Privacy / Data protection
1. About us
We, Humbaur GmbH, are responsible for collecting, processing and storing your data. Refer to our imprint at any time for details about us.
Our top priority is to handle your personal data with care. When processing your data, we adhere to statutory provisions such as the General Data Protection Regulation (GDPR), as well as the associated national provisions.
This privacy statement applies to all of our company’s websites that can be accessed under our domains (https://www.humbaur.com, https://shop.humbaur.com, https://partner.humbaur.com, https:// ***.humbaur.com). If our websites lead you to websites of other operators, the respective data protection regulations for those sites will apply. The relevant operators of these websites are responsible for the content of their data protection regulations.
As we would like to provide you with a comprehensive overview of how your personal data is processed, below you will find an overview of all of our services in the context of which we collect and process personal data.
Where specific or additional conditions apply to individual services or we ask you to provide your consent, we will specifically notify you of this before you use the relevant service (subscribe to the newsletter or make a purchase from our online shop, for example).
In addition, we take a variety of security measures to protect your personal data. This means that data is transmitted between your web browser and our servers in an encrypted manner as a matter of principle, for example; in addition, we implement a range of technical and organisational measures to protect your data.
2. Why we process your data
As a matter of principle, you can visit our websites without having to disclose your identity. Should you wish to register for one of our personalised services, use our online shop, register for our newsletter or wish to contact us, we will ask you to provide your name and other personal information. It is your prerogative as to whether you provide this (additional) data. Data that is essential in order for us to be able to provide our services to you is identified as such.
Your personal data is collected and processed for the following purposes on the basis of the following legal bases:
- Contract initiation in accordance with Art. 6 (1)(a) and (b) of the GDPR
- Contract execution in accordance with Art. 6 (1)(b) of the GDPR
- Customer management in accordance with Art. 6 (1)(b), (c) and (f) of the GDPR
- Communication and data exchange in accordance with Art. 6 (1)(a), (b), (c) and (f) of the GDPR
- Public image and advertising in accordance with Art. 6 (1)(f) of the GDPR
- Implementing declarations of consent in accordance with Art. 6(1)(a) of the GDPR
- Ensuring proper operation of a data processing system in accordance with Art. 6(1)(c) and (f) of the GDPR
- Applicant selection process within the framework of personnel management and resource management in accordance with Art. 6(1)(a) of the GDPR, in conjunction with Section 26 of the new German Federal Data Protection Act (Bundesdatenschutzgesetz — BDSG-Neu)
3. The information that we collect from you and process
We collect different categories of personal data from you. Personal data means any information relating to an identified or identifiable natural person; a natural person is considered to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name. Personal data includes information such as your name, your address, your telephone number and your date of birth (if specified), for example. Statistical information that cannot be linked to you directly or indirectly, such as the popularity of individual web pages of ours or the number of site users, is not considered to be personal data. We refer to data that is collected directly and indirectly. In both cases, data will be collected only to the extent necessary; the data will be processed exclusively for the purposes stated under Clause 2. It is your prerogative whether you would like to send data to us which, although will optimise the way in which you use our services, is not essential for this purpose. The relevant data fields are labelled "optional".
Data that is collected directly includes:
- Title and name, e.g. to personalise your user account or to order from our online shop
- Email address and, if necessary, a password of your choosing, for example, in order to subscribe to our newsletter, use your customer account or to contact us via our contact form
- Customer login details for using the protected partner area
- Address, e.g. in order to process orders (delivery) through our online shop
- Payment details in order to process payment for your order
- Application details in order to use our electronic application process
- Information that you actively and intentionally provide us within in the context of using our services
- Additional data that you provide us with voluntarily, for example any data fields that you complete despite them being labelled "optional"
When using our services, data will also be collected about you indirectly:
- Technical connection data relating to visits to the website, for example, the page of our website accessed, your IP address truncated by the last three digits, date and time of access, end device used
- Data that is collected through website tracking and newsletter tracking
- Data that we receive from our service providers when processing orders via the online shop, for example, information about payment disruptions or delivery notifications
Our website is not intended for minors and we do not knowingly collect personal data from minors (with the exception of applications).
Individuals under the age of 16 may only provide us with personal data if their parent or guardian has given their own consent or has agreed to the minor’s consent. For this purpose, we must be informed of the contact details of the parent or guardian in accordance with Art. 8 (2) of the GDPR in order for us to be assured that the parent or guardian has given their consent or approval. This data, as well as the data about the minor, will then be processed in accordance with this privacy statement.
If we find that a minor under the age of 16 has sent personal data to us without their parent or guardian having given their own consent or having agreed to the minor’s consent, we will immediately delete the data.
4. Who has access to your data and whom we send your data to
Access to your personal data stored by us is limited to our employees and appointed service providers whose tasks require them to handle this personal data.
Insofar as third parties have access to your data, we have obtained consent from you for this purpose or there is a legal basis for this.
We also engage service providers to provide services and to process your data (including for hosting, sending newsletters, delivering goods that have been ordered, processing payments, sending letters or emails, as well as for maintaining and analysing databases, safeguarding our web servers and website tracking). Where specific provisions apply in these cases, we have listed these below for each relevant service. The service providers process the data solely on our instructions and are obliged to comply with the applicable data protection provisions. All processors have been carefully selected and only gain access to your data to the extent necessary and for the required period that is necessary to deliver the services and/or to the extent to which you have consented to data processing and data use.
b) Exchanging data within the group of undertakings
An exchange of data within the group of undertakings to which we belong takes place exclusively within the EU/EEA and only for internal management purposes. By "group of undertakings", we refer to affiliated companies within the meaning of Art. 4 No. 19 of the GDPR.
c) Data transfer to third countries and legal basis
The servers of some of the service providers that we use are located in the USA and in other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as it is protected in the Member States of the European Union. Where your data is processed in a country that has a level of data protection that is recognised to be lower than the level within the European Union, we will employ contractual arrangements or other recognised instruments to ensure that your personal data is adequately protected. We will explicitly draw your attention to this point once more within the scope of the individual services.
Where personal data is transferred to third countries, this is done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Privacy Shield in accordance with Art. 45 of the GDPR or on the basis of the standard contractual clauses adopted by the EU in 2010 in accordance with Art. 46 (2)(c) of the GDPR in conjunction with the EU Commission's decision of 05/02/2010 (2010/87/EU) or in accordance with Art. 49 (1)(a) of the GDPR.
d) Data transfer to law enforcement authorities and criminal investigation authorities
In exceptional cases, we will forward personal data to law enforcement authorities and criminal investigation authorities. This is carried out on the basis of corresponding statutory obligations, arising from the German Code of Criminal Procedure (Strafprozessordnung), the German Fiscal Code (Abgabenordnung), the German Money Laundering Act (Geldwäschegesetz) or state police laws, for example.
5. Retention periods
We retain personal data within the framework of statutory provisions or your given consent.
We take the following criteria into account when determining the specific retention period:
We retain personal data until the purposes for which it was collected cease to apply (e.g. when a contractual relationship comes to an end or as a result of the final activity being performed if a continuing obligation is not in place, or in the case of revocation of consent to specific data processing).
Data will only be retained for longer than this if
- Statutory retention obligations are in place (e.g. in accordance with the German Fiscal Code or the German Commercial Code [Handelsgesetzbuch])
- The data is still required to establish and pursue legal claims or to defend against legal claims, for example, due to technological and forensic requirements for defending against and prosecuting attacks on our web servers
- Erasure would not be in the legitimate interests of the data subject
or any other exception in accordance with Art. 17 (3) of the GDPR applies.
6. Your rights
You have a number of statutory rights, which we would like to draw to your attention below. Of course, you can also contact our data protection officer using the contact details below if you have any questions relating to your personal data that we have collected and processed.
a) Right of access and right to data portability
You have the right to access information regarding your personal data processed by us at any time.
Where data processing takes place based on your consent or in accordance with Art. 6 (1)(b) of the GDPR on the basis of a contract, you may also request, in accordance with Art. 20 (1) of the GDPR, the provision of the personal data that is stored about you in a structured, commonly used and machine-readable format. At your request, we will also forward the data directly to a recipient as defined by you.
b) Right to rectification, restriction and erasure
In addition, you may ask us to rectify, restrict (block) or erase your personal data pursuant to Articles 16 to 18 of the GDPR if we have incorrectly processed the data, if there is a reason for restricting further data processing, or if data processing has become unlawful for a variety of reasons, or if the retention of the data is inadmissible for other legal reasons. We would like to point out that statutory retention periods may restrict your right to erasure.
c) Rights to object
If our data processing is based exclusively on our legitimate interests in accordance with Art. 6 (1)(f) of the GDPR, you may opt out from this data processing in accordance with Art. 21 (1) of the GDPR. We will then stop processing your data, unless we are able to demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is used to establish, exercise or defend a legal claim. In addition, you always have the right to object to your data being used for direct marketing purposes in future in accordance with Art. 21 (2) of the GDPR.
d) Right of withdrawal
If you have consented to our processing of your personal data, you have a right of withdrawal with future effect in accordance with Art. 7 (3) of the GDPR.
e) Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.
The contact details of the relevant supervisory authority for us are:
Bayrisches Landesamt für Datenschutz (BayLDA) (Data Protection Authority of Bavaria)
Phone: +49 (0) 981 53 1300
f) Contact details
In order to exercise your rights, you can send an informal notification to us using the following contact details. Please direct the withdrawal of your consent to the following contact details, indicating which declaration of consent you would like to withdraw:
Phone: +49 (0) 821 24929-0
Data protection officer
7. Using our websites — profiling, cookies and web tracking
a) Basic information about cookies and opt-out options
In this regard, you have agreed to the following declaration in the context of our cookie information on our website:
This website uses tracking cookies or tracking software to, among other things, provide you with the full range of services on our website and thus a better online experience. You can find more information about the cookies and web tracking processes that we use, and the consent you have provided for this purpose, in our privacy statement at [add link]. However, cookies that are not essential from a technical point of view and/or our tracking software will only be activated once you have given us your consent. [Agreed]
Please keep in mind that deleting all cookies also means that opt-out cookies are deleted. You must therefore reset these cookies where applicable. Cookies are also linked to the browser, meaning they need to be set separately for each of the browsers you use on each of the devices you use. The links that are necessary for this purpose can be found below in the description of the respective services.
We use the following cookies, provided you allow them and have not set one or multiple opt-out cookies, for the purposes specified in more detail below:
|Name of cookie||Intended purpose||Storage duration||Essential from a technical point of view||Option to withdraw consent (if cookie not essential from a technical point of view)|
|_gat_UA-6476217-2||Used to reduce the number of requests to Google Analytics||1 minute||No||See below|
|_gat_UA-6476217-4||Used to reduce the number of requests to Google Analytics||1 minute||No||See below|
|_gat_UA-6476217-28||Used to reduce the number of requests to Google Analytics||1 minute||No||See below|
|_gat_UA-6476217-30||Used to reduce the number of requests to Google Analytics||1 minute||No||See below|
|_gid||User identification by Google Analytics||24 hours||No||See below|
|_ga||User identification by Google Analytics||2 years||No||See below|
|_gat||Used to reduce the number of requests to Google Analytics||1 minute||No||See below|
|__utma||Identification of users and sessions by Google Analytics||2 years||No||See below|
|__utmt||Used to reduce the number of requests to Google Analytics||10 minutes||No||See below|
|__utmb||Detection of new sessions/visits in Google Analytics||30 minutes||No||See below|
|__utmz||Saves the traffic source or campaign that explains how the user has reached the site (Google Analytics)||6 months||No||See below|
|fe_typo_user||CMS-specific session cookie||Expires when you close the browser||Yes|
|PHPSESSID||CMS-specific session cookie||Expires when you close the browser||Yes|
|frontend||CMS-specific session cookie||1 hour||Yes|
|frontend_cid||CMS-specific session cookie||1 hour||Yes|
|geoip||Identification of whether information with country reference has been seen||1 month||Yes|
b) Google Analytics
The websites use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses "cookies", text files that are stored on your computer and enable the way in which you use the website to be analysed. The information generated by the cookie about the way in which you use this website is typically sent to a Google server in the USA, where it will be stored. However, where IP anonymisation is activated on this website, Google will truncate your IP address beforehand within Member States of the European Union or in other Contracting Parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases. Google will use this information on our behalf to evaluate how you use the website, to compile reports about activity on the website and to provide further services associated with website usage and Internet usage to the website operator. The IP address provided by your browser within the scope of Google Analytics will not be combined with other data from Google. One way of opting out of web analytics by Google Analytics is to set an opt-out cookie which tells Google not to save or use your data for the purposes of web analytics. Please note that with this solution, you will only be able to opt out of web analytics for as long as the opt-out cookie is stored by the browser. If you wish to set the opt-out cookie now, please click on https://developers.google.com/analytics/devguides/collection/gajs/?hl=en#disable.
You can also prevent cookies from being stored by configuring the relevant setting in your browser software; however, we would like to point out that if you do so, you may not be able to use all of this website's functions. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link. The current link is: tools.google.com/dlpage/gaoptout.
Data recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
c) Google Tag Manager
Google Tag Manager is a Google product that allows us to manage website tags for applications such as Google Analytics via an interface. Tag Manager is a cookie-free domain which does not collect any personal data.
d) Google AdWords
Our website uses the "Google AdWords" service, which enables marketers to place adverts in Google search hit lists and in the Google advertising network. This is based on pre-defined keywords, by means of which an ad is only placed in the hit lists if a search is carried out using the keywords.
As part of this process, Google AdWords aims to advertise our website by inserting relevant adverts on the websites of third parties, in the Google search hit lists, and by presenting relevant third-party advertising through our website.
Google places a cookie when you click on a corresponding Google ad that refers to our website. Both we and Google can use the cookie to ascertain whether or not you have accessed our website and generated sales via an AdWords ad.
The resulting data will be used by Google to generate statistics (e.g. total number of users directed via Google AdWords, success of our AdWords campaign) in relation to our website. Neither we nor any other Google AdWords advertising customers receive information from Google that could be used to identify you.
However, the set cookie will be used to store personal information, for example, about the websites that you have visited. Google may pass this data on to third parties.
You can opt out of interest-based advertising by Google at any time by clicking on the following opt-out link:
Data recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
d) Social media buttons
Our website uses social media buttons (YouTube, Facebook, Instagram, Twitter, Xing) to allow you to interact with third parties.
These social media buttons are not integrated as plug-ins via an iFrame, but are stored as links. When you click on the social media buttons, you are directed to the relevant provider’s site. The relevant provider is then responsible for complying with data protection provisions and for ensuring that the information provided there on data processing is accurate, up-to-date and complete in accordance with Art. 4 No. 17 of the GDPR.
8. Supplementary notes and provisions for individual services
At your express request, we will send you our newsletter about the topics that you have chosen, as well as information about our company. Please note that the newsletter will only be sent if you have expressly confirmed your subscription request as part of our double opt-in process.
The personal data collected when subscribing to the newsletter will only be used to send and personalise the newsletter (in order to address the letter to you personally, for example). You can revoke your consent to us storing the personal data that you have provided to us in order for us to be able to send the newsletter to you at any time with future effect. Each newsletter contains a corresponding link to allow you to withdraw your consent; alternatively, please feel free to contact us directly so that we can implement the withdrawal of your consent. We have provided you with details about the consent you have given in the double opt-in mail.
Analysing newsletter usage
Our newsletter contains tracking pixels. A tracking pixel is a graphic in HTML emails used when opening the email to allow a log file to be recorded and a record of the links activated from the newsletter to be created and subsequently analysed. This allows us to use statistical analyses to evaluate how successful our newsletter campaigns have been and to optimise our newsletter in order to inform you about topics and offers that are better suited to your interests, for instance.
The personal data collected in this way will be processed by our service providers listed below.
If you do not agree to this, you can unsubscribe to the newsletter at any time by clicking on the unsubscribe link in the relevant newsletter or by sending an email to newsletter(at)humbaur.com.
Data recipient: Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon AVE NE, Suite 5000, Atlanta, GA 30308 USA
b) Contact form
Data that you share with us via our contact form is processed for communication purposes and for the purpose of data exchange, in other words in order to respond to your specific query. This data is stored for the period of time necessary to process it for these purposes or until any ensuing retention periods expire. The only mandatory piece of information you need to provide here is your email address.
From time to time, you will have the opportunity to take part in competitions or similar campaigns via our website. Within the context of these campaigns, personal data, the scope of which is indicated in the respective entry form, may also be collected and retained for processing purposes. Data that is not essential for us to run the competition but allows us to notify you more quickly if you win is explicitly identified as optional information. The personal details that you provide us with in the context of a competition campaign of this kind will solely be used to deliver the campaign (in the case of a competition, for example, to determine the prize, send notification of a win, and to deliver the prize). After the campaign is over, the data of the participants who have not won the competition will be deleted immediately. In the case of the competition winner, their data will be deleted once the statutory retention period has expired.
d) Email application process
We give you the option to apply to us by email. Your electronic application data will be received by the relevant personnel department and will only be forwarded to the department in which the position you are applying for is located or to the individuals entrusted with processing the application. All parties involved will handle your application documentation with the utmost care and treat it as strictly confidential.
Once the application process is complete, we will store your application documentation for another three months, after which time we will delete or destroy any copies, unless we have entered into an employment contract with you. Should we wish to include your application documentation in our pool of applicants, we will contact you to this effect. As part of the notification, you can actively consent to your documents being retained for longer.
Please note that applications that you send to us via email will be delivered to us unencrypted. We therefore recommend using encryption software.
e) Online shop
Our website provides an online shop from which you can purchase our products. We use the data collected from you via the online shop to perform the contract, in particular in order to allow you to purchase products, take delivery of products, and make payment.
If necessary, we will also process your data in this context to carry out a credit check if this is required in order to perform the contract, Art 6 (1)(b) of the GDPR, or we have a legitimate interest in doing so, Art. 6 (1)(f) of the GDPR. We have a legitimate interest if we are about to enter into a contract with you that involves a risk of financial default for us (such as instalment plans, order/delivery on account) and the conclusion of the contract is solely dependent upon your credit rating.
Depending on the chosen shipping method, we will forward the necessary data, if available and provided you have given your consent for us to do so, including your email address and telephone number for the purposes of parcel notification, agreeing deadlines, and communicating parcel tracking information, to your chosen shipping service provider for the purposes of shipping and delivery.
We will also transfer the data that is necessary to make the payment and to carry out the risk assessment, where applicable, to the payment service provider of your choosing. The following additional information and provisions apply to this end:
aa) PayPal payment method
When making a purchase from our online shop, you have the option to pay using the payment provider PayPal. The payment is processed either via your PayPal or via PayPal using your credit card or bank account. PayPal also provides buyer protection and fiduciary services.
When choosing the payment provider PayPal when making a purchase via the online shop, data will automatically be sent to PayPal. When you choose PayPal as the method of payment, you specifically consent to this transfer of personal data (first name and surname, address, email address, IP address, telephone number(s), order details, delivery dates) for the purposes of making the payment and preventing fraud.
Data is exchanged not only for the purposes of making the payment, but also for identification purposes, to prevent fraud, and to reduce our risk of financial default. In this respect, data about your financial situation as well as about previous purchasing and payment behaviour may also be exchanged. In this context, data will also be exchanged by PayPal with credit agencies, provided that there is a legitimate interest and the legitimate interests of the data subject are not contravened.
Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, controllers with joint responsibility, and third parties, if required in order to perform the contract).
You may withdraw the foregoing consent at any time with future effect vis-à-vis PayPal. Withdrawal has no effect on data transfers carried out in the past.
The applicable data protection provisions for PayPal can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
Data recipient: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22–24 Boulevard Royal, 2449 Luxembourg, Luxembourg
bb) Instant transfer payment method
When making a purchase from our online shop, you have the option to pay using an instant transfer via the payment provider SOFORT GmbH.
Using the above method of payment allows you to confirm payment to us as the seller in real time, meaning we can immediately start dispatching your order.
When choosing instant transfer as your method of payment, data will automatically be sent to SOFORT GmbH. When you choose to pay via instant transfer, you specifically consent to this transfer of personal data (first name and surname, address, email address, IP address, telephone number(s), bank details, PIN, transaction authentication number, purchase price) for the purposes of making the payment and preventing fraud.
Data is exchanged not only for the purposes of making the payment, but also for identification purposes and to prevent fraud. In this respect, data about your financial situation as well as about previous purchasing and payment behaviour may also be exchanged. In this context, data will also be exchanged by SOFORT GmbH with credit agencies, provided that there is a legitimate interest and the legitimate interests of the data subject are not contravened.
Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, controllers with joint responsibility, and third parties, if required in order to perform the contract).
You may withdraw the foregoing consent at any time with future effect vis-à-vis SOFORT GmbH. Withdrawal has no effect on data transfers carried out in the past.
The applicable data protection provisions for SOFORT GmbH can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.
Data recipient: SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.
f) Customer account
Our website provides you with the option to create a personal customer account for our shop. You need to register once before being able to use the shop for the first time. To do so, you need to provide us with the following information:
- Title (optional)
- First name, surname
- Email address
The customer account allows you:
- To enjoy a faster ordering process
- To save multiple shipping addresses
- To view and keep track of orders
Your data will be stored within the shop system and in our order processing system. You can use the shop system settings to delete your customer account at any time.
g) Partner portal
We have set up a partner portal for our business partners. Access will be set up for you automatically in the form of a company account as soon as you or your company enter into a lasting business relationship with Humbaur GmbH and will end as soon as the business relationship is terminated. The partner portal can be used, among other things, to view up-to-date information about orders and invoices, research spare parts, request promotional material and access additional information about our products.
h) Processing data for direct advertising
Advertising by post
To the extent permitted by law, we may also use your name and postal address that you have provided us with to advertise our own products. The legal basis is formed by Art. 6 (1)(f) in conjunction with Recital 47 of the GDPR. We have a legitimate interest in promoting sales to and demand from our existing customers. Of course, you can opt out of your data being processed for advertising purposes in future at any time. You simply need to send notification in text form using the above contact details. We will then delete your data from our mailing list. We will then retain the data proving that you have opted out for another six years in accordance with Art. 17 (3)(e) of the GDPR. However, during this time, your personal data will be blocked from being processed further.
To the extent permitted by law, for business customers, we may also use your name, company affiliation and your specified telephone number to inform you about our own products, on the basis of your assumed continued interest. The legal basis is formed by Art. 6 (1)(f) in conjunction with Recital 47 of the GDPR, Section 7, Para. 2, No. 2 of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb). We have a legitimate interest in promoting sales to and demand from our existing business customers. Of course, you can opt out of your data being processed for advertising purposes in future at any time. You simply need to send notification in text form using the above contact details. We will then delete your data from our mailing list. We will then retain the data proving that you have opted out for another six years in accordance with Art. 17 (3)(e) of the GDPR. However, during this time, your personal data will be blocked from being processed further.
i) Corporate presences ("fan pages") on social networks
The responsible party with whom the fan page is operated (the "Platform Operator"):
Facebook Ireland Ltd.
In an agreement pursuant to Art. 26, Para. 1 of the GDPR, the joint responsible parties determined which party fulfils which responsibility in accordance with the GDPR.
The agreement as defined by Art. 26, Para. 1 of the GDPR can be found at the following link:
Contact information for data protection:
The contact information for data protection can be found here via our linked Privacy Statement or the Data Protection Officer for the Platform Operator can be contacted using the following online form:
Categories of persons concerned:
Visitors to our fan page who are registered with the social network as well as non-registered visitors
Categories of personal data:
Data that we process from registered visitors to our fan page:
The data we collect from non-registered visitors to our fan page includes:
A description of the data that the platform operator processes about registered and non-registered visitors to our fan page can be found at the following link:
Origin of the data
We receive the data directly from the persons concerned or from the Platform Operator.
Legal basis for the data processing
We process the data with the following legal basis:
We only process special categories of personal data with the following legal basis, if at all:
Information about the legal basis that supports data processing activities by the Platform Operator can be found at the following link:
Purposes of data processing
The data is processed for the following purposes:
The storage and deletion of data is the duty of the Platform Operator in accordance with the agreement as defined by Art. 26 Para. 1 of the GDPR. Information about this duty can be found at the following link:
Categories of recipients
Only our employees and service providers who maintain our fan page and require the data for the above-mentioned purposes have access to the data we process. If the persons concerned post their data publicly on our fan page, this data can be viewed by other registered and also non-registered visitors where applicable.
Information about the categories of recipients to which the platform operator discloses the data or enables registered visitors to disclose their data as well as information on internal data exchange can be found at the following link: https://www.facebook.com/privacy/explanation
Data transfers to third countries
If the persons concerned post their data publicly on our fan page, this data can be viewed by other registered and also non-registered visitors around the world.
In operating our fan page, the Platform Operator also transfers data to third countries.
Facebook Inc. holds Privacy Shield certification: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Logic and scope involved for profiling or for an automated individual decision based on the collected data
Rights of the persons concerned
The joint responsible parties must grant the persons concerned various rights regarding the processing of their data; the persons concerned can assert these rights directly against the Platform Operator based on the agreement as defined by Art. 26 Para. 1 of the GDPR:
Furthermore, the persons concerned have the right to lodge a complaint with a supervisory authority if they think that processing of their personal data infringes the General Data Protection Regulation (GDPR), as stated in Art. 77 of the GDPR. The competent supervisory authority for the Platform Operator is: