1. General information on the processing of personal data
(1) Protecting your personal data (“Data”) is particularly important to us. Therefore, we hereby wish to inform you in detail which Data are processed when you use our websites and services (“Data Processing Activities”).
(2) In accordance with Art. 4 Nr. 7 of the General Data Protection Regulation (“GDPR”), the controller is
Marie Bernard / bleu de prusse / 40 rue La Tour d’Auvergne – 44200 NANTES – France
Tel. +33 7 55 64 05 74 / E-Mail: firstname.lastname@example.org
(hereinafter: “We”). More detailed information can be found in our Legal notices.
2. Data Processing Activities when visiting our websites
(1) If you use our websites for informational purposes only, i. e. if you do not contact us or otherwise provide us with information, we only collect the personal Data that your browser transmits to our server. If you wish to view our websites, we collect the following Data, which are technically necessary in order for us to display our websites to you and to guarantee stability and security:
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific site/page),
- Access status/HTTP-status code,
- Respective data amount transferred,
- Website that the request is coming from,
- Server Log Files,
- Operating system and its interface,
- Language and version of the browser software.
(2) The legal basis is Art. 6 Para. 1 Sent. 1 lit. f. GDPR and the Data are saved only for the duration of your visit.
(1) In addition to the aforementioned Data, cookies are saved to your device when you use our websites. Cookies are small text files which are saved on your hard drive in association to the browser you are using and via which information is sent to us. Cookies cannot be used to launch programs or to transfer viruses to your device. They serve to make your internet experience more user-friendly and effective. The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR.
(2) You can configure your browser settings to meet your preferences, for instance by refusing to accept cookies. We do point out that you may not be able to use all of the functions and features of our websites.
3.1 Google Analytics
(2) If IP-anonymization is activated, Google shortens your IP-address within member states of the European Union and other parties to the Agreement on the European Economic Area. Only in exceptional cases the full IP-address is transmitted to a Google server in the USA and shortened there. IP-anonymization is activated on our web service. Upon our request, Google shall use this information to analyse the use of our websites, to compile activity reports and to provide us with other services related to the use of our websites and the internet.
(3) According to Google, the IP-address that your browser passes on to Google Analytics is not combined with any other Google data. You can prevent that cookies are saved by changing the appropriate settings in your browser software. Moreover, you can prevent Google from capturing and subsequently processing the Data generated by the cookie and which refer to your usage (including your IP-address) by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(2) In order to prevent Facebook from collecting the above data, the user can log out of Facebook prior to visiting the websites. In order to prevent the general access by Facebook to user data, the User can exclude Facebook social plug-ins by an add-on for the browser.
4. Data Processing Activities when you contact us
When you contact us, we process the Data you provide (f. ex. e-mail address, name and/or telephone number) in order to respond to your questions or to process your requests. The consent you give in the course of contacting us provides the legal basis for such data processing activities (Art. 6 Para. 1 lit. b GDPR).
5. Data Processing Activities during the performance of contract
(1) If we are in a contractual relationship with you, we process your master, contact and payment data as well as your communication and contract data in order to fulfil, process and invoice the contractual services. For the aforementioned purpose, your Data may be transferred to service providers who support us with our business and who we have of course selected with the utmost care and diligence. Such service providers include, in particular, providers of technical services who support us in rendering our services.
(2) The existing contractual relationship constitutes the legal basis (Art. 6 Para. 1 Sent. 1 lit. b. GDPR).
6. Other Data Processing Activities
(1) Should you have given your consent to receive our promotions (newsletters, SMS, E-mail, by post, etc.), we shall use your personal data to inform you of our offers via the respective means of communication. Should you have agreed to being approached in a promotional manner by third parties, we surrender the necessary data to these third parties in order to enable them to inform you of their offers. You can retract your approval of being approached in a promotional manner at any time.
(2) We reserve the right to use your data in order to contact you should our services undergo or have undergone important changes or developments.
7. Your rights
(1) You have the following rights in relation to us with regard to the personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification and erasure (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
(2) Furthermore, you have the right to complain to a supervisory authority for data protection about the processing of your Data by us.
(3) We would like to point out that any possible consent you have given pertaining to data protection can be revoked at any time, effective immediately. The same applies when you have given consent to be approached in a promotional manner. To do so, please contact us informally via e-mail at: email@example.com. Such revocation can result in our services no longer being available at all, or only with restrictions.
8. Data erasure, storage period
(1) The Data we store shall be deleted as soon as they are no longer needed for the purpose for which they are being stored and the law does not prescribe a statutory duty for the Data to be retained. In the event that user Data are not deleted on grounds that they are still required for other or legally admissible reasons, their processing shall be restricted. This means that the Data shall be blocked and shall not be processed for other purposes. This applies, for instance, for user Data that have to be kept for reasons pertaining to trade or tax law.
(2) In accordance with the pertinent legal provisions, such data shall be stored for six (6) years pursuant to Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and ten (10) years pursuant to Section 147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade or business letters, documents relevant for taxation, etc.).
9. Transmission of Data to third parties and third-party providers
(1) Data are only transmitted to third parties in a manner that is in compliance with the applicable statutory provisions. We only transmit user Data to third parties if, for example, doing so is necessary for contractual purposes pursuant to Article 6 Para. 1 lit. b. GDPR or on the basis of legitimate interests in economic and effective business operation within the meaning of Art. 6 Para. 1 lit. f. GDPR.
(2) In the event that we employ subcontractors in order to provide our services, we shall take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal Data are protected in accordance with the applicable statutory provisions.
(3) In case contents, tools or other means of third parties (hereinafter jointly referred to as “Third Party Providers”) are used in the framework of this privacy statement and the stated registered offices of those Third Party Providers are situated in a third country, it should be assumed that Data are transferred to the countries in which the Third Party Providers have their registered offices. Third countries are to be understood as such countries in which the GDPR does not constitute directly applicable law, i. e. in general countries outside of the EU or the European Economic Area. Data are only transferred to third countries if an adequate level of data protection is ensured, the user has given explicit consent or the law provides another form permission for such a transfer.
10. Final provisions
(1) We employ technical and organizational security measures to protect the Data we have gathered, especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized persons. Our security measures are subject to continuous improvement in line with technological advances and development.