Data Privacy
In the following, we are providing information on the collection of personal data in connection with the use of our website as well as communication via email, fax or telephone. Personal data refers to all data relating to you personally, such as your name, address, email address, etc.
1. GENERAL INFORMATION
1.1 The following entities are the controller for the purpose of the General Data Protection Regulation (GDPR):
J.G. Niederegger GmbH & Co. KG
Zeißstraße 1 – 7
23560 Lübeck
Germany
Our Data Protection Officer can be reached as follows:
Postal address:
Datenschutzbeauftragter
der J.G. Niederegger GmbH & Co. KG
Zeißstraße 1 – 7
23560 Lübeck
E-Mail: datenschutz@niederegger.de
1.2 If we use contracted service providers for individual functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also specify the criteria for the storage period.
2. COLLECTION OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE
The type and scope of the collection and use of your personal data differs depending on whether you visit our website solely to retrieve information (see section 2.1) or to make use of the services we offer (see section 5 ff.). For information on the use of cookies, see section 2.3 of this statement.
2.1 If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to the server on which our website is located. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
2.2 We collect access data every time our website is accessed (so-called servo log), including: IP address; date and time of the query; time zone difference to Greenwich Mean Time (GMT); content of the request (specific page); access status/HTTP status code; data volume transferred; website, from which the request came (referring URL); browser; operating system and its interface; language and version of the browser software.
2.3 In the case of data storage in log files, this is the case after four weeks at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign them to the accessing client.
3. COOKIES
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.
3.1 This website uses transient cookies. Their scope and functionality are explained below:
3.2 Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
3.3 You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all the functions of this website.
3.4 We use technically necessary cookies to ensure that our website functions properly. Some elements of our site require that the browser used to access the site can also be identified when changing pages. In particular, the following data is stored and transmitted in these cookies: language settings, consent to data processing.
The legal basis for these technically necessary cookies is our legitimate interest in the correct display of our website and thus Art. 6 para. 1 lit. f GDPR.
3.5 Cookie consent
We also use cookies on our website that enable us to analyse users' browsing behaviour. If you would like to adjust your settings for the use of cookies on this site, please click on the red cookie item. Further information on the cookies we use, the data processing that takes place and the storage period of the cookies can be found below from the respective third-party providers.
The legal basis for processing personal data using cookies for analysis purposes is Article 6(1)(a) GDPR, provided that the user has given their consent. We use analysis cookies to improve the quality of our website and its content. Analysis cookies tell us how the website is used, enabling us to continuously optimise our offering.
4. DATA DELETION AND STORAGE PERIOD
4.1 We delete (Art. 17 GDPR) or block personal data as soon as the purpose of storage no longer applies, or restrict processing (Art. 18 GDPR). Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which we are subject. The data will also be deleted or processing restricted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4.2 This provision applies to all data collection and data processing operations listed in this declaration, unless otherwise specified in individual cases.
4.3 In the case of purely informational use of our website (see section 2.1 of this declaration), we will delete your personal data at the end of your visit to our website.
4.4 In the case of data storage in log files (see section 2.2 of this declaration), the purpose of storage ceases to apply as soon as the data is no longer required to ensure or improve the technical operation, stability or functionality of our website or to detect or prevent manipulative enquiries. However, further storage is possible. In this case, the IP addresses of the users will be deleted or anonymised so that it is no longer possible to identify the calling client.
5. WITHDRAWAL OR OBJECTION TO THE PROCESSING OF YOUR DATA
5.1 If you have given your consent to the processing of your data, you can withdraw it at any time. Such withdrawal affects the permissibility of the processing of your personal data after you have notified us of it. Data processing carried out until receipt of the revocation remains lawful. You can declare the revocation of your consent in writing or by e-mail to datenschutz@niederegger.de or by sending a message to the contact details given in the imprint.
5.2 If your consent was the only legal basis for processing your data, especially if we don't have a legitimate interest in processing it under Article 6(1)(f) of the GDPR, we'll block the data for further processing after you withdraw your consent and delete it right away once any legal storage obligations or rights have expired (Art. 17(1)(b) GDPR), unless we have another legal basis for processing the data, Art. 17 III GDPR. We ask for your understanding that this may require a certain amount of processing time.
5.3 If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is not necessary to fulfil a contract with you, which is explained in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of a justified objection, we will examine the situation and either stop or adapt the data processing or point out to you our compelling legitimate grounds on the basis of which we will continue the processing.
If we stop processing, we will delete the data immediately (Art. 17 (1) (c) GDPR).
You may object to the use of your personal data for the purpose of responding to your enquiry via our contact form or by email at any time without incurring any costs other than the transmission costs according to the basic rates. You can declare your objection in writing or by email to datenschutz@niederegger.de or by sending a message to the contact details provided in the legal notice. Please note, however, that your request may then not be processed and that processing your objection may take some time.
6. RECIPIENTS
In order to provide you with this website, we work with external service providers who provide IT services for us in relation to the creation, modification and maintenance of this website and who, in this context, have access to the personal data collected via this website. With regard to any other recipients, please refer to the following explanations.
7. USE OF OUR ONLINE SHOPS
7.1 When you visit the online shop for end consumers via our website, you will leave the website of Niederegger GmbH & Co. KG. Information on the processing of your personal data in the online shop can be found on the pages there.
7.2 If you wish to place an order as a business customer via our catalogue for business customers, it is necessary for the conclusion of the contract that you provide your personal data, which we require for contacting you via our contact form or by e-mail and for the subsequent processing of your order. Mandatory information required for contacting you to initiate the contract is marked separately; further information is voluntary. We process the data you provide to record and process your order. Data collected during the further course of the process is essential for the execution of the contract. We may use third parties such as shipping companies or our house bank for payment processing in order to execute the contract. The legal basis for this is Art. 6 (1) (b) GDPR
7.3 If you give your consent on the contact form, we may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
7.4 To prevent unauthorised access to your personal data by third parties, the process of submitting the contact form is encrypted using TLS technology.
8. CONTACT FORM AND OTHER CONTACT METHODS
8.1 Our website features a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. This data includes your gender, surname and email address, and optionally your first name, address and telephone number. When you send the message, your IP address and the date and time of registration are also stored.
8.2 Alternatively, contact can be made via the email address, fax number or telephone number provided, or by letter. In this case, the user's personal data transmitted by email, fax, letter or telephone call will be stored.
8.3 In this context, the data will not be passed on to third parties. The data will be used exclusively for the purpose of processing the conversation.
8.4 The legal basis for the processing of data transmitted in the course of sending an email, fax, telephone call or letter is Art. 6 (1) lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
8.5 The processing of personal data from the input mask serves solely to process the contact request. In the event of contact by e-mail, fax, telephone or letter, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
8.6 The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
8.7 Clause 2.2 applies to personal data collected during the contact form submission process in addition to the information provided in the form.
8.8 If you contact us via the contact form or by email, you can object to the storage of your personal data at any time (see clause 5 of this statement). In such a case, the conversation cannot be continued.
You can declare your objection by email to datenschutz@niederegger.deor by sending a message to the contact details provided in the legal notice.
In this case, all personal data stored in the course of contacting us will be deleted. Please note that this may take some time to process.
9. ORDERS AND TABLE RESERVATIONS IN OUR CAFÉS
9.1. If you place orders or reserve a table in our cafés by telephone, fax, email, our contact form or in person and provide us with your personal data (e.g. name and contact details as well as the number of participants), we will process your personal data for the purpose of fulfilling your requests or preparing your order and reserving a table.
9.2 The legal basis for this data processing is Art. 6 (1) lit. b GDPR. According to Art. 6 (1) lit. b GDPR, data processing is also permissible if it is necessary for the implementation of pre-contractual measures taken at the request of the data subject.
9.3 We will process your personal data until all claims arising from the legal relationship and its implementation have been fulfilled and settled, and will delete it at the latest after expiry of the statutory limitation periods and retention obligations.
9.4 We do not intend to transfer your personal data in connection with an order or table reservation to a location outside the European Union, but this cannot be ruled out if it is legally permissible.
10. APPLICANT PORTAL
When you click on our job vacancies in our career portal, you will leave the Niederegger website and be redirected to the web portal operated on behalf of and in the name of Niederegger. You can find out more about how your personal data is processed when you view individual job advertisements in the privacy policy provided there.
In order to provide you with our current job vacancies and our applicant portal, we work with external service providers who provide IT services for us in relation to the provision of job advertisements and the processing of application documents and who, in this context, have access to the personal data collected via the applicant portal. This includes, in particular, our personnel software provider personio SE & Co. KG.
Details on the data processing that takes place in the context of your application can also be found directly in the privacy policy on the applicant portal. On the pages found in the ‘Careers’ section, you have the opportunity to apply to the responsible party. If you apply there for a position at HPM Hanseatische Premium Marken Vertriebsgesellschaft mbH (hereinafter ‘HPM’), we will forward your personal data to them. Where we provide information about our data processing below, these statements apply to HPM accordingly.
10.1 We collect and process your personal data for the purpose of deciding whether to establish an employment relationship.
10.2 The legal basis for processing is Art. 6 (1) lit. b GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG). Personal data may also be processed on the basis of other labour law and social law provisions, in particular those of works constitution law in their respective versions.
10.3 Personal data processed for the purpose of deciding whether to establish an employment relationship will generally be deleted when processing is no longer necessary for the decision on establishing an employment relationship. The duration of storage depends on the duration of the decision-making process.
If you have sent us a speculative application – i.e. an application that does not relate to a specific position advertised by us – we will also process your personal data in order to decide whether to establish an employment relationship. The above statements apply accordingly, whereby we will generally delete your data if we believe that your personal data is unlikely to be used to decide whether to establish an employment relationship.
10.4 Under certain circumstances, your personal data may be used to assert, exercise or defend legal claims if you or the controller has legal claims or asserts them.
10.5 The legal basis in these cases is Article 6(1)(f) of the GDPR. According to Art. 6(1)(f) GDPR, the processing of personal data is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data in particular in relation to children. The legitimate interests of the controller or third party lie in the assertion, exercise or defence of legal claims
10.6. The categories of recipients of your applicant data include:
• HPM Hanseatische Premium Marken Vertriebsgesellschaft mbH, if you are applying for a position at HPM Hanseatische Premium Marken Vertriebsgesellschaft mbH;
• external service providers who provide services for us within the scope of order data processing or on the basis of other service contracts (e.g. IT services; banking services; communication services, services in the area of our financial management and the destruction of data carriers)
• authorities, if applicable (e.g. the Federal Employment Agency)
• Where applicable, the works council, the representative body for disabled employees and the equal opportunities officer (in each case within the scope of their statutory duties).
• Where applicable, courts in the context of legal disputes and other legal disputes
• Where applicable, solicitors in the context of legal disputes and other legal disputes as well as legal advice
• Where applicable, personnel service providers, including software providers and personnel consultants who support us in deciding whether to establish an employment relationship.
10.7 We do not intend to transfer your applicant data to countries outside the European Union, but we do not rule out the possibility of doing so, provided that it is lawful.
10.8 If you submit a declaration of consent under data protection law as part of your application process, you have the right to revoke this at any time without affecting the legality of the processing carried out on the basis of your consent until revocation. The permissibility of processing the data on other legal grounds may also remain unaffected.
You are not obliged to provide us with personal data for the application process. However, without the information necessary to assess your suitability and availability and to contact you, we cannot carry out the application process.
11. PRESS
On the pages found in the ‘Press’ section, you can obtain information about our company, current press releases and printable image material.
11.1 To do so, you will need to contact us and provide some personal data. It is necessary for you to contact us because the specially produced materials, and in particular our press kit, contain extensive information, for example on the manufacturing process of our products, which is intended for editorial use only.
11.2 When you contact us, the data you provide will be transmitted to us and stored revocably. The data will only be passed on to third parties within the scope of the processors we use on the basis of a data processing agreement concluded in accordance with Art. 28 GDPR. The following data is collected via the contact form: your gender, first name, surname, email address, address and telephone number. When you submit the contact form, your IP address and the date and time of submission are also stored. The contact form asks for the user's consent to the processing of this data.
11.3 Clause 2.2 applies to the personal data collected during the submission of the contact form in addition to the information provided in the form.
11.4 You may object to the storage of your personal data at any time (see section 5 of this statement). In such a case, it may no longer be possible to respond to your enquiry. You can submit your objection by email to datenschutz@niederegger.deor by sending a message to the contact details provided in the legal notice.
All personal data stored in the course of registering for and using the press portal will be deleted in this case. Please note that this may take some time due to the processing time required.
12. GOOGLE FONTS (LOCAL HOSTING)
We use Google Fonts on our website to ensure consistent font display. These are fonts provided by Google. Google Fonts are installed locally on our server. There is no connection to Google servers or transfer of data to Google.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
13. USE OF GOOGLE ANALYTICS
13.1 This website uses Google Analytics, a web analytics service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
13.2 The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
13.3 You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
13.4 This website uses Google Analytics with the extension ‘_anonymizeIp()’. This means that IP addresses are truncated before being processed, thereby ruling out any possibility of personal references. If the data collected about you contains any personal references, these are immediately excluded and the personal data is deleted immediately.
13.5 We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.pri-vacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR.
13.6 Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: www.google.de/intl/de/policies/privacy.
13.7 This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate cross-device analysis of your usage in your customer account under ‘My data’, ‘Personal data’.
14. GOOGLE TAG MANAGER
14.1 We use Google Tag Manager on our website. This tool is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager enables us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely for the management and display of the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transferred to Google's parent company in the United States.
14.2 The use of Google Tag Manager is based on our legitimate interest in integrating and managing analysis tools in order to measure and improve the effectiveness of our website and individual measures, and thus on the basis of Art. 6 (1) lit. f GDPR.
If we request consent for the tools used with Tag Manager, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
14.3 Google, as the provider of Tag Manager, is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that regulates compliance with European data protection standards for data processing in the US. Every US company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
14.4 The maximum storage period for Google Tag Manager cookies is 2 years.
15. GOOGLE RECAPTCHA
15.1 Our website uses ‘Google reCAPTCHA’ (hereinafter “reCAPTCHA”) from Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether the data entered in our contact forms (e.g. in the press portal, contact form, table reservations) is entered by a human or an automated programme. To this end, reCAPTCHA analyses the behaviour when calling up the contact form and visiting our website on the basis of various characteristics. When you first click on our website, reCAPTCHA analyses and evaluates various information such as your IP address, the length of time you spend on the website, and the mouse movements you make. These analyses are carried out without further notice to you and completely in the background.
15.2 We have a legitimate interest in protecting our web offerings from abusive automated spying and spam, and therefore base our data processing on Art. 6(1)(f) GDPR.
If you have consented to data processing, data processing is carried out on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. You can revoke your consent at any time.
15.3 The data collected during the analysis is forwarded to Google Ireland Limited. You can find out how Google handles this collected data here: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de. We have no influence on the data processing that takes place here.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
16. GOOGLE MAPS
16.1 We have linked to maps from Google Maps on our website. This map service is provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
When you click on the linked Google Maps, your IP address is usually transferred to a Google server in the USA. We have no influence on the transfer itself or on the type of data processing that takes place at Google Maps. Information on how Google Maps handles your data can be found here: https://policies.google.com/privacy?hl=de.
16.2 The link to Google Maps is based on our legitimate interest in making it easy for our customers to find our locations on the basis of Art. 6 (1) lit. f GDPR.
17. USE OF LINKS TO SOCIAL MEDIA PROFILES
17.1 We currently have profiles on the following social media platforms: Facebook, Instagram, Tripadvisor, LinkedIn. When you visit our site, no personal data is initially passed on to the providers of the social media platform. You can recognise the platform provider by the mark on the box above its initial letter or logo. We offer you the option of communicating directly with the platform provider via the button. Only when you click on the marked field and thereby activate it will the platform provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned in section 2 of this privacy policy will be transmitted. By clicking on the link, your personal data will be transmitted to the respective platform provider and stored there (in the case of US providers, in the USA). Since the platform provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.
17.2 We have no influence on the data collected and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing and the storage periods. We also have no information about the deletion of the data collected by the plug-in provider.
17.3 The platform provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective platform provider to exercise this right. Through the link, we offer you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the platform is your consent in accordance with Art. 6 para. 1 sentence 1 lit. aDS-GVO.
17.4 Further information on the purpose and scope of data collection and its processing by the platform provider can be found in the privacy policies of these providers, which are provided below. There you will also find further information on your rights in this regard and settings options for protecting your privacy.
17.5 Addresses of the respective providers of our social media profiles and URLs with their privacy policies:
• 17.5.1 Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; further information on data collection: https://www.facebook.com/help/186325668085084, https://www.face-book.com/about/privacy/your-info-onother#applications and www.face-book.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• 17.5.2 Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA; help.insta-gram.com/155833707900388
• 17.5.3 TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA; tripadvi-sor.mediaroom.com/DE-privacy-policy.
• 17.5.4 LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland https://www.linkedin.com/legal/privacy-policy.
18. SOCIAL MEDIA PROFILES
18.1 We also have publicly accessible profiles on social networks such as Facebook, Instagram, Tripadvisor and LinkedIn, which we link to from our website. Below, we would like to inform you about the data processing that takes place on these profiles.
We operate the respective profiles in joint responsibility with the respective platform operator.
We can only inform you here about the data processing that takes place on these profiles by us. We have no influence on further data processing by the platform providers. You can find information on this in the privacy policies of the respective platform operators.
18.1.1 Facebook
When you interact with us on our Facebook profile, we process the following data:
Your profile information, any posts you may have made or messages you may have sent, as well as the insights data processed by Meta.
Details on data processing on Facebook can be found here: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.
Meta is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.
18.1.2 Instagram
If you contact us via Instagram, we will process your profile information, information from your posts and any messages you may send.
Details on data processing on Instagram can be found here: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
As a Meta company, Instagram is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.
18.1.3 TripAdvisor
When you communicate with us on TripAdvisor, we receive your profile data and the information from your comments, as well as information about your consumption with us, if applicable.
Details on data processing on TripAdvisor can be found here: https://tripadvisor.mediaroom.com/de-privacy-policy.
18.1.4 LinkedIn
When you interact with us on LinkedIn, we process your profile information, the information from your posts, the messages sent to us and, where applicable, the information provided to us by LinkedIn.
Information on the purpose of data processing by LinkedIn and further information on this can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.
Data transfer to LinkedIn in the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de.
LinkedIn is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448
18.2 Purpose and legal basis of data processing
The purpose of our social media presence is to promote our company on these platforms and to link our online presence.
Our social media presence is intended to ensure the most comprehensive possible presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
The use of your data by us and the platform provider is based on your consent in accordance with Art. 6(1)(a) GDPR. Consent can be revoked at any time.
18.3 Responsible party and assertion of rights
When you visit our social media presence, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.
Please note that, despite our joint responsibility with the social media provider, we do not have full control over the data processing operations of the social media platform.
18.4 Storage period
The data collected directly by us via our social media presence will be deleted from our systems as soon as you request us to do so, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data stored by the operators of social networks for their own purposes.
19. YOUTUBE
19.1 Videos from the YouTube website are embedded on our website. The platform is operated by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our pages on which YouTube videos are embedded, a connection is established from our website to the YouTube servers. This tells the YouTube server which of our pages you have visited. If you have a YouTube account and are logged into your account while browsing our site, YouTube can directly associate your browsing behaviour with your personal profile. If you log out of your YouTube account, this is no longer possible.
19.2 We use YouTube to present our online offerings in an appealing way and to provide information about us and our products. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
19.3 Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
YouTube is certified under the EU-US Data Privacy Framework (DPF), which is an agreement between the European Union and the US to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be found at the following link: https://www.dataprivacyframework.gov/participant/5780.
20. YOUR RIGHTS
20.1 You have the right to obtain information about the processing of personal data concerning you (Art. 15 GDPR), to rectification (Art. 16 GDPR), to erasure (Art. 17 GDPR) and, where applicable, the right to restricted processing (Art. 18 GDPR). If the processing of your data is based on the legitimate interests of the controller or a third party, you may have the right to object on grounds relating to your particular situation (Art. 21 GDPR). Finally, you may have the right to data portability (Art. 20 GDPR). The detailed requirements for the aforementioned claims are set out in the General Data Protection Regulation and the Federal Data Protection Act.
20.2 Furthermore, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your data is not lawful. The address of the supervisory authority responsible for us is: Independent Centre for Data Protection Schleswig-Holstein, State Commissioner for Data Protection Schleswig-Holstein, Margret Hansen, Holstenstraße 98, 24103 Kiel.
