I. Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws in the member states as well as other data protection law provisions is:

Rhenus SE & Co. KG
Rhenus-Platz 1
59439 Holzwickede
Germany
Phone: +49 (0)2301 29-0
Email: i[email protected]
Website: www.rhenus.group

II. Address and contact data of the data protection officer

Data Protection Officer
Rhenus-Platz 1
59439 Holzwickede
Germany
Email: [email protected]
Website: www.rhenus.group


We would like to provide you with the following notes and information regarding the way that we carefully protect your private details and the extensive level of confidentiality when handling your data:

III. Making available the website and generating log files

1. Anonymous data collection

In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you come and the corporate websites that you visit. This information is assessed with the date and time details for internal statistical purposes related to advertising, website analysis and for designing our websites to meet needs. You remain completely anonymous as a user in this process. No pseudonymised user profiles are generated.

2. The purpose and legal basis of data processing

The temporary storage of the IP address by the system is necessary in order to enable the website to be sent to the user’s computer. The user’s IP address must be stored for the duration of the session. The legal basis for temporarily storing the data is found in Article 6 Para. 1 f) of the GDPR.

3. The length of time that data is stored

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was gathered. When gathering data to make available the website, deletion occurs once the session in question has ended.

4. Opportunity to object and to have the data removed

The logging of data for making available the website and storing data in log files is absolutely necessary to operate the Internet site. There is therefore no opportunity for the user to object to this.

IV. Using cookies

1. Description and scope of the data processing

We make use of cookies to improve the quality of establishing the link with and the content of our website and to provide user-oriented navigation that is as smooth as possible. We make use of so-called session cookies that are restricted to the time of your visit to the website. They are used to determine which content is viewed from your PC while you continue to surf and they also play a role in increasing your security when surfing. Once you leave our website or do not click on it for a certain time, these short-term cookies are deleted again.  

Cookies cannot do any damage to your PC. They do not cause any security risk in the sense of viruses or spying on your PC. You control how cookies are handled yourself. Please use the help function in your browser to allow, reject, view and delete them.

We make use of cookies in order to make our website more user-friendly. Some elements on our website require us to identify the browser making the request after you move from one site to another. The following data is therefore stored and transmitted in the cookies:

  • language settings

We also use cookies that enable an analysis of the surfing behaviour of users. The following data can be transmitted in this way:

  • search terms that are entered

2. The purpose and legal basis of data processing

The purpose of using absolutely necessary cookies (technically necessary cookies) is to enable the use of websites for the users. The legal basis for the processing of personal data using absolutely necessary cookies is Article 6 Para. 1 f) of the GDPR.

Some functions of our website are not available without using cookies. It is essential for them that the browser is recognised again after a change of site. We need cookies for the following applications:

  • to take over language settings

The user data collected through the cookies required for technical purposes is not used to draw up any user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies enable us to see how the website is being used and we are then able to continually optimise our services. The following analysis cookies are used:

  • to note search terms

The legal basis for the processing of personal data using non-technically necessary cookies (performance cookies) is Article 6 Para. 1 a) of the GDPR (consent).

3. The length of time that data is stored and the opportunity to object and to have the data removed

Cookies are stored on the user’s computer and are transmitted to our site by the latter. As a user, you therefore have full control over the use of cookies. By making changes to the settings in your Internet browser, you can deactivate or restrict the sending of cookies. Any cookies already stored can be deleted at any time. This can take place automatically too. If cookies are deactivated for our website, it may not be possible for you to make full use of all the functions available on the website.

V. Newsletters

1. Description and scope of the data processing

Newsletters are sent on the basis of the user’s registration on the website:

It is possible to subscribe to a free newsletter on our website. The data entered on the input form is sent to us once you register for the newsletter. The following data is processed in this case:

  • your email address
  • your first name and surname (optional)

The following data is also gathered when you register:

  • the IP address of the computer making the request
  • the date and time of registration

Your consent is obtained to process the data as part of the registration process and reference is made to this data protection declaration.

The newsletter is sent on the basis of the sale of goods or services:

If you purchase goods or services from our website and leave your email address there, we may use this subsequently to send out a newsletter. In this case, the newsletter is exclusively used to directly advertise our own similar goods or services.

No data is forwarded to third parties in conjunction with processing data to send out newsletters. The data is exclusively used for sending out the newsletter.

2. The purpose and legal basis data processing

Newsletters are sent on the basis of the user’s registration on the website. The user’s email address is gathered for the purpose of delivering the newsletter. The gathering of other personal data as part of the registration process is used to prevent any misuse of the services or the email address that is used. 

The legal basis for processing the data, once the user has registered for the newsletter, is Article 6 Para. 1 a) of the GDPR, provided that the user has given consent for this.

The newsletter is sent out due to the sale of goods or services: Legal basis for the dispatch of the newsletter as a result of the sale of goods or services is § 7 Para. 3 UWG (german law) or Article 6 Para. 1 f) of the GDPR.

3. The length of time that data is stored

The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.

The personal data collected during the registration process is usually deleted after a period of seven days.

4. Opportunities to object and to have the data removed

The user concerned can terminate the subscription to the newsletter at any time. There is an appropriate link in each newsletter for this purpose. There is also an opportunity to cancel any consent to store the personal data that is gathered during the registration process.

VI. Registration

On our website you have several options for jumping to different tools of the Rhenus Group. Some of these require logins / registrations. The respective data protection regulations can be found on the start pages of the tools.

VII. Contact form and email contact

1. Description and scope of managing the data

There is a contact form on our website and it can be used to make contact electronically. If a user makes use of this facility, the data entered on the input form is sent to us and stored. This data involves:

  • subject
  • first name
  • last name
  • email address
  • name of the company
  • address of the company
  • country/Region
  • phone number
  • details of your delivery
  • free text
  • time of the request
  • IP address

Alternatively, it is possible to make contact via the email address that is made available. In this case, the user’s personal data that is sent with the email is stored.  

2. The purpose and legal basis of data processing

Within the scope of your contacting us, we process your personal data on the basis of the following legal principles for the following purposes:

The processing of the personal data from the contact form or your email serves us solely to process the contact and in case of follow-up questions. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Article 6 Para. 1 f) of the GDPR and, if applicable, Article 6 Para. 1 b) of the GDPR, if your request is aimed at the conclusion of a contract.

The other personal data processed when the email is sent is used to prevent any misuse of the contact form and guarantee the security of our IT systems.  The legal basis for the processing of personal data is Article 6 Para. 1 f) of the GDPR.

3. The length of time that data is stored

The data is deleted as soon as it is no longer required to achieve the purpose for which it was gathered. This is the case for any personal data from the input form in the contact form and the data that is sent by email when the relevant conversation with the user has been concluded. The conversation has been ended when the circumstances suggest that the facts of the case in question have been finally resolved.

The personal data, which is also gathered during the sending procedure, is deleted after a period of seven days, at the very latest.

4. Recipients of the data

In our contact form you can select the topic on which you would like to make an inquiry. Inquiries on the topic "General" are handled by the central specialist department. If necessary, we will forward your inquiry to the responsible Rhenus company for internal processing. This company will process the data you have provided in order to contact you regarding your inquiry.

Enquiries on all other topics are automatically forwarded for internal processing to the stored contact mail of the relevant Rhenus company and processed there. This company will process the data you have provided in order to contact you regarding your inquiry.

5. Opportunity to object and to have the data removed

In the case of Article 6 Para. 1 f) GDPR, you can object to the processing of your personal data at any time. Please note that in this case your request cannot be processed further. You can declare your objection by sending an email to our email address given above.

VIII. Google Analytics

This website makes use of functions provided by the web analysis service known as Google Analytics. The provider of this is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics makes use of so-called “cookies”. They are text files that are stored on your computer and enable an analysis of the use of the website. The information generated by the cookie about your use of this website is normally sent to a server operated by Google in the USA and stored there.

a) IP pseudonymisation

We have activated the IP pseudonymisation function on this website. This means that your IP address is abbreviated by Google within the member states of the European Union or in other signatory countries to the Agreement on the European Economic Area before being sent to the USA. The complete IP address is only sent to a Google server in the USA in exceptional cases before being abbreviated there. Google will use this information on behalf of the operator of this website in order to assess your usage of the website, to compile reports about the website activities and to enable the website operator to provide other services associated with the use of the website and the Internet. The legal basis is the consent according to Article 6 Para. 1 a) GDPR. The IP address sent from your browser by Google Analytics is not combined with any other data held by Google.

b) Browser plug-ins

You can prevent the cookies from being stored by making the appropriate setting in your browser software; however, we would point out that you may not be able to fully make use of all the functions of this website, if you do so. You can also prevent the logging of the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google or Google’s ability to process this data by downloading and installing the browser plug-in that is available at this link: tools.google.com/dlpage/gaoptout

c) Objecting to the logging of data

You can prevent the logging of your data by Google by clicking on the following link. This generates an opt-out cookie, which will prevent any of your data being logged during future visits to this website: tools.google.com/dlpage/gaoptout

You can obtain more information about how user data is handled at Google Analytics in Google’s data privacy declaration: https://support.google.com/analytics/answer/6004245?hl=de

d) Demographic features with Google Analytics                      

This website uses the “demographic features” function within Google Analytics. This means that it is possible to generate reports that contain statements about the age, gender and interests of the visitors to the site. This data comes from Google’s advertising that is related to interests and from visitor data from third-party providers. This data cannot be assigned to any particular person. You can deactivate this function by using the advertising settings in your Google account at any time or generally prohibit the logging of your data by Google Analytics, as demonstrated in the paragraph on “Objecting to the logging of data”.

IX. Hotjar

We use Hotjar on our website. This is a web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta, Europe, Tel: +1(855)464-6788 We use Hotjar to better understand the needs of our users and to improve our services and user experience on this website. Hotjar is technology services that help us better understand our users' experiences. For example, it is possible to see how much time users spend on which of our pages, which links users click on, what they like and what they don't like. This allows us to tailor our offerings to the feedback we receive from our users. The data processing is carried out on the basis of your consent (Article 6 Para. 1 a) GDPR). You can withdraw this consent at any time.

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. We have concluded a data processing agreement with Hotjar. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

You can prevent Hotjar from collecting the data. You can find detailed instructions with information about your browser at: https://www.hotjar.com/opt-out. Please note that this setting will be deleted if you delete your cookies.

For more details about Hotjar's privacy policy, please see the following link: https://www.hotjar.com/legal/policies/privacy.

X. Facebook Fanpages

On our website we use a link to our Facebook fan page. Jointly responsible for the operation of our Facebook fan pages is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data protection officer can be reached via the contact form or by post at the above address. Facebook Inc, is the American parent company of Facebook Ltd. Ireland and is EU-US Privacy-Shield certified. According to the requirement of Article 26 GDPR, an agreement for joint responsibility has been concluded. The agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

1. The purpose and legal basis of processing data

You can access our social media fan pages regularly at any time on the Internet, regardless of whether or not you have created a user account on the platform in question. If you are logged in to your facebook account, facebook can assign this to your facebook account. In both cases, however, your data will be processed by the internet platforms of the social network.

Every time you access the social media platform, your IP address is recorded and saved. In addition, a cookie is usually set on your site, which stores your visit and other data about your visit to the social media platform. Please note that Rhenus has no influence on the collection of data and its further use by the social networks. For example, there is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. When calling up our facebook fanpages, your data will be transferred to the USA.

a) Facebook-Insights

Rhenus and Facebook have a joint controllership to process this personal data in events for page insights ("Insights data"), as well as for data such as comments, likes, etc. The joint responsibility includes the creation of these events and their consolidation into Page-Insights, which are then made available to Rhenus.

We use "Facebook-Insights" to obtain a presentation of statistically processed data without personal reference. The statistical processing is generated and provided by Facebook. Rhenus, as the fan page operator, has no influence on the generation and provision. The data processing carried out by us is to a limited extent. This enables us to determine the behavior of our users and use this information to optimize our posts. Through the "Facebook Insights" we can learn, for example, about the following static data: the number of times the fan page is called up, the activity of its visitors, the range of posts, calls as well as the average duration of video playback, data on which country and city our visitors come from and statistics on the gender ratio of our visitors. The associated personal data processing takes place exclusively on Facebook. It is also possible that personal data may be processed when visiting our fan pages. Further information on the scope and processing of your personal data can be found in privacy policy of facebook.

The legal basis for the storage of Insights data on our part is the balancing of interests in accordance with Article 6 Para. 1 f) GDPR, so that the fan page is optimised and attractive for visitors.

b) Contact requests and visitor activity

If you contact us through facebook messenger to inform yourself about our services or to share your feedback, we process your personal data on the basis of our legitimate interest in responding to your request in accordance with Article 6 Para. 1 f) GDPR and, if applicable, Article 6 Para. 1 b) GDPR, if your request is aimed at the conclusion of a contract.

Usually we receive the following data from you:

  • name, first name,
  • gender,
  • age, place of residence (if they are public),
  • information that you provide in your message or comment to us,
  • if you have responded to our post and type of response, or you have shared or commented on it.

The data will be deleted as soon as they are no longer required for the purpose of their collection and no legal obligations to retain them exist. For the personal data from Facebook messages, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified.

2. Rights of the data subject

As part of the joint contollership with Facebook, you can exercise your rights as a data subject in accordance with Article 15, 16, 17, 18, 20, 21 GDPR both on Facebook and with us. Facebook assumes the fulfilment of the obligations arising from the GDPR for the processing of Insights data, in particular the safeguarding of the rights of data subjects. If you wish to make use of your rights as a data subject, please contact Facebook directly. If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.

XI. LinkedIn

Our website makes use of functions from the LinkedIn network. The provider here is LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Irland. Each time that you access one of our sites, which contains the LinkedIn functions, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our Internet sites with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our Internet site to you and your user account. We would point out that we as the provider of the sites do not know the content of the data that is transmitted or how LinkedIn uses this.

You can find more information on this in data privacy declaration of LinkedIn at:  https://www.linkedin.com/legal/privacy-policy.

LinkedIn Insight Tag

On our pages we use the so-called Insight Tag of the social network LinkedIn. This is used by the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereafter "LinkedIn"). The LinkedIn Insight Tag is a small JavaScript code snippet that we have added to our website.

The LinkedIn Insight tag allows us to collect information about visits to our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personally identifiable information with us, but only provides aggregate reports about the website's audience and display performance. LinkedIn also provides retargeting for site visitors, which allows us to use this data to display targeted advertising outside our site without identifying the member. LinkedIn members can control the use of their personal information for advertising purposes in their account settings.

Rhenus is responsible for processing the data from Insight Tag jointly with LinkedIn. The agreement according to Article 26 GDPR can be found here: https://legal.linkedin.com/pages-joint-controller-addendum.

1. The purpose and legal basis of data processing

The LinkedIn Insight tag is used for the purpose of providing detailed campaign reporting and information about visitors to our website and thus our advertising and marketing interests. As a LinkedIn marketing solutions customer, we use the LinkedIn Insight tag to track conversions, retarget our site visitors, and gather additional information about the LinkedIn members who view our ads. The legal basis for the processing of personal data is Article 6 Para. 1 f) GDPR. Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in the LinkedIn data protection information. These notes from LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

2. The length of time that data is stored

The data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days.

As a user, you can also decide at any time whether to execute the Java-Script code required for the tool via your browser settings. By changing the settings in your Internet browser, you can deactivate or restrict the execution of Java-Script and thus prevent it from being saved. Note: If the execution of Java-Script is deactivated, it is possible that not all functions of the website can be used to their full extent.

3. Opportunity to object and to have the data removed / Opt-Out

If you are a LinkedIn member and do not want LinkedIn to collect information about you through our website and link it to your membership information held by LinkedIn, you must log out of LinkedIn before visiting our website. You can also disable the cookie here, regardless of your LinkedIn membership: Opt-Out.

As part of the joint responsibility with LinkedIn, you can exercise your rights as a data subject in accordance with Article 15, 16, 17, 18, 20, 21 GDPR both with LinkedIn and with us. LinkedIn undertakes to fulfil the obligations arising from the GDPR for the processing of Insights data, in particular to guarantee the rights of data subjects. If you wish to exercise your data subject rights, please contact LinkedIn directly.

XII. YouTube

Our website uses features of the network of the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our YouTube channel-equipped sites, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile.

When you interact with our YouTube channel, we receive the following categories of personal data:

  • your username and other information you have posted on your profile;
  • when you subscribe or unsubscribe to our channel;
  • mark a video clip with "I like" or "I no longer like";
  • recommend it in a post or comment;
  • comment on, share or respond to a channel post.

You can prevent this by logging out of your YouTube account. If you are not logged in, we only receive static data without any personal reference:

  • views of the videos and average duration of video playback;
  • the website from which you came;
  • percentage of likes;
  • real-time activity;
  • information about which countries the visitors come from,
  • statistics on the age and gender ratio of visitors.

The purpose for processing your personal data is our legitimate interest in offering you interesting videos about our services or Rhenus world as well as making our YouTube presence more attractive (Article 6 Para. 1 f) GDPR).

You can find more information on how user data is handled in YouTube’s data privacy declaration at: https://www.google.de/intl/de/policies/privacy.

Information on how to change your privacy settings on Google can be found at this link: https://privacy.google.com/take-control.html?categories_activeEl=sign-in.

XIII. Twitter

We are present in the social network Twitter. These functions are offered by the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

When you interact with our Twitter profile, we receive the following categories of personal information:

  • your username and other information you have posted on your profile;
  • when you follow or stop following our channel;
  • mark a post with "I like" or "I no longer like";
  • comment, retweet or respond to a post or comment.

You can prevent this by logging out of your Twitter account. The purpose for processing your personal data is our legitimate interest in exchanging information with our fans (Article 6 Para. 1 f) GDPR).

By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter in the process. We would like to point out that we, as the provider of the sites, have no knowledge of the content of the transmitted data or its use by Twitter. For further information, please refer to the Twitter privacy policy at: https://twitter.com/privacy.

You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.

XIV. Instagram Fanpages

We present ourselves on the social media platform Instagram. The Instagram service is a Facebook product provided by Facebook Ireland Limited. Jointly responsible for the operation of our Instagram custom pages is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Privacy Officer can be contacted using the contact form or by post at the above address.

When calling up our Instagram Fanpages, Instagram collects personal data of the users. Such data collection by Instagram may also occur with visitors who are not logged in or registered with Instagram. Further information on the scope and processing of your personal data by Instagram can be found in privacy policy from Instagram.

Rhenus receives anonymous statistics on the use and utilization of the fan pages from Instagram due to the legitimate interest according to Article 6 Para. 1 f) GDPR. The following information is provided:

  • follower: Number of people who follow Rhenus - including growth and development over a defined period of time.
  • reach: Number of people who see a specific contribution. Number of interactions on a contribution.
  • ad performance: How many people were reached with a contribution or a paid ad and have interacted with it?

We use these statistics, from which we cannot draw conclusions about individual users, to constantly improve our presence on Instagram and to better respond to the interests of our users. We cannot link the statistical data with the profile data of our fans.

Rhenus receives personal data via Instagram if you actively communicate this to us via a personal message on Instagram. We use your data (e.g. first name, surname) to answer your request and in case of follow-up questions. The processing of personal data in this case serves us to process your contact and in case of follow-up questions. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Article 6 Para. 1 f) GDPR and, if applicable, Article 6 Para. 1 b) GDPR, if your request is aimed at the conclusion of a contract. The data will be deleted by us as soon as they are no longer required for the purpose of their collection and no legal obligations to retain them exist, or when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

XV. XING and Kununu

a) Xing

Rhenus maintains a profile on the social network XING, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. We have no knowledge of the content of the transmitted data or its use by XING.

We may learn the following categories of data when you interact with our site:

  • first and last name
  • gender
  • email addresses
  • phone numbers
  • job title and company
  • place: City and country
  • information that you send us in your message
  • if you like our contributions or if you have commented or shared them.


To prevent XING from collecting the above-mentioned data, please log out of XING. We process your personal data on the basis of our legitimate interest in responding to your request in accordance with Article 6 Para. 1 f) GDPR and, if applicable, Article 6 Para. 1 b) GDPR, provided that your request is aimed at concluding a contract.

For the purpose and scope of data collection and the further processing and use of data by XING, as well as your rights in this regard and setting options for protecting your privacy, please refer to the XING data protection information https://www.xing.com/privacy.

b) Kununu

We run a profile at kununu. kununu is an application of the XING service. This site is managed by Kununu (kununu GmbH represented by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany). The current data protection information for XING and its application kununu can be found at https://www.kununu.com/de/info/datenschutz.

 

XVI. Google Recaptcha

On our website we use Google reCAPTCHA to check and avoid interactions on our website through automated access, for example through so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

Through the certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that the data protection requirements of the EU will also be complied with when processing data in the USA.

This service enables Google to determine which website is sending a request and from which IP address you are using the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary to provide and guarantee this service.   

The legal basis is Article 6 Para. 1 f) GDPR. Our legitimate interest lies in the security of our Internet presence and in the defence against unwanted, automated access in the form of spam or similar. Google offers https://policies.google.com/privacy to provide further information on the general handling of your user data.

XVII. Google Maps API

Our website uses Google Maps API to visually display geographic information. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When using Google Maps, Google also collects, processes and uses data on the use of the Maps functions by visitors to the website. To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there.

The legal basis for the processing of personal data is Article 6 Para. 1 f) GDPR, i.e. legitimate interest on our part. Our legitimate interest lies in the appealing presentation of the geographical information and in the easy findability of the locations indicated on our website. Further information about the data processing by Google can be found in the data protection information of Google: http://www.google.com/privacypolicy.html.

XVIII. Cloudflare

1. Description and scope of managing the data

Our pages use features of Cloudflare. Provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. CloudFlare offers a worldwide distributed content delivery network with DNS. We have concluded a corresponding agreement with Cloudflare based on the GDPR for order processing as well as EU standard contract clauses.

A Content Delivery Network (CDN), as provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers around the world to bring web pages to your screen faster. Cloudflare makes copies of our website and places them on their own servers. When you visit our website, you will automatically be connected to Cloudflare's nearby servers which deliver the data. This way the loading time is significantly reduced.

We process your data when you access or use our domains, networks, websites, application programming interfaces and applications, or if you are authorized Cloudflare users for teams, such as our employees, agents or contractors. The information processed may include, but is not limited to, IP addresses, system configuration information and other information about traffic to and from our websites, devices, applications and/or networks (collectively, "Log Information").

In addition, Cloudflare stores server and network activity data, as well as observations and analysis collected by Cloudflare in the course of providing the Services (collectively, "Operational Metrics"). Examples of Operational Metrics include service availability and service availability metrics, request volumes, failure rates, cache rates, and IP threat assessments. Cloudflare uses and processes end-user log data to fulfill its obligations under our agreement.

2. The purpose and legal basis of data processing

We use Cloudflare to increase the speed of our website while reducing latency and thus improving/optimizing the user experience. The data processing is based on our legitimate interest (Article 6 Para. 1 f) of the GDPR).

3. The length of time that data is stored

In general, Cloudflare stores user-level data for domains in the Free, Pro and Business versions for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger security alerts during Cloudflare, exceptions to the above retention period may occur.

For more details on Cloudflare's privacy policy, please see the following link: https://www.cloudflare.com/de-de/privacypolicy/

XIV. The rights of data subject

1. Right of access

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from us about the following:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;

(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;

(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;  

(6) the existence of a right to make a complaint to a supervisory authority;

(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;

You can receive a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.

2. Right to rectification

You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restriction of processing

You may demand restrictions on the processing of the personal data related to you in the following situations:

(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;

(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;

(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or

(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.

4. Right to erasure

You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:

(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;

(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;

(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;

(4) the personal data related to you has been processed illegally;

(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;  

(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.

a) Exceptions

There is no right to have the data deleted if the processing of the data is required:

(1) to exercise the right of free expression and information;

(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;

(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;

(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or

(5) to assert, exercise or defend legal claims.

5. Right to data portability

You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if

(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and

(2) the processing of the data takes place using automated procedures.

When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.

The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.

6. The right to object

You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations. In this case we will no longer process your data. The latter does not apply if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests or if we need your data to assert, exercise or defend legal claims.

If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing. If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.

7. The right to cancel the declaration of consent under data protection law

You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.

8. The right to lodge a complaint to a supervisory authority

Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.