Data protection

Privacy Policy

 

Thank you for your interest in our website. The protection of your personal data is of major importance to us. We respect the legal requirements of data protection and security. 
 

In particular we are subject to the regulations of data protection (GDPR), the German Federal Data Protection Act according to the version that came into effect on 25 May 2018 (BDSG) and the German Telemedia Act (TMG). Under this legislation we are in particular entitled to collect and use personal data as far as this is necessary to enable you to access our internet site on www.hey-sign.de including all of its services and functions.

 

Below you will find information on what personal data we collect when you use our website and the services and functions it contains and how we use this data for what purposes.

 

I. Name and address of the responsible person

 

Responsible person within the regulations of data protection and other national data protection laws of the Member States as well as other privacy regulations is:

 

HEY-SIGN GmbH

Insterburger Straße 18

D-40670 Meerbusch

Germany

tel.: +49-2159-9284800

fax: +49-2159-9284828

E-Mail: service(at)hey-sign.de

Website: https://www.hey-sign.de

 

II. Name and address of the data protection engineer

 

Name and adress of the data protection engineer is:

Johannes Schwiegk

datenzeit GmbH

Friedrich-Engels-Allee 200

42285 Wuppertal

E-Mail: datenschutz(at)datenzeit.de

Website: https://www.datenzeit.de/

 

III. General information on data processing

 

1. Extent of personal data processing

 

We only process personal data of our users to the extent necessary to supply a functioning website as well as contents and services. The processing of personal data of our users regularly only takes place with the user’s consent. An exception applies in such cases where a previous consent isn’t possible because of factual reasons and the processing of data is permitted by legal regulations.

 

2. Legal basis for the processing of personal data

 

So far as we obtain the consent of the individual for processing personal data, art. 6 (1) lit. a of the European Data Protection Regulation (GDPR) forms the legal basis. 
 

When processing personal data, necessary for fulfilment of a contract to which the data subject is party, art. 6 (1) lit. b of the GDPR forms the legal basis. This applies also to all processing operations, necessary for the implementation of pre-contractual measures.

So far as the processing of personal data is necessary for compliance with a legal obligation, to which our company is subject to, art. 6 (1) lit. c of the GDPR forms the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) lit. d of the GDPR forms the legal basis.
 

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned don’t prevail the first-mentioned interest, art. 6 (1) lit. f of the GDPR forms the legal basis for the processing.

 

3. Data deletion and storage period

 

Personal data of the individual person will be deleted or blocked as soon as the purpose of storing ceases. A storage can further take place if Union law, laws or regulations are provided by the European or national legislature, the responsible person is subject to. The blocking or deletion of data will also take place as soon as the required data retention period expires because of the mentioned standards, unless there is a need of continued storage of data because of conclusion or performance of a contract.

 

IV. Provision of website and creation of log files

 

1. Description and extent of data processing

 

Our system automatically records data and information of the calling computer with each file request on our internet site. 

The following data will be collected:

 

IP address

Date and time of the request

Time zone variance from Greenwich Mean Time (GMT) 

Content of the request (concrete page)

Access status/HTTP status code

Each data transmitted

Website where the request has come from

Browser

Operating system and its surface

Language and version of the browser software

 

These data cannot be assigned to a particular person. The data will not be merged with any other sources. 

Art. 6 (1) lit. f of the GDPR forms the legal basis for the temporary storage of the data.

 

2. Purpose of the data processing

 

The temporary storage of the IP address by the system is necessary to enable the delivery from the website to the user’s computer. For this purpose the IP address of the user have to be stored for the duration of the session. This storage also takes place to guarantee the functionality of the website. In addition the data help us to optimize the website and to secure the safety of our IT systems. An analysis of the data for marketing purposes doesn’t take place in this context. 

For this purpose we have a legitimate interest in data processing according to art. 6 (1) lit. f GDPR.

 

3. Duration of storage

 

The data will be deleted as soon as they are no longer necessary for the purpose for which they were submitted. In the case of data capture for the provision of the website this is the case when the particular session is finished. In addition, the data will be deleted after seven days at the latest. An extended storage time is possible. 

In this case the IP addresses of the users will be deleted or alienated so that an allocation of the requesting client is no longer possible.

 

4. Objection and deletion possibilities

 

Data capture for the provision of the website and storage of the data in log files is absolutely necessary for the proper operation of the website. Consequently the user doesn’t have an opt-out option.

 

V. Use of cookies

 

b) Legal basis of the data processing 

 

Legal basis for the processing of personal data by using cookies is art. 6 (1) S.1 lit. a,c and f GDPR.

 

c) Purpose of data processing

 

The purpose of using technically necessary cookies is to simplify the use of websites. Some functions on our website cannot be provided without the use of cookies. Moreover, we have to use cookies in order to be able to meet our legal obligations and/or accountability according to the DSGVO.

For these it is necessary that the browser will be recognised after having changed the page. The technically necessary, by cookies ascertained user data, will not be used to create user profiles. The purpose of such use of analysis cookies is to improve the quality of our website and its contents. With the help of analysis cookies we learn how the website is used so that we are able to continuously optimise our services. In these purposes we have a justified interest in the processing of personal data pursuant to art. 6 (1) lit. f GDPR. The analysis cookies allow us to learn how the website is used and thus, we can thus constantly optimize our offer.

 

d) Duration of storage, objection and deletion possibilities

 

Cookies will be stored on the computer of the user and then passed to our website. Therefore, as a user you maintain the complete control over the use of cookies. Besides, you are also entitled to the already above mentioned configuration options via the cookie banner, displayed when you call up our website, as well as via the button in this data protection declaration, with which you as a user can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time.

This can also become automated.

 

VI. Newsletter

 

1. Description and extent of data processing

 

On our website, there is the possibility to subscribe to our free newsletter. When subscribing to the newsletter, the data from the input mask will be transmitted to us. 
By the so-called double-opt-in process we verify your agreement to receipt of the newsletter by email. This means that we first contact your specified email we received while subscribing to the newsletter in order to receive your active agreement to the receipt of the newsletter before we start mailing it. The information regarding your confirmation we use to document your agreement or to prove it, if necessary. 

Furthermore, in consideration of special conditions, we can also send you our newsletter without your consent. Within the framework of existing customer relationships, we are legally permitted to advertise the sale of similar goods and services by e-mail without having obtained your consent before.

In the context of data processing for the delivery of newsletters the data will not be transferred to third parties. These data will exclusively be used for the distribution of the newsletters. 

 

2. Legal basis of the processing

 

Legal basis for the processing of the data after signing up for the newsletter is your consent according to art. 6 (1) lit.a GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7(3) UWG.

 

3. Purpose of data processing

 

The elicitation of the user’s email address serves the purpose of sending newsletters. Collecting other personal data in context of the newsletter-registration helps to prevent misuse of the services or the email address used.

 

4. Duration of storage

 

The data will be deleted as soon as they are are no longer necessary for achieving this purpose. The email address of the user accordingly will be saved as long as the subscription of the newsletter is active. 

 

5. Objection and deletion possibilities

 

At any time the subscription of the newsletter can be cancelled by the user concerned. For this purpose you will find a corresponding link in each newsletter.

Withdrawal of the consent will not affect the legality of the processing because of your consent. Should you revoke your permission, we will delete these data and will not send any further newsletter to you.

 

VII. Registration

 

1. Description and extent of data processing

 

On our website we offer users to register by entering their personal data. Data can be entered directly into an input mask and will be transmitted to us and saved by us. A transfer of data to third parties will not take place. 

During the registration process the user’s permission is obtained to the processing of such data.

 

2. Legal basis of the processing

 

Legal basis for the processing of the data is your consent according to art. 6 (1) lit. a GDPR.

If the registration serves to fulfil a contract, to which the contractual party is the user, or the implementation of pre-contractual measures the additional legal basis for the processing of the data will be art. 6 (1) lit. b GDPR.

 

3. Purpose of data processing

 

The registration of the user is necessary to keep certain contents and services available on our website. 

 

4. Duration of storage

 

The data will be deleted as soon as they are no longer necessary for the purpose for which they were submitted.

This is the case during the registration process for the performance of a contract or for the implementation of pre-contractual measures, if the data for the implementation of the contract are no longer necessary. Even after conclusion of the contract there may be the necessity to save personal data of the contract partner to meet contractual or legal obligations.

 

5. Objection and deletion possibilities

 

As a user, you always have the option to dissolve the registration. At any time you can have change your stored data. 

If the data are necessary for the performance of a contract or for the implementation of pre-contractual measures, an advance cancellation of the data is only possible so far as there are no contractual or legal obligations for not deleting.

 

VIII. Contact form and contact by email

 

1. Description and extent of data processing

 

On our website you will find a contact form which can be used to contact us electronically. If a user makes use of this opportunity, data from the entry mask will be transferred to us and saved by us.

The information about the processing of your data in reference to this privacy statement will be recorded as a part of the mailing process.

 

Alternatively you can contact us by the provided e-mail address. In this case the personal data of the user, transmitted by email, will be saved.

 

In this context the data will not be transferred to third parties. The data will solely be used for the processing of the conversation.

 

2. Legal basis for the data processing

 

Your consent is the legal basis for the processing of the data according to art. 6 (1) lit. a GDPR.

If the email contact aims to conclude a contract, additional legal basis for the processing is art. 6 (1) b GDPR.

 

3. Purpose of data processing

 

The processing of personal data from the entry mask only serves us to process the contact. When contacting us by email, this leads to an essential, legitimate interest to process the data.

The other personal data, processed by mailing, serve to prevent misuse of the contact form and to ensure the safety of our IT systems.

 

4. Duration of storage

 

The data will be deleted as soon as the purpose for which they were submitted is no longer necessary. For personal data from the entry mask of the contact form and those sent by email is this the case when the respective conversation with the user is finished. When it appears from the facts that the concerned issue is finally settled, the conversation is finished.

 

5. Objection and deletion possibilities

 

At all times the user is able to withdraw his permission to the processing of personal data. If the user contacts us by email, he can contradict the storage of his personal data at any time. In such a case, the conversation cannot be continued.

 

In this case all saved personal data of the contacting will be deleted.

 

X. Web analysis by Matomo

 

1. scope of processing of personal data

 

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. In the configuration we use, no cookies (for cookies, see above) are set on the users' computers. The recognition of returning users is achieved with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours. With the "digital fingerprint", user movements within our online offer are recorded with the help of pseudonymised IP addresses in combination with user-side browser settings in such a way that it is not possible to draw conclusions about the identity of individual users.

If individual pages of our website are visited, the following data is stored by means of the "digital fingerprint":

 

- Two bytes of the IP address of the user's calling system.

- The website called up

- The website from which the user accessed the accessed website (referrer)

- The sub-pages accessed from the accessed website

- The time spent on the website

- The frequency with which the website is accessed

 

The software runs exclusively on the servers of our website. Personal data of the users is only stored there. The data is not passed on to third parties. The software is set in such a way that the IP addresses are not completely registered, 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

 

2. Legal basis for the processing of personal data

 

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

 

3. Purpose of data processing

 

The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the collected data, we are able to summarise information about the use of the individual components of our website. This helps us to improve our website and its user-friendliness, continuously. These purposes are also our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f DSGVO. By anonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

 

4. Duration of storage

 

The data will be deleted after the periods specified above or when it is no longer required for our recording purposes.

 

5. possibility of objection and removal

 

You can find more information about the privacy settings of the Matomo software under the following link: matomo.org/docs/privacy/.

We refer to your right of rectification, deletion and objection according to Art. 16, 17 and 21 DSGVO; for more details, see Chapter VI.

 

XI. Web analysis by Google Analytics 

 

1. Scope of processing of personal data

 

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics can use cookies on the user's computer (for cookies, see above) and allows us to analyze your use of our website. For example, we take into account which content you have called up within one or various usage processes, which search terms you have used and how you have interacted with our online offering overall. The time of use and duration are also stored, as well as technical aspects of your end devices and browsers used. For this purpose, pseudonymous user profiles are created with information from the use of various devices. Through the use of Google Analytics, data on the geographical location is determined and provided. For this purpose, the following metadata is collected based on the IP search: City (and the derived latitude and longitude of the city), Continent, Country, Region, Subcontinent (and the ID-based equivalents). To ensure the protection of personal data of European users in the EU, Google receives and processes all data via domains and servers within the EU. The IP address of the users is not logged and is shortened by the last two digits by default, whereby the shortening with regard to European users takes place on European servers.

The information obtained through the use of Google Analytics is used by Google on our behalf to evaluate your use of our website, to compile reports on website activity for us and to provide other services relating to the use of our website and the internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Full or unabbreviated IP addresses are not transferred to Google servers in the USA, so that it should be excluded that personal data is transferred to the USA. The USA is considered by the European Court of Justice to be a country with an insufficient level of data protection according to European standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes. Furthermore, risks may arise for you because it may be more difficult to enforce your rights in the USA. For cases in which personal data is transferred to the USA, Google invokes the standard contractual clauses of the European Union after the discontinuation of the EU-US Privacy Shield, cf. https://business.safety.google/adsprocessorterms/, as well as additional measures that can be accessed at the following link: https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers.pdf

 

2. Legal basis for the processing of personal data

 

The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. a DSGVO, i.e. your consent, which you have given via our cookie banner or consent management tool for the described data processing.

 

3. Purpose of data processing

 

The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP addresses, the interest of the users in their protection of personal data is sufficiently taken into account.

 

4. Duration of Storage

 

The data is deleted as soon as it is no longer required for our recording purposes. Furthermore, we would like to point out that we, as the provider of the pages, have no further knowledge of the content of the transmitted data or its use by Google. You can find more information on this in Google's privacy policy at https://policies.google.com/privacy.

 

5. Possibility of objection and removal

 

You can revoke your consent at any time with effect for the future by changing the settings in our cookie banner or consent management tool.

In addition, you can prevent cookies from being stored on your computer by setting your browser software accordingly. In this case, you may not be able to use all the functions of our website to their full extent. To prevent the collection of data generated by the cookies and related to your use of our website (including your IP address) by Google as well as the processing of this data by Google, a browser plug-in is available for download and subsequent installation at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (https://optout.networkadvertising.org/) and additionally the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).

 

XII. Use of Facebook plug-ins (Like-Button)

 

1. Extent of personal data processing

 

On our web pages we integrated plug-ins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise  the Facebook plug-ins thanks to the Facebook logo or the “like-button” on our website. Here you will find an overview of the Facebook plug- ins: https://developers.facebook.com/docs/plugins/?locale=en_US

When visiting our web pages, a direct connection via plug-in will be established between your browser and the Facebook server. Through integration of the plug-in, Facebook obtains the information that your IP address visited our website. When you click the Facebook “like-button” while you are logged in to our Facebook account, you are able to link the contents of our website to your Facebook profile. In this way Facebook can allocate your visit on our website to your Facebook account.

In addition, we maintain an online presence on Facebook, the so-called fan page, in order to be able to communicate with the customers, interested parties and users active there to inform them about our services.

When using the fan page or the plug-ins, your data may be processed outside the European Union. This can result in risks for you as, for example, it can make it more difficult for you to enforce your rights. The data transfer to the USA is based on the EU standard contract clauses of the European Commission.

 

2. Legal basis for the processing of personal data

 

Legal basis for the use of Facebook plug-ins is art. 6 (1) S. 1 lit. f GDPR.

If you are asked by Facebook to consent to the described data processing, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a DSGVO.

Additionally, based on an agreement on joint processing of personal data according to Art. 26 DSGVO in connection with the declaration taken down in the following link www.facebook.com/legal/terms/page_controller_addendum

 

3. Purpose of data processing

 

Facebook plug-ins facilitate sharing contents on social platforms. 

When users post contents on Facebook, we reach more potential customers. In addition, we are able to perform a so-called reach analysis.

Furthermore, Facebook generally processes user data for market research and advertising purposes. Thus, for example, user profiles can be created from the user behaviour and the thereof resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the user interests. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Moreover, data can also be stored in the user profiles independently of the devices used by the users.

 

4. Duration of storage

 

Please note that we, as a provider of the pages, do not obtain any information concerning the content of the transmitted data as well as their use by Facebook. For more information, please refer to the Facebook privacy policy at de-de.facebook.com/policy.php.

As well as specifically for pages: www.facebook.com/legal/terms/information_about_page_insights_data

 

5. Objection and deletion possibilities

 

If you don’t want Facebook to associate your visit on our pages with your Facebook account, please log out from your Facebook user account.

An opt-out possibility exists at: www.facebook.com/settings

 

XIII. Use of Google Maps

 

1. Extent of personal data processing

 

On this website map images of the service “Google Maps’ are integrated. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In particular, your IP address and your location data are a part of this processed data which will not be collected without your consent. The data can be processed in the USA. The data transfer to the USA is based on the EU standard contractual clauses of the European Commission.

 

2. Legal basis for the processing of personal data

 

The legal basis for the use of Google Maps is Art. 6 para. 1 sentence 1 lit. f DSGVO

 

3. Purpose of data processing

 

Through the use of Google Maps we are able to display geographic information visually and to offer you a simple way of route determination from any location to HEY-SIGN GmbH. 

 

4. Duration of storage

 

Please note that we don’t have specific knowledge of the transmitted data and its use by Google. Further information on Google can be obtained at https://www.google.com/intl/en-US_US/help/terms_maps.html. The current data policy of Google Maps is available at policies.google.com/privacy.

 

5. Possibility of objection and removal

 

The processing of the data by Google can be changed and excluded at https://adssettings.google.com/authenticated.

 

XIV. Application of Google Web Fonts

 

1. Extent of personal data processing

 

To ensure a uniform representation, our website uses standardised fonts, so-called web fonts of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When requesting a page, your browser will load the necessary web fonts into your browser cache so that texts and fonts will be displayed correctly. 

To this end, the browser you are using has to connect to the servers of Google. Hereby Google obtains the information that our website was accessed by your IP address. 

 

2. Legal basis for the processing of personal data

 

Legal basis for the use of Google Web Fonts is art. 6 (1) S. 1 lit. f GDPR.

 

3. Purpose of data processing

 

We make use of this service in order to uniform the representation of fonts and in the interest of a uniform and attractive display of our online presentation.

 

4. Duration of storage

 

Please note that aside from the mentioned data we don’t have specific knowledge of the transmitted data and its use by Google. Further information on Google web fonts can be found at developers.google.com/fonts/faq. The current data policy of Google is available at https://policies.google.com/privacy?hl=en.

 

5. Objection and deletion possibilities

 

You can configure your browser so that the fonts will not be loaded from Google servers (for example by installing browser add-ons as NoScript or Ghostery for Firefox). If your browser doesn’t support Google web fonts or you prevent the access of the Google server, the text will be displayed in the standard font of your system. The processing of the data by Google may be changed or excluded at https://adssettings.google.com/authenticated.

 

XV. The use of Instagram

 

1. Extent of personal data processing

 

The functions of the service Instagram are integrated on our pages. These functions will be offered by the provider Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. In this way Instagram is able to assign the visit on our pages to your user account. Please note that we, as a provider of these pages, don’t have specific knowledge of the content of the transmitted data and its use by Instagram.   

 

2. Legal basis for the processing of personal data

 

Legal basis for the use of Instagram is art. 6 (1) S. 1 lit. f GDPR.

 

3. Purpose of data processing

 

The use of Instagram facilitates the sharing of contents.

When users post contents on Instagram, we reach more potential customers. In addition, the use of Instagram helps us to further increase and spread the awareness of our company and the services offered.

 

4. Duration of storage

 

Please note that we, as a provider of the pages, do not obtain any information concerning the content of the transmitted data as well as their use by Instagram. 

For more information, see the Instagram’s privacy statement at: instagram.com/about/legal/privacy/

 

5. Objection and deletion possibilities

 

If you don’t want Instagram to associate your visit on our pages with your Instagram account, please log out from your Instagram user account.

 

XVI. The use of Pinterest

 

1. Extent of personal data processing

 

The functions of the service Pinterest are integrated in our pages. These functions will be offered by the provider Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA. Responsible for the data processing of persons, living outside the USA, is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. 

A data transmission by Pinterest to unsafe third countries is based on the EU standard contractual clauses of the European Commission. 

 

We have no influence on type and scope of processed data, the nature of the processing and use or the transmission of such data to third parties by Pinterest. In this respect, we also don’t have effective control options. By using Pinterest, your personal data will be recorded by Pinterest Inc., transmitted, stored, disclosed and used and thereby transferred to the US, Ireland and each other country in which Pinterest will do business, stored there and used, regardless your place of residence.  On one hand, Pinterest thereby processes  your voluntarily given data as name, user name and email address. 

On the other hand, Pinterest also analyses your shared contents, for example in which topics you are interested, stores and processes messages you send to other users directly and is able to track your current location based on GPS data, information to wireless networks or to control your IP address in order to provide you with advertising or other contents.

 

2. Legal basis for the processing of personal data

 

Legal basis for the use of Pinterest is art. 6 (1) S. 1 lit. f GDPR.

 

3. Purpose of data processing

 

The use of Pinterest facilitates the sharing of contents.

When users post contents on Pinterest, we reach more potential customers. In addition, the use of Pinterest helps us to further increase and spread the awareness of our company and the products and services offered.

 

4. Duration of storage

 

Please note that we, as a provider of the pages, do not obtain any information concerning the content of the transmitted data as well as their use by Pinterest. For more information, see the Pinterest’s privacy statement at https://policy.pinterest.com/en/privacy-policy.

 

5. Objection and deletion possibilities

 

If you don’t want Pinterest to associate your visit on our pages with your Pinterest account, please log out from your Pinterest user account.
Furthermore you have the right to object. To exercise this right, please contact Pinterest directly. We recommend that you regularly log out after the use of Pinterest.

 

XVII. Use of the product configurator mural design Relief

 

1. Extent of personal data processing

 

On our website you have the opportunity to create an individual mural design by a configurator, provided by us. You have the possibility to save each current status of your design as a bookmark in your browser. Furthermore, you have the possibility to receive an email with the link to each design and the products, used for this design. 

We don’t receive any copies or other notifications of these bookmarks or or emails. In this context the data will not be transferred to third parties. The data solely serve you for temporary storage of your design and to simplify a possible order process. 

For the representation and the functionality only the mentioned data are stored as described in IV. and V.

 

2. Legal basis for the processing of personal data

 

Legal basis for the processing of these data is our legitimate interest in data processing according to art. 6 (1) 1 lit. f GDPR.

If a possible subsequent email contact aims at a contract, additional legal basis for the processing is art. 6 (1) lit. b GDPR.

 

3. Purpose of data processing

 

In addition to the data which are necessary for the presentation and functionality of our website, data only will be processed if you make use of the possibility to save the design or to receive by email. These data are stored locally on your computer system and are exclusively used for temporary storage of your design and to simplify a possible order process.

 

4. Duration of storage

 

The data will be deleted as soon as they are no longer necessary for the purpose of its collection. Concerning the data processing for the services of the website this will be the case when the respective session is finished. Furthermore, the data will be deleted after seven days at the latest. A longer period is possible. In this case the IP addresses of the user will be deleted or alienated so that an allocation of the requesting client is no longer possible.

 

5. Objection and deletion possibilities

 

The data processing for the services of the website and the data storage as log files is absolutely necessary for the operation of the website. Consequently the user has no possibility to appeal.

 

XVIII. Rights of the data subject

 

If your personal data are processed, you are the affected person in the sense of GDPR and you have the following rights towards the data processing holder:

 

1. Right of access

 

From the person responsible you may request a confirmation, whether personal data which concern you, will be processed by us. 

If such a processing takes place, you have the right to obtain the following information from the person responsible:

 

(1) the purposes for which the personal data will be processed;

(2) the categories of personal data which will be processed;

(3) the recipients respectively categories of recipients, to whom your personal data concerned have been disclosed or will be disclosed;

(4) the planned storage period of your personal data concerned or, if concrete specifications are not possible, criteria for the determination of the storage period;

(5) the existence of a right to correction or deletion of your personal data concerned, a right to restriction of the processing by the responsible person or a right of objection against this processing;

(6) the existence of a right of appeal with the supervisory authority; 

(7) any available information as to their source, if the personal data will not be obtained from the data subject; 

(8) the existence of an automated decision-making including profiling according to art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and the desired consequences of such a processing for the data subject. 

 

You have the right to request information about whether your personal data concerned will be transferred to a third country or an international organisation. In this context you may require information on the appropriate guarantees according to art. 46 GDPR in connection with the transfer.

 

2. Right of correction

 

You have the right to correction and/or completion against the responsible person, insofar the processed personal data which concern you, are inaccurate or incomplete. The responsible person shall correct without delay.

 

3. Right of limited processing

 

Under the following conditions you may require to limit the processing of your personal data concerned:

 

(1) if you dispute the correctness of the data for a period, enabling the responsible person to verify the accuracy of the personal data;

(2) if the processing is unlawful and you refuse the deletion of the personal data and instead demand a limitation of the use of the personal data;

(3) if the responsible person will no longer need the personal data for the purpose of the processing, however you need them for the assertion, exercise or defence of legal claims, or

(4) if you have entered your objection against the processing according to art. 21 (1) GDPR and it is not yet certain whether the justified reasons of the responsible person outweigh your reasons.

 

If the processing of your personal data concerned has been restricted, these data – apart from their storage – may only be used with your consent or for the assertion, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If the restriction of the processing was restricted under the above conditions, you are informed by the responsible person before lifting the restrictions to be applied.

 

4. Right of deletion

 

a) Obligation to delete

You may request the responsible person to delete your personal data in question promptly and the responsible person is obligated to delete these data immediately if any of the following reasons applies:

(1) Your personal data concerned are no longer necessary for the purposes for which they have been collected or have been handled in any other way.

(2) You revoke your consent, the processing according to art. 6 (1) lit. a or art. 9 (2) lit. a GDPR was based on and there is not any other legal basis for the processing.

(3) You object to the processing according to art. 21 (1) GDPR and there are no overriding proper reasons for the processing or you object to the processing according to art. 21 (2) GDPR.

(4) Your personal data concerned have been unlawfully processed.

(5) The deletion of your personal data concerned is necessary to meet the legal obligation under the law of the Union or the law of the Member States, which governs the responsible person.

(6) Your personal data concerned were collected with regard to services provided by the information society in accordance with art. 8 (1) GDPR.

 

b) Information to third parties

If the responsible person has published your personal data concerned and is he obliged to delete them according to art. 17 (1) GDPR, he takes appropriate measures in consideration of the available technologies and the implementation costs, including those of a technical nature, to inform the responsible controllers, who process the personal data, that you as a person concerned requested to delete all links of these personal data or copies or replications.  

 

c) Exceptions

The right to obtain deletion doesn’t exist as far as the processing is necessary

(1) to exercise the right to free expression and information;

(2) to comply with a legal obligation, which requires the processing according to the law of the Union or the Member States, to which the responsible person is subject, or to perform a task carried out in the public interest or in the exercise of official authority, vested in the responsible person;

(3) for reasons of public interest in the field of public health in accordance with art. 9 (2) lit. h and i as well as art. 9 (3) GDPR;

(4) for purposes of general interest as archiving, science, history or statistics in accordance with art. 89 (1) GDPR insofar as the right referred to in section a) probably makes impossible or seriously affects to achieve these objectives, or 

(5) for the assertion, exercise or defence of legal claims.

 

5. Right to information

 

If you exercised the right of correction, deletion or restriction of the processing against the responsible person, the latter is obligated to inform all recipients, to whom your personal data concerned were disclosed, about this correction, deletion or restriction of the processing, unless this turns out to be impossible or this involves a disproportionate effort.

With regard to the responsible person you have the right to be informed of these recipients.

 

6. Right to data portability

 

You have the right to receive the personal data concerned, you provided to the responsible person, in a structured,  popular and machine-readable format. Furthermore, you have the right to submit these data to another responsible party without hindering by the responsible party, to whom you provided the personal data, if

 

(1) the processing is based on a consent in accordance to art. 6 (1) lit. a GDPR or art. 9 (2) lit. a GDPR or on a contract in accordance to art. 6 (1) lit. b GDPR and

(2) the processing is done through automated tools.

 

With the exercise of this right you also have the right to obtain that your personal data concerned are provided directly by the responsible person to another responsible one, if technically possible. Freedoms and rights of other persons may not be affected. 

The right to data portability does not apply to the processing of personal data, which is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority, vested in the responsible person.

 

7. Right of objection

 

At any time you have the right, for reasons, resulting from your special situation, to file an objection against the processing of your personal data concerned, which takes place on the basis of art. 6 (1) e or f GDPR; this also applies to profiling, based on these provisions.

The responsible person will no longer process your personal data concerned, unless he can provide compelling and legitimate reasons for the processing, which outweigh your interests, rights or freedoms or if the processing enables the assertion, exercise or defence of legal claims.

If your personal data concerned will be processed for direct advertising purposes, at all time you have the right to file an objection against the processing of your personal data concerned for such advertising purposes; this also applies to profiling, so far as it is used in connection with direct advertising.

If you object to the processing for direct advertising purposes, your personal data concerned will be no longer processed for these purposes.

In connection with the usage of information society services – notwithstanding directive 2002/58/EG – you have the right to object by using automated procedures which make use of technical specifications.

 

8. Right of withdrawal of data privacy declaration

 

At any time you have the right to revoke your data privacy declaration. Withdrawal of the consent will not affect the lawfulness of the processing on the basis of your consent given, until this consent is withdrawn.

 

9. Automated decision in individual cases including profiling

 

You have the right, not to be subject to an exclusively automated processing – including profiling -based decision, which produces legal effects or significantly affects you in a similar way. This is not effective if the decision

 

(1) is necessary for the conclusion or performance of a contract between you and the responsible person,

(2) is admissible due to the law of the Union or the Member States, the responsible person is subject to, and these laws contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or

(3) takes place with your explicit consent.

 

Nevertheless, these decisions should not be based on special categories of personal data in accordance with art. 9 (1) GDPR, unless art. 9 (2) lit. a or g GDPR shall be applicable and adequate measures have been taken to safeguard the rights and freedoms as well as your legitimate interests. 

With regard to the cases, mentioned in (1) and (3), the responsible person will take all reasonable measures to protect the rights and freedoms as well as your legitimate interests, including the right to obtain the inference of a person on the part of the responsible person, to present at least the own point of view and to contest the decision.

 

10. Right of complaint with the regulatory authority 

 

Irrespective of other regulatory or juridical legal remedy you have the right to file a complaint with the regulatory authority, in particular in the Member State of the place of your residence or work or the place of the supposed infringement, if you think that the processing of your personal data concerned is against the GDPR.

The regulatory authority, where the complaint has been lodged, will inform the complainant about the status and the results of the complaint including the possibility of a legal remedy in accordance with art. 78 GDPR.

 

XIX. Changes to this data privacy declaration

 

The development of the Internet and our Internet presence may also have an influence on the processing on personal data. For this reason, we retain the right to change this privacy declaration in the future in accordance with the currently valid data protection laws and to adapt to changed data processing. The current version of the privacy statement is always available under the heading “data protection” respectively “privacy statement“.