Information obligations according to Art. 13 GDPR 2018
1. Name and contact details of the person responsible
Responsible for data processing
Am Schwarzen Meer 45
You can reach us by email at mail (AT) maditaboeer.com
2. Collection of personal data for informational use
If you only use the website for informational purposes, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access Status/HTTP Status Code
- amount of data transferred
- Website from which the request comes
- Operating system and its interface
- Browser software language and version.
(1) Cookies are also stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive in the browser you are using and through which certain information flows to the place that sets the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser settings according to your wishes and e.g. B. refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
(2) This stored information is stored separately from any further data given to us. In particular, the data from the cookies are not linked to your other data.
(3) You can object to this data processing at any time with effect for the future.
4. Use of features on our websitete
When you contact us by e-mail or via the contact form, your e-mail address and, if you provide this, your name and telephone number will be saved by us in order to answer your questions.
5. Disclosure of Data to Third Parties
Sometimes we use external service providers to process your data. These were carefully selected by us and commissioned in writing. You are bound by our instructions and are regularly checked by us. The service providers will not pass this data on to third parties. If these service providers are based in the USA, we will inform you of this in connection with the respective functions. This data processing also takes place in accordance with the applicable legal situation.
Recipients or categories of recipients
If we pass on your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form, or when enrolling for the Newsletter). Of course, we also use external service providers for the technical and organizational processing, with whom we have concluded corresponding order processing contracts within the meaning of Article 28 GDPR. These are, for example, service providers for web hosting, sending emails, maintenance and care of our IT systems, etc.
(Note on the newsletter based on the template provided by lawyer Dr. Thomas Schwenke)
The newsletter is sent using “MailChimp”, a newsletter mailing platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
In accordance with the provisions of the General Data Protection Regulation (GDPR) applicable from May 25, 2018, we inform you that the consent to the sending of e-mail addresses is based on Article 6 Paragraph 1 lit. a, 7 GDPR and Article 7 Paragraph 2 No. 3 or para. 3 UWG. The use of the mail service provider MailChimp, the implementation of statistical surveys and analyzes and the logging of the registration process are based on our legitimate interests in accordance with Article 6 (1) (f) GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves both our business interests and meets user expectations. We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements of Article 21 GDPR. The objection can be made in particular against processing for direct advertising purposes.
The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.
Newsletter – Statistical survey and analysis
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of MailChimp to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Newsletter – online retrieval and data management
There are cases in which we direct the newsletter recipients to the MailChimp websites. For example, our newsletters contain a link with which newsletter recipients can access the newsletter online (e.g. in the event of display problems in the e-mail program). Furthermore, newsletter recipients can subsequently correct their data, such as their e-mail address. Likewise, MailChimp’s data protection declaration can only be accessed on their website.
6. Storage duration
Your data will be stored for as long as is absolutely necessary to achieve the respective purpose, but no longer than as long as any legal regulations require us to do so (e.g. under commercial law we are obliged to keep business letters, which can also include emails, for 10 years). As soon as the storage purpose no longer applies or a storage period prescribed by the regulations mentioned expires, the personal data will be blocked or deleted as a matter of routine.
7. Your rights
7.1 Right to information
You have the right to request information from us at any time as to whether personal data relating to you is being processed by us. If this is the case, you are entitled to information regarding the information specified in Art. 15 Para. 1 2nd HS GDPR. You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
7.2 Right to Rectification
Furthermore, according to Art. 16 GDPR, you have the right to demand that we immediately correct the incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary statement.
7.3 Right to Erasure (“Right to be Forgotten”)
You also have the right to request that we delete personal data concerning you immediately. We are obliged to comply with this request and to delete personal data unless we are legally obliged or entitled to further process your data. Please see Art. 17 GDPR for details.
7.4 Right to restriction of processing
You have the right to demand that we restrict processing if the legal requirements according to Article 18 GDPR are met.
7.5 Right to information
According to Art. 19 GDPR, if you have asserted the right to correction, deletion or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, it unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
7.6 Right to data portability
If your data is processed by us with your consent or on the basis of a contract, you have the right to receive your personal data in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible, provided that the legal requirements according to Art. 20 GDPR are met.
7.7 Right to object
Individual right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions. We no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves the Assertion, exercise or defense of legal claims.
Right to object to the processing of data for direct marketing purposes.
If your personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes. In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
7.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
7.9 Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- a) is necessary for the conclusion or performance of a contract between you and the person responsible,
- b) is permissible on the basis of legal provisions of the Union or the Member States to which the person responsible is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests or
- c) takes place with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9 Paragraph 1 GDPR unless Article 9 Paragraph 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the in a. and c. In the cases mentioned, the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to contest the decision.
7.10 Right of appeal
Unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs steht Ihnen das Recht auf Beschwerde bei einer Aufsichtsbehörde, insbesondere in dem Mitgliedstaat ihres Aufenthaltsorts, ihres Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes, zu, wenn Sie der Ansicht sind, dass die Verarbeitung der Sie betreffenden personenbezogenen Daten gegen die DSGVO verstößt.
Die Aufsichtsbehörde, bei der die Beschwerde eingereicht wurde, unterrichtet den Beschwerdeführer über den Stand und die Ergebnisse der Beschwerde einschließlich der Möglichkeit eines gerichtlichen Rechtsbehelfs nach Art. 78 DSGVO.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information
Phone: +49 421 3612010 or +49 471 5962010
Fax: +49 421 49618495
9. Legal bases of processing
If not already mentioned in the individual processing under the previous paragraphs, we show below the legal bases on which we carry out the data processing.
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.
10. Duration of storage of personal data
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Use of data transmitted through the contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.
11. Integration of Third Party Services
11.1 Video platforms
(1) We have integrated YouTube and Vimeo videos into our online offer, which are stored on http://www.YouTube.com and www.vimeo.com and can be played directly from our website. These are all integrated in “extended data protection mode”, i. H. that no data about you as a user will be transmitted to YouTube or Vimeo if you do not play the videos. The data mentioned in paragraph 2 will only be transmitted when you play the videos. We have no influence on this data transmission.
(2) By visiting the website, YouTube/Vimeo receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 3 of this declaration will be transmitted. This occurs regardless of whether YouTube/Vimeo provides a user account through which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube/Vimeo, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube/Vimeo to exercise this right.
(3) Further information on the purpose and scope of the data collection and its processing by YouTube/Vimeo can be found in the data protection declaration. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The website uses registration platforms from the provider Zoom, based in the USA. https://zoom.us/de-de/privacy.html
11.3 Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Instagram. We use the so-called two-click solution, data protection-safe “Shariff” buttons. “Shariff” was developed by specialists from the computer magazine c’t to enable more privacy on the Internet and to replace the usual “Share” buttons on social networks. More information about the Shariff project can be found here. When you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the marking on the box above its initials or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider be informed that you have accessed the corresponding website of our online offer. In addition, the data specified in Section 3 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.
(2) We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
(3) The plug-in provider saves the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. With the plug-ins we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 Paragraph 1 Sentence 1 lit. f GDPR.
(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and e.g. B. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook .com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA integrated.
Data protection declaration for the use of Facebook plugins (Like button)
Plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our website. You can recognize the Facebook plugins by the Facebook logo or the “Like button” (“I like”) on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to associate your visit to our site with your Facebook user account, please log out of your Facebook user account.
Further information on data collection: http://instagram.com/about/legal/privacy/
12. Liability for content
Responsible for the content according to § 55 Abs. 2 RStV:
According to § 5 TMG and § 55 RStV
The contents of my page were created with great care. As a service provider, I am responsible for my own content on these pages according to § 7 Abs.1 TMG according to the general laws. According to §§ 8 to 10 TMG, however, as a service provider I am not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity.
Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the point in time at which knowledge of a specific infringement of the law is known. As soon as I become aware of any violations of the law, I will remove this content immediately.
13. Liability for links
My offer contains links to external websites over which I have no influence. Therefore I cannot assume any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking.
However, a permanent control of the content of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of legal violations, we will remove such links immediately.