Data privacy notice

1. Protection of data at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data, with which you can be personally identified. You can find detailed information on the subject of data protection in the data privacy notice stated in this text.

Data collection on this website

Who is responsible for collecting data on this website?
Data processing on this website is carried out by the website operator. You can find the latter’s contact details in the section “Information on the responsible body” in this data privacy notice.

How do we collect your data?
On the one hand, your data are collected because you have provided them to us. This can for example be data which you enter in a contact form.

Other data are collected by our IT systems automatically or after you have given your consent when you visit the website. They are above all technical data (e.g. internet browser, operating system or time you visited the page). The collection of these data takes place automatically as soon as you visit this website.

For what do we use your data?
Some of the data are collected to ensure that the website is available to you without any problems occurring. Other data might be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right at any time to receive information about the origin, recipient and purpose of your personal data which have been saved. You also have the right to request the correction or deletion of these data. If you have granted your consent to data processing, you can withdraw this consent at any time with regard to the future. In addition, you have the right to request the restriction of the processing of your personal data under certain conditions. Furthermore, you have a right to object to the responsible supervisory authority.

You can contact us at any time on this subject as well as regarding other questions on the subject of data protection.

Analysis tools and tools of third-party providers

When visiting this website, your surfing can be assessed statistically. This takes place above all with so-called analysis programs.

You can find detailed information on these analysis programs in this data privacy notice.

2. General information and compulsory information

Protection of privacy

The operator of this website takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection provisions as well as this data privacy notice.

If you use this website, various items of personal data are collected. Personal data are data, with which you can be personally identified. This data privacy notice explains which data we collect and what we use them for. It also explains how and for what purpose this happens.

We would like to point out that there can be security loopholes during the transmission of data on the internet (e.g. for communication by e-mail). It is not possible to have protection of data against access by a third party without any loopholes.

Information on the responsible body

The responsible body for data processing on this website is:

Auktion & Markt AG
Klarenthaler Straße 83
65197 Wiesbaden
Germany

Telephone: +49 611 44796 55
E-mail: datenschutz@auktion-markt.de 

The responsible body is the natural or legal person, who alone or together with others decides on the purposes and resources for processing personal data (e.g. names, e-mail addresses or similar).

Duration of storage

Insofar no more specific duration of storage is mentioned within this data privacy notice, your personal data will remain with us until the purpose for the data processing lapses. If you assert a legitimate request for deletion or withdraw your consent for data processing, your data will be deleted, insofar as we have no other legally permissible reasons for storing your personal data (e.g. periods of retention under tax or commercial law); in the latter case, the deletion will take place after these reasons lapse.

General information on the legal basis of data processing on this website

Insofar as you have consented to data processing, we will process your personal data on the basis of Art. 6 Para. 1 lit. a General Data Protection Regulation (GDPR) or Art. 9 Para. 2 lit. a GDPR, insofar as special data categories are being processed in accordance with Art. 9 Para. 1 GDPR. In the event of express consent for the transmission of personal data to third countries, data processing will also take place on the basis of  Art. 49 Para. 1 lit. a GDPR. Insofar as you have given consent for the storage of cookies or access to information on your end-device (e.g. via device-fingerprinting), data processing will take place additionally on the basis of § 25 Para. 1 Telecommunications Digital Services Data Protection Act (TDDDG). Consent can be withdrawn at any time. If your data are required to implement a contract or to undertake pre-contractual measures, we will process your data on the basis of Art. 6 Para. 1 lit. b GDPR. Furthermore, we will process your data, insofar as they are necessary to satisfy a legal obligation on the basis of Art. 6 Para. 1 lit. c GDPR. Data processing can also take place on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. Information on the legal basis relevant in an individual case will be provided in the following paragraphs of this data privacy notice.

Data protection officer

We have appointed the following data protection officer:

Mr Frédéric Diercks

Auktion & Markt AG
Klarenthaler Straße 83
65197 Wiesbaden
Germany

Telephone: +49 611 44796 55
E-mail: datenschutz@auktion-markt.de 

Recipients of personal data

As part of our business activity, we work with various external bodies. A transmission of personal data to these external bodies may sometimes also be necessary. We pass on personal data to external bodies only if this is required as part of the implementation of a contract, if we are obliged to do so by law (e.g. transmission of data to tax authorities), if we have a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR in the transmission or if another legal basis permits the transmission of data. When order processors are used, we transmit the personal data of our customers only on the basis of a valid contract for order processing. In the event of joint processing, a contract regarding joint processing will be concluded.

Withdrawal of your consent to data processing

Many data processing procedures are possible only with your express consent. You can withdraw the consent you have already given at any time. The lawfulness of the data processing undertaken up to the withdrawal of consent remains unaffected by the withdrawal of consent.

Withdrawal rights against data collection in special cases as well as against direct advertising (Art. 21 GDPR)

IF DATA PROCESSING TAKES PLACE ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS WHICH ARISE FROM YOUR SPECIAL SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RELEVANT LEGAL BASIS, ON WHICH PROCESSING IS BASED, IN THIS DATA PRIVACY NOTICE. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, UNLESS WE CAN PROVIDE EVIDENCE OF COMPULSORY GROUNDS FOR THE PROCESSING THAT REQUIRE PROTECTION, WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISING OR DEFENCE OF LEGAL CLAIMS (OBJECTION IN ACCORDANCE WITH ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, THEN YOU HAVE THE RIGHT TO LODGE AN OBJECTION AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISIING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT ADVERTISING (OBJECTION IN ACCORDANCE WITH ART. 21 PARA. 2 GDPR).

Right to complain to the responsible supervisory authority

In the event of breaches of the GDPR, data subjects have a right to complain to a supervisory authority, in particular in the Member State of their normal place of residence, their workplace or the location of the probable breach. The right to complain exists regardless of other legal remedies under administrative law or concerning the courts.

Right to data portability

You have the right to arrange for data, which we process in an automated procedure on the basis of your consent or to implement a contract, to be handed out to you in a current machine-readable format. Insofar as you request the direct transmission of the data to another data controller, this will take place only to the extent that this is feasible in technical terms.

Information, correction and deletion

You have the right at any time as part of the current statutory provisions to information without any charge regarding your stored personal data, its origin and recipient and the purpose of the data processing and if applicable a right to the correction and deletion of these data. You can contact us at any time on this subject as well as regarding other questions on the subject of personal data.

Right to the restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this. The right to the restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we generally need time to review this. You have the right to request the restriction of the processing of your personal data for the period of the review.
• If the processing of your personal data occurred/is occurring unlawfully, you can request the restriction of the data processing instead of deletion.
• If we no longer require your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, an assessment must be made between your interests and ours. As long as it has not been determined whose interests predominate, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from being stored – are permitted to be processed only with your consent or for asserting, exercising or defending legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as for example orders or inquiries, which you send us as the website operator. You can identify an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and there is a lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data, which you are sending us, cannot also be read by a third party.

Objection to advertising e-mails

The use of contact data published as part of the obligation to provide company details for sending advertising and information material which has not been expressly requested is hereby objected to. The website operators expressly retain legal steps in the event of unrequested sending of advertising information, for example through spam e-mails.

3. Data collection on this website

Cookies

Our web pages use so-called “cookies”. Cookies are small data packages and do not harm your end-device. They are saved either temporarily for the duration of a session (session-cookies) or permanently (permanent cookies) on your end-device. Session-cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end-device until they delete themselves or are deleted automatically by your web browser.

Cookies can originate from us (first-party cookies) or from third companies (so-called third-party cookies). Third-party cookies make it possible to incorporate certain services offered by third-party companies within websites (e.g. cookies to settle payment services).

Cookies have various functions. Many cookies are necessary from a technical perspective as certain website functions would not function without them (e.g. the shopping basket function or showing videos). Other cookies can be used to assess user behaviour or for advertising purposes.

Cookies, which are necessary to undertake the electronic communication procedure to provide certain functions you desire (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies), will be saved on the basis of Art. 6 Para. 1 lit. f GDPR, insofar as no other legal basis is stated. The website operator has a legitimate interest in storing necessary cookies to provide its services in an optimised way which is also free of technical errors. Insofar as consent was requested for the storing of cookies and comparable recognition technologies, processing will take place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG); the consent can be withdrawn at any time.

You can set your browser in such a way that you are informed about the setting of cookies and cookies are permitted only in an individual case, cookies are accepted for certain cases or are ruled out in general or activate the automatic deletion of the cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.

Server-log files

The provider of the websites automatically collects and saves information in so-called server-log files, which your browser sends us automatically. These are:

•    Browser type and browser version
•    Operating system used
•    Referrer URL
•    Host name of the accessing computer
•    Time of the server inquiry
•    IP address

These data are not merged with other data sources.

These data are collected on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the presentation and optimisation of its website without any technical errors – the server-log files need to be collected for this purpose.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form including the contact details you have provided there are saved by us to process the inquiry and if there are follow-up questions. We will not transmit these data to anyone without your consent.

Processing of these data will take place on the basis of Art. 6 Para. 1 lit. b GDPR, insofar as your inquiry is associated with the implementation of a contract or to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries sent to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) insofar as this was requested; the consent can be withdrawn at any time.

The data entered on the contact form by you will remain with us until you ask us to delete them, you withdraw your consent to storage or the purpose for the data storage lapses (e.g. after the completion of the processing of your inquiry). Compulsory statutory provisions – in particular periods of retention – remain unaffected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all the personal data it contains (name, inquiry) will be saved by us and processed for the purpose of dealing with your concern. We will not transmit these data to anyone without your consent.

Processing of these data will take place on the basis of Art. 6 Para. 1 lit. b GDPR, insofar as your inquiry is associated with the implementation of a contract or to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries sent to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) insofar as this was requested; the consent can be withdrawn at any time.

The data you have sent to us via contact inquiries will remain with us until you request their deletion, withdraw your consent to storage or the purpose for the data storage lapses (e.g. after the completion of the processing of your concern). Compulsory statutory provisions – in particular statutory periods of retention – remain unaffected.

Registration on this website

You can register on this website to use additional functions on our website. We will use the data entered only for the purpose of using the relevant offer or service, for which you have registered. The compulsory information provided during registration must be stated in full. Otherwise, we will refuse the registration.

We will use the e-mail address provided during registration for important changes such as the scope of goods and services or changes which were necessary from a technical perspective so that we can inform you by these means.

The processing of the data entered during registration will take place for the purpose of implementing the user relationship created during registration and if applicable to initiate other contracts (Art. 6 Para. 1 lit. b GDPR).

We retain the right to undertake a check on creditworthiness as part of registration. In doing so, data may be transmitted to external service-providers (e.g. credit agencies) and information on your creditworthiness obtained from them. This review will take place exclusively to safeguard our legitimate interests, in particular to assess the risk of payment default.

The creditworthiness check takes place by complying with the the valid provisions of the General Data Protection Regulation (GDPR). Your data will be transmitted to the service-providers only to the extent necessary and will be handled in the strictest confidence. You have the right at any time to obtain information about the data processed as well as to request a correction, deletion or restriction of processing if applicable.

The data collected during registration will be saved by us for as long as you are registered on this website and will subsequently be deleted. Statutory periods of retention remain unaffected.

OneTrust cookie consent

We use the OneTrust cookie consent tool on our website to ensure that cookies and other tracking technologies are handled in compliance with data protection. This tool enables you to transparently manage the use of cookies on our website and to give or refuse your consent to the processing of personal data by cookies in accordance with your individual preferences.

OneTrust saves your consent or refusal in a cookie to ensure that your preferences are taken into account for future visits to our website. In doing so, the following data are processed: the IP address of the requesting end-device, information about the browser type and the language used, the date and time of the consent as well as your consent decision.

The legal basis for the use of OneTrust and the data processing associated with the latter is Art. 6 Para. 1 lit. c GDPR, because we are legally obliged to provide evidence of your consents, as well as in accordance with Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest to structure the use of our website in a way which complies with data protection. Insofar as you have agreed to the use of cookies, the processing of your data will additionally take place on the basis of Art. 6 Para. 1 lit. a GDPR.

You can adjust or withdraw your preferences at any time via the corresponding link on our website. You can find further information on data processing by OneTrust in its data privacy notice at: https://www.onetrust.com/de/privacy-notice/ 

4. Social media

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time a page of this website is downloaded, which contains elements of LinkedIn, a connection is made to the servers of LinkedIn. LinkedIn is informed that you have visited this website with your IP address. If you click on the “Recommend button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to this website to you and your user account. We would like to point out that we as a provider of the website have no knowledge of the content of the data transmitted nor of its use by LinkedIn.

The use of this service takes place on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en 

You can find more information on this subject in the data privacy notice of LinkedIn at: https://www.linkedin.com/legal/privacy-policy.

The company has a certification in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure the compliance of European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. You can find more information on this subject from the provider by using the following link: https://www.dataprivacyframework.gov/participant/5448.

XING

This website uses elements of the XING network. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

Every time one our pages is downloaded, which contains elements of XING, a connection is made to the servers of XING. As far as we are aware, no personal data are stored. In particular no IP addresses are stored nor is there an assessment of usage behaviour.

The use of this service takes place on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Consent can be withdrawn at any time.

You can find more information about data protection and the XING share button in the data privacy notice of XING at: https://privacy.xing.com/en/privacy-policy.

5. Analysis tools and advertising

Matomo

This website uses the Open Source web analysis service Matomo.

With the help of Matomo, we are in a position to collect and analyse data on the use of our website by visitors to the website. By doing this, we are able to find out among other things when certain pages were downloaded and from which region this occurred. In addition, we collect various log files (e.g. IP address, referrer, the browser and operating systems used) and can measure whether our website visitors carry out certain actions (e.g. clicks, purchases and similar).

The use of this analysis tool takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour to optimise both his web pages and advertising. Insofar as a corresponding consent has been obtained, processing takes place exclusively on the basis of  Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the end-device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

IP anonymisation
We use IP anonymisation for the analysis with Matomo. This means that your IP address is abbreviated before the analysis so that it can no longer be clearly assigned to you.

Hosting
We host Matomo exclusively on our own servers, so that all analytical data remains with us and are not transmitted to anyone else.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to play adverts in the Google search engine or on third-party websites if the user enters certain search terms on Google (keyword targeting). Furthermore, targeted adverts can be played using the user data available to Google (e.g. location data and interests) (target group targeting). We as the website operator can assess these data quantitatively by for example analysing which search terms led to the playing of our adverts and how many adverts led to the corresponding clicks.

The use of this service takes place on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. Consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://policies.google.com/privacy/frameworks?hl=en and https://business.safety.google/controllerterms/?hl=en.

The company has a certification in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA,which is intended to ensure the compliance of European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. You can find more information on this subject from the provider by using the following link: https://www.dataprivacyframework.gov/participant/5780.

Elastic Stack: (ELK) Elasticsearch, Kibana, Logstash

Auktion & Markt AG uses the Elastic Stack (ELK), consisting of Elasticsearch, Kibana and Logstash, to display, store and process log-data and analyses, which are used to safeguard operation as well as to optimise our IT systems and applications. Elastic Stack is a tool for data analysis, which helps us to monitor, process and identify potential security issues regarding operating data in real time.

As part of the use of Elastic Stack, various data categories are processed, including in particular technical usage data such as IP addresses, time stamp, access protocols as well as error and performance data. These data are used exclusively for internal purposes to ensure the security and stability of our IT infrastructure.

Data processing takes place on the basis of Art. 6 Para. 1 lit. f GDPR, as we have a legitimate interest in ensuring the functionality and security of our services.

Elastic Stack is hosted locally on our own servers so that no data are transmitted to external service-providers or servers. In principle, there is no transmission of data collected as part of Elastic Stack, unless this is necessary to satisfy statutory obligations or to protect our rights. The data are stored for as long as necessary to achieve the above-mentioned purposes or there are statutory retention obligations.

6. Newsletter and postal advertising

Newsletter data

If you would like to receive the newsletter offered on the website, we need your e-mail address as well as information, which permits us to check that you are the holder of the e-mail address provided and that you are in agreement with receiving the newsletter. Additional data are not collected or only on a voluntary basis if applicable. We use a newsletter service-provider to process the newsletter, who is described below.

CleverReach

This website uses CleverReach to send out newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service through which the sending out of the newsletter can be organised and analysed. The data you enter to receive the newsletter (e.g. e-mail address) are stored on the servers of CleverReach in Germany or Ireland.

Our newsletter sent out using CleverReach enables us to analyse the behaviour of newsletter recipients. As part of this, it can be analysed among other things how many recipients have opened the message with the newsletter and how often which link in the latter was clicked on. With the help of so-called conversion tracking, it can also be analysed whether after clicking on the link in the message a pre-defined action  took place (e.g. purchase of a product on this website). You can find further information about data analysis by CleverReach-Newsletter at: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/.

Data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw this consent at any time, by unsubscribing to the newsletter. The lawfulness of the data processing procedures which have already taken place remains unaffected by the withdrawal of consent.

If you do not wish an analysis to be carried out by CleverReach, you must unsubscribe from the newsletter. We will provide a corresponding link in every newsletter message.

The data provided to us by you for the purpose of receiving the newsletter will be saved by us or the newsletter service-provider until you no longer wish to receive the newsletter and will be deleted from the newsletter recipients list after you have unsubscribed from the latter. Data, which are saved by us for other purposes, remain unaffected by this.

After you have been removed from the newsletter recipients list, your e-mail address may be saved by us or the newsletter service-provider in a blacklist, insofar as this is necessary to prevent future mailings. The data from the blacklist will be used only for this purpose and not merged with other data. This serves both your interests as well as our interests in complying with the statutory requirements when sending our newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage of your data, insofar as your interests outweigh our legitimate interest.

You can find more details in the data protection provisions of CleverReach at: https://www.cleverreach.com/en-de/privacy-policy/.

Order processing
We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract prescribed under data protection law, which ensures that the latter processes the personal data of our website visitors only in accordance with our instructions and by complying with the GDPR.

Postal advertising

We use your address to send out postal advertising (postal advertising) and this complies with all the legal provisions.

The basis for this is our legitimate interest in direct advertising in accordance with Art. 6 Para. 1 lit. f in conjunction with recital 47 GDPR. Insofar as corresponding consent was requested, processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be withdrawn at any time. More specific stipulations may be notified to you as part of data collection and take precedence over the above-mentioned stipulation.

Your address remains with us until the purpose of the data processing lapses. If you assert a legitimate request for deletion or withdraw your consent to postal advertising, your data will be deleted, insofar as we have no other legally permissible grounds for the storage of your personal data (e.g. periods of retention under tax or commercial law); in the latter case, deletion will take place after the discontinuation of these grounds.

We use the following service-provider to send out our postal mailings:

GO! Express & Logistics Mainz GmbH
Industriestr. 32
55120 Mainz

Kuvex Team
Weberstraße 7
55130 Mainz

7. Plug-ins and tools

YouTube with extended data protection

This website incorporates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit one of these websites, on which YouTube is incorporated, a connection is made to the servers of YouTube. As part of this, the YouTube server is notified which pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in the extended data protection mode. Videos, which are played in the extended data protection mode, are not used to personalise surfing on YouTube according to a statement by YouTube. Adverts, which are placed in the extended data protection mode, are also not personalised. No cookies are sent in the extended data protection mode. However, instead so-called local storage elements are saved in the browser of the user, which contain personal data similar to cookies and which can be used for recognition. You can find details on the extended data protection mode here: https://support.google.com/youtube/answer/171780?hl=en.

Additional data processing procedures may be triggered after the activation of a YouTube video, over which we have no influence.

The use of YouTube takes place in the interest of an appealing presentation of our online services. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent has been obtained, processing takes place exclusively on the basis of  Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the end-device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

You can find additional information about data protection at YouTube in its data privacy notice at: https://policies.google.com/privacy?hl=en.

The company has a certification in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA,which is intended to ensure the compliance of European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. You can find more information on this subject from the provider by using the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (local hosting)

This website uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There will be no connection to any servers of Google during this process.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq?hl=en and in the data privacy notice of Google: https://policies.google.com/privacy?hl=en.

Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. By using this service, we can incorporate map material on our website.

It’s necessary to save your IP address to use the Google Maps functions. This information is generally sent to a server of Google in the USA and saved there. The provider of this website has no influence on this data transmission. When Google Maps is activated, Google can use Google Fonts for the uniform display of fonts. When you call up Google Maps, your browser will load the web fonts required in your browser cache to display texts and typefaces correctly.

The use of Google Maps takes place in the interests of a corresponding display of our online range and to make it easy to find the locations stated by us on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent has been obtained, processing takes place exclusively on the basis of  Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the end-device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://business.safety.google/controllerterms/?hl=en and https://business.safety.google/controllerterms/sccs/?hl=en.

You can find more information about the handling of user data in the data privacy notice of Google: https://policies.google.com/privacy?hl=en.

The company has a certification in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure the compliance of European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. You can find more information on this subject from the provider by using the following link: https://www.dataprivacyframework.gov/participant/5780.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter called “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The aim of reCAPTCHA is to review whether the data entry on this website (e g. in a contact form) has taken place by a person or by an automated program. On the basis of various features, reCAPTCHA analyses the behaviour of website visitors for this purpose. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA assesses various bits of information (e.g. IP address, duration of the visit to the website or mouse movements carried out by the user). The data collected during the analysis are transmitted to Google.

The reCAPTCHA analyses run completely in the background. It is not pointed out to website visitors that an analysis is taking place.

The saving and analysis of the data take place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his web range from abusive automated surveillance and against SPAM. Insofar as a corresponding consent has been obtained, processing takes place exclusively on the basis of  Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the end-device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

You can find more information about Google reCAPTCHA in the Google data protection provisions and the Google usage conditions under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

The company has a certification in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA,which is intended to ensure the compliance of European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. You can find more information on this subject from the provider by using the following link: https://www.dataprivacyframework.gov/participant/5780.

Sentry

We have incorporated Sentry on this website. The provider is Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA (hereinafter referred to as Sentry).

Sentry is a service for open-source error tracking and enables us to to monitor and correct errors and shut-downs in any locations in a web-based software in real time. We process the following data for this purpose:

•    Browser 
•    Device
•    Operating system
•    User & User ID (users who are logged in)
•    IP address

We host Sentry locally on our servers, so that the data are processed in-house.

The use of Sentry takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the error-free function of its own website.

Insofar as a corresponding consent has been obtained, processing takes place exclusively on the basis of  Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the end-device of the user (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

You can find further details in the data privacy notice of the provider at https://sentry.io/privacy/.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://sentry.io/legal/dpa/5.0.0/#cross-border-transfer-mechanisms and https://sentry.io/legal/dpa/5.0.0/#third-party.

The company has a certification in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA,which is intended to ensure the compliance of European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. You can find more information on this subject from the provider by using the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000YdenAAC&status=Active.