Data protection

Thank you for your interest in our organisation. Data protection is of particular importance to the management of Skiliftgesellschaft Hochfügen GmbH. It is possible to use the web pages of Skiliftgesellschaft Hochfügen GmbH without providing any personal data. However, if a data subject wishes to use specific services provided through our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally seek the consent of the data subject in advance.

Personal data, such as the name, address, email address or telephone number of a data subject, is always processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to Skiliftgesellschaft Hochfügen GmbH. The purpose of this data protection declaration is to inform you about the nature, scope and purpose of the personal information we collect, use and process. Furthermore, you will find information on your rights as a data subject.

As the controller, Skiliftgesellschaft Hochfügen GmbH has put in place numerous technical and organisational measures in order to ensure any personal data processed through this website is as secure as possible. Nevertheless, absolute protection of data transmitted online cannot be guaranteed. For this reason, every data subject is free to submit their personal data to us by alternative means, for example by telephone.

1. Definitions

The data protection declaration of Skiliftgesellschaft Hochfügen GmbH employs the terminology used by the European Directive and Regulatory Authority in the General Data Protection Regulation (GDPR). A requirement is that our data protection declaration should be easy to read and understand, both for the public in general and for our customers and business partners. To ensure this, we here explain the terminology employed.

The following terms, among others, are used in this data protection declaration:

  • a) Personal data

    Personal data means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more specific features that represent the physical, physiological, genetic, mental, economic, cultural or social characteristics of this natural person.

  • b) Data subject

    A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

  • c) Processing

    Processing means any process or series of operations to which personal data is subjected, such as collection, capture, organisation, sorting, storage, adaptation or modification, reading out, querying, using with or without the aid of automated procedures, disclosure through submission, dissemination or any other form of provision, comparison or association, restriction, erasure or destruction.

  • d) Restriction of processing

    Restriction of processing involves labelling stored personal data in such a way that its future processing is appropriately restricted.

  • e) Profiling

    Profiling is any type of automated processing of personal data that involves the use of personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic status or health, to analyse or predict preferences, interests, reliability, behaviour, whereabouts, or relocation of that natural person.

  • f) Pseudonymisation

    Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organisational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

  • g) Controller or person responsible for processing

    The controller is the natural or legal person, public authority, body or other body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are specified by EU law or the law of individual Member States, the controller or the specific criteria for their designation may already be specified in EU or national law.

  • h) Processor

    A processor is a natural or legal person, public authority, body or other body that processes personal data on behalf of the controller.

  • i) Recipient

    A recipient is a natural or legal person, public authority, body or other entity to whom personal data is disclosed, whether or not it is a third party. However, authorities to which personal data must be supplied under EU or national law in connection with particular investigations are not considered to be recipients.

  • j) Third parties

    A third party is a natural or legal person, public authority, body or other body other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or processor to process the personal data.

  • k) Consent

    Consent is any expression of will voluntarily and unambiguously given by the well-informed data subject in connection with any given circumstances in the form of a statement or other unambiguous form of confirmation to the effect that the data subject consents to the processing of their personal data.

2. Name and address of the controller

The controller as defined in the General Data Protection Regulation, other data protection laws of the Member States of the European Union and other provisions relating to data protection is:

Skiliftgesellschaft Hochfügen GmbH

Sennereistraße 1

6263 Fügen

Austria

Tel.: +43 (0) 5288 62319

Email: info@hochfuegenski.com

Website: www.hochfuegenski.com

3. Cookies

The website of Skiliftgesellschaft Hochfügen GmbH uses cookies. Cookies are text files that are filed and stored on a computer system by an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that enable online pages and servers to be assigned to the specific internet browser in which the cookie is stored. This allows visited websites and servers to distinguish between an individual browser and other internet browsers that contain other cookies. A specific internet browser can be recognised and identified on the basis of the unique cookie ID.

By using cookies, Skiliftgesellschaft Hochfügen GmbH can provide visitors to this website with more user-friendly services that would otherwise be the case.

Cookies are used to tailor the information and offers on our website to the requirements of visitors. Cookies allow us, as specified above, to recognise repeat visitors to our website. By recognising visitors, we make it easier for them to use our website. For example, a visitor to a website that uses cookies need not re-enter their credentials every time they visit the website because this is automatically undertaken by the website and the cookie stored on the visitor’s computer system. Another example is a shopping basket cookie. With the help of these, the online shop can remember the items that a customer has placed in the virtual shopping basket.

A data subject can disable the acceptance of cookies from our website at any time by means of a corresponding setting of their internet browser and thus permanently deactivate the corresponding cookies. Furthermore, a browser or other software program can be used to delete already accepted cookies at any time. This is possible in the case of all standard browsers. If a data subject disables the acceptance of cookies by their browser, they may not be able to use in full all the features of our website.

4. Collection of general data and information

The website of Skiliftgesellschaft Hochfügen GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information are stored in the log files of the server. This can include (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrers), (4) the sub-web pages, which can be accessed via an accessing system on our website (5) the date and time of access to the website, (6) an internet protocol (IP) address, (7) the internet service provider of the accessing system and (8) other similar data and information that can be employed for security reasons to prevent of attacks on our IT systems.

Skiliftgesellschaft Hochfügen GmbH does not use this information to draw conclusions about data subjects. Instead this information is required to (1) correctly deliver the contents of our website, (2) to optimise the content of our website and to promote it, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the necessary information for prosecution in case of a cyberattack. This anonymously collected data and information are therefore statistically and otherwise evaluated by Skiliftgesellschaft Hochfügen GmbH with the aim of increasing our level of data protection and data security in order to ultimately ensure the best possible level of protection of the personal data processed by us. The anonymous data in server log files is stored separately from all personal data provided by data subjects.

5. Registration on our website

By providing personal data, data subjects may register on the website of the controller. The personal data to be supplied to the controller is determined by the corresponding input template to be used for registration. The personal data entered by a data subject is collected and stored solely for internal use by the controller and for their own purposes. The controller may arrange for its transmission to one or more service providers, such as a shipper, which will also use the personal data only for the purposes of providing the necessary services to the controller.

When a data subject registers on the website of the controller, the IP address assigned by the internet service provider (ISP) of the data subject, the date and time of registration will also be stored. This data is stored with a view to preventing misuse of our services and also to enable us, when necessary, to investigate any offences committed. The controller thus has a justified interest in storing this data as it is necessary for the protection of the controller. This data will not be disclosed third parties assuming there is no legal obligation to disclose it or disclosure is not necessary for the purposes of law enforcement.

The information voluntarily provided by data subjects during registration will be used by the controller to provide data subjects with content or services that, due to their nature, can only be offered to registered users. Registered users are free to modify the personal data given during registration at any time or to delete it completely from the database of the controller.

The controller shall, at any time upon request, provide information to each data subject as to what personal data about them is stored. In addition, the controller will correct or delete personal data at the request of a data subject, insofar as this does not conflict with any statutory retention requirements. In this connection, data subjects need only contact any employee of the controller.

6. Subscription to our newsletter

Users of the website of Skiliftgesellschaft Hochfügen GmbH have the opportunity to subscribe to our newsletter. The personal data to be supplied to the controller in this case is determined by the corresponding input template to be used to subscribe.

Skiliftgesellschaft Hochfügen GmbH informs its customers and business partners about offers of the company at regular intervals by means of a newsletter. Our newsletter can only to data subjects who (1) have a valid email address and (2) have subscribed to our newsletter. For legal reasons, a double-opt-in procedure will be used whereby a confirmation email will first be sent to the email address entered by a data subject. This confirmation email is used to verify that the owner of the email address has authorised the receipt of our newsletter.

When a data subject registers for our newsletter, we also store the IP address assigned by the internet service provider (ISP) assigned to the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to detect any possible misuse of the data subject's email address at a later date and, therefore providing the controller with legal safeguards.

Any personal data collected for the purpose of registering to receive our newsletter will be used exclusively to send our newsletter. In addition, subscribers to the newsletter may be contacted by email if this is necessary for the operation of the newsletter service or acorresponding registration, as may be the case in the event of changes to our newsletter service or technical modifications. Personal data collected in connection with our newsletter service will not be transmitted to third parties. The subscription to our newsletter may be terminated by a data subject at any time. Consent to the storage of personal data that the data subject has supplied in connection with the receipt of our newsletter can be withdrawn at any time. A corresponding link is provided in each newsletter that can be used to withdraw consent. It is also possible to unsubscribe from the newsletter at any time directly on the controller's website or to contact the controller by other means to unsubscribe.

7. Newsletter tracking

The newsletters of Skiliftgesellschaft Hochfügen GmbH contain so-called tracking pixels. A tracking pixel is a miniature image that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel, Skiliftgesellschaft Hochfügen GmbH can detect whether and when an email was opened by a data subject and which links in the email were accessed by the data subject.

Such personal data collected via the tracking pixels contained in the newsletters will be stored and evaluated by the controller in order to optimise the delivery of the newsletter and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are entitled to withdraw at any time the separate declaration of consent provided by means of the double-opt-in procedure. On withdrawal of consent, this personal data will be deleted by the controller. Skiliftgesellschaft Hochfügen GmbH will assume that unsubscription from the newsletter represents withdrawal of consent on the part of the data subject in question.

8. Contact through our website

To comply with legal requirements, the website of Skiliftgesellschaft Hochfügen GmbH provides information to facilitate rapid electronic contact with our company as well as direct communication with us; included is an address for the receipt of electronic mail (email address). If a data subject contacts the controller by email or using a contact form, the personal data provided by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

9. Routine deletion and blocking of personal data

The controller will process and store the personal data of a data subject only for the period necessary to achieve the purpose of storage or for the period required by law, regulations or directives of the European regulatory authority or other legislation to which the controller is subject.

If the purpose for which data is stored ceases to apply or if a retention period prescribed by the European regulatory authority or in any other relevant legislation expires, personal data will be routinely blocked or deleted in accordance with the statutory provisions.

10. Rights of the data subject

  • a) Right of confirmation

    The European regulatory authority has granted data subjects the right to require a controller to provide them with confirmation of whether personal data relating to him/her is being processed. If a data subject wishes to exercise this right of obtaining confirmation, they can contact an employee of the controller at any time.

  • b) Right of information

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to obtain information free of charge from the controller on the personal data stored on them and a copy of that information at any time. In addition, the European regulatory authority has granted data subjects the right to require information on the following:

    • The purposes of processing
    • The categories of personal data being processed
    • The recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, in particular recipients in third countries or international organisations
    • If possible, the planned duration for which the personal data will be retained or, if that is not possible, the criteria used to determine that duration
    • The existence of a right to request from the controller rectification or erasure of the personal data concerning them, a right to request restriction of processing by the controller and a right to object to such processing
    • The right to lodge a complaint with a supervisory authority
    • If the personal data has not been collected from the data subject: all available information about the origin of the data
    • The existence of automated decision-making including profiling as specified in Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information on the logic involved, and the scope and intended impact of such processing on the data subject

    Furthermore, a data subject has the right of information as to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.

    If a data subject wishes to exercise this right of information, they can contact an employee of the controller at any time.

  • c) Right to rectification

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to demand the immediate correction of inaccurate personal data. Furthermore, data subjects have the right to request the completion of incomplete personal data, also by means of a supplementary declaration, taking into account the purposes of the processing.

    If a data subject wishes to exercise this right of rectification, they can contact an employee of the controller at any time.

  • d) Right to erasure (right to be forgotten)

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to require the controller to immediately delete the personal data concerning them, provided that one of the following reasons applies and processing is not mandatory:

    • The personal data has been collected for purposes or is being processed for purposes that are no longer necessary.
    • The data subject withdraws consent on which the processing was based per Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR and there is no other legal basis for processing.
    • The data subject objects to processing per Art. 21 (1) GDPR and there are no legitimate reasons for processing, or the data subject objects per Art. 21 (2) GDPR.
    • The personal data was processed unlawfully.
    • The deletion of personal data is necessary to comply a legal obligation under EU or national law to which the controller is subject.
    • The personal data was collected by means of information society services and the stipulations of Art. 8 (1) GDPR apply.

    If one of the above reasons applies and a data subject wishes to initiate the deletion of personal data retained by Skiliftgesellschaft Hochfügen GmbH, they may contact an employee of the controller at any time. The employee of Skiliftgesellschaft Hochfügen GmbH will arrange for the request for erasure to be implemented without delay.

    If personal data has been made public by Skiliftgesellschaft Hochfügen GmbH and if we are responsible for deleting the personal data as the controller per Art. 17 (1) GDPR, Skiliftgesellschaft Hochfügen GmbH will take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform other data controllers processing the published personal data that the data subject has required of these other data controllers the deletion of all links to such personal data and of copies and reproductions of this personal data, assuming that processing is not mandatory in this case. The employee of the Skiliftgesellschaft Hochfügen GmbH will initiate the necessary procedures in individual cases.

  • e) Right to restrict processing

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to require a controller to restrict the processing of personal if one of the following conditions applies:

    • The accuracy of the personal data is contested by the data subject for a period of time that enables the controller to verify the accuracy of the personal data.
    • The processing is unlawful, the data subject refuses to have the personal data deleted and instead requests restriction of the use of the personal data.
    • The controller no longer needs the personal data for processing purposes, but the data subject needs them to assert, exercise or defend legal claims.
    • The data subject objects to processing per. Art. 21 (1) GDPR and it is not yet clear whether the legitimate interests of the controller outweigh those of the data subject.

    If one of the above reasons applies and a data subject wishes to initiate the restriction of use of personal data retained by Skiliftgesellschaft Hochfügen GmbH, they may contact an employee of the controller at any time. The employee of Skiliftgesellschaft Hochfügen GmbH will arrange for the request for restriction to be implemented without delay.

  • f) Right to data portability

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to receive the personal data concerning him/her provided to a controller by the data subject in a structured, common and machine-readable format. They also have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, assuming that the processing is based on consent given in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) of the GDPR or on a contract per Article 6 (1) (b) of the GDPR and is being processed by means of automated procedures, unless the processing is necessary to safeguard public interests or for the exercise of an official duty assigned to the controller.

    Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to require that the personal data is transmitted directly from one controller to another, where technically feasible and if this does not affect the rights and freedoms of others.

    In order to assert the right of data transferability, the data subject may contact an employee of Skiliftgesellschaft Hochfügen GmbH at any time.

  • g) Right to object

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to object at any time, for reasons arising from their particular situation, to the processing of personal data relating to them per Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

    On being notified of such an objection, Skiliftgesellschaft Hochfügen GmbH will no longer process the personal data unless we can demonstrate compelling reasons for processing that outweigh the interests, rights and freedoms of the data subject or the processing serves the purpose of asserting, exercising or defence of legal claims.

    If Skiliftgesellschaft Hochfügen GmbH processes personal data for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data for this purpose. This also applies to profiling, as far as it is associated with such direct marketing. If the data subject objects to processing by Skiliftgesellschaft Hochfügen GmbH for the purposes of direct marketing, Skiliftgesellschaft Hochfügen GmbH will no longer process the personal data for these purposes.

    In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data relating to them by Skiliftgesellschaft Hochfügen GmbH for scientific or historical research purposes or for statistical purposes per Art. 89 (1) GDPR - unless such processing is necessary in the public interest.

    In order to assert the right to object, the data subject may contact an employee of Skiliftgesellschaft Hochfügen GmbH at any time. The data subject is also free, in the context of the use of information society services and notwithstanding Directive 2002/58/EC, to exercise their right of objection by means of automated procedures for which technical specifications are employed.

  • h) Automated decisions in individual cases including profiling

    The European regulatory authority has granted data subjects affected by the processing of personal data the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal impact on them or otherwise significantly impacts on them unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller; or (2) is permitted under EU or Member State legislation to which the controller is subject and that also specifies appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject; or (3) the express consent of the data subject to this has been provided.

    If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) the express consent of the data subject to this has been provided, Skiliftgesellschaft Hochfügen GmbH shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, whereby the controller shall retain at least the right to intervention by a third person to outline the controller’s position and to consider any appeal against the decision.

    If a data subject wishes to exercise this right in relation to automated decision-making they can contact an employee of the controller at any time.

  • i) Right to withdraw consent

    The European regulatory authority has granted data subjects affected by the processing of personal data the right to withdraw their consent to the processing of personal data at any time.

    If a data subject wishes to exercise this right, they can contact an employee of the controller at any time.

11. Use of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an internet-based social meeting place, an online community that usually allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for sharing views and experiences, or allows the online community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialise via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The entity responsible for the processing of personal data, if an affected person lives outside the US or Canada, is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Each time one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) is integrated, is accessed the browser of the data subject is automatically activated by the corresponding Facebook component to download the Facebook item. An overview of all Facebook plug-ins can be found at developers.facebook.com/docs/plugins/. As part of this technical process, Facebook receives information about which specific subpage of our website is visited by the data subject.

If the data subject is simultaneously logged in to Facebook, Facebook recognises with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific subpage of our website the data subject visited. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and saves this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is simultaneously logged in to Facebook at the time of access to our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If a data subject does not wish the transfer of this information to Facebook, they can prevent transfer by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of data subjects. In addition, different applications are available, which make it possible to deactivate automatic data transmission to Facebook. Such applications can be used by the data subject to disable data transmission to Facebook.

12. Google Analytics (with anonymization function)

The controller has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the recording, collection and analysis of data on the behaviour of visitors to websites. Among other things, a web analytics service collects information on from which referrer website a user has been directed to a website, which subpages of the website are accessed and how often and for which length of time a subpage is viewed. Web analysis is mainly used to optimise a website and analyse the relative costs and benefits of online advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the code "_gat._anonymizeIp" for web analysis by Google Analytics. This supplement shortens and anonymises the IP address of the internet connection used by the data subject if the data subject accesses our website from a Member State of the European Union or from another country that is a member of the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the device used by a the data subject. What cookies are, has already been explained above. Using this cookie Google is able to analyse the usage of our website. Each time one of the pages of this website operated by the controller is accessed on which a Google Analytics component has been integrated, the browser of the device used by the data subject is automatically activated by the respective Google Analytics component to submit data to Google for the purposes of online analysis. As part of this technical process, Google receives information on personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently make commission settlements possible.

The cookie stores person-related information, such as access time, the location from which access was obtained and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of your internet connection, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal data collected through this technical process to third parties.

A data subject can disable the acceptance of cookies from our website at any time by means of a corresponding setting of their internet browser and thus permanently deactivate the corresponding cookies. Such a setting of the browser used will also prevent the device of a data subject accepting cookies from Google. In addition, a cookie already accepted from Google Analytics can be deleted at any time using the browser or other software program.

Furthermore, data subjects have the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. For this purpose, data subjects must download and install a browser add-on from tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on will be considered by Google as an objection to the use of data. If a data subject's operating system is subsequently deleted, formatted or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their control, the browser add-on can be reinstalled or re-enabled.

Additional information and Google's privacy policy can be found at www.google.com/intl/en/policies/privacy/ and www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at www.google.com/intl/de_de/analytics/.

13. Google Remarketing

The controller has integrated Google Remarketing services on this website. Google Remarketing is a feature of Google AdWords that enables a business to show advertisements to such internet users that have previously visited its website. The integration of Google Remarketing therefore allows a business to create user-friendly advertising and thus show the internet user ads of interest to them.

The operating company of Google Remarketing services is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the use of Google Remarketing is to enable us to display advertising of interest to visitors. Google Remarketing allows us to display ads through the Google Network or display them on other websites tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the devices used by data subjects. What cookies are, has already been explained above. Using this cookie, Google can to recognise return visitors to our website, if they subsequently access websites that are also members of the Google ad network. With every visit to a website on which Google Remarketing's service has been integrated, the browser automatically identifies the user for Google. As part of this technical process, Google receives personal data, such as the IP address or the surfing behaviour of the user, which Google uses among other things to display advertising of interest to that user.

The cookie stores personal information, such as the web pages visited by the affected person. Each time you visit our website, your personal information, including the IP address of the internet connection used by you, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.

A data subject can disable the acceptance of cookies from our website at any time by means of a corresponding setting of their internet browser and thus permanently deactivate the corresponding cookies. Furthermore, a browser or other software program can be used prevent the acceptance of cookies at any time. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, data subjects can object to receiving advertising from Google. To do this, data subjects must access the link www.google.com/settings/ads from each of the internet browsers they use and make the desired settings there.

Additional information and Google's privacy policy can be found at www.google.com/intl/en/policies/privacy/.

14. Google AdWords

The controller has integrated Google AdWords services on this website. Google AdWords is an internet advertising service that allows advertisers to run ads both on Google's search engine and on the Google advertising network. Google AdWords allows an advertiser to pre-define keywords that will display an ad in Google's search engine results but only if a user initiates a keyword-related search. In the Google Network, the ads are distributed to topic-relevant web pages using an automated algorithm and according to previously defined keywords.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the use of Google AdWords is to promote our website by displaying advertising on third-party websites and in the search engine results of Google's search engine and by displaying third party advertisements on our website.

If a data subject reaches our website via a Google ad, a so-called conversion cookie will be stored on the data subject’s information technology system by Google. What cookies are, has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, it is used to trace whether certain sub-pages, such as the shopping basket of an online shop system, were accessed on our website. The conversion cookie allows both us and Google to understand if a data subject who came to our website through an AdWords ad generated revenue, i.e. completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visitor statistics for our website. These visitor statistics are then used by us to determine the total number of users who have been sent to us through AdWords ads, to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. Neither our company nor any other Google AdWords advertiser receives any information from Google that could identify a data subject.

The conversion cookie stores person-relevant information, such as the web pages visited by the data subject. Each time you visit our website, your personal information, including the IP address of your internet connection, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.

A data subject can disable the acceptance of cookies from our website at any time by means of a corresponding setting of their internet browser and thus permanently deactivate the corresponding cookies. Furthermore, a browser or other software program can be used to delete already accepted cookies at any time. In addition, a cookie already accepted from Google AdWords can be deleted at any time using your internet browser or other software programs.

Furthermore, data subjects has the option to object to receive advertising from Google. To do this, data subjects must access the link www.google.com/settings/ads from each of the internet browsers they use and make the desired settings there.

Additional information and Google's privacy policy can be found at www.google.com/intl/en/policies/privacy/.

15. Instagram

The controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audio-visual platform, allowing users to share photos and videos, as well as to redistribute such data across social networks.

The operating company of Instagram's services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time one of the individual pages of this website operated by the controller is accessed on which an Instagram component (Insta button) has been integrated, the internet browser of the data subject is automatically activated by the by the corresponding Instagram component to download the Instagram item. As part of this technical process, Instagram receives information about which specific subpage of our website is visited by the data subject.

If the data subject is simultaneously logged in to Instagram, Instagram is informed with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific subpage of our website the data subject has visited. This information is collected through the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information transmitted with it are assigned to the personal Instagram user account of the data subject and saved and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is simultaneously logged in to Instagram at the time of access to our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If a data subject does not wish the transfer of this information to Instagram, they can prevent transfer by logging out of their Instagram account before accessing our website.

Additional information and Instagram's privacy policy can be found at help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.

16. YouTube

The controller has integrated components of the YouTube service on this website. YouTube is an internet video portal that allows video publishers to freely create video clips for free viewing, rating and commenting. YouTube allows the publication of all types of videos, including complete film and television broadcasts, but also music videos, trailers or user-made videos.

YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) is integrated, is accessed the browser of the data subject is automatically activated by the corresponding YouTube component to download the YouTube item. More information about YouTube can be found at www.youtube.com/yt/about/en/. As part of this technical process, YouTube receives information about which specific subpage of our website is visited by the data subject.

If the person is logged in to YouTube at the same time, YouTube recognises which specific subpage the data subject visits when accessing a page with a video. This information is collected through the YouTube component and assigned by YouTube to the respective YouTube account of the data subject.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is simultaneously logged in to YouTube at the time of access to our website; this takes place regardless of whether the data subject clicks on the YouTube component or not. If a data subject does not wish the transfer of this information to YouTube and Google, they can prevent transfer by logging out of their YouTube account before accessing our website.

The data policy published by YouTube, which is available at www.google.de/intl/de/policies/privacy/, provides information on the collection, processing and use of personal data by Facebook.

17. DoubleClick

The controller has integrated components of the DoubleClick Google service on this website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers.

The operating company of DoubleClick by Google is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

DoubleClick by Google transmits data to the DoubleClick server with every impression, click or other activity. Each of these data transfers triggers a cookie request to the data subject's browser. DoubleClick stores a cookie on the device of the data subject after the browser has approved this request. What cookies are, has already been explained above. The purpose of the cookie is to optimise and display advertising. The cookie is used, among other things, to serve and display user-relevant advertisements, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple impressions of the same advertising.

DoubleClick uses a cookie ID, which is required to complete the technical process. For example, the cookie ID is needed to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already appeared in a browser to avoid duplication. It's also possible for DoubleClick to track conversions with the cookie ID. Conversions are captured, for example, when a user has previously viewed a DoubleClick ad and then, with the same internet browser, makes a purchase on the advertiser's website.

A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier identifies the campaigns the user was already in contact with.

Each time one of the pages of this website operated by the controller is accessed on which a DoubleClick component has been integrated, the browser of the data subject is automatically activated by the respective DoubleClick component to submit data to Google for the purposes of online advertising and analysis. As part of this technical process, Google will be supplied with information that Google uses to create commission billing. Google will be aware, among other things, that the user in question has clicked on certain links on our website.

A data subject can disable the acceptance of cookies from our website at any time by means of a corresponding setting of their internet browser and thus permanently deactivate the corresponding cookies. Furthermore, a browser or other software program can be used to delete already accepted cookies at any time. Furthermore, cookies already set by Google can be deleted at any time via an internet browser or other software programs.

Additional information and DoubleClick by Google's privacy policy can be found at www.google.com/intl/de/policies/.

18. Means of payment: PayPal as a payment method

The controller has integrated components of the PayPal service on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.

If the data subject selects "PayPal" as a payment option during the ordering process in our online shop, information on the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal usually includes the subject’s first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data associated with the order are also required to complete the payment process.

The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide PayPal with person-related information, in particular, if there is the controller has a legitimate interest in the payment transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit check agencies. The purpose of this is to verify identity and creditworthiness.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to meet its contractual obligations or to process the data on behalf of its client.

The data subject has the option of withdrawing the consent to the use of their personal data by PayPal at any time. Such a withdrawal will not involve personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal's applicable privacy policy is available at www.paypal.com/webapps/mpp/ua/privacy-full.

19. Forms of payment: Sofortüberweisung

The controller has integrated components of the Sofortüberweisung service on this website. Sofortüberweisung is a payment service that enables cashless payment for products and services online. Through Sofortüberweisung, online retailers immediately receives confirmation of payment. This enables a merchant to deliver goods, services or downloads to the customer immediately after ordering.

The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If the data subject selects "Sofortüberweisung " as a payment option during the ordering process in our online shop, data related to the data subject will be automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

During the purchase process using Sofortüberweisung, the buyer is required to transmit their PIN and TAN to Sofort GmbH. Sofortüberweisung then makes a transfer to the online retailer after technical verification of the account balance and retrieval of further data to check the account funds. The completion of the financial transaction is then communicated to the online retailer automatically.

The personal data transmitted to Sofortüberweisung usually includes the subject’s first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide Sofortüberweisung with personally identifiable information, in particular, if the the controller has a legitimate interest in the payment transfer. The personal data exchanged between Sofortüberweisung and the controller may be transferred Sofortüberweisung to credit check agencies. The purpose of this is to verify identity and creditworthiness.

Sofortüberweisung may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to meet its contractual obligations or to process the data on behalf of its client.

The data subject has the option of withdrawing the consent to the use of their personal data by Sofortüberweisung at any time. Such a withdrawal will not involve personal data that must be processed, used or transmitted for (contractual) payment processing.

Sofortüberweisung's applicable privacy policy is available at www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

20. Legal basis of processing

The legal basis for processing transactions where we need to obtain consent for a particular processing purpose is Art. 6 (a) GDPR. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, this processing would be legitimate on the basis of Art. 6 (b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of enquiries about our products or services. If we are is subject to a legal obligation which requires the processing of personal data, such as is the case in connection with tax requirements, this processing would be legitimate on the basis of Art. 6 (c) GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance cover or other vital information would need to be passed on to a doctor, hospital or other third party. In this case, this processing would be legitimate on the basis of Art. 6 (d) GDPR. In addition, processing may also be necessary that is legitimate on the basis of Art. 6 (f) GDPR. Processing operations that are legitimate in this connection are such that are necessary to safeguard the our legitimate interests or those of a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject outweigh these interests. We are specifically permitted to carry out such operations under the EU legislation. Hence, it can be assumed that we have a legitimate interest in processing data if the corresponding data subject is one of our customers (See GDPR recital 47, second sentence).

21. Legitimate interests of the controller or a third party in processing data

With reference to Article 6 (f) GDPR, we have a legitimate interest in conducting our business for the benefit of all of our employees and our shareholders.

22. Duration of retention of personal data

The corresponding statutory retention period determines the duration for which certain information must be stored. After expiry of that period, the corresponding data will be routinely deleted, if it is no longer required for contract initiation or performance.

23. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of contracts; obligation of data subjects to provide personal data; possible consequences of non-provision

Please note that the provision of personal data is in some cases required by law (e.g. tax regulations) or by contractual provisions (e.g. information about the contracting party). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with certain personal data that we will need to process for this purpose. For example, a data subject will be required to provide us with certain personal information so that we can conclude a contract with them. Failure to provide this data would mean that it would not be possible to conclude the contract. Prior to any personal data being provided by a data subject, the data subject has the right to contact one of our employees. Our employee will inform the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data, and what would result if there is failure to provide the personal data.

24. Existence of an automated decision-making system

As a business that takes its corporate responsibilities seriously, we do not employ automatic decision-making or profiling.

This data protection declaration was created by the statement generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the external data protection entity for Bremen, in cooperation with the data protection law consultant Christian Solmecke.

25. Hotjar

Web analytics and optimisation using the Hotjar service (Third Party Hotjar Ltd., Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe). Hotjar allows us to track movements on web pages where Hotjar is used (so-called heatmaps). For example, it is possible to see how far users scroll and which buttons users click on and how often. Furthermore, technical data such as selected language, system, screen resolution and browser type are recorded. In this case, profiles of users can be created at least temporarily during a visit to our website. Furthermore, using Hotjar it is also possible to obtain feedback directly from users of a website. In this way, we gain valuable information that helps us make our webpages faster and more customer-friendly.

Privacy policy: www.hotjar.com/privacy. Opt-out: www.hotjar.com/opt-out 

26. MyFonts Counter

We use a web font supplied by myfonts.com. Under the licensing terms, page-view tracking is performed for statistical purposes by counting the number of visits to our website and this information is transmitted to MyFonts. MyFonts Counter is a service of MyFonts Inc., USA. For more information about privacy at MyFonts, please visit the following link: https://www.myfonts.com/info/terms-and-conditions.

27. Push notifications

In order to send push notifications through your browser, our site uses the services of OneSignal Inc., 2194 Esperanca Avenue, Santa Clara, CA 95054 ("OneSignal"). OneSignal can, if you have activated push messages, receive personal data, such as information about the installed app and its use, the temporary unique device ID (e.g. IDFA and Android ID), your email address, your IP address, the type of your device, the type and version of your operating system, your wireless service provider, your language settings, time zone and network settings (e.g. WiFi), visited web pages that have implemented OneSignal, and get information about these visits such as session duration, timestamps, referring URLs. For more information, see the OneSignal privacy policy at https://onesignal.com/privacy_policy

 

Your consent to receive push notifications via your browser can also be withdrawn retroactively. Depending on your operating system, this can be done using appropriate settings. The processing of data and the sending the push messages is based on of your voluntarily granted consent per Art. 6 1. (a) GDPR.