1. Your personal data as defined by Art. 4(1) GDPR (e.g. title, name, address, e-mail address, payment information) is only processed by us in accordance with the provisions of the German data protection law and taking into account the European General Data Protection Regulation (GDPR). The following provisions inform you of the nature, scope and purpose of collection, processing and use of personal data.
2. The processing of personal data as defined by Art. 4(2) GDPR is lawful in accordance with Art. 6 GDPR if one of the following conditions applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3. The processing of special categories of personal data (e.g. health data) as defined by Art. 9(1) GDPR is lawful particularly in accordance with Art. 9(2) GDPR if one of the following conditions applies:
– the data subject has given explicit consent to the processing;
– processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
4. Personal data does not undergo automated processing or profiling as defined by Art. 22 GDPR.
5. The operator ensures the security of the data in accordance with Art. 32 GDPR by implementing appropriate technical measures while taking into account the principle of proportionality.
6. If a data breach should nevertheless occur, the responsible supervisory authority in accordance with Art. 33 GDPR and the data subject in accordance with Art. 34 GDPR are notified.
Scope of validity
This data protection statement only applies to our website. If you are transferred to other websites via links on our pages, please seek information there regarding the handling of your data.
Duration of data storage
The duration for which the data you transfer is stored is based on the statutory retention obligation.
Sharing of data with third parties
Data transferred as part of the contractual relationship is only shared with third parties (Art. 4(10) GDPR) if you have expressly granted your consent (Art. 4(11) GDPR) or sharing is necessary for the performance of the contract. Consent can be revoked informally at any time. Data collected by visiting the website is only collected by the third parties explicitly stated below.
Controller as defined by GDPR
The controller as defined by the General Data Protection Regulation (GDPR), other data protection laws applicable in the European Union and other provisions relating to data protection is:
Phone: +49 89 5484 70-0
Fax: +49 89 5484 70-29
This page saves cookies in order to recognise its visitors again. We do not pass on data acquired by means of cookies to third parties. If you would nevertheless like to prevent cookies from being saved, you have the possibility of deactivating this in your browser settings.
Saving of access data in log files
You can also visit our website without providing information about your person. We only save access data in server log files, such as the name of the requested file, date and time of access, transferred data quantity and the requesting provider. This data is exclusively assessed to ensure the fault-free operation of the website and to improve our service, and does not enable us to make any conclusion about your person.
Google Web Fonts
External fonts, Google Fonts, are used on this website. Google Fonts is a service by Google Inc. (‘Google’). These web fonts are incorporated by means of a call to the server, usually to a Google server in the USA. In doing so, the server is notified about which of our websites you have visited. The IP address of the browser on the device of the person visiting this website is also saved by Google.
When the contact form offered on this website is used, the information you enter and the attached files are transferred and saved for the purpose of responding to your enquiry. We do not pass on data to third parties.
Security of your data / SSL encryption
In accordance with the legal regulations as per Section 13(7) German Broadcast Media Act (Telemediengesetz, TMG), this website uses SSL encryption, identified by a lock symbol in the address bar of your browser. Transferred data cannot be read by third parties when SSL encryption is activated.
This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can identify whether an individual page of our website is transferred encrypted by the displaying of a closed key or lock image in the lower status bar of your browser.
We otherwise employ suitable technical and organisational security measures (TOM) to protect your data from accidental or deliberate manipulation, partial or complete loss or destruction, and against unauthorised access by third parties. Our security measures are constantly improved in line with technological advancements.
Rights of the user
You can request information about the personal data stored about you at any time free of charge. Your rights comprise the confirmation, rectification, restriction, blocking and erasure of such data and the provision of a copy of the data in a portable form, as well as the withdrawal of granted consent and objection. Statutory retention requirements remain unaffected by this.
Your rights arise in detail from the following GDPR provisions:
- Article 7 (3) – Right to withdraw consent under the data protection law
- Article 12 – Transparent information, communication and modalities for the exercise of the rights of the data subject
- Article 13 – Information to be provided where personal data are collected from the data subject
- Article 14 – Information to be provided where personal data have not been obtained from the data subject
- Article 15 – Right of access by the data subject, right to confirmation and provision of a copy of the personal data
- Article 16 – Right to rectification
- Article 17 – Right to erasure ('right to be forgotten')
- Article 18 – Right to restriction of processing
- Article 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Article 20 – Right to data portability
- Article 21 – Right to object
- Article 22 – Right not to be subject to a decision based solely on automated processing, including profiling
- Article 77 – Right to lodge a complaint with a supervisory authority
To exercise your rights (with the exception of Art. 77 GDPR), please contact the person named under “Controller as defined by GDPR” (e.g. by e-mail to: firstname.lastname@example.org).
Responsible supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300