Privacy Policy

1.      Preface

Data protection is of great importance to DSC Software AG.

This data privacy statement explains the method, extent, and aim of the processing of personal data in our online services and related websites, functions, and content (in the following referred to jointly as “online services” or “website”). The data privacy statement applies independently of domains, systems, platforms, and devices (e.g. desktop or mobile) on which the online services are executed.

 

 

2.      Data Controller

The data controller in the sense of the General Data Protection Regulation (GDPR), or other data protection laws applicable in the member states of the European Union and other regulations regarding data protection is:

 

DSC Software AG

Am Sandfeld 17

76149 Karlsruhe

Germany

 

Tel.:                 +49 721 9774 100

E-Mail: info@dscsag.com

Website:           www.dscsag.com

 

3.      Data Protection Officer

The data protection officer of the data controller is:

 

ah-consulting GmbH

Am Sandfeld 17 a

76149 Karlsruhe

Germany

+49 721 75408840

datenschutz@ah-consulting.gmbh

 

For questions and suggestions on the subject of data protection, any data subject can refer to our data protection officer anytime.

 

 

4.      Definition

Our data privacy statement is based on the terminology used by the European Regulatory Body in adoption of the General Data Protection Regulation (GDPR). Our data privacy statement is intended to be easy to read and to understand by the public, our customers, and our business partners.

In order to ensure this, we will explain the terminology used in advance. Terms used, such as “personal data” or its “processing” are defined in Art. 4 of the General Data Protection Regulation (GDPR).

In this data privacy statement, we use, among others, the following terms:

4.1.      Personal Data

Personal data is defined as all information referring to an identified or identifiable natural person (in the following referred to as the “data subject”). An identifiable person is a natural person who can be identified directly or indirectly, in particular by means of an assignment to a label such as a name, an ID number, location data, an online ID or one or more special features that is an expression of the physical, physiological, genetic, psychic, economic, cultural, or social identity of this natural person.

4.2.      Data Subject

The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

4.3.      Processing

Processing is any process or operation carried out with or without the help of automated procedures or any such series of operations in connection with personal data, for example: collecting, recording, organizing, ordering, storing, adapting, or changing, reading, retrieving, using, disclosing through transmission, dissemination or other form of provision, comparing or linking, restricting, deleting, or destroying.

4.4.      Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

4.5.      Profiling

Profiling is any kind of automated processing of personal data that consists in using such personal data in order to evaluate personal aspects referring to a natural person, in particular to analyze, or predict aspects regarding job performance, economic situation, health, personal preference, interests, reliability, conduct, place of residence, or change of locality of this natural person.

4.6.      Pseudonymization

Pseudonymization is the processing of personal data in a way that the personal data can no longer be assigned to a specific data subject without additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

4.7.      Data Controller

The data controller is the natural or legal person, authority, institution, or other entity that determines, either alone or jointly with others, the purposes and means of the processing of personal data. If the purposes and means of this processing are controlled by EU law or the laws of EU member states, the data controller – or the specific criteria of his or her nomination – can be determined according to EU law or the laws of EU member states.

4.8.      Processor

The processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the data controller.

4.9.      Recipient

The recipient is a natural or legal person, authority, institution, or other entity to whom personal data is disclosed, regardless of whether this is a third party or not. However, authorities that may receive personal data in the course of a particular inquiry in accordance with EU law or the laws of EU member states are not considered recipients.

4.10.  Third Party

A third party is a natural or legal person, authority, institution, or other entity (other than the data subject, the data controller, the processor, and the persons who are authorized to process the personal data under the direct responsibility of the data controller or the processor) that is authorized to process the personal data.

4.11.  Consent

Consent is any expression of willingness issued freely for the specific case in an informed manner and unambiguously by the data subject in the form of a declaration or any other clearly affirmative act, with which the data subject makes it clear that they agree with the processing of the personal data.

 

5.      General Notes on Data Processing

5.1.      Extent of Processing of Personal Data

We generally collect and use the personal data of our users only insofar as it is necessary for maintaining a well-functioning website as well as for our contents and services. The collection and use of personal data of our users takes place regularly only with the prior consent of the users. An exception applies in cases where it is impossible to obtain consent in advance and the processing of the data is permitted by legal regulations.

5.2.      Legal Framework for Processing Personal Data

If we obtain the consent of the data subject for the processing of personal data, Art. 6 Sec. 1 lit. a EU General Data Protection Regulation serves as the legal basis.

In the processing of personal data that is required for fulfilling a contract of which the data subject is a contractual party, Art. 6 Sec. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.

If the processing of personal data is required for meeting a legal obligation, to which our company is subject, Art. 6 Sec. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 Abs. 1 lit. d GDPR serves as the legal basis.

If processing is required for safeguarding a justified interest of our company or a third party, and if the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the first-named interest, Art. 6 Abs. 1 lit. f GDPR serves as the legal basis for the processing.

5.3.      Data Deletion and Storage Duration

The personal data of the data subject is deleted or blocked as soon as the purpose of storage is no longer valid. Storage can also happen if stipulated by European or national legislation in EU regulations, laws, or other rules to which the data controller is subject.

The data can also be blocked or deleted if a storage period prescribed by the mentioned standards expires – unless it is necessary to store the data for the purposes of the conclusion or fulfillment of a contract.

 

6.      Provision of the Website and Creation of Log Files

6.1.      Description and Extent of Data Processing

Every time our website is called, our system automatically records data and information of the computer system of the calling computer.

The following data is collected:

  • Information about the browser type and the version used
  • User’s operating system
  • User’s IP address
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Session cookie for identifying the logged-in user
  • Date and time of the user login
  • Storage of failed login attempts
  • Date and time of the creation of the user
  • Storage of denied accesses (403)
  • Storage of sites not found (404)
  • User’s acceptance of cookie policies
  • Information about whether the user has activated JavaScript

 

The data is stored in the log files of our system. This data is not stored together with other personal data of the user.

 

7.      Legal Framework for Data Processing

The legal framework for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.

 

8.      Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be sent to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Data is stored in log files in order to ensure the correct functioning of the website. The data also serves to optimize the website and to ensure the security of our information technology systems. In this context, there is no evaluation of the data for marketing purposes.

These aims also include our justified interest in data processing according to Art. 6 Sec. 1 lit. f GDPR.

 

9.      Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection. In case of a data collection for the provision of the website, this applies when the respective session ends.

If the data is stored in log files, this applies after a maximum of seven days. Longer storage is possible. In this case, the users‘ IP addresses are deleted or distorted so that the calling client can no longer be identified.

 

10. Possibility of Objection and Disposal

The recording of data for providing the website and the storage of the data in log files is mandatory for the operation of the website. Therefore, the user has no possibility of objection.

 

11. Use of Cookies

11.1.  Description and Extent of Data Processing

Due to our justified interest, we use so-called cookies on this website. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user calls a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables a unique identification of the browser when the website is called again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can still be identified following a website change.

The following data is stored and transmitted in the cookies:

  • Technical cookies or system cookies (Session, JavaScript)
  • Cookies for improving usability (status of pop-up menus)
  • Analysis cookies for analyzing and improving site accesses
  • When users are logged in, it contains a session cookie to identify the user. The corresponding information of the user is stored.

 

When you visit our website, a pop-up window “Privacy Preferences” is displayed containing information concerning the use of cookies and a link to this Privacy Policy. Within this window, the user can object to the use of cookies, except of essential cookies.

11.2.  Legal Framework for Data Processing

The legal framework for the processing of personal data with the use of cookies is Art. 6 Sec. 1 lit. f GDPR.

The legal framework for the processing of personal data using technically necessary cookies is Art. 6 Sec. 1 lit. f GDPR.

11.3.  Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some of the functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the user is recognized after a website change.

User data collected by technically necessary cookies is not used for the creation of user profiles.

We need cookies for the following applications:

  • JavaScript activated
  • Consent to cookie disclaimer
  • Toolbar opened
  • Authentication of user in logged-in state to the website
  • Request limitation
  • Tracker version
  • User identification
  • Toolbar opened

 

Analysis cookies are used for improving the quality of our website and its contents. The analysis cookies tell us how the website is used, so we can continuously optimize our services.

In the cookie, an ID is stored linking the user with the data sent.

These aims also include our justified interest in the processing of personal data according to Art. 6 Abs. 1 lit. f GDPR.

11.4.  Duration of Storage, Possibility of Objection and Disposal

Cookies are stored on the user’s computer and transferred via that computer to us. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it is possible that not all features of the website can be fully used.

 

12. Contact Form and E-Mail Contact

12.1.  Description and Extent of Data Processing

On the basis of our justified interests, on this website we use a contact form that can be used for the electronic first contact and for the upload of documents. If a user uses this contact form, the data entered in the input mask is transferred to us and stored.

This data is required for mandatory fields:

  • Title
  • First and last name
  • E-mail address
  • Company
  • City
  • Country

 

All other entries that are not mandatory but are filled in anyway, are also transmitted and stored.

The following data is also stored at the time of registration:

  • IP address of the calling computer
  • Date and time of registration
  • E-mail address
  • Documents that are uploaded

 

During this process, your consent is obtained and you are referred to this data privacy statement.

Alternatively, an initial contact is possible by means of the e-mail address provided. In this case, the user’s personal data that is sent with the e-mail is stored.

In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation.

12.2.  Legal Framework for Data Processing

The legal framework for the processing of the data if the user consents is Art. 6 Sec. 1 lit. a GDPR.

The legal framework for processing data transmitted via e-mail is Art. 6 Sec. 1 lit. f GDPR. If the aim of the e-mail contact is to conclude a contract, an additional legal framework for the processing is Art. 6 Sec. 1 lit. b GDPR.

12.3.  Purpose of Data Processing

We need to process personal data from the input mask only for dealing with the initial contact. If this contact is made via e-mail, there is also a justified interest in the processing of the data.

The other data processed during the transmission procedure serves to prevent a misuse of the contact form and to ensure the security of our information technology systems.

12.4.  Duration of Storage

The data is deleted as soon as it is no longer required for achieving the purpose of its collection. For personal data provided via the input mask of the contact form, and the data sent by e-mail, this is the case when the respective conversation with the user ends. The conversation ends when it can be inferred from circumstances that the situation concerned has been clarified finally.

The extra data collected during the sending process is deleted after a maximum period of seven days.

12.5.  Possibility of Objection and Disposal

At all times, users can withdraw their consent to the processing of their personal data. If users contact us by e-mail, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued.

The withdrawal of consent and the objection to storage must be sent in writing to the data protection officer.

In this case, all personal data stored during the contact is deleted.

 

13. Google Analytics

13.1.  Extent of Processing of Personal Data

On the basis of our justified interests, we use the web analysis service Google Analytics, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google Analytics is used to analyze the surfing behavior of our users.

Google uses cookies. The cookie-generated information concerning the use of the online services by users are normally transferred to and saved on a US server by Google.

By setting a cookie, Google is enabled to analyze the use of our website. Each call of a single site of this website, which is operated by the data controller and on which a Google Analytics component is integrated, automatically causes, due to the respective Google Analytics component, the internet browser on the IT system of the data subject to transfer data for the online analysis to Google. During this technical procedure, Google receives information concerning personal data such as the data subject’s IP address, that Google uses, amongst others, to retrace the visitors’ origin and clicks, and therefore to enable commission settlements.

Via cookies, personal information such as the time of access, the location from which the access originated, and the frequency of visits on our website by the data subject is stored. During each visit of our website, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Possibly, Google may pass personal data that was collected with this technical procedure on to third parties.

If single sites of our websites are accessed, the following data is stored:

  • The IP address of the user’s system accessing the site
  • The website accessed
  • The website from which user reaches the accessed site (Referer)
  • The subsites accessed from the accessed website
  • The duration of stay on the website
  • The frequency of accessing the website
  • The time of access
  • The device
  • The monitor resolution
  • The browser used

 

Google is certified for the Privacy Shield Agreement and therefore provides a guarantee for complying with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf for analyzing the use of our online services by the users, for providing reports concerning activities within our online services, and for providing additional services in connection with the usage of these online services and of the internet. Therefore, pseudonymous usage profiles of users can be created from the processed data.

The IP address transferred from the user’s browser will not be matched with other data by Google.

We use Google Analytics for displaying advertisement from the advertising services by Google and associated partners only for users that showed interest in our online services or that match specific characteristics (e.g. interest in specific topics or products relating to the accessed websites) transferred to Google (“remarketing audiences” or “Google Analytics audiences”). By means of remarketing audiences we wish to ensure that our advertisements meet the potential interest of the user and do not bother them.

Google Analytics is only used with enabled IP anonymization. This means that the user’s IP address is abridged by Google within the member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is transferred to a server by Google in the United States of America and is abridged there.

13.2.  Legal Framework for the Processing of Personal Data

The legal framework for the processing of the users’ personal data is Art. 6 Sec. 1 lit f GDPR.

13.3.  Purpose of Data Processing

The processing of the users’ personal data enables an analysis of the users’ browsing behavior. With the data generated from the analysis, we are able to gain information about the usage of single components of our website. This helps us to continuously improve our website and to make it more user-friendly. These purposes are part of our justified interest in data processing according to Art. 6 Sec. 1 lit. f GDPR.

With the anonymization of IP addresses, the users’ interest in the protection of personal data is sufficiently taken into account.

13.4.  Duration of Storage

The data is deleted as soon as it is no longer necessary for our recording purposes. In this case, this applies after 14 months.

13.5.  Possibility of Objection and Disposal

Cookies are stored on the user’s computer and transferred to our website and Google, therefore you are in full control of the usage of cookies. By changing the settings within your internet browser, the transfer of cookies can be disabled or restricted. Already stored cookies can be deleted anytime, also automatically. If cookies are disabled on our website, it is possible that not all features are entirely accessible.

Users can disable the storage of cookies with the respective settings of their browser software. Furthermore, by installing the browser plug-in that is available here: http://tools.google.com/dlpage/gaoptout?hl=de users can prevent the recording of data generated by the cookie and data related to the usage of the online services as well as the processing of this data by Google. This plug-in informs Google Analytics via JavaScript that no data and information concerning the access of websites may be transferred to Google Analytics. The installation of this plug-in is considered by Google as an objection. If the IT system of the data subject is deleted, formatted, or reinstalled later on, the browser plug-in needs to be reinstalled by the data subject in order to disable Google Analytics. As long as the browser add-on is uninstalled or disabled by the data subject or another person under the data subject‘s authority, it is possible to reinstall or reactivate the browser plug-in.

Further information about Google’s use of data, settings and objection options, please refer to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of data from accessing our partners‘ websites or apps“), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes“), http://www.google.de/settings/ads (“Managing information used by Google for displaying advertisement“).

 

14. Google Fonts

14.1.  Extent of Processing of Personal Data

On the basis of our justified interests, we use the Google Fonts service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google Fonts provides an intuitive and robust directory of open-source designer web fonts. With a comprehensive catalog, typography can be integrated seamlessly in any design project.

This service is used to integrate web fonts in our websites. The integration of the Google fonts takes place with a server call to Google, regularly via the URL https://fonts.google.com. The fonts are supplied by various designers and are open-source.

When a user accesses our online services, a request is usually transmitted to a Google server in the USA, where it is stored and processed.

Technically, the fonts embedded in our website are stored on a Google server and loaded from there when the site is being called. By using the Google fonts, the Google server sends a corresponding file to each user, based on the technologies supported by the user’s browser.

Google is certified under the Privacy Shield Agreement, which means it offers a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The connection to Google Fonts is not authenticated. During a visit to our online services, no cookies or login information is sent to Google. Corresponding queries to Google Fonts servers are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requirements for fonts are generally separated from login information, which otherwise is sent to Google domains such as google.com or google.de, where it can be authenticated.

Google Fonts logs records of the CSS and the font file requirements. For statistical purposes, Google assigns aggregated usage numbers showing how popular font families are, and publishes these results on an Analytics website (https://fonts.google.com/analytics).

For further information on the Google Fonts service, see https://developers.google.com/fonts/faq.

14.2.  Legal Framework for Processing Personal Data

The legal framework for the processing of users’ personal data is Art. 6 Sec. 1 lit. f GDPR.

14.3.  Purpose of Data Processing

Data is processed out of interest in the analysis, optimization, and economic operation of the online services in order to integrate content or service offers from third parties or their contents and services.

We use Google Fonts to make our website independent of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display on different systems.

The purpose and extent of data gathering and the processing, as well as the use of the data by Google can be found in Google’s Privacy Policy at https://policies.google.com/privacy?hl=de.

14.4.  Duration of Storage

The data is deleted as soon as it is no longer required for our recording purposes.

14.5.  Possibility of Objection and Disposal

For further information on Google’s use of data, and setting and objection options, see the following Google websites: (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“How Google uses cookies in advertising”), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes”), http://www.google.de/settings/ads (“Managing information used by Google to display advertising”).

 

15. Google Maps

15.1.  Extent of Processing of Personal Data

On the basis of our justified interests, we use the service Google Maps, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google Maps is an online map service by Google. The earth is displayed either as a road map or as an aerial view or satellite image.

This service is used to integrate map data in our websites. The integration of Google Maps is realized by a server call to Google via an interface, the Google Maps API.

When a site of our online services with a respective map integrated is called, a request is transmitted to a Google server in the USA, where it is stored and processed. By using Google Maps, the Google servers send the respective data for displaying the map data to the user’s browser.

Google is certified for the Privacy Shield Agreement and therefore provides a guarantee for complying with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

15.2.  Legal Framework for the Processing of Personal Data

The legal framework for the processing of the users’ personal data is Art. 6 Sec. 1 lit f GDPR.

15.3.  Purpose of Data Processing

The data is processed out of interest in the analysis, optimization, and the economical operation of the online services, as well as the integration of content or service offers by third parties or their contents and services. We use Google Maps for the integration of verified map data in our online services.

For the purpose and extent of the data gathering, as well as the processing and the use of data by Google, please refer to Google’s Privacy Policy at https://policies.google.com/privacy?hl=en.

15.4.  Duration of Storage

The data is deleted as soon as it is no longer necessary for our recording purposes.

15.5.  Possibility of Objection and Disposal

For further information concerning Google’s use of data, settings and objection options, please refer to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of data from accessing our partners‘ websites or apps“), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes“), http://www.google.de/settings/ads (“Managing information used by Google for displaying advertisement“).

 

16. Google reCAPTCHA

16.1.  Extent of Processing of Personal Data

Based on our justified interest in securing our internet forms, we use the service Google reCAPTCHA by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland („Google“). In case of an access by a user without habitual residence in the European Economic Area or in Switzerland, it is possible that requests are made to Google via servers by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We do not have any bearing on the possible forwarding of requests by Google.

Google Inc. is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The security of a request via internet form is ensured by an automated distinction between the input to the internet form by a human and the improper, automated machine processing.

The test includes sending the IP address to Google and, if necessary, additional data that is necessary for the service reCAPTCHA by Google. Therefore, your input is transmitted to and processed by Google. On behalf of the website’s operator, Google uses this information for analyzing your usage of the service.

Therefore, the user is regularly asked to solve exercises that are simple for humans but are very difficult for computer programs due to the exercise’s complexity. For example, the user is asked to enter single words that are displayed in a graphic, to check a field for confirmation that the user is no robot, or to assign several pictures to a basic concept. Potentially, it is also possible that no interaction by the user is necessary (Invisible reCAPTCHA).

Google uses this information on our behalf for analyzing the request via the internet form in an automated manner for the previously mentioned purposes and therefore to verify a human request.

The following data is collected in particular:

  • if necessary, cookies set by Google within the last six months
  • the number of clicks on the screen
  • CSS information of the website
  • the timestamp
  • the language settings in the browser
  • if necessary, browser information about installed add-ins
  • if necessary, existing JavaScript objects

 

If necessary, the data transmitted by the user’s browser is merged in anonymized form by Google with other data.

The service uses an IP anonymization. This means, that the users’ IP address is shortened by Google.  Only in exceptional cases, the full IP address is transferred to a Google server in the USA and abbreviated there.

Further information about Google reCAPTCHA is available here: https://www.google.com/recaptcha/ and https://support.google.com/recaptcha/.

16.2.  Legal Framework for the Processing of Personal Data

The legal framework for the processing of users’ personal data is Art. 6 Sec.1 p. 1 lit. f GDPR.

16.3.  Purpose of Data Processing

The processing of the users’ personal data enables us to secure our forms against improper use by automated programs. This helps us focusing on genuine requests and preventing improper use. These aims also include our justified interest in data processing according to Art. 6 Sec. 1 p. 1 lit. f GDPR.

Through the anonymization of the IP address, we also do justice to the users’ interest in the protection of their personal data.

16.4.  Duration of Storage

The data is deleted as soon as it is no longer required for our recording purposes. In this case, this is at the time of sending the form.

16.5.  Possibility of Objection and Disposal

Cookies potentially generated by other Google products are stored on the user’s computer and transferred to our website and Google. Therefore you are in full control of the usage of cookies. By changing the settings within your internet browser, the transfer of cookies can be disabled or restricted anytime. Already stored cookies can be deleted anytime, also automatically. If cookies are disabled on our website, it is possible that not all features are entirely accessible.

Users can disable the storage of cookies with the respective settings of their browser software. Furthermore, by installing the browser plug-in that is available here: http://tools.google.com/dlpage/gaoptout?hl=de users can prevent the logging of data generated by the cookie and data related to the usage of the online services as well as the processing of this data by Google.

Otherwise, this plug-in also informs Google via JavaScript that no data and information concerning the access of websites may be transferred to Google. The installation of this plug-in is considered by Google as an objection. If the IT system of the data subject is deleted, formatted, or reinstalled later on, the browser plug-in needs to be reinstalled by the data subject in order to disable an analysis by Google. As long as the browser add-on is uninstalled or disabled by the data controller or another person under the data controller’s authority, it is possible to reinstall or reactivate the browser plug-in.

For further information about Google’s use of data, settings and objection options, please refer to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of data from accessing our partners‘ websites or apps“), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes“), http://www.google.de/settings/ads (“Managing information used by Google for displaying advertisement“).

 

 

17. YouTube

17.1.  Description and scope of data processing

On the basis of our justified interests, we use components of the YouTube service, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, (“YouTube”).

YouTube is an Internet video portal that enables video publishers to post video clips free of charge, and other users to view, rate, and comment on these clips, also free of charge. YouTube permits the publication of all kinds of videos, which is why both whole film and TV programs, but also music videos, trailers, or videos made by the users themselves, can be retrieved via the internet portal.

After every call of one of the individual pages of this website, which is operated by those responsible for processing and on which a YouTube component (YouTube video) is integrated, the Internet browser on the information-technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be retrieved under https://www.youtube.com/yt/about/de/. Within the framework of this technical procedure, YouTube and Google receive knowledge about the actual subpage of our website that is being visited by the person concerned.

If the person concerned is simultaneously logged into YouTube, YouTube can see from the retrieval of a subpage containing a YouTube video the actual subpage of our website that is being visited by the person concerned. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.

Via the YouTube component, YouTube and Google always receive information that the person concerned has visited our website if the person concerned is simultaneously logged into YouTube at the time our website is retrieved; this takes place irrespective of whether the person concerned clicks a YouTube video or not. If such a communication of this information to YouTube and Google is not desired by the person concerned, he or she can prevent the communication by logging out of the YouTube account before visiting our website.

Legal basis for data processing

The legal basis for the processing of users’ personal data is Art. 6 Sec. 1 lit. f GDPR.

Purpose of data processing

The data are processed in the interests of analysis, optimization, and economic operation of the online offer.

For the purpose and scope of data collection and further processing and use of the data by YouTube, see the YouTube data privacy statement under https://www.google.de/intl/de/policies/privacy/.

Duration of storage

The data are deleted as soon as it is no longer required for achieving the purpose of its collection.

Appeal and disposal possibility

If a user is simultaneously a user of YouTube services and wants to prevent YouTube from collecting (via this online offer) data about him or her and linking it to his or her user data stored by YouTube, he or she must log out from YouTube before using our online offer, and delete his or her cookies.

YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. It may therefore be necessary for the user to log off from any possible Google user account and delete all related cookies.

Under https://www.google.de/settings/ads/authenticated, YouTube offers the option of forbidding targeted advertising.

 

18. Rights of the Data Subject

If your personal data is being processed, you are the data subject in the sense of the General Data Protection Regulation (GDPR) and you have the following rights against the data controller:

18.1.  Right to Information

From the data controller, you can demand confirmation about whether personal data concerning you is processed by us.

If your data is being processed, you can demand information from the data controller about the following:

  1. The reason why the personal data is being processed;
  2. The categories of personal data that are being processed;
  3. The recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. The planned duration of storage of your personal data or, if nothing concrete can be specified here, criteria for defining the duration of storage;
  5. A right of rectification or erasure of your personal data, a right to restrict processing by the data controller, or a right of objection to this processing;
  6. The right to complain to a supervisory authority;
  7. All available information about the origin of the data if the personal data is not collected for the data subject;
  8. The existence of an automated decision-making process including profiling in accordance with Art. 22 Sec. 1 and 4 GDPR and – in these cases at least – meaningful information concerning the logic involved as well as the scope and the intended effects of such processing for the data subject.

 

You have the right to demand information about whether your personal data is transmitted to a third country or an international organization. In this context, you can demand to be informed about suitable guarantees acc. to Art. 46 GDPR in connection with the transmission.

This right to information can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

18.2.  Right to Correction

You have a right to correction and/or completion against the data controller if your processed personal data is incorrect or incomplete. The data controller has to make the correction immediately.

Your right to correction can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

18.3.  Right to Restriction of Processing

You can demand restriction of processing of your personal data under the following conditions:

  1. If you dispute the correctness of your personal data for a duration that enables the data controller to check the correctness of your personal data;
  2. Processing is illegal and you reject the deletion of your personal data and instead demand the restriction of the use of your personal data;
  3. The data controller no longer requires the personal data for purposes of processing, but you require it for the assertion, enforcement or defense of your legal rights;
  4. You have objected to the processing in accordance with Art. 21 Sec. 1 GDPR and it is not yet certain whether the justified reasons of the data controller outweigh your reasons.

 

If processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, enforcement or defense of your legal rights or to protect the rights of another natural or legal person or for reasons of an important public interest of the EU or a member state.

If restriction of processing is limited to the conditions listed above, you will be informed of this by the data controller before the restriction is lifted.

Your right to restriction of processing can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

18.4.  Right to Deletion

You can demand from the data controller that your personal data be deleted immediately, and the data controller is obliged to delete this data immediately if one of the following reasons applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on the basis of which processing was carried out in accordance with Art. 6 Sec. 1 lit. a or Art. 9 Sec. 2 lit. a GDPR, and there exists no other legal basis for processing.
  3. You object to processing in accordance with Art. 21 Sec. 1 GDPR and there exist no overriding justified reasons for processing, or you object to processing in accordance with Art. 21 Sec. 2 GDPR.
  4. Your personal data concerned was unlawfully processed.
  5. The deletion of your personal data is necessary for the fulfillment of a legal obligation according to EU law or the laws of a member state to which the data controller is subject.
  6. Your personal data was collected with regard to services offered by information society in accordance with Art. 8 Sec. 1 GDPR.

18.5.  Information for Third Parties

If the data controller has published your personal data and is legally obliged to delete it in accordance with Art. 17 Sec. 1 GDPR, he or she must take appropriate (including technical) measures with regard to the available technology and the implementation costs to inform the data controller who also process your personal data that you as the data subject have demanded the deletion of all links to this personal data or of copies or replications of this personal data.

18.6.  Exceptions

The right to deletion does not exist if processing is necessary:

  1. For exercising the right to freedom of expression and information
  2. For fulfilling a legal obligation that requires processing according to EU law or the laws of the member states to which the data controller is subject, or performing a task that is in the public interest or in the exercise of official authority that is assigned to the data controller
  3. For reasons of public interest in the area of public health in accordance with Art. 9 Sec. 2 lit. h and i as well as Art. 9 Sec. 3 GDPR
  4. For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 Sec. 1 GDPR, provided the right named under Section 1. will foreseeably make the realization of the aims of processing impossible or extremely difficult
  5. For the assertion, enforcement or defense of legal rights.

18.7.  Right to Information

If you have enforced you right to correction, deletion or restriction against data controller, this person is legally obliged to inform all recipients to whom your personal data was disclosed about this correction or deletion of the data or restriction of processing unless this proves to be impossible or is connected with disproportionate effort.

You have the right against the data controller to be informed about these recipients.

18.8.  Right to Data Portability

You have the right to receive the personal data that you have provided to the data controller in a structured, common, and machine-readable format. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data was provided, if:

  1. Processing is based on consent in accordance with Art. 6 Sec. 1 lit. a GDPR or Art. 9 Sec. 2 lit. a GDPR or on a contract in accordance with Art. 6 Sec. 1 lit. b GDPR and
  2. Processing takes place with the aid of automated procedures.

 

In enforcing this right, you also have the right to ensure that your personal data is transferred directly from one data controller to another data controller as far as this is technically possible. The freedom and rights of other persons may not be impaired by this.

The right to data portability does not apply to the processing of personal data that is required for performing a task that is in the public interest or in the exercise of an official authority that was assigned to the data controller.

 

19. Right of Objection

You have the right for reasons applying to your particular situation, to object at any time to processing of your personal data that takes place on the basis of Art. 6 Sec. 1 lit. e or f GDPR; this also applies to profiling based on these regulations.

The data controller no longer processes your personal data unless he or she can provide compelling legitimate reasons for processing that outweigh your interest, rights and freedoms, or the processing serves the assertion, enforcement, or defense of your legal rights.

If your personal data is processed to pursue direct advertising, you have the right to object at any time to processing of your personal data for the purposes of such advertising; this also applies to profiling, if this is related to such direct advertising.

If you object to processing for the purposes of direct advertising, your personal data is no longer processed for these purposes.

In connection with the use of information society services – irrespective of Regulation 2002/58/EG – you can exercise your right of objection using automated procedures for which technical specifications are used.

You also have the right for reasons applying to your particular situation to object to processing of your personal data conducted for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Sec. 1 GDPR.

Your right of objection can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.

 

20. Right to Withdraw Declaration of Consent Concerning Data Privacy

You have the right at any time to withdraw your consent concerning data privacy. Through the withdrawal of consent, the legitimacy of the processing carried out on the basis of your consent up to its withdrawal is not affected.

 

21. Automated Decision for Individual Cases Including Profiling

You have the right not to be subjected to a decision based exclusively on automated processing including profiling, a decision that has a legal effect on you or that considerably adversely affects you. This does not apply if the decision:

  1. is necessary for the conclusion or fulfillment of a contract between you and the data controller
  2. is permissible on the basis of legal regulations of the EU or the member states to which the data controller is subject and these legal regulations include appropriate measures for preserving your rights and freedoms as well as your justified interests, or
  3. is made with your express consent.

 

However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Sec. 1 GDPR, as long as Art. 9 Sec. 2 lit. a or g GDPR does not apply and appropriate measures have been taken to protect your rights and freedoms as well as your justified interests.

With regard to the cases named in (1) and (3), the data controller takes appropriate measures to protect your rights and freedoms as well as your justified interests, to which at least belongs the right to obtain the intervention of a person on the part of the data controller, to present one’s own position, and to challenge the decision.

 

22. Right to Complain to a Supervisory Authority

Irrespective of any other regulatory or legal remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your workplace, or the place of the alleged violation if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation (GDPR).

The supervisory authority to which the complaint is submitted informs the complainant about the state and results of the complaint including the possibility of a legal remedy in accordance with Art. 78 of the General Data Protection Regulation (GDPR).