Privacy policy
Thank you for visiting our website. In the privacy policy, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
Controller
The party responsible for the collection and processing of data described below is the body stated in the imprint.
Usage data
When you visit our web pages, so-called usage data is temporarily evaluated on our web server for statistical purposes as a protocol to improve the quality of our web pages. This data set consists of
- the name and address of the requested content,
- the date and time of access,
- the transmitted data volume,
- the access status (content transmitted, content not found),
- the description of the web browser and operating system used,
- the referral link, which indicates which page linked you to ours,
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
The aforementioned log data will be evaluated anonymously.
The legal basis for the processing of usage data is Art. 6 (1) (f) GDPR. The processing is based on the legitimate interest of providing the contents of the website and ensuring a device- and browser-optimised display.
Data security
In order to protect your data as comprehensively as possible from unwanted access, we implement technical and organisational measures. These measures include encryption procedures on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
Necessary Cookies
Cookies are small text files that can be stored on and extracted from your device. There is a difference between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for more than the duration of the session.
We do not use these necessary cookies for analysis, tracking or advertising purposes.
In some cases, these cookies only contain information on certain settings and are not linked to a person. They may also be necessary to enable user guidance, security and operating of the site.
The legal basis for using these cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.
You can set your browser to inform you about the use of cookies. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings. Please note that if you delete certain cookies, our websites may not be displayed correctly and some functions may no longer be available.
Consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to provide you with our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This ensures that it is kept for further website visits and that your consents continue to be traceable. You can find more information about this under the section "Necessary cookies".
The provider of the consent management platform acts on our behalf and is strictly bound by our instructions (processor). A data processing agreement in accordance with Art. 28 GDPR has been concluded.
Google Analytics
We use the web analysis tool "Google Analytics" to design our websites in accordance with the needs of our visitors. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and accessed by us. This allows us to recognise returning visitors and count them as such.
We are supported by Google Ireland Limited as a processor in accordance with Art. 28 GDPR when using the Google Analytics service. The data processing by Google may also take place outside the EU or the EEA (especially in the USA). With regard to Google, an adequate level of data protection is ensured due to the adequacy decision (EU-U.S. Data Privacy Framework). Google is also obliged to conclude standard contractual clauses with further sub-processors.
The legal basis for this data processing is your consent if you have given your consent via our consent banner. You can withdraw your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
Provider | Maximum Storage period | Adequate level of data protection | Withdrawal of consent |
Google Ireland Limited | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. |
Visitor measurement
We use web analytics tools to design our websites in accordance with the needs of our visitors. This creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and accessed by us. In addition, it is possible that we retrieve identifiers related to your browser or device (e.g., a so-called browser fingerprint or your full IP address). This allows us to recognise returning visitors and count them as such.
In addition, we use the following functions as part of visitor measurement:
• We supplement the pseudonymous data with additional data provided by third-party providers. This allows us to record demographic characteristics of our visitors, e.g. information on age, gender and place of residence.
• We use a tracking method that allows us to capture and subsequently evaluate the mouse cursor movement of our visitors.
• We create explorative click paths and browsing behaviour analysis based on contextual data, including usage history on other sites with also enabled cookies.
The legal basis for this data processing is your consent if you have given your consent via our consent banner.
Which third-party providers do we use in this context?
Below we list the third-party providers with whom we collaborate within the context of our visitor measurement. If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.
Provider | Maximum Storage period | Adequate level of data protection | Withdrawal of consent |
For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. |
Third-party tracking technologies for advertising purposes
We use cross-device tracking technologies in orderto show you targeted advertising on other websites based on your visit on our websites and to understand how effective our advertising activities have been.
The legal basis for this data processing is your consent if you have given your consent via our consent banner. Your consent is voluntary and can be withdrawn at any time.
How does tracking work?
When you visit our websites, it is possible that the third-party providers mentioned below retrieve identifiying characteristics of your browser or device (e.g. a so-called browser fingerprint), evaluate your IP address, store or access identifiers on your device (e.g. cookies) or gain access to individual tracking pixels.
The individual characteristics can be used by these third parties to identify your device on other websites. We can instructthe corresponding third-party providers to display advertisements that are based on the pages you have visited on our site.
What does cross-device tracking mean?
If you log in to the third-party provider with your own user data, the respective identifying characteristic of different browsers and devices can be linked to each other. If, for example, the third-party provider has created a unique identifier for the laptop, desktop PC or smartphone or tablet you use, these individual characteristics can be linked to each other as soon as you use a service of the third-party provider with your login data. This enables the third-party provider to target our advertising campaigns across different devices.
Which third-party providers do we use in this context?
Below we list the third-party providers we collaborate with foradvertising purposes. If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.
Provider | Maximum Storage period | Adequate level of data protection | Withdrawal of consent |
Meta (Facebook) | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework) | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. | |
Google LLC | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework) | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. |
Contact form
YYou may contact us via our contact form. In order to use our contact form, we first require the data marked as mandatory.
The legal basis for this processing is Art. 6 (1) (f) GDPR in order to respond to your request.
Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal retention obligations in conflict to that. Usually this is the case XX days after handling the request.
Concerning the processing according to Art. 6 (1) (f) GDPR, you have the right to object at any time. To do so, please contact the e-mail address stated in the imprint.
Social Plugins
We enable you to use social plugins. However, for reasons of data protection, we only integrate social media plugins in a deactivated form.
Yet you have the option of giving your consent for this data processing via our consent banner in order to activate and use the integrated social plugins on our websites. Only then your browser will be able to establish a connection to the servers of the respective social media service operator.
By activating a plugin via the corresponding setting in the consent banner, the social media service receives in particular your IP address and, among other things, knowledge about your visit to our websites (usage data). This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.
In general, we have no influence on whether and to what extent the respective social media service processes personal data after the activation of the social plugins. However, it is likely that the social media service will create usage profiles from your data and use those profiles on the purpose of personalised advertising. Also, your data will be used to inform other users of the social media service about your activities on our websites.
The embedding is based on your consent, provided you have given your consent via our consent banner. If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.
If you no longer wish that your personal data is processed by the activated social plugins, you can prevent future processing by withdrawing your consent. To do so, please follow this link and make the appropriate settings via our banner.
Provider | Maximum Storage period | Adequate level of data protection | Withdrawal of consent |
For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework) | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. | ||
Meta Instagram/Facebook | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. | |
Twitter (USA) | Processing may also take place outside the EU/EEA. No adequate level of data protection. The transfer is based on Art. 49 (1) (a) GDPR | If you wish to withdraw your consent, please click here and make the appropriate setting via our banner. |
Embedded videos
On our websites we embed videos that are not stored on our servers. In order to ensure that opening our web pages with embedded videos does not automatically lead to the downloading of third-party content, we only show locally stored preview images of the videos as a first step. This does not provide the third party provider with any information.
Only after clicking on the preview image is the content of the third party provider downloaded. This informs the third party provider that you have accessed our site and the technical usage data required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on any further data processing carried out by the third party provider. By clicking on the thumbnail, you give us permission to download content from the third-party provider.
Embedding is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, provided that you have given your consent by clicking on the preview image. Please note that the embedding of numerous videos means that your data will be processed outside the EU or EEA. In some countries there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer to an insecure third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.
Provider | Adequate level of data protection | Withdrawal of consent |
YouTube / Google (USA) | No adequate level of data protection. Transmission is based on Art. 49 para. 1 letter a GDPR. | Once you have clicked on a thumbnail, the content of the third-party provider is immediately reloaded. If you do not wish such content to be loaded on other pages, please do not click on any further preview images. |
Newsletter registration and sending out
You can order a newsletter on our websites. Please note that we require certain data (at least your e-mail address) for suscribing to our newsletter.
The newsletter will only be sent to you, if you have given us your explicit consent. Once you have ordered our newsletter, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can withdraw your consent at any time. You can easily withdraw your consent, for example, by clicking on the unsubscribe link in every newsletter.
As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 (1) (f) GDPR and in the legitimate interest of being able to account for the lawfulness of the newsletter delivery.
Map service
On our websites we embed map services that are not stored on our servers. In order to ensure that opening our web pages with map services does not automatically lead to the downloading of third-party content, we will first only show locally stored preview images of the maps. This does not provide the third party provider with any information.
Only after clicking on the preview image is the content of the third party provider downloaded. This informs the third party provider that you have accessed our site and the technical usage data required in this context. We have no influence on any further data processing carried out by the third party provider. By clicking on the thumbnail, you give us permission to download content from the third-party provider.
Embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or § 15 para. 3 sentence 1 TMG (German Telemedia Act), provided that you have previously given your consent by clicking on the preview image.
Please note that the embedding of some map services means that your data will be processed outside the EU/EEA. In some countries there is a risk that authorities may access the data for security and surveillance purposes without your being informed or having the right to appeal. If we use providers in insecure third countries and you give your consent, the transfer of data to an insecure third country is carried out on the basis of Art. 49 para. 1 letter a GDPR.
Provider | Maximum Storage period | Adequate level of data protection | Withdrawal of consent |
Google LLC (USA) | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework) | Once you have clicked on a thumbnail, the content of the third-party provider is immediately reloaded. If you do not wish such content to be loaded on other pages, please do not click on any further preview images. |
Embedding of additional technical third-party content and functions
We use technical functions and content of third-party providers mentioned below to present our websites.
Calling up our pages leads to the content of the third-party provider being reloaded, who provides these functions and content. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context.
We have no influence on the further data processing by the third-party provider.
The embedding is based on Art. 6 (1) (f) GDPR and in our interest of making our site as appealing and informative as possible.
Please note that the use of third-party content and features may result in your data being processed outside the EU or EEA (in particular in the US). For transfers to the USA, an adequate level of data protection is ensured due to the adequacy decision (EU-U.S. Data Privacy Framework).
Provider | Technical function or content | Maximum storage period, if applicable | Transfer to third countries according to the provider's specifications and ensuring an adequate level of data protection | Withdrawal of consent |
Google LLC (USA) | JQuery (JavaScript library) | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). | If you wish to withdraw your consent, please clickhereand make the appropriate setting via our banner. | |
Google LLC (USA) | Google Fonts | For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). | If you no longer agree with such processing, please stop using our site. |
Storage period
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.
Data processors
We share your data with service providers that support us in the operation of our websites and the associated processes as part of data processing on behalf of the controller pursuant to Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bounded by our instructions and are contractually obligated accordingly.
In the following, we will name the processors with whom we work, if we have not already done so in the above text of the data protection declaration. If data may be processed outside the EU or the EEA in this context, we inform you about this in the following table.
Processor | Purpose | Adequate level of data protection |
dogado GmbH (Germany) | Web hosting and support | Processing only within EU/EEA |
Your rights as a data subject
Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data of you is being processed; if this is the case, you have the right to obtain information about the processed personal data and to receive the information listed in detail in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to request the rectification of any inaccurate personal data relating to you and, where applicable, the completion of any incomplete data, without delay.
Right to erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing, for the duration of the assessment by the controller, if one of the requirements listed in Art. 18 GDPR is met, e.g. if you have objected to the processing.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.
Right to withdraw consent (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future. Processing that took place before the withdrawal is not affected.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) (e) GDPR (data processing for the protection of public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular witha supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.
Asserting your rights
Unless otherwise described above, please contact the controller of the data processing named in the imprint to assert your rights as a data subject.
Contact details for the Data Protection Officer
Our external data protection officer will be happy to provide you with information on data protection via the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.dsn-group.de
E-mail: office@datenschutz-nord.de
If you contact our data protection officer, please also state the controller for the data processing named in the imprint.