This data protection statement explains to you the nature, scope and purpose of processing personal data (hereinafter shortened to ‘data’) within our online activities and the websites, functions and content connected with this, as well as external online activities, such as for example, our social media profiles (hereinafter collectively referred to as ‘online presence’). With respect to the terms used, such as for example, ‘personal data’ or its ‘processing’, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
DC DEVELOPMENTS BERLIN GMBH & CO. KG
Telephone +49 (0)30 80 933 46-0
Fax +49 (0)30 80 933 46-10
General partner: DC Developments Berlin Management GmbH
Registered office: Berlin
Berlin Commercial Register AG Charlottenburg HRB 186648 B, St.-Nr. 30/044/75702
Managing directors: Heike Zauner, Lothar Schubert
DATA PROTECTION OFFICER:
ED Computer & Design GmbH & Co. KG
Telephone +49 (0) 221 28887766
CATEGORIES OF DATA PROCESSED:
Order data (for example, names, addresses).
Contact details (for example, e-mail addresses, telephone numbers).
Content data (for example, text entries, photographs, videos).
Meta/communication data (for example, device information, IP addresses).
PROCESSING OF SPECIAL CATEGORIES OF DATA (ARTICLE 9(1) GDPR:
No special categories of personal data are processed.
PROCESSING CATEGORIES OF DATA SUBJECTS:
Visitors and users of the online presence.
Hereinafter we also refer to the data subjects collectively as ‘users’.
PURPOSE OF THE PROCESSING:
Responding to contact requests and communication with users
Marketing, advertising and market research
1. RELEVANT LEGAL BASES
In accordance with Article 13 GDPR, we notify you of the legal bases for our data processing. If the legal basis is not stated in the data protection statement, the following shall apply: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing to perform our services and execute contractual measures, as well as responding to queries is Article 6(1)(b) GDPR, the legal basis for processing to comply with our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to pursue our legitimate interests is Article 6(1)(f) GDPR. In the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1)(d) GDPR forms the legal basis.
2. AMENDMENTS AND UPDATES TO THE DATA PROTECTION STATEMENT
We ask that you regularly read the content of our data protection statement. We adjust the data protection statement as soon as changes to the data processing we carry out make this necessary. We inform you as soon as amendments to your participation (for example, consent) or another individual notification is required.
3. SECURITY MEASURES
In accordance with Article 32 GDPR, we implement technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons; in particular, these include the ability to ensure the confidentiality, integrity, and availability of data by monitoring physical access to the data and digital access, entry, forwarding, security of availability and its separation. We have also established procedures which guarantee that the rights of data subjects are exercised, data is deleted and risks to data are reacted to. We also take into account the protection of personal data when developing or selecting hardware, software and processes, considered in compliance with the data protection principle through technical design and through data-protection-friendly defaults (Article 25 GDPR).
In particular, the security measures include the encrypted transfer of data between your browser and our server.
4. COOPERATION WITH ORDER PROCESSORS AND THIRD PARTIES
4.1 If, in the context of our processing, we disclose data to other persons and companies (order processors or third parties), transfer it to them or otherwise grant them access to the data, this only occurs on the basis of a legal authorisation (for example, if a transfer of data to a third party, such as a payment services provider, in accordance with Article 6(1)(b) GDPR, is necessary to fulfil the contract), you have given consent, a legal obligation requires this or on the basis of our legitimate interests (for example, hiring contractors, web hosts, etc.).
4.2 If we commission a third party with the processing of data on the basis of a so-called ‘order processing agreement’, this shall occur on the basis of Article 28 GDPR.
5. TRANSMISSIONS TO A THIRD COUNTRY
If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using third-party services or disclosure or transfer of data to a third party occurs, this shall only happen if it is necessary to fulfil our (pre-)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual authorisations, we process or have the data processed in a third country only if the special prerequisites of Article 44 et seq. GDPR apply. I.e. the processing occurs for example, based on special guarantees, such as the officially recognised observation of one of the levels of data protection equivalent to the EU (for example, the ‘Privacy Shield’ for the USA) or observation of officially recognised special contractual obligations (so-called ‘standard contract clauses’).
6. DATA SUBJECT RIGHTS
6.1 You have the right to obtain confirmation as to whether personal data concerning you is being processed and information about this data and a copy of the data in accordance with Article 15 GDPR.
6.2 In accordance with Article 16 GDPR, you have the right to obtain the completion of data concerning you or the rectification of inaccurate data concerning you.
6.3 In accordance with Article 17 GDPR, you have the right to obtain the erasure of data concerning you without undue delay, or alternatively in accordance with Article 18 GDPR, you have the right to obtain restriction of processing of data.
6.4 You have the right to receive the data concerning you which you have provided to us according to Article 20 GDPR and to have it transmitted to other controllers.
6.5 In accordance with Article 77 GDPR, you also have the right to lodge a complaint with your competent supervisory authority.
7. RIGHT TO WITHDRAW
In accordance with Article 7(3) GDPR, you have the right to withdraw your consent with future effect.
8. RIGHT TO OBJECT
In accordance with Article 21 GDPR, you may object to the future processing of the data concerning you at any time. In particular, you may object to processing for the purposes of direct marketing.
9. COOKIES AND RIGHT TO OBJECT IN THE CASE OF DIRECT MARKETING
or the EU website
. The storage of cookies can also be deactivated in the browser settings. Please note that some functions of this website may then not be available.
10. ERASURE OF DATA
10.1 The data processed by us is erased or restricted in its processing in accordance with Article 17 and 18 GDPR. If not explicitly laid down in the context of this data protection statement, data we have stored is erased as soon as it is no longer required for its purpose and the erasure does not contravene any legal retention obligations. If the data is not erased because it is required for other legally permissible purposes, its processing is restricted. I.e. the data is blocked and not processed for other purposes. This shall apply, for example, for data which has to be retained for commercial or tax reasons.
10.2 According to statutory provisions, retention shall be for 6 years, in particular, in accordance with Section 257(1) Handelsgesetzbuch [German Commercial Code] (HGB) (account books, inventories, opening balances, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with Section 147(1) Abgabenordnung [German Tax Code] (AO) (books, records, reports, accounting records, commercial and business letters, documents relevant for tax, etc.).
11. PROVISION OF CONTRACTUAL SERVICES
11.1 We process order data (for example, names and addresses and users’ contact details), contract data (for example, services claimed, name of contact, payment information) for the purposes of fulfilling our contractual obligations and services in accordance with Article 6(1)(b) GDPR. The fields marked mandatory in online forms are necessary to conclude the contract.
In the context of registration and renewed subscriptions and claiming our online services, we store the IP address and the time of the respective user action. The storage occurs based on our legitimate interests and to protect the user from misuse and other unauthorised use. In principle, this data is not forwarded to a third party except if it is required to pursue our claims or there is a legal obligation for this in accordance with Article 6(1)(c) GDPR.
11.2 Erasure occurs after the legal warranty and comparable obligations which require the retention of data to be checked every three years have expired; in the case of legal archiving obligations, erasure occurs after these have expired (end of retention period, 6 years in terms of commercial law and 10 years in terms of tax law); details shall remain in the customer account until they have been erased.
12. CONTACTING US
12.1 By contacting us (with the contact form or via e-mail), the user’s details are processed to handle the contact request and its processing in accordance with Article 6(1)(b) GDPR.
12.2 The user’s details may be stored in our Customer Relationship Management System (‘CRM System’) or a comparable query system.
12.3 We delete the queries if these are no longer required. We check whether these are required every two years; we permanently store queries from customers who have a customer account and we reference the customer account details when deleting. In the case of legal archiving obligations, erasure occurs after these have expired (end of retention period, 6 years in terms of commercial law and 10 years in terms of tax law); details shall remain in the customer account until they have been erased.
13. COLLECTION OF ACCESS DATA AND LOG FILES
13.1 On the basis of our legitimate interests in the meaning of Article 6(1)(f) GDPR, we collect data each time the server on which this service is located is accessed (so-called server log files). The access data includes name of the retrieved website, file, date and time, volume of data transmitted, notification of successful access, browser type and version, the user’s operating system, referrer URL (the site previously visited), IP address and the requesting provider.
13.2 Log file information is stored on security grounds (for example, for information on misuse or fraud) for a period of seven days and then deleted. Should it be necessary to store the data for longer for evidence purposes, it shall not be deleted until the respective incident has been clarified.
14. ONLINE PRESENCE IN SOCIAL MEDIA
14.1 Based on our legitimate interests in the meaning of Article 6(1)(f) GDPR, we maintain our online presence within social networks and platforms to communicate with customers, interested parties and users who are active there and to be able to inform them of our services. When using the relevant networks and platforms, the relevant terms and conditions of business and data processing statements of the operators concerned will apply.
14.2 Unless otherwise stated in the context of our data protection statement, we process user data if they communicate with us within social networks and platforms, for example, by commenting on our online presence or sending us messages.
15. COOKIES & MEASURING REACH
15.1 Cookies are information which transfers from our web server or a third party’s web servers to the user’s web browser and are stored there for later retrieval. Cookies comprise small files or other types of information storage.
15.3 If the users do not want cookies to be stored on their computer, they have the option of deactivating them in their browser’s system settings. Stored cookies may be deleted in the browser’s system settings. Deactivating cookies may lead to the functions of this website being restricted.
http://optout.networkadvertising.org/and also via the American website
http://www.aboutads.info/choicesor the European website
16. GOOGLE ANALYTICS
16.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will abide by European data protection law
16.3 Google will use this information on our behalf to evaluate use of our website by users, to produce reports on activity within this website offer and to provide other services to us related to the use of the website offer and of the internet. As part of this process, pseudonymised usage profiles of users may be generated out of the data processed.
16.4 We only use Google Analytics with IP anonymisation enabled. This means that the IP address of users will first be abbreviated by Google within the Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.
16.5 The IP address transmitted by the user’s browser will not be merged with other data by Google. The users can prevent the storage of cookies via the relevant setting on their browser software; the users can also prevent the release of data generated by the cookies about your use of the website to Google as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:
16.6 Further information on the use of data for advertising purposes by Google, as well as settings options and procedures available for opting out can be found on Google’s website:
(‘How Google uses information from sites or apps that use our services’),
(‘Control the information Google uses to show you ads’).
16.7 Normally, the personal data is anonymised or deleted after a period of 14 months.
17. INVOLVEMENT OF THIRD-PARTY SERVICES AND CONTENT
17.1 Based on our legitimate interests (i.e. interest in analysing, optimising and operating our online presence in the meaning of Article 6(1)(f) GDPR), we use third-party services or content, such as for example, embedded videos or fonts, within our website (hereinafter referred to as ‘content’). This always requires that third-party providers of this content use the IP address of the user, as without the IP address the content cannot be sent to their browser. The IP address is therefore required to display this content. We endeavour to use only content for which the relevant provider uses the IP address solely for the purpose of displaying content. Third-party providers can also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags produce information on visitor traffic to the pages of this website. Pseudonymised information can also be stored in cookies on users’ devices and can also contain technical information on the browser and operating system, referring websites, time of visit and other details for the use of our websites so that it can be linked up to information from other sources.
17.2 The following provides an overview of third-party providers and their content in addition to the links to their privacy policies which contain more information on data processing and the objection options partially stated here (so-called opt-out):
External fonts from Typekit from the third-party provider Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110-2704, USA,
(‘Typekit’). Fonts are integrated by sending a request to the Typekit server (usually in the USA). Data protection statement:
Videos on the ‘Vimeo’ platform from the third-party provider Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. Data protection statement: