Controller within the meaning of the General Data Protection Regulation (“GDPR”) is:

Data protection

We are pleased about your visit on our web pages. The protection of your personal data is an important concern for us. In this Privacy Statement we explain how we collect your personal data, what we do with it, for what purposes and on what legal basis this is done, and which rights and claims are associated with it for you.

Our Privacy Statement for the use of our website does not apply to your activities on the websites of social networks or other providers that you can reach via the links on our websites. Please check the websites of these providers for their data protection regulations.

Collection and processing of your personal data

a. When you visit our website, we store your IP address and the name of your Internet service provider for seven days for security reasons, in particular to prevent and detect attacks on our websites or attempts at fraud.

b. We only store other personal data if you provide this data, e.g. as part of a registration or a contact form, and even in these cases only insofar as this is permitted to us on the basis of a consent given by you or in accordance with the applicable legal provisions (further information on this can be found below in the section “Legal basis of processing”).

c. You are not legally or contractually obliged to make available your personal data. However, it is possible that certain functions of our websites depend on the availability of personal data. If you do not make available personal data in these cases, this may result in functions not being available or only being available to a limited extent.

Purposes of use

a. We use the personal data collected when you visit our website in order to operate it in the most convenient manner for your use and to protect our IT systems from attacks and other illegal activities.

b. If you provide us with further personal data, e.g. within the scope of a registration or a contact form, we use this data for the purposes mentioned, for the purposes of customer administration.

Security

We use technical and organisational security measures to protect your data managed by us against manipulation, loss, destruction and against access by unauthorised persons. We are constantly improving our security measures in line with technological developments.

Legal bases of processing

a. Insofar as you have given us your consent for the processing of your personal data, that consent is the legal basis for the processing (Art. 6 para. 1 letter a GDPR).

b. For the processing of personal data for the purposes of initiating or fulfilling a contract with you, Art. 6 para. 1 letter b GDPR is the legal basis.

c. Insofar as the processing of your personal data is necessary for the fulfilment of our legal obligations (e.g. for the retention of data), we are authorized to do so pursuant to Art. 6 para. 1 letter c GDPR.

d. In addition, we process personal data for the purposes of safeguarding our legitimate interests pursuant to Art. 6 para. 1 letter f GDPR. Maintaining the functionality of our IT systems is also such a legitimate interests.

Deletion of your personal data

Your IP address and the name of your Internet service provider, which we only store for security reasons, will be deleted after seven days. Otherwise, we delete your personal data as soon as the purpose for which we have collected and processed the data ceases to apply. Beyond this point in time, data is only stored if this is required by the laws, regulations or other legal provisions of the European Union or of a member state of the European Union to which we are subject.

Rights of the data subject

a. As a data subject, you have the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data portability (Art. 20 GDPR).

b. If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The legality of processing your personal data before revocation remains unaffected. We may further process such data pursuant to another applicable legal basis, e.g. for the fulfilment of our legal obligations (cf. section “Legal bases of processing”).

c. Right to object
You have the right to object at any time to the processing of your personal data pursuant to Art. 6 para. 1 letter e GDPR (data processing in the public interest) or Art. 6 para. 1 letter f GDPR (data processing on the basis of a balance of interests) on grounds relating to your particular situation. If you object, we will only process your personal data if we can prove compelling legitimate reasons that outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims

d. We ask you to address your claims or declarations to the following contact address if possible:

Contact via the adress above or by email at “webmaster AT it-s-hermann.de”
(spamprotection: replace ” AT ” by @)

e. If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).