cookies and
Website Data with Safari
Firefox: Delete cookies to remove data that
websites have placed on your computer.
Internet Explorer: Deleting and
managing cookies
Microsoft Edge: Delete and manage cookies
If you
generally do not want cookies, you can set up your browser so that it always
informs you when a cookie is to be set. In this way, you can decide for each
individual cookie whether you allow it or not.
Please note that when
using this tool, data from you may also be stored and processed outside the
EU. Most third countries (including the USA) are not considered secure under
current European data protection law. Data to insecure third countries may
therefore not simply be transferred, stored and processed there unless there
are appropriate safeguards (such as EU standard contractual clauses) between
us and the non-European service provider.
Legal basis
By activating
the slider, you consent to the use of Google Maps. Thus, the legal basis of
the corresponding data processing is this consent. According to Art. 6 para. 1
lit. a DSGVO (consent), this consent constitutes the legal basis for the
processing of personal data as it may occur during the collection by Google
Maps.
We also have a legitimate interest in using Google Maps to optimise
our online service. The corresponding legal basis for this is Art. 6 para. 1
lit. f DSGVO (Legitimate Interests). As a default setting, the use of Google
Maps is deactivated from our side. By actively pressing the slider, you
consent to the use of Google Maps services.
Google also processes data
from you in the USA, among other places. We would like to point out that
according to the opinion of the European Court of Justice, there is currently
no adequate level of protection for the transfer of data to the USA. This may
be associated with various risks for the legality and security of the data
processing.
Google reCAPTCHA
What is reCAPTCHA?
Our primary
goal is to secure and protect our website for you and for us in the best
possible way. To ensure this, we use Google reCAPTCHA from the company Google
Inc. For the European area, the company Google Ireland Limited (Gordon House,
Barrow Street Dublin 4, Ireland) is responsible for all Google services. With
reCAPTCHA we can determine whether you are really a flesh and blood human
being and not a robot or other spam software. By spam we mean any unsolicited
information sent to us electronically. With the classic CAPTCHAS, you usually
had to solve text or picture puzzles to verify the information. With reCAPTCHA
from Google, we usually don't have to bother you with such puzzles. Here,
in most cases, it is enough to simply tick a box and thus confirm that you are
not a bot. With the new Invisible reCAPTCHA version, you don't even have
to set a tick anymore. You will find out exactly how this works and, above
all, what data is used for this in the course of this data protection
information.
reCAPTCHA is a free captcha service from Google that
protects websites from spam software and abuse by non-human visitors. The most
common use of this service is when you fill out forms on the internet. A
captcha service is a type of automatic Turing test that is designed to ensure
that an action on the internet is performed by a human and not a bot. In the
classic Turing test (named after the computer scientist Alan Turing), a human
determines the distinction between a bot and a human. With captchas, this is
also done by the computer or a software programme. Classic captchas work with
small tasks that are easy for humans to solve, but present considerable
difficulties for machines. With reCAPTCHA, you no longer have to actively
solve puzzles. The tool uses modern risk techniques to distinguish humans from
bots. Here you only have to tick the text field "I am not a robot"
or with Invisible reCAPTCHA even that is no longer necessary. With reCAPTCHA,
a JavaScript element is integrated into the source code and then the tool runs
in the background and analyses your user behaviour. From these user actions,
the software calculates a so-called captcha score. Google uses this score to
calculate how likely you are to be a human even before the captcha is entered.
reCAPTCHA or captchas in general are always used when bots could manipulate or
abuse certain actions (such as registrations, surveys, etc.).
Why do we
use reCAPTCHA on our website?
We only want to welcome flesh and blood
people on our site. Bots or spam software of any kind can safely stay at home.
That's why we pull out all the stops to protect ourselves and offer the
best possible user experience for you. For this reason, we use Google
reCAPTCHA from Google. This way we can be pretty sure that we remain a
"bot-free" website. By using reCAPTCHA, data is transmitted to
Google to determine whether you are actually a human being. reCAPTCHA
therefore serves the security of our website and, by extension, your security.
For example, without reCAPTCHA it could happen that a bot registers as many
email addresses as possible during registration in order to "spam"
forums or blogs with unwanted advertising content. With reCAPTCHA, we can
avoid such bot attacks.
To make your visit to our homepage more pleasant,
we use the Invisible reCaptcha variant, which is executed invisibly for you in
the background.
What data is stored by reCAPTCHA?
reCAPTCHA collects
personal data from users in order to determine whether the actions on our
website actually originate from people. The IP address and other data required
by Google for the reCAPTCHA service may therefore be sent to Google. IP
addresses are almost always shortened beforehand within the member states of
the EU or other contracting states to the Agreement on the European Economic
Area before the data ends up on a server in the USA. The IP address is not
combined with other data from Google unless you are logged in with your Google
account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether
Google cookies from other Google services (YouTube. Gmail, etc.) are already
placed on your browser. Then, reCAPTCHA sets an additional cookie in your
browser and captures a snapshot of your browser window.
The following
list of collected browser and user data does not claim to be complete. Rather,
they are examples of data that, to our knowledge, are processed by Google.
•
Referrer URL (the address of the page from which the visitor
comes)
• IP address (e.g. 256.123.123.1)
•
Info about the operating system (the software that enables your
computer to run. Known operating systems are Windows, Mac OS X or Linux).
•
Cookies (small text files that store data in your browser)
•
Mouse and keyboard behaviour (every action you perform with the
mouse or keyboard is saved)
• Date and language
settings (which language or date you have preset on your PC will be saved).
•
All JavaScript objects (JavaScript is a programming language that
allows websites to adapt to the user. JavaScript objects can collect all kinds
of data under one name).
• Screen resolution (shows how
many pixels the image display consists of)
It is undisputed that Google
uses and analyses this data even before you click on the "I am not a
robot" checkbox. With the Invisible reCAPTCHA version, even the ticking
is omitted and the entire recognition process runs in the background. Google
does not tell you in detail how much and which data it stores.
The
following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo
version from Google at https://www.google.com/recaptcha/api2/demo. All these
cookies require a unique identifier for tracking purposes. Here is a list of
cookies that Google reCAPTCHA has set on the demo version:
Name: IDE
Value:
WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311881264-8
Purpose: This
cookie is set by DoubleClick (also owned by Google) to record and report a
user's actions on the website in dealing with advertisements. This allows
advertising effectiveness to be measured and appropriate optimisation measures
to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry
date: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose:
This cookie collects statistics on website usage and measures conversions. A
conversion occurs, for example, when a user becomes a buyer. The cookie is
also used to display relevant advertisements to users. Furthermore, the cookie
can be used to prevent a user from seeing the same ad more than once.
Expiry
date: after one month
Name: ANID
Wert:
U7j1v3dZa3118812640xgZFmiqWppRWKOr
Purpose: We could not find out much
information about this cookie. In Google's privacy notice, the cookie is
mentioned in connection with "advertising cookies" such as
"DSID", "FLC", "AID", "TAID". ANID is
stored under domain google.com.
Expiry date: after 9 months
Name:
CONSENT
Value: YES+AT.en+20150628-20-0
Purpose: The cookie stores
the status of a user's consent to use various Google services. CONSENT is
also used for security purposes to verify users, prevent login fraud and
protect user data from unauthorised attacks.
Expiry date: after 19
years
Name: NID
Wert: 0WmuWqy311881264zILzqV_nmt3sDXwPeM5Q
Purpose:
NID is used by Google to tailor ads to your Google searches. With the help of
the cookie, Google "remembers" your most frequently entered search
queries or your previous interaction with ads. This way you always get
tailored ads. The cookie contains a unique ID to collect the user's
personal preferences for advertising purposes.
Expiry date: after 6
months
Name: DV
Wert: gEAABBCjJMXcI0dSAAAANbqc311881264-4
Purpose:
Once you have ticked the "I am not a robot" box, this cookie will be
set. The cookie is used by Google Analytics for personalised advertising. DV
collects information in an anonymous form and is also used to make user
distinctions.
Expiry date: after 10 minutes
Note: This list cannot
claim to be exhaustive, as experience has shown that Google changes its choice
of cookies from time to time.
How long and where is the data stored?
By
inserting reCAPTCHA, data is transferred from you to the Google server. Where
exactly this data is stored, Google does not make clear, even after repeated
enquiries. Without having received confirmation from Google, it can be assumed
that data such as mouse interaction, time spent on the website or language
settings are stored on Google's European or American servers. The IP
address that your browser transmits to Google is generally not merged with
other Google data from other Google services. However, if you are logged into
your Google account while using the reCAPTCHA plug-in, the data will be
merged. The deviating data protection regulations of the Google company apply
to this.
How can I delete my data or prevent data storage?
If you do
not want any data about you and your behaviour to be transmitted to Google,
you must log out of Google completely and delete all Google cookies before you
visit our website or use the reCAPTCHA software. In principle, data is
automatically transmitted to Google as soon as you visit our site. To delete
this data again, you must contact Google support at
https://support.google.com/?hl=de&tid=311881264.
Therefore, by using
our website, you consent to the automatic collection, processing and use of
data by Google LLC and its agents.
Please note that when using this tool,
data from you may also be stored and processed outside the EU. Most third
countries (including the USA) are not considered secure under current European
data protection law. Data to insecure third countries may therefore not simply
be transferred, stored and processed there unless there are appropriate
safeguards (such as EU standard contractual clauses) between us and the
non-European service provider.
Legal basis
By registering for our
customer portal, you consent to the use of Google reCAPTCHA. Thus, the legal
basis for the corresponding data processing is this consent and, according to
Art. 6 para. 1 lit. a DSGVO (consent), constitutes the legal basis for the
processing of personal data as it may occur during the collection by Google
reCAPTCHA.
We also have a legitimate interest in using Google reCAPTCHA
to optimise our online service and make it more secure. The corresponding
legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interests).
Nevertheless, we only use Google reCAPTCHA if you have given your consent.
Google
also processes data from you in the USA, among other places. We would like to
point out that according to the opinion of the European Court of Justice,
there is currently no adequate level of protection for the transfer of data to
the USA. This may be associated with various risks for the legality and
security of the data processing.
Status: 08-04-2022