Privacy Statement

Data protection is paramount for out company. You do not have to provide personal data when visiting our website. If an affected person wishes to use particular services of our company online, however, it may be necessary to process personal data. If personal data does need to be processed and if there is no legal basis for such processing, we generally obtain the consent of the affected person.

The processing of personal data, such as name, address, email address or telephone number of an affected person is always in compliance with the Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (DS-GVO), effective from 2018-05-25, and other applicable legislation. Our company is issuing this Privacy Statement to provide information about the type, scope and purpose of the personal data we process and to make the affected persons aware of their rights.

Our company has implemented numerous technical and organizational measures to ensure that the processed personal data is afforded the most comprehensive protection possible. Nonetheless, Internet-based data transmissions can essentially involve vulnerabilities, and so absolute protection cannot be guaranteed.

1 Definitions

Our company's Privacy Statement is based on the DS-GVO. Our Privacy Statement is designed to be easily readable and understandable. To ensure that this is the case, we would like to explain the terms used therein at the outset:

1.1 Personal data

Personal data means "all items of information that refer to an identified or identifiable natural person (referred to below as "affected person"); a natural person, who can be identified, either directly or indirectly, specifically by association to an identifying attribute such as a name, location data, an online identifying attribute or one or several special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of such natural persons, is considered to be identifiable" (DS-GVO, Article 4, para. 1).

1.2 Affected person

An affected person is any identified or identifiable natural person, whose personal data is processed by the party responsible for processing.

1.3 Processing

Processing is any operation carried out with or without the aid of automated processes, or any such series of operations in connection with personal data, including the collection, recording, organization, arrangement, storage, amendment or modification, exporting, requesting, usage, disclosure by means of circulation or any other form of provisioning, reconciliation or linking, limitation, deletion or destruction.

1.4 Limitation of processing

Limitation of processing is the marking of stored personal data, the aim being to limit the future processing thereof.

1.5 Profiling

Profiling is any kind of automated processing of personal data during which such personal data are used in order to obtain and evaluate certain personal aspects that refer to a natural person, in particular in order to analyze or predict aspects with respect to performance, economic situation, health, personal preferences, interests, dependability, conduct, whereabouts or change of location of such natural person.

1.6 Pseudonymization

Pseudonymization is the processing of personal data, such that these personal data can no longer be associated with a specific affected person without referring to additional information. These additional information are stored separately and are governed by technical and organizational measures to guarantee that the personal data cannot be associated with an identified or identifiable natural person.

1.7 Responsible party or party responsible for processing

A responsible party or party responsible for processing is the natural or legal person, authority, institution or other facility that decides, alone or together with other parties, on the purpose for and method of processing personal data.

1.8 Order processor

An order processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the responsible party.

1.9 Recipient

A recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, whether a third party or not. Authorities that might receive personal data under the terms of a specific inquiry remit in accordance with European Union legislation or the law of the member stages are not, however, considered to be recipients.

1.10 Third parties

A third party is a natural or legal person, authority, institution or other body, other than the affected person, the responsible party, the order processor and those persons who are authorized to processes the personal data under the direct responsibility of the responsible person or the order processor.

1.11 Consent

Consent is any declaration of intent given voluntarily by the affected person for the case concerned in an informed and clear manner in the form of a declaration or any other distinct, affirming action, through which the affected person states that they consent to the processing of their personal data.

2 Name and address of the party responsible for processing

The responsible party pursuant to the DS-GVO is:

Ingentis Softwareentwicklung GmbH
Raudtener Str. 7
90475 Nuremberg
Germany
Email:mail@ingentis.com

www.ingentis.com

3 Contact data for our external Data Protection Officer

Mr. Michael Gruber
BSP-SECURITY
Franz-Mayer-Str.
1
D-93053 Regensburg

Tel. +49 (0) 941 46 29 09 29
info[at]bsp-security.de
www.bsp-security.de

Any affected person can contact our Data Protection Officer directly if they have any questions or suggestions regarding data protection.

4 Cookies

The websites of our company use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID, which is unique to the cookie concerned. It is made up of a character sequence via which websites and servers can be associated with the very Internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish between the browser of the affected person and other Internet browsers that contain different cookies. A particular Internet browser can be recognized and identified via the unique cookie ID. Cookies allow Ingentis Softwareentwicklung GmbH to provide the users of this website with more user-friendly services that would not have been possible had cookies not been set.

A cookie allows the information and offers on our website to be optimized for the user's purposes. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of such recognition is to make it easier for such users to make use of our website. For example, the users of a website that uses cookies do not have to re-enter their access data at each visit. This is done by the website and the cookies stored on the user's computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items a customer has placed in the virtual shopping cart via a cookie.

The affected person can prevent cookies being stored by our website at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Furthermore, cookies that have already been stored can be deleted at any time via an Internet browser or a different software program. This is possible in all standard Internet browsers. If the affected person deactivates cookies in the Internet browser used, the full functionality of our website may not be available.

5 Recording general data and information

The webserver of Ingentis Softwareentwicklung GmbH gathers a series of general data and information each time an affected person or an automated system launches the website. This general data and information are stored in the server's logfiles. Data that can be gathered include the used browser types and versions, the operating system used by the accessing system, the website from which an accessing system enters our website, the sub-websites that are directed to our website via an accessing system, the date and time of an access to our website, an Internet protocol address (IP address), the Internet Service Provider of the accessing system and other similar data and information that serve to avert risk in case of attacks on our IT systems.

In using this general data and information, Ingentis Softwareentwicklung GmbH does not draw any conclusions about the affected person. Instead, such information is required in order to deliver the contents of our website in a correct manner, to optimize the contents of our website and the advertising for such websites, to guarantee the permanent functionality of our IT systems and the technology of our websites, and also to provide the law enforcement authorities with the information required to carry out prosecution proceedings in case of a cyber attack. Ingentis Softwareentwicklung GmbH analyzes this anonymously collected data and information for statistical purposes. Another aim is to increase the level of data protection and data security within in our company in order to ultimately ensure optimized protection for the personal data we process. The anonymous data in the server logfiles are stored separately from any personal data provided by an affected person.

6 Contact possibility via the website

To comply with statutory regulations, our company website contains data that allows fast electronic contact with our company and direct communication with us, including a general address for so-called electronic mail (email address). Insofar as an affected person makes contact with the party responsible for processing via email or a contact form, the personal data transmitted by the affected person are automatically stored. Such personal data transmitted voluntarily by an affected person to the party responsible for processing are stored for the purposes of processing or contacting the affected person. These personal data are not transmitted to any third party.

7 Routine deletion and blocking of personal data

The party responsible for processing processes and stores personal data of the affected person only for the period required to achieve the processing purpose and insofar as this is prescribed by the legislators in laws or regulations with with the party responsible for processing is obliged to comply. If the reason for storage no longer applies or if a storage period prescribed by the legislators expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory regulations.

8 Rights of the affected person

8.1 Right to confirmation

Each and every affected person is entitled to request the party responsible for processing to provide confirmation of whether the affected personal data are being processed. If an affected person wishes to exercise this right to confirmation, they are welcome to contact our Data Protection Officer or any other employee of the party responsible for processing at any time.

8.2 Right to information

Each and every person affected by the processing of personal data is entitled to receive from the party responsible for processing free information about their stored personal data and a copy of such information, as well as the information stated below:

  • the purposes of processing
  • the categories of personal data that is processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly in case of recipients in third-party countries or at international organizations
  • where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for specifying such period
  • the existence of a right to the correction or deletion of their personal data or to any limitation of processing by the responsible party or right of objection to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • if the personal data are not collected from the affected person: all available information about the origin of the data
  • the existence of an automated decision-making processing, including profiling pursuant to Article 22, para. 1 and 4 DS-GVO and — in such cases as a minimum — meaningful information about the logic involved, and also the scope and the intended effects of such processing for the affected person

Moreover, the affected person is entitled to information as to whether personal data have been transmitted to a third-party country or to an international organization. If this is the case, the affected person is also entitled to information about the safeguards appropriate for such transmission.

If an affected person wishes to exercise this right to information, they are welcome to contact our Data Protection Officer at any time.

8.3 Right to correction

Each and every person affected by the processing of personal data is entitled to demand the immediate correction of incorrect personal data relating to them. Moreover, the affected person is entitled, with due consideration for the purposes of processing, to demand the completion of incomplete personal data — including by means of a supplementary declaration.

If an affected person wishes to exercise this right to correction, they are welcome to contact our Data Protection Officer or any other employee of the party responsible for processing at any time.

8.4 Right to deletion (right to be forgotten)

Each and every person affected by the processing of personal data is entitled to demand that the party responsible for processing deletes their personal data immediately, insofar as one of the following reasons applies and insofar as such processing is not required:

  • The personal data has been collected or processed for purposes that no longer exist.
  • The affected person revokes their consent, on which the processing pursuant to Article 6, para. 1 a DS-GVO or Article 9, para. 2 lit. a DS-GVO is based, and no other legal basis for processing exists.
  • The affected person objects to the processing pursuant to Article 21, para. 1 DS-GVO, and there are no overriding reasons for the processing, or the affected person objects to the processing pursuant to Article 21, para. 2 DS-GVO.
  • The personal data have been processed unlawfully.
  • The deletion of personal data is required to fulfil a legal obligation in accordance with European Union legislation or the law of the member states with which the responsible party is obliged to comply.
  • The personal data were collected in connection with the services offered by the information society pursuant to Article 8, para. 1 DS-GVO.

Insofar as one of the aforementioned reasons applies and an affected person wishes to arrange for the deletion of the personal data stored at our company, they are welcome to contact our Data Protection Officer at any time. Our Data Protection Officer will arrange for the deletion request to be met without delay.

If the personal data has been disclosed by our company and our company is under an obligation, as the responsible party pursuant to Article 17, para. 1 DS-GVO, to delete the personal data, our company will, with due consideration for the available technology and the implementation costs, take measures, including those of a technical nature, to ensure that other parties responsible for data processing, which process the published personal data, are informed that the affected person has demanded that such other parties responsible for data processing delete all links to such personal data or copies or replications of this personal data, insofar as the processing is not required. The Data Protection Officer will make the necessary arrangements on a case-by-case basis.

8.5 Right to limitation of processing

Each and every person affected by the processing of personal data has the right, granted under European Directives and the regulators, to demand that the responsible party limits processing, if one of the following criteria is met:

  • The accuracy of the personal data is contested by the affected person, specifically for a period that allows the responsible party to verify the accuracy of the personal data.
  • The processing is unlawful, the affected person refuses the deletion of the personal data and demands, instead, the limitation of use of the personal data.
  • The responsible party no longer requires the personal data for the processing purpose, although the affected person does requires the data to assert, exercise or defend legitimate claims.
  • The affected person has objected to the processing pursuant to Article 21, para. 1 DS-GVO and it is still unclear whether the legitimate reasons of the responsibly party outweigh those of the affected party.

Insofar as one of the criteria is met and an affected person wishes to demand a limitation to the processing of the personal data stored at our company, they are welcome to contact our Data Protection Officer at any time. The Data Protection Officer will arrange for the limitation of processing.

8.6 Right to data assignability

Each and every person affected by the processing of personal data is entitled to receive their personal data, which was provided by the affected person to a responsible party, in a structured, standard and machine-readable format. The person also has the right, to transmit this data to a different responsible party without hindrance from the responsible party to whom the data was provided, insofar as the processing is based on the consent pursuant to Article 6, para. 1 a DS-GVO or Article 9, para. 2 a DS-GVO or on a contract pursuant to Article 6, para. 1 b DS-GVO, and the processing is executed by automated procedures, insofar as the processing is not required for a task that is carried out in the public interest or by exercising official authority that was granted to the responsible party.

Moreover, the affected person is entitled, in exercising their right to data assignability pursuant to Article 20, para. 1 DS-GVO, to seek that the personal data are assigned by the responsible party to a different responsible party, insofar as this is technically viable and does not compromise the rights and freedoms of other persons.

In order to assert the right to data assignability, the affected person is welcome to contact our Data Protection Officer at any time.

8.7 Right to objection

Each and every person affected by the processing of personal data is, for reasons ensuing from their particular situation, entitled to object to the processing of their personal data, which is carried out pursuant to Article 6, para. 1 e or f DS-GVO, at any time. This also applies to any profiling based on these provisions.

In case of an objection, our company will cease to process the data unless we are able to demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the affected person, or such processing serves to assert, exercise or defend legitimate claims.

If our company processes personal data for the purpose of direct advertising, the affected person shall be entitled to object to the processing of personal data for the purposes of such advertising. This also applies to any processing associated with such direct advertising. If the affected person objects to our company processing personal data for direct advertising purposes, we shall cease to process the personal data for these purposes.

Moreover, the affected person is entitled, for reasons ensuing from their particular situation, to object to the processing of their personal data, which is carried out at our company for scientific or historical research purposes or for statistical purposes pursuant to Article 89, para. 1 DS-GVO, unless such processing is required to fulfil a task in the public interest.

In order to exercise the right to object, the affected person is welcome to contact our Data Protection Officer directly.

8.8 Automated decisions on a case-by-case basis, including profiling

Each and every person affected by the processing of personal data is entitled not to be ruled by a decision based exclusively on automated processing, including profiling, which stands contrary to their legal effect or which significantly compromises them in a similar way, insofar as the decision is not required to conclude or fulfil the terms of a contract between the affected person and the responsible party, or is permitted under the legislation of the European Union or the member states with which the responsible party is obliged to comply, and such legislation includes measures appropriate to the granting of rights and freedoms, as well as the legitimate interests of the affected person or is taken with the express consent of the affected person.

If the decision is required to conclude or fulfil the terms of a contract between the affected person and the responsible party, or is taken with the express consent of the affected person, out company will take the measures appropriate for safeguarding the rights and freedoms, and also the legitimate interests, of the affected person, including at least the right to seek the intervention of a person by the responsible part, explain their point of view and contest the decision.

If the affected person wishes to assert rights concerning automated decisions, they are welcome to contact our Data Protection Officer at any time.

8.9 Right to revoke consent under data protection law

Each and every person affected by the processing of personal data is entitled to revoke their consent to the processing of personal data at any time. If the affected person wishes to assert their right to revoke consent, they are welcome to contact our Data Protection Officer at any time.

9 Data protection with respect to applications and the application process

The party responsible for processing collects and processes the personal data from applicants for the purposes of the application process. Processing can also be carried out electronically. This is the case particularly if an applicant transmits to our company application documents electronically, by email or via a web form on the website, for example. If our company concludes an employment contract with an applicant, the transmitted data will be stored for the purposes of realizing the employment relationship in compliance with the statutory regulations. If our company does not conclude an employment contract with the application, the application documents will be deleted automatically 6 months after the rejection decision is announced, unless such deletion stands contrary to any other legitimate interests of the party responsible for processing. Other legitimate interest in this sense includes the burden of proof in proceedings pursuant to the General Equal Treatment Act (AGG).

10 Data protection provisions: Tracking tools

Data protection provisions for the deployment and use of Google Analytics

The party responsible for processing has integrated the Google Analytics component (with anonymization function) into this website. Google Analytics is a web analysis service. Web analysis means the gathering, collection and evaluation of data about the behavior of visitors to our web pages. A web analysis service logs data about the website from which an affected person arrives on a website (so-called referrer), which pages of the website are accessed or how often, and the length of time for which a website has been viewed. A web analysis is used primarily to optimize a website and for the cost/benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The party responsible for processing uses the suffix "_gat._anonymizeIp" for web analysis. Google uses this suffix to shorten and anonymize the IP address of the Internet connection of the affected person if our web pages are accessed from a member state of the European Union or from a different state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the visitor flows to our website. Google uses the gathered data and information to evaluate how our website is used in order to prepare for us online reports describing the activities on our websites and in order to provide other services associated with the use of our website.

Google Analytics places a cookie on the IT system of the affected person. The meaning of cookies is explained above. Cookies allow Google to analyze how our website is used. Whenever any of the pages of this website, which is operated by the party responsible for processing and into which a Google Analytics component has been integrated, the Internet browser on the IT system of the affected person is automatically prompted by the respective Google Analytics component concerned to transmit data to Google for the purposes of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the affected person, via which Google identifies the origin of the visitors and the clicks and subsequently facilitates commission computations.

Cookies are used to store personal information, such as access time, location from which access is gained and the frequency of visits to our website by the affected person. Each time our website is visited, these personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the USA. These personal data are stored by Google in the USA. Google can potentially transmit these personal data, which are collected by means of technical processes, to third parties.

The affected person can prevent cookies being stored by our website, as described above, at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Making such a setting in the Internet browser would prevent Google from placing a cookie on the IT system of the affected person. In addition, cookies that have already been set by Google Analytics can be deleted at any time via the Internet browser or a different software program.

Furthermore, the affected person has the opportunity to object to, and thereby prevent, the logging of data generated by Google Analytics concerning the use of this website and also to the processing of such data by Google. This requires the affected person to download, and then install, a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics, via JavaScript, that no data or information about the visits is allowed to be transmitted from websites to Google Analytics. Google deems the installation of the browser add-on an objection. If the IT system of the affected person is deleted, formatted or re-installed at a later time, the affected person must install the browser add-on again in order to deactivate Google Analytics. Insofar as the browser add-on is de-installed or deactivated by the affected person or a different person under their sphere of influence, the browser add-on can be re-installed or reactivated.

Further information and the applicable data protection provisions of Google can be retrieved from https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

Data protection provisions for the deployment and use of Google Remarketing

The party responsible for processing has integrated Google Remarketing services into this website. Google Remarketing is a function of Google AdWords, which permits a company to fade in advertisements for those Internet users that have visited the company's website beforehand. Accordingly, the integration of Google Remarketing permits a company to create user-related advertisements and consequently to show the Internet user potentially relevant advertisements.

The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to fade in potentially relevant advertisements. Google Remarketing allows us to display advertisements through the Google content network, or on other websites, which are matched to individual requirements and interests of Internet users.

Google Remarketing places a cookie on the IT system of the affected person. The meaning of cookies is explained above. Google sets cookies in order to recognize the visitor to our website if they subsequently launch websites that also belong to the Google content network. Whenever a website into which Google Remarketing services have been integrated is launched, Google automatically recognizes the Internet browser of the affected person. During the course of this technical process, Google obtains knowledge of personal data, such as the user's IP address and the surfing behavior, and then uses such knowledge to fade in potentially relevant advertisements.

Cookies are used to store personal information, such as the websites visited by the affected person. Whenever our website is visited, these personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the USA. These personal data are stored by Google in the USA. Google can potentially transmit these personal data, which are collected by means of technical processes, to third parties.

The affected person can prevent cookies being stored by our website, as described above, at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Making such a setting in the Internet browser would prevent Google from placing a cookie on the IT system of the affected person. In addition, cookies that have already been set by Google Analytics can be deleted at any time via the Internet browser or a different software program.

Moreover, the affected person has the opportunity to object to Google fading in potentially relevant advertisements. This requires the affected person to retrieve each of the Internet browsers it has used from www.google.de/settings/ads and make the setting there.

Further information and the applicable data protection provisions of Google can be retrieved from https://www.google.de/intl/de/policies/privacy/.

Data protection provisions for the deployment and use of Google AdWords

The party responsible for processing has integrated Google AdWords into this website. Google AdWords is a service for Internet advertising that permits advertisers to place advertisements in the Google search engine results and also in the Google content network. Google AdWords allows an advertiser to define in advance certain keywords, via which an advertisement will be displayed in the Google search engine results only if the user enters a search result relevant to the keyword into the search engine. Within the Google content network, the advertisements are distributed via an automatic algorithm and by observing the previously defined keywords on relevant websites.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by fading in potentially relevant advertisements on the websites of third-party companies and in the Google search engine results and by fading in third-party advertising on our website.

If an affected person arrives on our website through a Goggle advertisement, Google places a so-called conversion cookie on the IT system of the affected person. The meaning of cookies is explained above. A conversion cookie is rendered invalid after thirty days and is not designed to identify the affected person. The conversion cookie, unless expired, is used to establish whether certain web pages, the shopping cart in our online shop for example, has been selected from our website. The conversion cookie tells both us and Google whether the affected person, who arrived on our website via an AdWords advertisement, generated revenue, i.e. completed or failed to complete a purchase.

Google uses the data and information collected through the use of the conversion cookies to create visit statistics for our website. We then use these visit statistics to determine the total number of users referred to us via AdWords advertisements, i.e. the success or failure of the respect AdWords advertisement, and to optimize our AdWords advertisements for the future. Neither our company nor other advertising customers of Google AdWords receive information from Google, via which the affected person could be identified.

Conversion cookies are used to store personal information, such as the websites visited by the affected person. Whenever our website is visited, these personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the USA. These personal data are stored by Google in the USA. Google can potentially transmit these personal data, which are collected by means of technical processes, to third parties.

The affected person can prevent cookies being stored by our website, as described above, at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Making such a setting in the Internet browser would prevent Google from placing a conversion cookie on the IT system of the affected person. In addition, cookies that have already been set by AdWords can be deleted at any time via the Internet browser or a different software program.

Moreover, the affected person has the opportunity to object to Google fading in potentially relevant advertisements. This requires the affected person to retrieve each of the Internet browsers it has used from www.google.de/settings/ads and make the setting there.

Further information and the applicable data protection provisions of Google can be retrieved from https://www.google.de/intl/de/policies/privacy/.

Data protection provisions for the deployment and use of YouTube

The party responsible for processing has integrated YouTube components into this website. YouTube is an Internet video portal that allows video publishers to create, free-of-charge, video clips and other users to view, rate and comment on such videos, also free-of-charge. YouTube permits the publication of all kinds of videos. Therefore, entire film and TV programs, as well as music videos, trailers or videos created by users themselves, can be retrieved via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Whenever any of the pages of this website, which is operated by the party responsible for processing and into which a YouTube component (YouTube video) has been integrated, the Internet browser on the IT system of the affected person is automatically prompted by the respective YouTube component concerned to download a depiction of the corresponding YouTube component from YouTube. Further information about YouTube can be retrieved from https://www.youtube.com/yt/about/de/. During the course of this technical process, YouTube and Google obtain knowledge about which specific page of our website has been visited by the affected person.

Insofar as the affected person is logged into YouTube at the same time, YouTube recognizes which specific page of our website has been visited by the affected person when the page containing a YouTube video is launched. This information is gathered by YouTube and Google and assigned to the respective YouTube account of the affected person.

YouTube and Google are always informed, via the YouTube component, that the affected person has visited our website if the affected person is logged into YouTube when our website is launched; this occurs regardless of whether the affected person has clicked on a YouTube video or not. If the affected person does not wish such information to be transmitted to YouTube and Google, they can prevent this by logging out of their YouTube account before launching our website.

The data provisions published by YouTube, which can be retrieved from https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.

Payment method: Data protection provisions on PayPal as a method of payment

The party responsible for processing has integrated PayPal components into this website. PayPal is an online service provider for payments. Payments are processed via so-called PayPal accounts, which constitute virtual personal or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed through an email address, and therefore no conventional account number exists. PayPal allows online payments to be made to third parties, and also payments to be received. In addition, PayPal performs custodian functions and offers purchaser protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.

If the affected person selects "PayPal" as a payment method during the order process in our online shop, the data of the affected person is automatically transmitted to PayPal. By selecting this payment option, the affected person is consenting to the transmission of the personal data required to process the payment.

The personal data transmitted to PayPal usually comprises first name, last name, address, email address, IP address, telephone number, mobile telephone number or other data required to process the payment. Personal data concerning the respective order are considered necessary to conclude the purchase contract.

Data are transferred in order to process the payment and prevent fraud. The party responsible for processing will transmit personal data to PayPal, particularly if there is a legitimate interest in such transmission. PayPal may potentially transmit the personal data exchanged between PayPal and the party responsible for processing to credit rating agencies. Such transmission allows identify and credit check to be carried out.

PayPal may pass the personal data to associated companies and service providers or subcontractors, insofar as this is required to fulfil contractual obligations or the data are to be processed on behalf of a third party.

The affected person has the opportunity to revoke, at any time, the consent given to PayPal to use their personal data at any time. A revocation does not affect personal data that has to be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of PayPal can be retrieved from https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

11 Notice of the rights of the data subjects regarding camera monitoring by Ingentis Softwareentwicklung GmbH

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, the right to access the personal data and the information listed in section 15 GDPR.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and the right to ask for incomplete personal data to be completed(section 16 GDPR).

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in section 17 GDPR applies, e.g. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right to erasure).

The data subject shall have the right to obtain from the controller restriction of processing where one of the grounds listed in section 18 GDPR is met, e.g. when the data subject has objected to the processing, for the period of verification by the controller.

The data subject is, for reasons ensuing from his/her particular situation, entitled to object to the processing of his/her personal data at any time. In this case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (section 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes GPDR (section 77 GPDR). The data subject can practice this right in the Member State of his or her habitual residence, place of work, or place of the alleged infringement.

12 Competent data protection supervisory authority

Bavarian State Office for Data Protection Supervision

Promenade 27 (Schloss)
D-91522 Ansbach
Germany

Phone: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300
email: poststelle@lda.bayern.de

13 Amendments to the data protection provisions

We reserve the right to amend our security and data protection provisions, insofar as this is required to keep pace with technical developments. In such cases, we will adapt the information we provide about data protection accordingly. Please always observe the latest version of our Privacy Statement.

(04/2018)