Privacy statement

Privacy statement

This privacy statement describes how, to what extent and for what purpose we process personal data (hereinafter "data") in the context of our online services and associated websites, functions and contents as well as external online presences such as, for example, social media profiles (hereinafter altogether referred to as "online offer"). For a definition of the used terms, such as, for example "processing" or "controller" please consult the definitions provided in art. 4 of the General Data Protection Regulation (GDPR).

Controller

Hotel Forsthaus GmbH & Co KG
Zum Vogelsang 20
D-90768 Fürth
Phone: +49 911 63 32 770
E-mail: info (at) dein-forsthaus.de
Web: www.hotel-forsthaus-nuernberg-fuerth.de

Managing Director: Alexander Clees
Registration Court: District Court Düsseldorf, HRB 82132
Place: Düsseldorf
Value-added tax identification number: DE315135164

Datenschutzbeauftrager

DataCo GmbH
Dachauer Straße 65
80335 München
Tel.:+49 (0) 89 41 20 70 33
E-Mail: datenschutz (at) dataguard.de

Aufsichtsbehörde

Der bayerische Landesbeauftragte für den Datenschutz (BayLfD)
Wagmüllerstraße 18
80538 München
Tel.: +49 (0) 89 21 26 72 0
E-Mail: poststelle (at) datenschutz-bayern.de

What information do we process?

- Personal data provided (e.g. names, addresses).
- Contact details (e.g. e-mail, telephone numbers)
- Contents (e.g. text input, photos, videos)
- Usage information (e.g. about websites visited, interest in contents, access times)
- Meta / communication data (e.g. device information, IP addresses)

Affected parties

Visitors and users of the online offer (hereinafter altogether referred to as "users")

Processing purposes

- Provision of the online offer, its functions and contents
- Answering customer requests and communication with users
- Security measures
- Audience measurement / Marketing

Terminology

"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. It is a very broad term which virtually comprises any kind of data handling.

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Legal bases

Under the conditions of article 13 of the GDPR we hereby inform you about the legal bases of our data processing activities. In case the legal basis is not stated in the privacy statement, the following applies: the legal basis for requesting consent to data processing is Article 6(1)(a) and Article 7 of the GDPR, the legal basis for the processing necessary for the performance of our services and contractual obligations as well as responding to enquiries is Article 6(1)(b) of the GDPR, and the legal basis for the processing for the protection of our legitimate interests is Article 6(1)(f) of the GDPR. In case the processing of personal data is required to protect vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as legal basis.

Security measures

In accordance with Article 32 of the GDPR we take appropriate technical and organisational measures to ensure an adequate level of data protection taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the varying likelihood and severity of risks for the rights and freedoms of natural persons.

Those measures especially include ensuring the confidentiality, integrity and availability of data through controls of physical access to it as well as accessibility, entering, transfer, securing the availability and separation of the data. In addition, we established procedures that ensure the protection of the data subject's rights, deletion of data and reaction to data security hazards. Further we already consider the protection of personal data in the course of the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology engineering and privacy-aware technologies (Article 25 of the GDPR).

Cooperation with processors and third parties

In case we disclose data in the course of data processing to other persons or companies (processors or third parties), transfer it to them or give them access to it in another way, this is only done based on a legal permission (e.g. if a transmission of data to third parties, such as payment service providers, is necessary for the fulfilment of contracts according to Article 6(1)(b) GDPR), we received your consent, there is a legal obligation or based on our legitimate interests (e.g. in the course of the employment of authorised persons, web hosts, etc.).

In case we assign third parties with the processing of data based on a so called "order-processing contract", this is done on the basis of Article 28 GDPR.

Transfers of personal data to third countries

In case we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done while using the services of third parties or disclosing or transmitting data to third parties, this is only done on the basis of our pre-contractual obligations, your consent, a legal obligation or our legitimate interests. Given legal or contractual permissions, we only process or let process data in a third country if the pre-conditions described in Art. 44 ff. GDPR apply. I.e. the processing takes place e.g. on the basis of special guarantees, such as the officially approved confirmation of a level of data protection conform to EU standards (e.g. the "Privacy Shield" for the USA) or in compliance with officially approved contractual obligations (so-called "standard contractual clauses").

Rights of the data subject

Under Art. 15 GDPR, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, information about the data as well as further information and a copy of the data.

According to Art. 16 GDPR, you have the right to have incomplete personal data completed or to obtain the rectification of inaccurate personal data concerning you.

In compliance with Art. 17 GDPR you have the right to obtain the erasure of personal data concerning you without undue delay or, as an alternative, to obtain a restriction of processing in accordance with Art. 18 GDPR.

Under Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, and to have the data transmitted to another controller.

Under Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority.

Rights to withdrawal

If you have given us your consent to the processing of your data, you can withdraw this with future effect at any time (Art. 7(3) GDPR).

Right to object

Under Art. 21 GDPR, you have the right to object to the future processing of your data at any time. This especially applies to the processing for direct advertising purposes.

Cookies and objection to direct advertising

Cookies are small files which are saved on your computer. Cookies can store various types of information. Cookies primarily serve to store information about a user (or the device on which the cookie is stored) during or also after the visit of an online offer by the user. Temporary cookies, also called "session cookies" or "transient cookies", are cookies that are deleted after the user leaves the online offer and closes his browser. Such a cookie can e.g. store the contents of a shopping cart in an online shop or a login status. "Permanent" or "persistent" cookies are cookies that are stored also after closing the browser. The login status is an example for this, as it can still be stored if a user revisits a website after several days. Such a cookie can also store the interests of the users, which can be used for audience measurement or marketing purposes. "Third-party cookies" are cookies offered by a different provider than the controller of the online offer (cookies provided by the controller of the online offer are called "first-party cookies").

We can use temporary and permanent cookies and inform you about this in the course of our privacy statement.

If you do not wish to have cookies stored on your computer, please deactivate the relevant option in your browser settings. Stored cookies can be deleted in your browser settings. If you do not accept or deactivate the use of cookies, this may result in functional restrictions in the use of this online offer.

A general object to the use of cookies for online marketing purposes can be made in multiple services, especially in the case of tracking, through the US-American website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com. Further the deactivation of cookies can be achieved by switching them off in your browser settings. Please note that in this case you may not be able to use all functions of this online offer.

Erasure of data

The data processed by us are erased or their processing is restricted in accordance with Art. 17 and 18 GDPR. Unless explicitly stated differently in this privacy statement, data stored by us are erased as soon as they are no longer necessary for the purpose they were stored for and the erasure is not in conflict with legal retention periods. If the data are not erased, because they are needed for different and legally permitted purposes, their processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies for example to data that have to be stored under the terms of commercial or fiscal law.

In Germany, the main retention periods are describes in §§ 147(1) of the German Fiscal Code (AO), 257(1) numbers 1 and 4, (4) German Commercial Code (HGB) (10 years for books, records, reports, accounting records, account books, for the taxation of relevant documents etc.) and by § 257(1) numbers 2 and 3, subsection (4) German Commercial Code (HGB) (commercial letters, 6 years).

Under Austrian law the main retention periods are stated in § 132(1) of the Austrian Fiscal Code (BAO) with 7 years for accounting documents, receipts/invoices, accounts, receipts, business documents, statements of revenue and expenditures etc., with 22 years in relation with real estate and 10 years for documents in relation with electronic services, telecommunication, radio and television services provided to private persons in EU Member States and for which the Mini One Stop Shop (MOSS) is being used.

Business-related processing

In addition we process

-contract data (e.g. subject matter of the contract, contract duration, customer category).
-Payment details (e.g. bank details, payment history) of our customers, interested parties and business partners for the provision of contractual services, customer service, marketing, advertising and market research.

Processing orders in the online shop and customer account

We process the data of our customers in the course of ordering processes through our online shop in order to make it possible for you to select and order the desired products and services as well as to pay for them, receive them or have them provided.

The processed data comprise inventory data, communication data, contract data, payment data and the data subjects are our customers, interested parties and other business partners. The processing is done for the purpose of the provision of contractual services in the course of running an online shop, the billing, shipping and customer service. For this purpose we use session cookies to save the shopping cart contents and permanent cookies to store the login status.

The data are processed on the basis of Art. 6(1)(b) (ordering process) and (c) (processing is necessary for compliance with a legal obligation) GDPR. Required fields must be filled out in order to enter and fulfil a contract. We only transfer the data to third parties in the course of the shipment, payment or legal authorisations and obligations towards legal advisers and public authorities. The data are only processed in third countries if this is necessary in order to fulfil the contract (e.g. upon customer request for the shipment or payment).

Users can also create a user account (optional), primarily to view their orders. In the registration process the users are informed about information required for the processing. The user accounts are not public and cannot be indexed by search engines. If users cancel their user accounts, their data relating to the user account are deleted, unless the retention is needed under commercial or fiscal law in compliance with Art. 6(1)(c) GDPR. The information from the user account will be stored until the account is deleted and afterwards archived if a legal retention period applies. It falls to the users to save their data before cancelling an account or terminating a contract.

When you register and log-in again and when you use our online services, we store the IP address as well as the time of the user activity. The data are stored on the basis of our legitimate interests as well as the interest of the users to protect their data from abuse or any other kind of unauthorised use. The data are not transmitted to third parties, unless this is necessary to claim our rights or if there is a legal obligation to do so in compliance with Art. 6(1)(c) GDPR.

The data are deleted after the end of legal guarantee periods and comparable obligations, the necessity of data retention is reviewed every three years, in the case of legal retention periods the data are erased after the end of the retention period (6 years retention period under commercial law and 10 years under fiscal law).

Contractual services

We process the data of our contractual partners and interested parties as well as other clients, customers or contractual partners (hereinafter altogether "contractual partners") in compliance with Art. 6(1)(b) GDPR in order to render to them our contractual or pre-contractual services. The data processed, the nature, scope and purpose as well as necessity of their processing are hereby defined by the underlying contractual relationship.

The processed data comprises the basic claims data of our contractual partners (e.g. names and addresses), contact details (e.g. e-mail addresses and telephone numbers) as well as contract details (e.g. received services, terms of the contract, contractual communication, names of contact persons) and payment details (e.g. bank details, payment history).

Generally we do not process special categories of personal data, unless they are part of an ordered or contractual processing.

We process data needed to constitute and render the contractual services and indicate the necessity to obtain the data if it is not evident to our contractual partners. A transmission to external persons or companies only takes place in case it is necessary in connection with a contract. When processing the data obtained in relation with a contract we act in accordance with the instructions of the client and the legal provisions.

We might store the IP address as well as the time of a user activity in the course of the use of our online services. The data are stored based on our legitimate interests as well as the interests of the users to protect their data from abuse or any other kind of unauthorised use. The data are not transmitted to third parties, unless this is necessary to claim our rights or if there is a legal obligation to do so in compliance with Art. 6(1)(c) GDPR.

The data is deleted if it is no longer needed for the fulfilment of contractual or legal obligations or for the handling of legal guarantees and comparable obligations, where the necessity to store the data is reviewed every three years. In general, the legal retention periods apply.

External payment providers

We work with external payment providers to make it possible for our users and for us to conduct payment transactions on the platforms of the providers, e.g. Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

We work with external payment providers for the fulfilment of our contracts in compliance with Art. 6(1)(b) GDPR. In addition we work with external payment providers on the basis of our legitimate claims under Art. 6(1)(f) GDPR, to offer effective and secure payment methods to our users.

The data processed by the payment providers comprises inventory data, such as e.g. the name and address, bank details such as account numbers or credit card numbers, passwords, TANs and verification numbers as well as contract and recipient-related data and amounts. The information is needed in order to complete the transactions. The entered data is only being processed and stored by the payment provider, i.e. we do not obtain any account or credit card related information, but only information on whether a transaction was completed or not. It is possible that the payment provider transfers the data to credit agencies in order to obtain an identity and credit screening. For further information, please refer to the general terms and conditions and privacy statements of the payment providers.

The payment transactions are subject to the terms and conditions and the privacy statements of the respective payment provider, available on the websites or transaction applications of the provider. For further information as well as claims regarding withdrawal, information and other data subject rights, please refer to these documents.

Administration, financial accounting, office organization, contact management

We process data in the course of administrative tasks as well as the organisation of our business operations, financial booking and compliance with legal obligations, such as the retention of data. We hereby process the same data as in the course of the fulfilment of our contractual services. The processing is based on Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. The data subjects are customers, interested parties, business partners and website visitors. The purpose and our interest in the processing lie in the administration, financial accounting, office organization, retention of data, that is to conduct our business activities, fulfil our tasks and render our services. The erasure of the data with regard to contractual services and contractual communication corresponds to the information provided in the course of those processing activities.

In this context we transfer data to the financial authorities, consultants, e.g. tax consultants or auditors, as well as other billing offices and payment providers.

Further we store information relating to our suppliers, organisers and other contractual partners for business purposes, e.g. to contact them at a later point in time. Those by the majority company-related data i generally stored permanently.

Business analyses and market research

In order to economically operate our business, be able to recognize market tendencies, wishes of our contractual partners and users, we analyse the obtained data on business processes, contracts, requests etc. We hereby process inventory data, communication data, contract data, payment data, usage data, meta data on the basis of Art. 6(1)(f) GDPR, with data subjects comprising contractual partners, interested parties, customers, visitors and user of our online offer.

The analyses are conducted for the purposes of economic evaluations, marketing and market research. Thereby we may consider the profiles of registered users with information e.g. relating to the services they received. The analyses serve to improve the usability, optimise our offer and operating economy. The analyses are only used for internal purposes and not transferred to external parties, unless the data only contain anonymous analyses with combined figures.

If those analyses or profiles are person-related, they are being erased or anonymised with the termination of the contract by the user, otherwise after two years from the end of a contract. Generally the overall economic analyses and general evaluations of tendencies are, as far as possible, conducted anonymously.

Participation in Affiliate Programs

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and cost-effective operation of our online offer) and pursuant to Art. 6(1)(f) GDPR, we use tracking measures within our online offer that are customary within the industry, to the extent needed for running the affiliate program. The following section provides an explanation of the technical background.

The services offered by our contractual partners can also be advertised and linked on other websites (so-called affiliate links, when links or services of third parties are offered after the conclusion of a contract). The website owners receive a commission if users follow the affiliate links and make use of the offer.

To sum up, it is necessary for our online offer to be able to trace whether users, who are interested in affiliate links and/or the services we offer, make use of the offers by following the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values in the shape of a constituent of the link or other, e.g. a cookie. Those values mainly comprise the source website (referrer), time, an online identifier of the owner of the website on which the affiliate link was placed, an online identifier of the specific offer, an online identifier of the user as well as tracking-related values such as e.g. advertising medium ID, partner ID and categorisation.

The online identifier we apply for our users consists of pseudonymous values. I.e. the online identifier itself does not contain any personal data like names or e-mail addresses. It only help us to determine if a user, who clicked on an affiliate link or got interested in an offer by use of our online offer, made use of that offer, i.e. concluded a contract with the provider. The online identifier is insofar individual-related as the partner company and we obtained the online identifier together with other user-related data. This is the only way for the partner company to tell us if the respective user made use of the offer and if we should e.g. pay a bonus.

Booking.com affiliate program

On the basis of our legitimate interests (i.e. the interest in a cost-effective operation of our online offer in accordance with Art. 6(1)(f) GDPR) we participate in the affiliate program of Booking.com, which was designed for the provision of a medium for websites, through which refunds of advertising expenses can be earned by placing advertisements and links to Booking.com (so-called affiliate system). Booking.com uses cookies to trace the source of the bookings. Among others Booking.com can recognize if you clicked on the affiliate link of this website and made a booking via Booking.com afterwards.

For further information of the data usage by Booking.com as well as possibilities to object please refer to the company's privacy statement: www.booking.com/content/privacy.de.html.

Affilinet program

On the basis of our legitimate interests (i.e. the interest in a cost-effective operation of our online offer in accordance with Art. 6(1)(f) GDPR) we participate in the affiliate program of affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany, which was designed for the provision of a medium for websites, through which refunds of advertising expenses can be earned by placing advertisements and links to Affilinet (so-called affiliate system). Affilinet uses cookies to trace the source of the conclusion of a contract. Among others Affilinet can recognize if you clicked on the affiliate link of this website and concluded a contract at or via Afflinet afterwards.

For further information of the data usage by Booking.com as well as possibilities to object please refer to the company's privacy statement: www.affili.net/de/footeritem/datenschutz.

Establishing contact

If you contact us (e.g. via contact form, e-mail, telephone or social media), the user data are processed for the processing of the contact request and its handling in accordance with Art. 6(1)(b) (in the context of contractual/pre-contractual relationships), Art. 6(1)(f) (other requests) GDPR. The user data can be stored in a Customer Relationship Management System ("CRM System") or a comparable request administration tool.

We erase the requests if they are no longer needed. We review the necessity every two years. Furthermore, the legal archiving obligations apply.

Hosting and sending e-mails

The hosting services used by us serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, sending e-mails, security services as well as technical maintenance services used for the provision of this online offer.

We (or our hosting provider) hereby process inventory data, contact details, content data, contractual data, usage data, meta and communication data of customers, interested parties and visitors on this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of processing contracts).

Collection of access data and log files

We or our hosting provider collect data about every access to the server on which these services are located on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR (so-called server log files). The access data comprise the name of the accessed webpage, file, date and time of the access, transferred data volume, notifications about successful access, browser type and version, the operating system of the user, referrer URL (the previously accessed website), IP address and the accessing provider.

Log file information is stored for security reasons (e.g. to clarify acts of data abuse and fraud) for up to 7 days and afterwards deleted. Data that have to be stored for evidence purposes are excluded form the erasure until the definite clarification of the specific incident.

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offer) and pursuant to Art. 6(1)(f) GDPR, we use Google Analytics, a web analysis service of the Google LLC („Google“). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is generally transferred to and stored on a server of Google in the USA.

Google is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offer by the users, in order to compile reports about the activities in the context of this online offer, and to provide us with further services in connection with the use on this online offer and the use of the internet. Thereby pseudonymous user profiles can be created from the processed data.

We online apply Google Analytics with an activated IP anonymisation. This means that the IP address of the users is abbreviated by Google in the Member States of the European Union or in the contracting parties to the Agreement on the European Economic Area. Only in exceptional cases the complete IP address is transferred to a Google server in the USA and abbreviated there.

The IP address transferred from the user's browser is not combined with other data from Google. The users can prevent the storage of cookies through specific settings of their browser software. Furthermore, the users can prevent the collection and processing of the data generated by the cookie and relating to their use of the online offer by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout.

As an alternative to the browser add-on, especially in the case of browsers on mobile end devices, you can also prevent the data collection by Google Analytics by clicking on this link. An opt-out cookie will be implemented that will prevent the future collection of your data on this website. The opt.out cookie only works in this specific browser and only for our website and will be stored on the specific device. If you delete the cookies in this browser, you will have to activate the opt-out cookie again.

For further information on the data usage by Google, options for settings and objection, please refer to the privacy statement of Google (https://policies.google.com/technologies/ads) as well as the settings for the display of ads by Google (https://adssettings.google.com/authenticated).

The personal data of the users are erased or anonymised after 14 months.

Google Universal Analytics

We use Google Analytics in the form of "Universal Analytics". "Universal Analytics" describes a process of Google Analytics, where the user analysis in conducted based on a pseudonymous user ID which leads to the creation of a pseudonymous profile of the user with information from the use of various devices (so-called "Cross-device tracking").

Creation of target groups with Google Analytics

We use Google Analytics in order to only display advertisements displayed within the advertising services of Google and its partners to users who have really dispayed an interest in our online offer or who have certain characteristics (e.g. an interest in certain topics or products determined based on the visited websites) that we transfer to Google (so-called "Remarketing" or Google Analytic Audiences). With the Remarketing Audiences we also want to make sure that our advertisements really correspond to the potential interst of the users.

Google Adsense with personalised ads

Google is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the service AdSense which leads to the display of advertisements on our website which generates an income for us through the display or other use of the advertisements. For this purpose, usage data, such as clicking on an advertisement and the IP address of the users, are processed, with the IP address being abbreviated by the last two digits. As a consequence the processing of the user data is pseudonymised.

We use Adsense with personalised advertisements. In this process Google makes conclusions about the interests of the users based on the websites visited or apps used by the users and the user profiles generated by this. Advertisers use this information to tailor their campagns to those interests, which is an advantage for both the user and the advertiser. For Google advertisements are personalised if collected or known data determine or influence the advertisement choice. These include among others previous search requests, activities, website visits, the use of apps, demographic and location data. In particular this comprises: demographic targeting, targeting based on interest categories, remarketing and targeting on lists for customer comparison and target group lists uploaded in DoubleClick Bid Manager or Campaign Manager.

Google Adsense with non-personalised ads

Google is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use Adsense with non-personalised advertisements. In this process data is not displayed on the basis of user profiles. Non-personalised advertisements are not based on earlier user behaviour. Targeting uses context information, among others a broad geographic targeting (base e.g. on a municipal level) based on the current location, the contents on the current website or the app as well as current search items. Google inhibits any kind of personalised targeting, therefore also geographic targeting and targeting based on user lists.

Google AdWords and Conversion Tracking

Google is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing scheme Google "AdWords" in order to place advertisements in the Google advertising network (e.g. in search results, videos, on websites etc.), so that they are displayed to the users who have a potential interest in the advertisements. This allows us to display advertisements within our online offer in a more targeted way in order to only display advertisements to the users that are potentially corresponding to their interests. If e.g. the advertisements displayed to a user contain products he previousely showed an interest in on other online services, this is called "Remarketing". For this purpose Google runs a Google code when our website and other websites on whicht the Google advertising netword is active are accessed and so-called (re)marketing tags (invisible graphics or codes, also called "Web Beacons") get included in the website. They lead to the installation of an individual cookie, i.e. a small file (comparable technologies can be used instead of cookies too) on the device of the users. This file stores information about the websites accessed by the user, the contents he or she is interested in and the offers the user clicked, furthermore technical information on the browser and operating system, referring websites, access duration as well as further information on the use of the online offer.

Furthermore we receive an individual "conversion cookie". The information collected by this cookie are used by Google to create conversion statistics for us. We only get to know the anonymous overall number of users though who clicked on our advertisement and were transfered to a Website containing a conversion tracking tag. We do not obtain any information that could be used for the identification of individuals.

The user data are processed in a pseudonymised way within the Google advertising network. I.e. google does not for example store and process the name or e-mail address of the users, but processes the relevant data in a cookie-related manner within the pseudonymised user profiles. This means that from the perspective of Google the advertisements are not processed and displayed for a specific identifiable person, but for the cookie owner, irrespective of who this cookie owner is. This does not apply if the user explicitly allowed Google to process the data without pseudonymisation. The information collected about the users are tranferred to Google and stored on Google servers in the USA.

Google Doubleclick

Google is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing scheme Google "Doubleclick" in order to place advertisements in the Google advertising network (e.g. in search results, videos, on websites etc.). The main feature of Doubleclick is the display of advertisements in real-time based on the assumed interests of the users. This allows us to display advertisements for and within our online offer in a more targeted way in order to only display advertisements to the users that are potentially corresponding to their interests. If e.g. the advertisements displayed to a user contain products he previously showed an interest in on other online services, this is called "Remarketing". For this purpose, Google runs a Google code when our website and other websites on which the Google advertising network is active are accessed and so-called (re)marketing tags (invisible graphics or codes, also called "Web Beacons") get included in the website. They lead to the installation of an individual cookie, i.e. a small file (comparable technologies can be used instead of cookies too) on the device of the users. This file stores information about the websites accessed by the user, the contents he or she is interested in and the offers the user clicked, furthermore technical information on the browser and operating system, referring websites, access duration as well as further information on the use of the online offer.

The IP address of the users is also collected, although it is abbreviated by Google in the Member States of the European Union or in the contracting parties to the Agreement on the European Economic Area. Only in exceptional cases the complete IP address is transferred to a Google server in the USA and abbreviated there. If the user visits other websites afterwards, he can obtain customised advertisements based on his assumed interests based on his user profile.

The user data are processed in a pseudonymised way within the Google advertising network. I.e. google does not for example store and process the name or e-mail address of the users, but processes the relevant data in a cookie-related manner within the pseudonymised user profiles. This means that from the perspective of Google the advertisements are not processed and displayed for a specific identifiable person, but for the cookie owner, irrespective of who this cookie owner is. This does not apply if the user explicitly allowed Google to process the data without pseudonymisation. The information collected about the users are transferred to Google and stored on Google servers in the USA.

Bing Ads

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offer) and pursuant to Art. 6(1)(f) GDPR, we use the conversion and tracking tool "Bing Ads" of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In the course of the use, Microsoft stores cookies on the devices of the users to facilitate an analysis of the usage of our online offer by the users in cases where users accessed our online offer through a Microsoft Bing Ad (so-called "conversion tracking". In this way Microsoft and we can recognize that someone clicked an advertisement, was transferred to our online offer and accessed a previously assigned landing page (so-called "conversion page"). Thereby we only get to know the total number of users who clicked a Bing Ad and were transferred to the conversion page. No IP addresses are stored. No personal information about the identity of the users is disclosed.

Microsoft is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Users who do not want to participate in the tracking processes of Bing Ads can also prevent the use of cookies necessary for the tracking by deactivating the relevant browser settings or use the opt-out site of Microsoft: choice.microsoft.com/de-DE/opt-out.

For further information on the privacy policy and cookies applied by Microsoft Bing Ads please refer to the privacy statement of Microsoft: privacy.microsoft.com/de-de/privacystatement.

Online presences on social media

We use online presences on social networks and platforms to communicate with customers, interested parties and users who are active there and to inform them about our services. The use of the respective networks and platforms is subject to the terms and conditions and the data processing regulations of the respective controller of the service.

Unless otherwise stated in our privacy statement, we process the data of our users if they communicate with us on the networks and platforms, e.g. by writing entries in our online presences or sending us messages.

Inclusion of third-party services and contents

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offer) and pursuant to Art. 6(1)(f) GDPR, we use contents and services of third parties to include their contents and services, e.g. videos or fonts (hereinafter altogether referred to as "contents").

This implies that the third-party providers of these contents can see the IP address of the user, because otherwise they would not be able to transfer the contents to the user's browser. Therefore, the IP address is a necessary pre-condition for the display of those contents. We try to only use contents where the IP address is only used by the provider for delivering the contents. Third-party providers can also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. The "pixel tags" facilitate the evaluation of information, e.g. concerning user traffic, on the pages of this website. Furthermore, the pseudonymous information can be stored in cookies on the user devices and contain among others technical information about the browser and operating system, referring websites, access duration and further information on the usage of our online offer, as well as be combined with such information from other sources.

Google Fonts

We include the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement: www.google.com/policies/privacy/, Opt-Out: adssettings.google.com/authenticated.

Google Maps

We include the maps of the service "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may especially include IP addresses and location data of the users, which are not collected without their consent (usually provided through the settings of their mobile devices). The data may be processed in the USA. Privacy statement: www.google.com/policies/privacy/, Opt-Out: adssettings.google.com/authenticated.

Use of Facebook Social Plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offer) and pursuant to Art. 6(1)(f) GDPR, we use Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland ("Facebook").

These may include e.g. contents such as pictures, videos or text and buttons that make it possible for users to share contents of this online offer via Facebook. The list and the form of the Facebook Social Plugins can be viewed here: developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

If a user selects a function of this online offer that contains such a plugin, his or her device established a direct connection with the servers of Facebook. The contents of the plugin are transferred by Facebook directly to the device of the user and included by him or her into the online offer. Thereby usage profiles of the users may be generated from the processed data. Therefore, we do not have any control over the scope of data collected by Facebook with this plugin and inform the users according to our state of knowledge.

Through the inclusion of the plugin Facebook obtains the information that the user accessed the respective page of the online offer. If the user is logged in, Facebook can relate the user's access to his or her Facebook account. When users interact with the plugins by pressing for example the "Like" button or leaving a comment, the respective information is transferred directly form their device to Facebook, where it is stored. If a user is not a member of the Facebook community, his or her IP address may still be collected and stored by Facebook. According to Facebook, only anonymised IP addresses are stored in Germany.

Regarding the purpose and scope of the data collection and further processing and use of the data by Facebook as well as the relevant rights and setting options for the protection of the users' privacy please refer to the privacy statement of Facebook: www.facebook.com/about/privacy/.

If a user has a Facebook account and does not want his or her data that was collected by Facebook from this online offer to be combined with the data stored in his or her Facebook profile, he or she has to log out from Facebook before using our online offer and delete his or her cookies. Further settings and objections relating to the use of data for advertising purposes are possible in your Facebook profile settings: www.facebook.com/settings or through the US American page www.aboutads.info/choices/ or the EU page www.youronlinechoices.com. The settings are made independently from the platform, i.e. they are applied for all devices, such as desktop computers or mobile devices.

Twitter

Our online offer may include functions and contents of the service Twitter, provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These may comprise e.g. contents such as pictures, videos or text and buttons that allow users to share contents from this online offer via Twitter.

In case the users have a Twitter account, the access of the above mentioned contents and functions can be related by Twitter to the user profiles. Twitter is certified under the Privacy Shield and thereby offers a guarantee to subject to European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Privacy statement: twitter.com/de/privacy, Opt-Out: twitter.com/personalization.

Instagram

Our online offer may include functions and contents of the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. These may comprise e.g. contents such as pictures, videos or text and buttons that allow users to share contents from this online offer via Instagram. In case the users have an Instagram account, the access of the above mentioned contents and functions can be related by Instagram to the user profiles. Privacy statement:http://instagram.com/about/legal/privacy/.