Skip to main content

Restaurante Leonardo | Sophienstr. 6 | 30159 Hannover

Privacy Policy

Preamble

We, Weinstube Leonardo (hereinafter jointly the “website operator”, “company”, “controller”, “we” or “us”), take the protection of your personal data seriously and would like to inform you here about data protection in our company. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

As part of our responsibility under data protection law, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) has imposed additional obligations on us to ensure the protection of personal data of data subjects affected by processing (we refer to you as a data subject hereinafter also as “customer”, “user”, “you” or “data subject”).

Please note that data transmission on the internet (for example when communicating by email) can have security gaps. Complete protection of the data against access by third parties is not possible. Insofar as we, either alone or jointly with others, decide on the purposes and means of data processing, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 GDPR). This privacy policy (hereinafter: “privacy policy”) explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

Our privacy policy is modular in structure. It consists of a general section that applies to any processing of personal data and processing situations that occur whenever a website is accessed (A. General notes) and a special section, the content of which only relates to the processing situation specified there with designation of the respective service or product, in particular the visit to this website described in more detail here (B. Data collection when visiting this website).

A. General notes

Definitions

Based on Art. 4 GDPR, the following definitions apply to this privacy policy:

  • Personal data” (Art. 4 no. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Identifiability can also be given by linking such information or additional knowledge. The manner, form or embodiment of the information is irrelevant (photos, video or audio recordings can also contain personal data).
  • Processing” (Art. 4 no. 2 GDPR) means any operation which is performed on personal data, whether or not by automated means (i.e. technology supported). This includes in particular the collection (i.e. procurement), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data as well as the modification of a purpose originally underlying the data processing.
  • Controller” (Art. 4 no. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Third party” (Art. 4 no. 10 GDPR) means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other group-affiliated legal entities.
  • Processor” (Art. 4 no. 8 GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g. IT service providers). In the sense of data protection law, a processor is in particular not a third party.
  • Consent” (Art. 4 no. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Name and address of the controller

The entity responsible for processing your personal data within the meaning of Art. 4 no. 7 GDPR is:

Weinstube Leonardo
Sophienstr. 6, 30159 Hanover
Phone: 0511 321033
Email: info@weinstube-leonardo.de

Further information about our company can be found in the legal notice on our website.

Legal bases for data processing

As a rule, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following legal justifications:

  • Art. 6 para. 1 sentence 1 lit. a GDPR (“consent”): where the data subject has given consent to the processing of his or her personal data for one or more specific purposes, freely, in an informed and unambiguous manner by a statement or a clear affirmative action;
  • Art. 6 para. 1 sentence 1 lit. b GDPR: where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6 para. 1 sentence 1 lit. c GDPR: where processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a statutory retention obligation);
  • Art. 6 para. 1 sentence 1 lit. d GDPR: where processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Art. 6 para. 1 sentence 1 lit. e GDPR: where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
  • Art. 6 para. 1 sentence 1 lit. f GDPR (“legitimate interests”): where processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (in particular where the data subject is a minor).

For the processing operations carried out by us, we indicate below in each case the applicable legal basis. A processing operation can also be based on several legal bases.

General notes on the legal bases for data processing on this website

If you have given your consent to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR and, where special categories of data within the meaning of Art. 9 para. 1 GDPR are processed, on the basis of Art. 9 para. 2 lit. a GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies and/or to access to information on your device (e.g. via device fingerprinting), data processing additionally takes place on the basis of sec. 25 para. 1 TDDDG. You may revoke your consent at any time. If your data is required for contract performance or for carrying out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary for compliance with a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. The relevant legal bases in the individual case are explained in the following sections of this privacy policy.

Data deletion and storage period

For the processing operations carried out by us, we indicate below in each case how long the data is stored and when it is deleted or blocked. Where no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose of the storage or the legal basis ceases to apply, unless commercial or tax law retention obligations exist. If you assert a justified request for erasure or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion takes place after these grounds cease to apply. This means that from the time when statutory retention obligations no longer apply, the data is deleted unless you have expressly consented to further use.

However, storage may go beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or where storage is prescribed by statutory provisions to which we, as controller, are subject (e.g. sec. 257 German Commercial Code, sec. 147 German Fiscal Code). When the statutory retention period prescribed by these provisions expires, the personal data is blocked or deleted unless further storage by us is required and a legal basis exists for this.

Your data is generally stored only on servers within the EU, subject to any onward transfer in accordance with the rules in A.(9) and A.(10).

Data security

Taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons in the event of a data breach, we implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties (e.g. TLS encryption for our website). Our security measures are continuously improved in line with technological developments.

We will gladly provide more detailed information on this upon request. To do so, please contact us using the contact details set out in A.(2).

Technical and organizational measures

We implement technical and organizational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are adapted to the current state of the art at all times.

Cooperation with processors

As with any company, we also use external domestic and foreign service providers to handle our business operations (e.g. in the areas of IT, logistics, telecommunications, sales and marketing). These act only in accordance with our instructions and have been contractually obliged in accordance with Art. 28 GDPR to comply with data protection provisions. Where personal data about you is transferred by us to our subsidiaries or transferred by our subsidiaries to us (e.g. for advertising purposes), this takes place on the basis of existing processing agreements.

Transfer of personal data to third parties; legal basis

The following categories of recipients, generally processors (see A.(8)), may have access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for such transfer is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as they are not processors;
  • Public authorities and institutions where this is necessary to comply with a legal obligation. The legal basis for such transfer is Art. 6 para. 1 sentence 1 lit. c GDPR; and
  • Persons used by us in the operation of our business (e.g. auditors, banks, insurance companies, legal advisers, supervisory authorities, parties involved in company acquisitions or the formation of joint ventures). The legal basis for such transfer is Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR.

We use the following third party services:

  • Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (hereinafter: “Amazon EU”).
  • Schlütersche Marketing Holding GmbH, Hans-Böckler-Allee 7, 30173 Hanover (hereinafter: “Schlütersche”).
  • Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA (hereinafter: “Font Awesome”).
  • Google Analytics: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter: “Google EU”).

The registered office of a third party provider may be located in a third country, i.e. in a country where the GDPR does not have direct legal effect. In this case, data is only transferred in accordance with the strict requirements set out in more detail in A.(10).

In all other respects, we only pass on your personal data to third parties if you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Conditions for the transfer of personal data to the USA and other third countries

In the context of our business relationships, your personal data may be passed on or disclosed to third parties.

These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place solely to fulfill contractual and business obligations and to maintain your business relationship with us.

For the USA, an agreement between the European Union and the USA has also been concluded to ensure compliance with European data protection standards for data processing in the USA. Under this agreement, every company certified under the Data Privacy Framework (DPF) undertakes to comply with these data protection standards. You can obtain further information on this from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

No automated decision making (including profiling)

We do not intend to use personal data collected from you in any procedure for automated decision making (including profiling).

No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing personal data in advance. As a website visitor, you are generally under no statutory or contractual obligation to provide us with your personal data; however, it may be that we are only able to provide certain services in a limited way or not at all if you do not provide the data required for this. If this is exceptionally the case in connection with the products we offer and described below, you will be informed separately.

Statutory obligation to transfer certain data

We may be subject to a specific statutory or legal obligation to provide lawfully processed personal data to third parties, in particular public authorities (Art. 6 para. 1 sentence 1 lit. c GDPR).

Your rights

You may assert your rights as a data subject with regard to your processed personal data against us at any time using the contact details specified at the beginning in A.(2). As a data subject, you have the right:

  • pursuant to Art. 15 GDPR to obtain information on the data we process about you. In particular, you may request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information about its details;
  • pursuant to Art. 16 GDPR to obtain without undue delay the rectification of inaccurate data or the completion of your data stored by us;
  • pursuant to Art. 17 GDPR to obtain the erasure of your data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, compliance with a legal obligation, reasons of public interest or for the establishment, exercise or defense of legal claims;
  • pursuant to Art. 18 GDPR to obtain restriction of processing of your personal data, insofar as the accuracy of the data is contested by you or processing is unlawful; if you contest the accuracy of your personal data stored by us, we will usually need time to verify this. For the duration of the review, you have the right to request restriction of processing of your personal data. If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balancing of your and our interests must be carried out. As long as it has not been determined whose interests prevail, you have the right to request restriction of processing of your personal data. If you have obtained restriction of processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for important reasons of public interest of the European Union or of a Member State;
  • pursuant to Art. 20 GDPR you have the right to request that data which we process automatically on the basis of your consent or in performance of a contract be handed over to you or to a third party in a structured, commonly used and machine-readable format. Where you request direct transfer of the data to another controller, this will only be done where technically feasible;
  • pursuant to Art. 21 GDPR the right to object at any time to processing, insofar as processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This also applies to profiling based on these provisions. This is particularly the case where processing is not necessary for the performance of a contract with you. If the objection is not directed against direct marketing, we ask that, when exercising such an objection, you state the reasons why we should not process your data as we have done. In the event of a reasoned objection, we will examine the situation and either stop or adapt the data processing, or demonstrate to you our compelling legitimate grounds on the basis of which we will continue the processing. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21 para. 2 GDPR);
  • pursuant to Art. 7 para. 3 GDPR to withdraw at any time consent you have given (including such consent given before the GDPR came into force, i.e. before 25 May 2018) – in other words your freely given, informed and unambiguous indication, by a statement or by a clear affirmative action, that you agree to the processing of the relevant personal data for one or more specific purposes. Many data processing operations are only possible with your explicit consent. You can withdraw consent you have already given at any time. The lawfulness of data processing that took place before the withdrawal remains unaffected by the withdrawal; and
  • pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular the data protection supervisory authority responsible for us, in the event of violations of the GDPR in connection with the processing of your personal data. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Changes to this privacy policy

In the context of further developments in data protection law and technological or organizational changes, our privacy policy is regularly reviewed for the need for adjustments or additions.

B. Data collection when visiting this website

Explanation of functionality

You can find information about our company and the services we offer in particular on this domain and its associated subpages (hereinafter jointly: “website”). When you visit our website, personal data about you may be processed.

Processed personal data

Depending on the type of cookie, your personal data is collected automatically or after your consent when you visit the website by our IT systems. When you use our website for information purposes only, a so called log file dataset (server log file) is temporarily and anonymously stored on our web server (hereinafter: “log data”). This consists of:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used (type and version) and the operating system of your computer

These data are not merged with other data sources.

Purpose and legal basis of processing

We process the above-mentioned personal data in accordance with the provisions of the GDPR and other applicable data protection regulations and only to the extent necessary. Where the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. f GDPR, the purposes stated herein also constitute our legitimate interests.

We process the log data for the following purposes in order to:

  • ensure a smooth connection to our website,
  • ensure the error free provision of the website,
  • optimize the content of our website for you, and
  • ensure the security and stability of the systems.

These purposes are in your and our legitimate interest. In addition, we may also use this data in order to comply with our legal obligations when cooperating with law enforcement authorities. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. The legal basis for data processing is therefore Art. 6 para. 1 lit. f GDPR. The log files are stored for 14 days.

Other personal data may be used to analyze your user behavior. This requires your explicit consent. Otherwise, personal data cannot be used for analysis and advertising purposes. You may withdraw this consent at any time with effect for the future. The legal basis for the processing of personal data for the aforementioned purpose is therefore Art. 6 para. 1 lit. a GDPR.

Duration of data processing

Your data is only processed for as long as is necessary to achieve the above processing purposes; the legal bases specified in connection with the processing purposes apply accordingly. With regard to the use and storage period of data, please also refer to the information under A.(5).

Third parties commissioned by us will store your data on their systems for as long as is necessary in connection with the provision of the services for us according to the respective assignment.

Further details on the storage period of personal data can also be found under A.(5).

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in your browser address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Hosting and content delivery network (CDN)

– Hosting

We host the content of the website with COCO – a Software as a Service provided by Schlütersche (“COCO”). When you visit our website, COCO collects various log files including your IP address. All data collected when you visit our website is processed and stored on COCO’s servers. Further information on data protection by COCO can be found at the following website: https://coco.one/datenschutz

The use of COCO is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a presentation of our website that is as reliable as possible. If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and sec. 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies and/or access to information on the user’s device (e.g. for device fingerprinting) within the meaning of the TDDDG. You may withdraw your consent at any time.

Processing

We have concluded a processing agreement (AVV) with COCO for the use of the above mentioned service. This is a contract required under data protection law that ensures that COCO processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

– Amazon CloudFront CDN

We use the Amazon CloudFront CDN content delivery network. Provider is Amazon EU.

Amazon CloudFront CDN is a globally distributed content delivery network. In technical terms, the transfer of information between your browser and our website is routed through the content delivery network. This allows us to increase the global availability and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transfer to the USA as a result of the use of Amazon CloudFront CDN is based on the EU Commission’s standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

Further information on Amazon CloudFront CDN can be found here:
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

The company is certified under the EU US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TOWQAA4&status=Active

Processing

We have concluded a processing agreement (AVV) with Amazon EU for the use of the above service. This is a contract required under data protection law that ensures that Amazon EU processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Use of analytics tools, cookies, plugins and other third party tools on our website

When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so called analytics programs, cookies, pixels and plugins. Detailed information on these individual analytics programs, cookies, pixels and plugins can be found in the following parts of this privacy policy:

– Cookies

We use cookies to make visiting our website attractive and to enable the use of certain functions. Cookies are small data packets that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until your web browser deletes them automatically. In the latter case, you can find the storage period in the overview of cookie settings in your web browser.

Cookies can be set by us (so called first party cookies) or by third party companies (so called third party cookies). Third party cookies enable the integration of certain services of third party companies on our website (e.g. cookies for displaying location information).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (for example, consent via the cookie consent banner or sessions) (so called technically necessary cookies). Other cookies can be used to analyze user behavior or for advertising purposes (so called statistics cookies or marketing cookies).

The purpose of using technically necessary cookies is to make the use of the website easier for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after changing pages. The user data collected by technically necessary cookies is not used to create user profiles.

Statistics and marketing cookies are used to improve the quality of our website and its content. Statistics and marketing cookies tell us how the website is used and enable us to continuously optimize our services.

The legal basis for setting and storing technically necessary cookies on your device is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing technically necessary cookies for the technically error free and optimized provision of its website services. The use of statistics cookies and/or marketing cookies, on the other hand, requires your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR and sec. 25 para. 1 TDDDG. The setting and storage of statistics and marketing cookies takes place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and sec. 25 para. 1 TDDDG); you may revoke this consent at any time.

Cookies are stored on the user’s computer and transmitted from there to our site. You therefore have full control over the setting of cookies as a user. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies, set the browser to notify you when cookies are placed and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in detail from the cookie banner.

Consent
This website uses the consent technology of the COCO software (legally represented by Schlütersche Marketing Holding GmbH, Hans-Böckler-Allee 7, 30173 Hanover) to obtain your consent for the storage of certain cookies on your device or the use of certain technologies and to document this in compliance with data protection requirements.

The cookie consent tool is displayed to users when they access the site in the form of an interactive user interface, on which consents for certain cookies and/or cookie based applications can be given via check boxes. When using the tool, all cookies and services that require consent are only loaded if the respective user has given the corresponding consent by ticking the relevant box. This ensures that such cookies are only set on the respective user’s device if consent has been given. The tool sets technically necessary cookies to store cookie preferences. Personal user data is generally not processed in this context.

When you visit our website, cookies are stored in your browser – including “_cc_settings” and “cc_shown”, which document your consents or their withdrawal, as well as the session cookie “web#_session”, which allows various requests during a session to be assigned to your session. The placeholder <#> stands for a system specific identifier used to separate tenants within the underlying software. This data is not passed on to third parties.

The use of the cookie consent technology is carried out to obtain the legally required consent for the use of certain technologies.

The legal basis for this is Art. 6 para. 1 lit. c GDPR. Where, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest in lawful, user specific and user friendly consent management for cookies and consequently in the legally compliant design of our online presence.

The collected data is stored until you ask us to delete it, withdraw your consent, the cookies delete themselves or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.

Cookies are stored on the user’s computer and transmitted from there to our website. You therefore have full control over the use of cookies as a user. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. If cookies already stored for our website are deactivated, it may no longer be possible to use all functions of the website in full.

– Google Analytics

This website uses functions of the Google Analytics web analysis service, an analytics tracking tool of the American company Google Inc. (hereinafter: “Google”). The provider for companies based in Europe is Google EU.

Google Analytics enables the website operator to analyze the behavior of website visitors. When you click a link, for example, this action is stored in a cookie and sent to Google Analytics. Information such as browser, IP address, referrer URL, session duration, bounce rate, location, page views, time spent, operating systems used and origin of the user is collected. We can also use Google Analytics to record, among other things, your mouse and scrolling movements and clicks. Google EU also creates so called heat maps. Heat maps show the areas that you click on. This gives us information about where you move around on our site. Other data collected by Google EU includes contact details, any ratings, media playback (e.g. if you play a video via our site), sharing of content via social media or adding to your favorites.

Google Analytics also uses various modeling approaches to supplement the collected datasets and uses machine learning technologies in data analysis.

This data is combined in a user ID and assigned to the respective device of the website visitor. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there. Google EU processes the data and we receive reports about your user behavior.

Google Analytics uses technologies that allow users to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). With the help of a tracking code, Google Analytics creates a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user. If you visit our website again, you will be recognized as a returning user by Google Analytics. All data collected in this context is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles in the first place. In order to be able to analyze our website with Google Analytics, a property ID must be added to the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is set as standard.

The use of Google Analytics requires your consent, which we have obtained via our cookie pop up. This consent in accordance with Art. 6 para. 1 lit. a GDPR constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering technically and economically. With the help of Google Analytics, we can identify errors on the website, detect attacks and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest). We only use Google Analytics if consent has been given.

Google EU has servers all over the world. Most servers are located in the USA. The information collected by Google EU about the use of this website is generally transferred to a Google EU server in the USA and stored there. You can read exactly where Google’s data centers are located here:
https://www.google.com/about/datacenters/locations/?hl=de

The company is certified under the EU US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information on this from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymization

We have activated IP anonymization on this website. This means that your IP address is shortened by Google EU within Member States of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google EU server in the USA and shortened there. On behalf of the website operator, Google EU will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google EU data.

Demographic characteristics with Google Analytics

This website uses the “demographic characteristics” function of Google Analytics in order to display suitable advertisements to website visitors within the Google advertising network. This enables the creation of reports that contain statements about the age, gender and interests of site visitors. These data originate from interest based advertising by Google and from visitor data from third party providers. This data cannot be assigned to any specific person. You can deactivate this function at any time in the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as explained in the section “Objection to data collection”. Google Analytics is only used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and sec. 25 para. 1 TDDDG, which is obtained via the cookie consent banner. You can withdraw your consent at any time with effect for the future by deactivating this service in the cookie consent banner provided on the website. If you do not consent to the use of Google Analytics, Google Analytics will not be used when you visit our website.

Data transfer to the USA as a result of the use of Google Analytics is based on the EU Commission’s standard contractual clauses. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/

Processing

We have concluded a processing agreement (AVV) with Google EU and fully implement the strict requirements of the German data protection authorities when using Google Analytics. The statistics and data from Google Analytics help us to optimize our web presence and adapt it to user preferences and to offer our services in the best possible way. The statistical data evaluated by Google EU shows us the strengths and weaknesses of our website, and we can optimize it on this basis. The data also helps us to carry out our advertising and marketing measures more individually and cost effectively. The storage period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the storage period for your user data is fixed at 14 months. For other so called event data, we have the option of choosing a storage period of 2 months or 14 months. For Universal Analytics properties, the storage period of your user data is standardized at 26 months. Your user data is then deleted.

Browser plugin

You can prevent Google EU from collecting and processing your data by downloading and installing the browser plugin available via the following link:
https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on how Google EU handles user data when using Google Analytics in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de

We hope that we have been able to explain the most important information on data processing with Google Analytics. If you want to learn more about this tracking service, we recommend these two links:
https://marketingplatform.google.com/about/anayltics/terms/de/ and
https://support.google.com/analytics/anser/6004245?hl=de

Plugins and other tools

– Google Fonts (local hosting)

This site uses so called Google Fonts, which are provided by Google EU, for the uniform display of fonts. The Google Fonts are installed locally on our server, so that no connection to Google servers is established when this website is accessed. As a result, no personal data (such as IP address) is transmitted to Google.

The use of Google Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find more information on Google Fonts at
https://developers.google.com/fonts/faq
and in Google’s privacy policy at:
https://policies.google.com/privacy?hl=de

– Font Awesome (local hosting)

This site uses Font Awesome for the uniform display of symbols and icons. Font Awesome is installed locally on our servers so that no connection is made to Fonticons servers. This means that no personal data is transmitted to third parties.

The use of Font Awesome is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on Font Awesome can be found in the Font Awesome privacy policy at:
https://fontawesome.com/privacy

– Contact form

If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you provide there, is stored by us for the purpose of processing the inquiry and in case of follow up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or necessary for carrying out pre contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), where this has been requested; consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you ask us to delete it, withdraw your consent to storage or the purpose for data storage no longer applies (e.g. after completion of processing your inquiry). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

CRV

We use a CRV of the COCO software from TDA on this website, in particular in connection with the contact form. The purpose of the CRV is to check whether data input on this website (e.g. in a form) is made by a human or by an automated program. For this purpose, the CRV analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the site. For the analysis, the CRV evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements carried out by the user).

The CRV analyses run completely in the background. Website visitors are not informed that such an analysis is taking place.

Data storage and analysis is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web presence from abusive automated spying and SPAM.

– Subscription to our newsletter

If you would like to receive our newsletter or download files from our website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis.

This website uses COCO to manage the sending of the newsletter.

COCO is a service that enables newsletter dispatch to be organized. The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on COCO’s servers in Germany and thus passed on to COCO. In individual cases, data may also be transferred to other regions. The storage and processing of the data on COCO’s servers is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You may withdraw your consent to the storage of the data (e.g. the email address) and its use for sending the existing customer newsletter at any time. The lawfulness of the data processing operations already carried out in connection with the newsletter dispatch remains unaffected by the withdrawal.

Our newsletters sent with COCO enable us to analyze the behavior of newsletter recipients. For example, it can be analyzed how many recipients opened the newsletter message and how often which link in the newsletter was clicked.

For the analysis, the emails sent contain so called web beacons or tracking pixels, which are one pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links have been clicked where applicable. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). You can view the data protection provisions of COCO here: https://coco.one/datenschutz

Processing

We have concluded a processing agreement (AVV) with COCO, in which we oblige COCO to protect our customers’ data and not to pass it on to third parties.

Inquiries by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or necessary for carrying out pre contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), where this has been requested; consent can be withdrawn at any time with effect for the future.

The data you send to us in the context of contact inquiries will remain with us until you ask us to delete it, withdraw your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.