1. Responsible body
Phone +49 2406 665588-0
Contact details of the data protection officer: Jana Braun
The data protection officer is available under the above company address and under firstname.lastname@example.org
2. Scope and purpose of the processing of personal data
2.1 Accessing the website
When this website is accessed www.gvb.de, the Internet browser used by the visitor automatically sends data to the server of this website and stores it for a limited time in a log file. Until the automatic deletion, the following data is stored without further input by the visitor:
- IP address of the visitor's device,
- Date and time of access by the visitor,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor accesses the company website (so-called referrer URL),
- Browser and operating system of the visitor's terminal
- Name of the access provider used by the visitor.
The processing of these personal data is acc. Article 6 (1) (1) (f) of the GDPR. The company has a legitimate interest in the processing of data for the purpose of
- quickly build the connection to the company's website,
- to enable a user-friendly application of the website,
- to detect and ensure the safety and stability of the systems and
- to facilitate and improve the administration of the website.
The processing is expressly not for the purpose of gaining knowledge about the person of the visitor of the website.
2.2 Contact form
Visitors can submit messages to the Company via an online contact form on the website. In order to be able to receive a reply, at least the specification of a valid e-mail address is required. All further information can be given voluntarily by the requesting person. By submitting the message via the contact form, the visitor consents to the processing of the transferred personal data. The data processing is exclusively for the purpose of processing and answering inquiries via the contact form. This is done on the basis of the voluntarily granted consent acc. Article 6 (1) (1) (a) GDPR. The personal data collected for the use of the contact form will be automatically deleted as soon as the request has been completed and there are no reasons for further storage (eg subsequent commissioning of our company).
By registering for the newsletter, the visitor expressly agrees to the processing of the transmitted personal data. To register for the newsletter, you only need to enter an e-mail address of the visitor. The legal basis for the processing of the personal data of the visitor for the purpose of sending newsletters is the consent acc. Article 6 (1) (1) (a) GDPR.
The visitor can unsubscribe from receiving future newsletters at any time. This can be done by using a special link at the end of the newsletter or by sending an e-mail to email@example.com .
3. Disclosure of data
Personal data will be transmitted to third parties, if
- pursuant to Article 6 (1) (1) (a) GDPR, the person concerned expressly consented to,
- the disclosure pursuant to Article 6 (1) (1) (f) GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in not disclosing their data,
- for the transfer of data according to Art. 6 (1) sentence 1 letter c) of the GDPR a legal obligation exists, and / or
- this is required under Article 6 (1) (1) (b) of the GDPR to fulfill a contractual relationship with the data subject. This concerns, for example, the processing of an order or an order in the webshop.
Cookies are used on the website. These are data packets that are exchanged between the server of the company website and the visitor's browser. These are stored when visiting the website of the devices used in each case (PC, notebook, tablet, smartphone, etc.). Cookies can cause no damage on the equipment used. In particular, they contain no viruses or other malicious software. In the cookies, information is stored, each resulting in connection with the specific terminal used. Under no circumstances can the company immediately gain knowledge of the identity of the visitor to the website.
Cookies are largely accepted according to the basic settings of the browser. The browser settings can be set up so that cookies are either not accepted on the devices used, or that a special notice is given before a new cookie is created. It should be noted, however, that the deactivation of cookies may result in not all the features of the website being used in the best possible way.
Cookies are used in the webshop to store the basket of goods during the ordering process. The shopping cart and the associated cookies are deleted after the end of the session.
The data processed by cookies are justified for the purposes mentioned above in order to safeguard the legitimate interests of the company under Article 6 (1) (1) (f) GDPR.
5. Analysis services for websites, tracking
We use the website analytics service for websites of Google Analytics on our website. The legal basis for using the analysis tools is Article 6 (1) (1) (f) GDPR. The website analysis is in the legitimate interest of our company and serves the statistical collection of the page usage for the continuous improvement of our company website and the offer of our services.
Google Anayltics and Google Tag Manager
Using the Google Tag Manager: Google Tag Manager is a solution for the marketer to manage website tags from one interface. The tool Tag Manager itself (the the tags implemented) is a cookieless domain and does not capture any personal information Data. The tool will trigger other tags, which in turn may collect data. Google Tag Manager does not access this data. If there has been made a deactivation on domain or Cookie level, this remains active for all tracking tags, that are implemented with Google Tag Manager. http://www.google.de/tagmanager/use-policy.html
Matelso Call Tracking
Our website uses a service of Matelso GmbH, Stuttgart. If you call on one of the numbers switched for us by Matelso, information about the call may be transmited to a web analytics service (such as Google Analytics). Matelso also reads cookies set by our analytics service or other parameters of Your visit on the website, for example referrer, document path, remote user agent. The relevant information will be provided in accordance with our instructions from Matelso, processed and stored on servers in the EU. Further information can be found on: https://www.matelso.de/privacy. You can use a cookie storage prevent appropriate setting of your browser software. But we point out, that in this case, you may not be able to use all features of this website be fully able to use.
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR .
Recipients / categories of recipients
The recipient of the data collected is Google.
Transmission to third countries
The personal data will be transmitted under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission in the USA. You can get the certificate here .
Duration of data storage
The data sent by us and linked to cookies, user IDs (eg user ID) or advertising IDs will be automatically deleted after 14 months. The deletion of data whose retention period has been reached is done automatically once a month.
You can revoke your consent at any time with future effect by preventing the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
6. Plugins of Social Networks (Social Plugins)
Our company website includes plugins from the following social networks: Facebook, YouTube. The legal basis for the use of social plugins is Article 6 (1) (1) (f) GDPR. A legitimate interest of our company and purpose of using plugins of social networks is to make our offer known to a wide audience. The social networks are responsible for the privacy-compliant handling of the data of their users.
6.1 Privacy statement for the use of Facebook plugins ("Like" button)
Our website contains plugins from Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook is a social network. The respective plugin is recognizable by the Facebook logo or the "like me" button. You can view the complete overview of all plugins from Facebook at the following link: http://developers.facebook.com/docs/plugins
As soon as you visit our website, the Facebook plug-in establishes a direct connection between your Internet browser and the Facebook servers. In this way, Facebook is informed that your website has been visited with your IP address. In the event that you should be logged in to Facebook, you can use the "Like" button to link the content on our website to your profile on Facebook. It is then possible for Facebook to associate your visit to our website with your Facebook account. We, as the provider of our website, are not informed by Facebook about the content of the transmitted data or the data usage. You can find more information under the following link: http://de-de.facebook.com/policy.php
In case that you should be a member of Facebook, but do not want Facebook receives data about you via our website and connects with your membership data, you must log out of Facebook before you visit our website. (Facebook pattern privacy statement by Flegl Rechtsanwaelte GmbH)
7. Your rights as an affected person
As far as your personal data are processed during the visit of our website, you have the following rights as "data subject" within the meaning of the GDPR:
You can ask us for information about whether personal data is processed by us. No right of access exists if the granting of the coveted information would violate the obligation to maintain secrecy or if the information must be kept secret for other reasons, in particular because of a predominantly legitimate interest of a third party. Deviating from this, there may be an obligation to provide the information if your interests outweigh the interests of secrecy, in particular taking into account any imminent damage. The right of access is also excluded if the data are stored only because they can not be deleted due to statutory or statutory retention periods or serve exclusively for purposes of data protection or data protection control, if the provision of information would require a disproportionately high effort and processing for other purposes is excluded by appropriate technical and organizational measures. If in your case the right to information is not excluded and your personal data are processed by us, you can ask us for information about the following information:
- Purposes of processing,
- Categories of personal data that you process,
- Recipients or categories of recipients to whom your personal data are disclosed, particularly to recipients in third countries
- if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the retention period,
- the right to rectify or delete or restrict the processing of personal data concerning you or a right to object to such processing;
- the existence of a right of appeal to a data protection supervisory authority,
- if the personal data has not been collected from you as the data subject, the information available on the origin of the data
- where appropriate, the existence of automated decision-making, including profiling and meaningful information on the logic involved, and the implications and implications of automated decision-making;
- If applicable, in the case of transmission to recipients in third countries, if there is no EU Commission decision on the adequacy of the protection level under Art. 45 (3) GDPR, information on which suitable guarantees pursuant to Art. Art. 46 para. 2 GDPR for the protection of personal data.
7.2 Correction and completion
If you discover that we have inaccurate personal information, you may require us to promptly correct this incorrect information. In case of incomplete personal data concerning you, you can request the completion.
You have a right of cancellation ("right to be forgotten"), provided that the processing is not for the exercise of the right to freedom of expression, the right to information or to fulfill a legal obligation or to perform a task of public interest, necessary and for one of the following reasons:
- The personal data are no longer necessary for the purposes for which they were processed.
- The justification for processing was solely your consent, which you have revoked.
- You have objected to the processing of your personal data that we have made public.
- You have objected to the processing of personal data not disclosed to us and there are no legitimate reasons for the processing.
- Your personal data was processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation to which we are subject.
7.4 Restriction of processing
You may require us to restrict processing if any of the following applies:
- You deny the accuracy of your personal information. The restriction may be required in this case for the duration that allows us to verify the accuracy of the data.
- The processing is unlawful and you require instead of deletion the limitation of the use of your personal data.
- Your personal information will no longer be needed by us for the purposes of processing that you may need to assert, exercise or defend your rights.
- You have contradiction gem. Art. 21 para. 1 DSGVO. The limitation of processing may be required as long as it is not certain that our legitimate reasons outweigh your reasons.
7.5 Data portability
You have the right of data transferability if the processing is based on your consent (Article 6 (1) sentence 1 (a) or Article 9 (2) (a) GDPR) or on a contract to which you are a party and the processing is done using automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of others: You may require us to receive the personal information you provide us in a structured, common and machine-readable format , You have the right to transfer this data to another person without hindrance on our part. If technically feasible, you may require us to transfer your personal information directly to another person in charge.
7.7 Revocation of Consent
You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be communicated by phone, by e-mail, possibly by fax or to our postal address informal. The revocation does not affect the lawfulness of the data processing that has taken place on the basis of the consent until receipt of the revocation. Upon receipt of the revocation, the data processing, which was based solely on your consent, will cease.
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority that has jurisdiction over your place of work or place of habitual offense.