Name and contact details of the person(s) in charge Our responsible person(s) (hereinafter “responsible person”) within the meaning of Art. 4 no. 7 DS-GVO is: Stefan Frenzel
DEM Digitales Marketing Experten e.K. Donauschwabenstr. 3 85386 Eching, Germany E-mail-address: firstname.lastname@example.org
Data types, purposes of processing and categories of data subjects
In the following we inform you about the type, scope and purpose of collecting, processing and using personal data.
1. Types of data we process Usage data (access times, websites visited etc.), contact data (telephone number, e-mail, fax etc.), communication data (IP address etc.),
2. Purposes of processing under Article 13 (1) c) DS-GVO Optimize website technically and economically, improve user experience, make website user-friendly, marketing / sales / advertising, create statistics, avoid SPAM and abuse, handle contact requests, security measures,
3. Categories of data subjects under Article 13 (1) e) DS-GVO Visitors/users of the website,
The data subjects are collectively referred to as “users”.
Legal basis for the processing of personal data
In the following we inform you about the legal basis of the processing of personal data:
1. Once we have obtained your consent to process personal data, the legal basis is Article 6 (1) sentence 1 lit. a) DS-GVO.
2. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken in response to your request, the legal basis is Article 6 (1) sentence 1 lit. b) DS-GVO.
3. If the processing is necessary to fulfil a legal obligation to which we are subject (e.g. statutory storage obligations), the legal basis is Article 6 (1) sentence 1 lit. c) DS-GVO.
4. If the processing is necessary to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6 (1) sentence 1 lit. d) DS-GVO.
5. If the processing is necessary to safeguard our interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this respect, the legal basis is Article 6 (1) sentence 1 letter f) DS-GVO.
Transfer of personal data to third parties and processors
Without your consent we do not pass on any data to third parties. Should this be the case, however, the transfer of data will take place on the basis of the aforementioned legal bases, e.g. when data is passed on to online payment providers for the purpose of fulfilling a contract or due to a court order or due to a legal obligation to hand over the data for the purpose of criminal prosecution, to avert danger or to enforce intellectual property rights.
We also use contract processors (external service providers e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processors within the framework of an agreement for order processing, this is always done in accordance with Art. 28 DS-GVO. We select our processors carefully, check them regularly and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken suitable technical and organisational measures and comply with the data protection regulations in accordance with BDSG n.F. and DS-GVO.
Data transfer to third countries
With the adoption of the European Data Protection Basic Regulation (DS-GVO), a uniform basis for data protection in Europe was created. Your data is therefore processed primarily by companies to which the DS-GVO applies. If, however, processing is carried out by services of third parties outside the European Union or the European Economic Area, they must
comply with the special requirements of Art. 44 et seq. DS-GVO. This means that processing is carried out on the basis of special guarantees, such as the EU Commission’s officially recognised determination of a level of data protection corresponding to that of the EU or compliance with officially recognised special contractual obligations, the so-called “standard contractual clauses”. In the case of US companies, submission to the so-called “privacy shield”, the data protection agreement between the EU and the USA, fulfils these requirements
Deletion of data and storage duration
Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for storing them no longer applies, unless their further storage is necessary for evidential purposes or is opposed by statutory storage obligations. This includes, for example, commercial storage obligations for business letters according to § 257 para. 1 HGB (6 years) and tax storage obligations according to § 147 para. 1 AO of receipts (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion or fulfilment of a contract.
Existence of an automated decision making process We do not use automatic decision making or profiling.
Provision of our website and creation of log files
1. If you use our website for informational purposes only (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data: • IP address; • Internet service provider of the user; • Date and time of the retrieval; • Browser type; • Language and browser version; • Content of the request; • Time zone; • Access status/HTTP status code; • Amount of data; • Websites from which the request comes; • Operating system. This data is not stored together with other personal data of yours.
2. These data serve the purpose of user-friendly, functional and secure delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Paragraph 1 S.1 lit. f) DS-GVO, which also lies in the above-mentioned purposes.
4. For security reasons, we store this data in server log files for the storage period of 7 days. After this period, they are automatically deleted, unless we need them for evidence in case of attacks on the server infrastructure or other legal violations..
Cookies 1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser places and stores on your computer. When you visit our website again, these cookies provide information to automatically recognize you. The information obtained
• Persistente Cookies: These are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
Use of the blog functions / comments
1. You can make public comments in our blog, which contains articles on topics of our website You can use a pseudonym instead of a real name. Your post will then be published under the pseudonym. The indication of the e-mail address is mandatory, all other information is voluntary.
2. We save your IP address with date and time when you post a comment, which we delete after 7 days. The storage serves the legitimate interest of the defence against the claims of third parties in the publication of illegal or untrue content by you. We store your e-mail address for the purpose of contacting you if third parties should legally object to your comments.
3. Legal basis is Art. 6 Paragraph 1 S. 1 lit. b) and f) DS-GVO.
4. We do not review your comments before publication. In case of complaints by third parties, we reserve the right to delete your comments. We do not pass on the data to third parties unless it is necessary to pursue our claims or there is a legal obligation (Art. 6 Para. 1 S. 1. lit. c) DS-GVO.
5. The data shall be deleted as soon as they are no longer required for the purpose of their collection or the execution of the contract because the contract has been terminated.
Contact via contact form / e-mail / fax / mail
1. If you contact us by contact form, fax, post or e-mail, your data will be processed for the purpose of processing your contact request.
2. The legal basis for the processing of the data is, if you have given your consent, Art. 6 Paragraph 1 S. 1 lit. a) DS-GVO. The legal basis for the processing of data transmitted in the course of a contact inquiry or e-mail, letter or fax is Art. 6 Paragraph 1 S. 1 lit. f) DS-GVO. The person responsible has a legitimate interest in the processing and storage of the data in order to be able to respond to user enquiries, to preserve evidence for reasons of liability and, where appropriate, to be able to comply with his or her legal obligations to retain business letters. If the contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 Paragraph 1 S. 1 lit. b) DS-GVO.
3. We may store your details and contact request in our customer relationship management system (“CRM system”) or similar system.
4. The data shall be deleted as soon as they are no longer necessary for the purpose for which they were collected For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. Inquiries from users who have an account or contract with us will be stored for a period of two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after the end of the following periods: End of commercial (6 years) and tax (10 years) storage obligation.
5. You have the possibility at any time to revoke your consent under Article 6 paragraph 1 sentence 1 letter a) DS-GVO to the processing of personal data. If you contact us by e-mail, you can object to the storage of your personal data at any time.
Contact by phone 1. When contacting us by phone, your phone number will be processed and temporarily stored or displayed in the RAM / cache of the phone device / display for the purpose of processing the contact request and its handling. The storage is done for liability and security reasons to be able to prove the call and for economic reasons to enable a call back. In case of unauthorized advertising calls, we block the phone numbers.
2. The legal basis for the processing of the telephone number is Article 6(1) sentence 1(f) of the DS-GVO. If the aim of the contact is to conclude a contract, an additional legal basis for processing is Art. 6 (1) lit. b) DS-GVO.
3. The device cache stores the calls for days and successively overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked telephone numbers are checked annually to see if they need to be blocked..
4. You can prevent the display of the telephone number by calling with the telephone number suppressed.
Google Analytics 1. We have integrated the website analysis tool “Google Analytics” (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU branch: Google Dublin,
8. As an alternative to the above browser plugin, you can prevent Google Analytics from collecting data by clicking [__here please__insert the Analytics Opt-Out link of your website]. The click will set an “opt-out” cookie that will prevent the collection of your data when you visit this website in the future. This cookie is only valid for our website and your current browser and only lasts until you delete your cookies. In this case you would have to set the cookie again.
9. You can deactivate the cross-device user analysis in your Google Account under “My data > personal data.
1. We have integrated maps from “Google Maps” (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU branch: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. This allows us to display the location of addresses and directions directly on our website in interactive maps and enables you to use this tool.
2. When calling up our website, where Google Maps is integrated, a connection to the servers of Google in the USA is established. Your IP and location can be transmitted to Google. Google also receives information that you have called up the corresponding page. This is also done without a user account at Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not wish to do so, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purpose of advertising, market research or optimization of its websites.
3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Paragraph 1 S.1 lit. f) DS-GVO, which also lies in the above-mentioned purposes.
4. You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly via the privacy statement below. An opt-out objection regarding advertising cookies can be made here in your Google Account: https://adssettings.google.com/authenticated.
6. Google is certified according to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and therefore obliged to comply with European data protection law.
Social media presence
2. We process the data you send us via these networks in order to communicate with you and to answer your messages.
3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 Paragraph 1 S. 1 lit. f) DS-GVO. If you have given your consent to the person responsible for the social network to process your personal data, the legal basis is Art. 6 Paragraph 1 S. 1 lit. a) and Art. 7 DS-GVO.
4. Die Datenschutzhinweise, Auskunftsmöglichkeiten und Widerspruchmöglichkeiten (Opt-Out) der jeweiligen Netzwerke finden Sie hier:
Social media plug-ins
1. We use social media plug-ins from social networks on our website In doing so, we use the so-called “two-click solution” shariff from c’t or heise.de. This means that no personal data is transmitted to the providers of the plug-ins when our website is called up. Next to the logo or brand of the social network, you will find a slider with which you can activate the plug-in with a click. After activation, the social network provider is informed that you have called up our website and your personal data is transmitted to the plug-in provider and stored there. These are so-called Thirdparty Cookies. With some providers such as Facebook and XING, your IP address is anonymized immediately after the data is collected.
2. The plug-in provider stores the data collected about the user as user profiles. These are used for the purposes of advertising, market research and/or demand-oriented design of his website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about the user’s activities on our website. The user has the right to object to the creation of these user profiles, whereby the user must contact the respective plug-in provider in order to exercise this right.
3. The legal basis for the use of the plug-ins is our legitimate interest in improving and optimising our website by increasing our profile via social networks and the possibility of interaction with you and users via social networks in accordance with Art. 6 Paragraph 1 S.1 lit. f) DS-GVO.
4. We also have no knowledge of the extent of the data collection, the purpose of the processing and the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
5. We refer to the respective data protection declarations of the social networks regarding the purpose and scope of data collection and processing. In addition, you will also find information on your rights and setting options for the protection of your personal data.
1. We have integrated plug-ins from the social network Facebook.com (company headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website as part of the so-called “two-click solution” from Shariff, which you can recognise by the Facebook logo “f” or the addition “Like” or “Share“.
2. As soon as you voluntarily activate the Facebook plug-in, a connection is established from your browser to the Facebook servers. During this process, Facebook receives information, including your IP address, that you have accessed our website and transmits this information to Facebook servers in the USA, where this information is stored. If you are logged into your account on Facebook, Facebook can associate this information with your account. When using the functions of the plug-in, e.g. pressing the “Like” button, this information is also transferred from your browser to the
Facebook servers in the USA and stored there and displayed in your Facebook profile and, if applicable, with your friends.
3. The purpose and scope of data collection and its further processing and use by Facebook, as well as your rights and settings options for protecting your privacy, can be found in the Facebook data protection information: https://www.facebook.com/about/privacy/. Data collection for the “Like” button: https://www.facebook.com/help/186325668085084. You can manage and object to your settings regarding the use of your profile data for advertising purposes on Facebook here: https://www.facebook.com/ads/preferences/.
4. If you log out of Facebook before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on Facebook when the plug-in is activated.
5. You can also prevent the loading of the Facebook plug-in by so-called “Facebook blockers”, which you can install as an add-on for your browser: Facebook blocker for Firefox, Chrome and Opera or 1blocker for Safari, iPad and iPhone.
6. Facebook has submitted to the privacy shield, thus ensuring that European data protection law is respected: https://www.privacyshield.gov/EU-US-Framework.
1. We have integrated plug-ins from the social network Twitter.com (Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA) on our website as part of Shariff’s so-called “two-click solution”. These plug-ins can be recognized by the Twitter logo with a white bird on a blue background. You can find an overview of Twitter buttons or tweets at: https://developer.twitter.com/en/docs/twitter-for-websites/overview.
2. If you are logged in to your Twitter account while you are voluntarily activating the Twitter plug-ins, Twitter can associate the call to our website with your Twitter profile. We do not know which data is transmitted to Twitter.
3. If you want to exclude data transmission when you activate the plug-in to Twitter, log out of Twitter before visiting our website and delete your cookies.
4. The purpose and scope of data collection and its further processing and use by Twitter, as well as your rights and settings options for protecting your privacy, can be found in the data protection information of Twitter: https://twitter.com/de/privacy. Objection (opt-out): https://twitter.com/personalization.
5. Twitter has submitted to the Privacy Shield and thus ensures that European data protection law is respected: https://www.privacyshield.gov/EU-US-Framework.
3. If you log off from XING before visiting our website and delete your cookies, no data about your visit to our website will be assigned to your profile on XING when you activate the plug-in. 4. The purpose and scope of data collection and its further processing and use by XING, as well as your rights and settings options for protecting your privacy, can be found in XING’s data protection information for the share button at https://www.xing.com/app/share%3Fop%3Ddata_protection and in XING’s general data protection statement at https://privacy.xing.com/de/datenschutzerklaerung.
Rights of the data subject 1. Objection or revocation against the processing of your data insofar as the processing is based on your consent in accordance with Art. 6 Paragraph 1 S. 1 lit. a), Art. 7 DS-GVO, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Insofar as we base the processing of your personal data on the balancing of interests in accordance with Art. 6 Paragraph 1 S. 1 lit. f) DS-GVO, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can exercise the right to object free of charge. You can inform us about your objection to advertising by contacting us at the following address:
Digitales Marketing Experte e. K. Donauschwabenstr. 3 85386 Eching, Germany E-mail-address: email@example.com
2. Right to information You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to information about your personal data stored with us in accordance with Art. 15 DS-GVO. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you. 3. Right of rectification You have a right to correct incorrect data or to complete correct data in accordance with Art. 16 DS-GVO.. 4. Right of cancellation You have the right to delete your data stored with us in accordance with Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage conflict with this. 5. Right of limitation You have the right to request a restriction on the processing of your personal data if one of the conditions in Article 18 (1) (a) to (d) of the DPA is fulfilled:
• If you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the deletion of the personal data and request instead the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of the processing, but you need it in order to assert, exercise or defend legal claims, or
• if you have lodged an objection to the processing in accordance with Article 21 (1) of the DPA and it is not yet clear whether the legitimate reasons given by the controller outweigh your reasons. 6. Right to data portability You have a right to data transferability in accordance with Art. 20 DS-GVO, which means that you can receive the personal data stored by us about you in a structured, common and machine-readable format or request that it be transferred to another responsible party. 7. Right of appeal You have a right to complain to a supervisory authority. As a general rule, you can apply to the supervisory authority, in particular in the Member State in which you are resident, in your place of work or in the place where the suspected infringement was committed.
In order to protect all personal data transmitted to us and to ensure that the data protection regulations are observed by us and our external service providers, we have taken appropriate technical and organisational security measures. For this reason, all data between your browser and our server is transmitted encrypted via a secure SSL connection.