In the following, you will find information on which personal data we process, to what purpose and on what basis:
Data privacy notice
Overview / table of contents
You will find the following information in our data privacy statement:
A. Our contact information and general information on data processing
A.1. Name and contact information of the controller
A.2. Contact information of the data security officer
A.3. General information on the legal basis for the processing of personal data
A.4. General information on the deletion of data and storage period
A.5. General information on the sources of personal data
A.7. General information on the recipients or categories of recipients of personal data
B. Scope of the processing of personal data on our website
B.1. Provision of the website and creation of log files
B.2. Contact through the contact form, e-mail contacts, faxes and phone calls
B.4. Use of Like button on Facebook (Meta)
B.5. Use of Twitter's Tweet button (X)
B.6. Use of Instagram Social Plug-Ins
B.8. Use of Matomo analysis tool (previously Piwik)
B.9. Use of fonts from fonts.net
B.11. Transmission of personal Date to third countries (foreign countries-EU/ - EEA)
C. Your rights as the data subject
C.4. Right to restriction of processing
C.6. Right to data portability
C.7. Right to object to processing for legitimate interests
C.8. Right to withdraw consent
C.9. Automated individual decision-making including profiling
C.10. Voluntary provision of personal data
C.11. Right to lodge a complaint with a supervisory authority
A. Our contact information and general information on data processing
A.1. Name and contact data of the data controller
The following entity is responsible for the collection and use of personal information in the sense of the data protection law:
Staatliche Schlösser und Gärten
Baden-Württemberg – Zentrale
Schlossraum 22a
76646 Bruchsal, Germany
Represented by CEOs Patricia Alberth and Manuel Liehr
+49 (0) 72 51.74 -27 11
info@ssg.bwl.de
To find out more about us, see our website at https://www.schloesser-und-gaerten.de/wir-ueber-uns/impressum/.
You can find more information about us on our website at https://www.schloesser-und-gaerten.de/wir-ueber-uns/impressum/.
A.2. Contact information of the data security officer
Our data security officer can be reached at the following address:
Official Data Security Officer
Vermögen und Bau Baden-Württemberg
Betriebsleitung
Rotebühlplatz 30
70173 Stuttgart, Germany
datenschutz@vbv.bwl.de
A.3. General information on the legal basis for the processing of personal data
When we process personal data, the following applies in general:
- When we have obtained your consent to carry out processing operations on your personal data, Article 6(1)(a) of the EC General Data Protection Regulation (hereinafter: GDPR) serves as the legal basis for the processing of personal data.
- When the processing of personal data is necessary for the performance of a contract, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies when processing is necessary in order to take required steps prior to entering into a contract.
- When the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR serves as the legal basis.
- When processing of personal data is necessary in order to protect your vital interests or the vital interests of another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
- If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority which has been delegated to us, the legal basis is Article 6(1)(e) GDPR.
- If the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, and these interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data, then Article 6(1)(f) of the GDPR serves as the legal basis for processing.
A.4. General information on the deletion of data and storage period
Providing there is no other legal basis for storage, the data is deleted no later than two years after collection. Furthermore, data may also be stored if this storage is permitted by the European or national legislative authorities in EU regulations, laws or other guidelines to which we as controller are subject. Data is also deleted or made unavailable to users once the storage period defined by the specified norms elapses as long as continued storage of the data is not required in order to conclude or perform a contract.
Specifically, this means:
When we process personal data on the basis of consent given to the processing of personal data (Article 6(1)(a) GDPR), processing ends when you withdraw your consent, unless there is another valid legal reason for your data to be processed, which is the case when we are still authorized to process your data for the purpose of performance of a contract at the time when consent is withdrawn, or when data processing is necessary for the purposes of our legitimate interests (see below for further information).
If we process data based on our legitimate interests (Article 6(1)(f) GDPR) in connection with considerations made prior to the processing, we store this data until these legitimate interests no longer apply, the considerations result in a different conclusion, or you object to the processing pursuant to Article 21 GDPR (cf. highlighted text under “Information on special right to object” under C.).
If we process data necessary for the performance of a contract, then we store this data until the contract has been completely fulfilled and settled and none of the claims from the contract can be asserted, meaning when the statute of limitations has elapsed. The general statute of limitations in accordance with Paragraph 195 of the German Civil Code (BGB) is three (3) years. However, certain claims, such as claims for damages, have a statute of limitations of 30 years (see Paragraph 197 of the BGB). If there is legitimate grounds to believe that this may be relevant in specific cases, we will save a data subject’s personal data for this period of time. The statute of limitations specified start at the end of the year (December 31) in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and of the debtor, or must have become aware of them in the absence of gross negligence.
Here, we would like to point out that we are also subject to statutory retention obligations for tax and accounting purposes. In accordance with these obligations, we must store certain data, which could include personal data, as proof for the purposes of our accounting over a period of six (6) to ten (10) years. These retention periods override the obligations to delete data described above. The retention periods also begin at the end of the year in question, meaning on December 31 of that year.
A.5. General information on the sources of personal data
The personal data that we process is primarily provided to us by the data subject, for example when this person:
- transmits information, such as an IP address, via the web browser and their end device (e.g. a PC, smartphone, tablet or notebook) to our web server,
- requests information or an offer from us as an interested party,
- places an order with us or enters into a contract with us as a client,
- requests information, press releases, statements, and the like from us as a media representative and/or journalist,
- supplies us with goods or services in accordance with contracts and/or agreements as a supplier.
Only in exceptional cases do we receive the personal data that we process from third parties, for example in the event that a person is acting on behalf of a third party.
A.6. General information on the categories, purposes and legal bases for the processing of personal data
We process the following categories of personal data:
- website users,
- interested parties,
- media representatives,
- clients, as well as
- suppliers.
Depending on the category of data in question, we process personal data for the following purposes and in accordance with the legal basis specified as defined in the EC General Data Protection Regulation (GDPR):
User data: We collect and process data from the users of our website in a pseudonymized format. It is not possible for us to connect this data to a specific individual. IP addresses are solely processed in an anonymized format. If, in exceptional cases, personal data is involved in this context, we only process this data for the purposes of our legitimate interests on the basis of Article 6(1)(f) of the GDPR. In this context, our legitimate interests are our interests in the security and integrity of our website and the data on our web server (in particular fault and error detection as well as tracking unauthorized access), as well as marketing interests and interests in statistical data (which allows us to improve our web presence as well as our services and offers). After careful consideration, we have come to the conclusion that data processing for the purposes of our legitimate interests as specified above is necessary, and that your interests or fundamental rights and freedoms which require protection of personal data do not override these interests.
Data of interested parties/media representatives: In the event that we process the data of persons interested in our services or of media representatives, this only occurs when such persons provide us with this data by filling out a form or sending us an e-mail for the purposes of submitting a request or an inquiry. You are not obligated to provide us with this information. We only process this data in order to process your request or inquiry. We process the data that you voluntarily provide us with for the purposes of finding out more information about our services as part of the steps required prior to entering into a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of the consent you have given us by providing us with this data in accordance with Article 6(1)(a) of the GDPR.
Client data: We process the data of our clients if this is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent granted by them in accordance with Article 6(1)(a) of the GDPR. This also applies for processing operations that are required in order to take the necessary steps prior to entering into a contract (for example as part of issuing and negotiating offers).
Supplier data/data from our business partners: We process the data from our suppliers and business partners if this is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent granted by these parties in accordance with Article 6(1)(a) of the GDPR. This also applies for processing operations that are required in order to take the necessary steps prior to entering into a contract (for example as part of issuing and negotiating offers).
A.7. General information on the recipients or categories of recipients of personal data
Your personal data is only transferred or otherwise provided to third parties if this is necessary for the performance of a contract (for example for the purpose of processing a request), or for the purposes of invoicing (for example to carry out a payment transaction when purchasing goods or services), a legitimate interest in the transfer/processing exists and your interests and basic rights and fundamental freedoms do not take precedence, or if you have effectively granted us your consent in advance.
Recipient categories include:
- service providers (publishers, printers, conference organizers, etc.)
- distribution services providers, suppliers
- payment services providers, banks
A.8. Data processing in the distribution of our newsletter
It is possible to subscribe to a free newsletter via our website or by request. When registering for this newsletter, the data from the form is transmitted to us. This includes:
- salutation, first name, last name and
- e-mail address.
When registering for the newsletter, the following data is also collected:
- the user's IP address as well as
- the date and time of registration.
This serves to prevent the misuse of the services or the data subject's e-mail address.
Registering for our newsletter requires a double-opt-in process. This means, after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with an e-mail address that is not their own.
As part of the registration process, we obtain your consent to process your data and you are directed to this privacy policy.
We do not pass your data on to third parties, with the exception of a legal obligation to share. The data is used exclusively for the mailing of the newsletter.
Purpose of data processing: The user's e-mail address is collected and processed for the purpose of delivering the newsletter. We use the e-mail address for advertising purposes.
The collection of other personal data as part of the registration process serves to prevent the misuse of services or the e-mail address provided.
Legal basis for data processing: Legal basis for the processing of data following registration for the newsletter on the part of the user and with user consent is Article 6(1)(a) of the GDPR.
Other personal data collected during the registration process is processed based on legitimate interests as per Article 6(1)(f) of the GDPR. Our legitimate interest here is based on the prevention of misuse of our services, our web server or mail server or the e-mail address provided.
Duration of storage: Data is deleted as soon as it is no longer required for the purpose for which it was obtained. The user’s e-mail address will be stored for at least as long as the subscription is active.
We may store e-mail addresses for up to an additional three years on the basis of our legitimate interests for providing proof of previously given consent before deleting them for newsletter distribution purposes. Processing of this data is limited to potentially disputing any claims. An individual request to delete data can be submitted at any time, insofar as the former existence of consent is simultaneously confirmed.
Other personal data collected as part of the registration are typically deleted after a period of seven days.
Options for objection and removal: The newsletter subscription can be canceled by the user at any time free of charge and with no form required. Termination is equivalent to a withdrawal of the consent given. A link to do so is provided in each newsletter. This also enables the revocation of consent to store personal data collected during the registration process.
B. Scope of the processing of personal data on our website
We only collect and use our users’ personal data as part of their use of our website to the extent necessary for the use of our website as well as the provision of our content and services. Generally, we only collect and use our users’ personal data with the users’ consent. One exception is in cases when it is not possible to obtain the user’s consent in advance for practical reasons and/or we are permitted to process this data within the scope of the law.
The provider hosting the website on its server is LF.net Netzwerksysteme GmbH, Industriestr. 4, 70565 Stuttgart. We have concluded a data processing agreement with the host provider.
B.1. Provision of the website and creation of log files
With each visit to our website, our system automatically collects data and information for technical reasons. This data is stored in log files on our server. It includes:
- the date and time of access,
- URL address of the referring website,
- websites visited by the user's system as referred from our website,
- user's screen resolution,
- file(s) accessed and notifications on the success of this access,
- quantities of data sent,
- user's internet service provider,
- browser, browser type and version, browser engine and engine version,
- operating system, operating system version and type, as well as
- the user's anonymized IP address and internet service provider.
This data is processed separately from other data. This data is not processed together with the user’s other personal data. It is not possible for us to connect this information to a specific person.
Purpose of data processing: The temporary processing of data by the system is necessary for the provision of content from our website to the user's computer. In order to do this, the user’s IP address must be stored for the entire session.
The data is stored in log files in order to ensure the functionality of the website. Furthermore, we use this data to optimize the services we offer and our website and to ensure that our information technology systems are secure. The data saved for these reasons is not used or evaluated for marketing purposes.
Legal basis for data processing: The temporary storage of data and log files follows the legal basis of Article 6(1)(f) of the GDPR. Our predominant legitimate interest in processing this data is based on the aforementioned purposes.
Duration of storage: Data is deleted as soon as it is no longer required for the purpose for which it was obtained. In terms of the data collected for the provision of the website, this is the case as soon as the session in question ends. Data saved in the log files is deleted after seven days at the latest. It is possible that data could be stored beyond this window. In this case, the IP address of the user is deleted or anonymized so that it is no longer possible to associate it with the client that accessed the website.
Options for objection and removal: The collection of data required for the provision of the website and the storage of data in log files is essential in order to use the website. For this reason, the user cannot opt out. However, the user may terminate use of the website at any time, thereby preventing the further collection of the listed data.
B.2. Contact through the contact form, e-mail contacts, faxes and phone calls
Contact forms are available on our website and can be used to contact us electronically regarding various areas and topics. Should you make use of this option, the data you enter in the form will be transmitted to us and stored.
This data includes:
- salutation, first name, last name, e-mail, your query (required fields)
- title, street, house number, zip code, city (optional fields)
At the time the message is sent the following data is also stored:
- the user's IP address,
- the date and time sent.
As part of the transmission process, we obtain your consent to process your data and simultaneously make reference to our legitimate interest in processing your data. You are again informed of the processing of your data and directed to this privacy policy.
Alternatively, you may contact us via the provided e-mail address, fax number or phone number. Should you do so, the personal data included with your e-mail, fax or phone call are stored.
None of the data provided in this context is shared with third parties. The data is used exclusively for the processing of the conversation.
Purpose of data processing: The processing of personal data taken from contact forms as well as e-mails, faxes or phone calls helps us process your contact with us and your request, and if you are registering for an event, helps us register you and complete the transaction. We absolutely require your e-mail address or fax number or phone number or mailing address in order to be able to answer at all. Our legitimate interest in processing the data is based on this.
Other personal data collected during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Legal basis for data processing: The legal basis for processing of data for instances where consent is given is Article 6(1)(a) of the GDPR, otherwise it is Article 6(1)(f) of the GDPR.
Should your contact or query be for the purpose of concluding a contract, the legal basis for processing is Article 6(1)(b) GDPR (performance of pre-contractual steps).
Duration of storage: Data is deleted as soon as it is no longer required for the purpose for which it was obtained.
This is the case for personal data collected from the contact form as well as from e-mails once our conversation with you has been concluded. The conversation is considered concluded when the circumstances indicate that the issue in questions has been conclusively resolved.
Other personal data collected as part of the sending process is deleted after a period of no more than seven days.
Fax data and printed data are stored separately in the device's internal storage. After printing a fax, the occupied storage space is again made available so that the next fax can be received and stored there. After printing, portions of the fax may be stored temporarily on the device's storage until these are overwritten by the next incoming fax. As a rule, this results in an automatic deletion of the data after 1 to 2 weeks.
For incoming phone calls or calls going out of our system, your phone number or the name/company registered with your phone provider along with the time and date of the call are stored in our phone system in a circular memory in which the oldest data is constantly overwritten by new data. As a rule, this results in an automatic deletion of the data from the phone system after no more than 3 months.
Options for objection and removal: You always have the option to revoke consent given to process your personal data or to object to the further processing of your data on the basis of legitimate interests (see above item regarding special right to object). In this case, the conversation cannot be continued.
Revocation of consent or objection to further processing are possible by contacting us via a regular message (e.g. via e-mail).
In this case, all personal data that was stored as part of the exchange is deleted.
B.3. Use of cookies
Our website uses cookies. These are small text files that are stored on your end device (PC, smartphone, tablet, etc.). A cookie may be stored by your browser when you access one of our websites. This cookie contains a string of characters that enables us to clearly identify your browser whenever you return to our website.
Cookies are used to enable use of our website in the first place, as well as to ensure the security and integrity of the website (essential cookies) and to make the website more user-friendly (non-essential cookies).
We only use essential cookies that are required for the use of our website and are therefore indispensable. These cookies, and any possible associated processing of personal data (e.g., your IP address), are contained exclusively on our own web servers.
Only in exceptional cases may cookies be used by third-party providers. Our data privacy statement shall address each potential case separately in the sections relating to the respective third-party tools.
When you visit our website, you are informed about the use of non-essential cookies and we obtain your consent to the processing of the personal data used in this connection.
Purpose of data processing: The purpose of using essential cookies is to enable the user to access desired or expressly requested website functions. Some functions cannot be provided without the use of cookies. In such cases, the browser has to be recognized even after navigating to a different website. The user data collected by essential cookies is not used to create user profiles.
Non-essential cookies are generally used for the purpose of improving the quality of our website and its content. Analysis cookies allow us to find out how the website is used, for example, thereby enabling us to optimize our offerings on an ongoing basis.
Legal basis for data processing: The following applies to essential cookies: The legal basis for the storage of essential cookies in your end device and access to them is Section 25(2)(2) TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz – Telecommunications-Telemedia Data Protection Act). The legal basis for the processing of personal data using information stored in cookies is Article 6(1)(f) GDPR, i.e. an overriding legitimate interest on our part. Our legitimate interest is based on the aforementioned purposes. The following applies to non-essential cookies: The legal basis for the storage of non-essential cookies on your end device and access to them is Section 25(1) TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz – Telecommunications-Telemedia Data Protection Act). The legal basis for the further processing of personal data using non-essential cookies is the consent given at the same time in accordance with Article 6(1)(a) GDPR.
Duration of storage: Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (session cookies). Other cookies remain on your end device and enable us to recognize your browser on subsequent visits (persistent or static cookies). If we have stored the cookies based on your consent, we stop further data processing when you withdraw your consent.
Otherwise, we store data collected on the basis of our legitimate interests until those legitimate interests no longer exist, the assessment of legitimate interest yields different results, or you have submitted a valid objection as per Article 21 of the GDPR (see highlighted statement of your “Right to object to processing based on legitimate interests,” under item C).
Options for objection and removal: Cookies are stored on your computer and are shared with our site by your computer. This means that you have complete control over the use of cookies. By changing your internet browser settings, you can deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time. This process can also be automated. Note: Deactivating cookies for our website may limit website functionality.
Cookie Management
You have the option at any time to deselect cookies that were previously accepted or to accept cookies that were previously rejected. To do this, simply click on the lock symbol at the bottom right of our website, regardless of which sub-page you happen to be on.
This opens Cookie Management, which you will also see displayed when you first visit our website to set your cookie preferences.
Here you have the option to find out about all cookies, in particular to see their name and storage duration. Also, you can either accept all cookies (this also includes tracking cookies and the like) or only accept those cookies that are necessary (i.e. those that are required for the website to work or expressly desired and necessary in order for us to be able to offer website functions). If third-party cookies are listed here, these are cookies that are not set and managed by us but exclusively by third parties such as Facebook, Twitter, Instagram or YouTube.
B.4. Use of Like buttons on Facebook (Meta)
Our website contains Like buttons and/or Share buttons that link to the Facebook social network. This network is operated by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and for all data within Europe by their subsidiary Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter jointly referred to as: Facebook). Our contracting party is the European company in Dublin.
The button can be identified by the Facebook logo (“f”) and/or the word “Like” and/or “Share.”
When visiting one of our internet sites containing such a button, your browser only connects to Facebook's servers (which, according to Facebook, may be located not only within the EU, but also outside the EU, such as in the USA) if you first approve the transfer of data by actively clicking on the button. This means that there is no data transfer to Facebook through the Facebook buttons used on our website simply by accessing our site. This kind of data transfer only occurs after you take a corresponding deliberate action (= clicking the button). Only through your first click on the button is the information that you have visited our site transferred to Facebook.
If you are logged into your personal Facebook account when you visit our website and click on the button, Facebook can link the website visit to your account. Whenever the Facebook button is used, the corresponding interaction is transferred to Facebook and stored there. If you would like to prevent this kind of connection to your Facebook account, you must log out of your Facebook account before you visit our website. However, certain data, such as your IP address, the time of the click, the browser in use, etc., will still be transferred to Facebook in that case. By logging out, you only prevent the direct linking of the data to your specific Facebook account.
There is an EU adequacy decision certifying that the USA has an adequate level of data protection, which means that data transfer to the USA is permitted.
Shared responsibility with Facebook: Concerning the collection of personal data through the use of the button and the subsequent transfer of data to Facebook, we share responsibility with Facebook in the context of data protection (Article 26 GDPR). Therefore, within the scope of our data protection obligations, we are hereby informing you of the processing of data which takes place within the sphere of our knowledge and influence. We do not transfer any personal data in connection with the button other than to Facebook itself.
However, we have no influence over, or knowledge of, how the data is further processed by Facebook after data transfer has occurred. Facebook is therefore solely responsible for all subsequent data processing after data transfer (cf. Judgment of the ECJ from 07/29/2019 – C-40/17).
Information about the purpose and scope of further data collection by Facebook, as well as your rights and options for protecting your privacy with regards to such collection within your Facebook account, can be found in Facebook's data privacy statement (http://facebook.com/privacy/explanation.php).
According to Facebook itself, it uses standard contractual clauses sanctioned by the European Commission and draws on the European Commission's adequacy decisions with regard to specific countries as necessary for data transfers from the EEA to the USA and other countries (cf. https://www.facebook.com/about/privacy/update).
Concerning your questions and your rights as a user: If you contact us, we will answer your inquiry ourselves to the extent that we are able to do so based on our own data processing and will otherwise forward your inquiry directly to Facebook with a request for full information, since we have no insight into Facebook's data processing.
Purpose of data processing: Use of the Facebook button serves the purpose of providing our website's users with a direct feedback option (Like) and/or the option of sharing our content and information (Share), thus serving our advertising and marketing interests, as the further dissemination of our content and websites expands the reach of our services.
Legal basis for data processing: The legal basis for the processing of personal data when using this button is your consent as per Article 6(1)(a) of the GDPR, which is given by clicking on the button.
Duration of storage: We do not store any personal information related to the use of the Facebook button. Our interests in providing this button and the related Like and Share functions lie solely in increasing our reach. We have no knowledge of how long Facebook will make use of the data resulting from the click of the button—in particular how long Facebook stores and processes this data. Additional information about how Facebook handles personal data is available in their privacy policy.
Options for objection and removal: If you would like to avoid the processing of data associated with the use of the button, you can prevent such use by simply choosing not to click the button.
If you would like your visit to our website not to be assigned to your Facebook account by Facebook, please log out of your Facebook account and block the use of Facebook scripts in your browser, e.g., by using a script blocker like www.noscript.net or www.ghostery.com, before you click on the Facebook button.
B.5. Use of Twitter's Tweet button (X)
Our website uses the share or “Tweet” button of the social network Twitter, which is operated by X Corp., USA or, for the European area, by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). The Tweet button can be identified by the relevant symbol.
When visiting one of our internet sites containing such a button, your browser only connects to Twitter's servers (which, according to Twitter, may be located not only within the EU, but also in the USA) if you first approve the transfer of data by actively clicking on the button. This means that there is no data transfer to Twitter through the Twitter buttons used on our website simply by accessing our site. Such data transfer only occurs after you take a corresponding deliberate action (= clicking the button). Only through your first click is the information that you have visited our site transferred to Twitter.
If you are logged into your Twitter account when you visit our website and click on the button, Twitter can link the website visit to your account. Whenever the Tweet button is used, the website visit and the corresponding interaction is transferred to Twitter and stored there. If you would like to prevent this kind of connection to your Twitter account, you must log out of your Twitter account before you visit our website. However, certain data, such as your IP address, the time of the click, the browser in use, etc., are still transferred to Twitter in that case. By logging out, you only prevent the direct assignment of the data to your specific Twitter account.
There is an EU adequacy decision certifying that the USA has an adequate level of data protection, which means that data transfer to the USA is permitted.
Shared responsibility with Twitter: Concerning the collection of personal data through the use of the button and the subsequent transfer of the data to Twitter, we share responsibility with Twitter in the context of data protection (Article 26 of the GDPR). Therefore, within the scope of our data protection obligations, we are hereby informing you of the processing of data which takes place within the sphere of our knowledge and influence. We do not transfer any personal data in connection with the button, other than to Twitter itself.
However, we have no influence over, or knowledge of, how the data is further processed by Twitter after data transfer has occurred. To the best of our knowledge, only your IP address and the respective website's URL are transferred. Interactions, especially the clicking of a Re-Tweet button, are also shared with Twitter. Twitter is therefore solely responsible for all subsequent data processing after data transfer (cf. Judgment of the ECJ from 07/29/2019 – C-40/17).
Information regarding the purpose and scope of data collection and the further processing and use of the data by Twitter, as well as your rights and options to protect your privacy with regards to such collection, can be found in Twitter's data privacy statement at http://twitter.com/privacy.
Twitter itself indicates that whenever personal data is transmitted outside the European Union, the EFTA countries or the United Kingdom, Twitter provides an appropriate protection level for the rights of data subjects based on the suitability of the data protection laws in the receiving country or the contractual obligations of the data recipient (cf. https://twitter.com/privacy#chapter6).
Concerning your questions and your rights as a user: If you contact us, we will answer your inquiry ourselves to the extent that we are able to do so based on our own data processing and will otherwise forward your inquiry directly to Twitter with a request for full information, since we have no insight into Twitter's data processing.
Purpose of data processing: Use of the Twitter plug-in serves the purpose of a direct feedback option and/or serves to enable direct sharing of our content and information (Tweet), thus expanding and positively impacting our reach and thereby our advertising and marketing interests.
Legal basis for data processing: The legal basis for the processing of personal data when using this button is your consent as per Article 6(1)(a) of the GDPR, which is given by clicking on the button.
Duration of storage: We do not store any personal information related to the use of the Twitter button. Our interests in providing this button and the related Like and Share functions lie solely in increasing our reach. We have no knowledge of how long Twitter will make use of the data resulting from the click of the button, in particular how long Twitter stores and processes this data. Additional information on how Twitter handles personal data is available in Twitter's privacy policy at http://twitter.com/privacy.
Options for objection and removal: If you would like to avoid the processing of data associated with the use of the button, you can prevent such use by simply choosing not to click the button.
If you would like your visit to our website not be assigned to your Twitter account by Twitter, please log out of your Twitter account and block the use of Twitter scripts in your browser, e.g., by using a script blocker like www.noscript.net or www.ghostery.com, before clicking on the Twitter button.
You also have the option of changing your data privacy settings in Twitter by accessing your Twitter account settings at http://twitter.com/account/settings.
B.6. Use of Instagram Social Plug-Ins
Our website integrates functions and content from Instagram. This is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you are logged into your Instagram account, you can link content on our site with your Instagram profile by clicking the Instagram button. This allows Instagram to assign your visit to our page with your user account. Here, we would like to point out that we, as provider of the pages, have no knowledge of the content of the transferred data or of its use by Instagram.
These data can include, e.g., images, videos, or text and buttons with which users indicate their opinion of the content and can subscribe to the author of the content or to our posts. Insofar as the users are members of the Instagram platform, Instagram can assign a user’s access to the aforementioned content and functions in the user’s Instagram profile.
It cannot be ruled out that personal information processed by Instagram is also transferred to the USA and processed there. In addition to the EU adequacy decision regarding the level of data protection in the USA, Instagram bases its operations on the Standard Contractual Clauses (SCCs) as a legal mechanism for transferring personal data from the EEA (European Economic Area) to the USA. The Standard Contractual Clauses contain various security mechanisms, such as a provider duty to initiate a judicial process before customer data is provided to a government office, or the provider's obligation to inform the customer of each request for personal information made by government offices. This provides a sufficient level of data privacy.
Purpose of data processing: Use of the Instagram plug-in serves the purpose of a direct feedback option and/or of enabling direct sharing of our posts and information via the Instagram network and thus our advertising and marketing interests.
Information on data collection (purpose, scope, further processing, use) as well as your rights and settings options can be found in Instagram’s privacy policy. This information is available on Instagram at http://instagram.com/about/legal/privacy/.
Legal basis for data processing: The legal basis for processing personal information is Article 6(1)(a) of the GDPR, i.e., your consent, which we solicit upon your visit to our website. Consent to the storage of cookies and access thereto is based on § 25(1) of the TTDSG (Telecommunications and Telemedia Data Protection Act) and consent to further data processing is based on Article 6(1)(a) of the GDPR.
Duration of storage: As user, you can decide on the execution of the JavaScript code required for the tool via your browser settings. By changing these settings in your web browser, you can deactivate JavaScript or limit its execution, thus preventing storage. Note: Deactivating JavaScript may limit full website functionality.
Options for objection and removal: If you are a customer of Instagram and would not like Instagram to collect information on you via our website and link these to your data stored with Instagram, you must log out of Instagram before visiting our website.
You can prevent the execution of the JavaScript code required for the tool by adjusting the settings in your browser software accordingly.
In order to prevent the execution of the JavaScript code entirely, you can also install a Java script blocker, e.g., the browser plug-in NoScript (e.g., www.noscript.net or www.ghostery.com).
B.7. Use of YouTube Videos
Our website offers the option of viewing YouTube videos (provider: YouTube LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter “YouTube”). We have integrated these YouTube videos in YouTube's expanded data protection mode, which blocks the creation of YouTube cookies until the point at which an active click starts the playback.
The videos are only downloaded, thus creating YouTube cookies in your browser, if you give your consent to the setting of YouTube cookies by your first click on such a video.
YouTube is a subsidiary of Alpahabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Selecting an item with an integrated YouTube video will prompt the website to play the corresponding YouTube video. Within the scope of this process, YouTube and Alpahabet receive information on which item was selected. If you are logged into YouTube at the same time, when you call up a page that contains a YouTube video, YouTube will recognize which specific page you are visiting. This information is gathered by YouTube and Alpahabet and assigned to your YouTube account.
YouTube’s data privacy policies also provide information on the collection, processing, and use of personal information by YouTube and Alpahabet and can be found here: http://www.google.de/intl/de/policies/privacy.
There is an EU adequacy decision certifying that the USA has an adequate level of data protection, which means that data transfer to the USA is permitted.
Purpose of data processing: YouTube videos are embedded for the purpose of offering you multimedia content on our website, thus enhancing and improving the user experience on the website. Because this makes our website more appealing, the use of YouTube videos also serves our marketing and advertising purposes. Furthermore, hosting and playing such videos on our own server has high associated costs and effort.
Legal basis for data processing: The legal basis for the processing of personal information is your express consent. Consent to the storage of cookies and access thereto is based on § 25(1) of the TTDSG (Telecommunications and Telemedia Data Protection Act) and consent to further data processing is based on Article 6(1)(a) of the GDPR. The legal basis for the embedding of videos is Article 6(1)(f) of the GDPR, i.e., our legitimate interests. Our legitimate interest is based on the aforementioned purposes.
Duration of storage: We do not store any personal information about the use of the YouTube videos. We count the views and downloads of each video, but without any reference to a specific individual.
We have no influence on the storage policies of YouTube or Alpahabet. The exact circumstances of their data processing can be found in Google’s data privacy policy at http://www.google.de/intl/de/policies/privacy.
Options for objection and removal: YouTube and Alpahabet always receive the information that the respective user has visited our website, provided the user is logged into YouTube at the same time as they use the app. This occurs independently of whether the individual clicks on a YouTube video. If you would not like your information to be transferred to YouTube and Alpahabet, you can prevent transferal by logging out of your YouTube account before visiting our website. You will also find options for minimizing data processing by Google in your YouTube account settings. Because the video portal belongs to Alpahabet and thus to Google, settings are located in the general configuration of your Google account. There, under “Activity controls” (https://myactivity.google.com/activitycontrols), you will find not only options for the web and location history, but also special functions regarding data privacy on YouTube. On the one hand, you can pause the video search so that your searches are no longer stored. On the other. you can also turn off the video playback history so that your video views are not stored either.
Otherwise, you can prevent data processing by not visiting any pages containing YouTube videos.
B.8. Use of the Matomo analysis tool (previously Piwik)
This website uses an open-source web analysis tool called Matomo (Piwik) of the company InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org) to collect and store data used for marketing and optimization purposes. A usage profile can be established from this data under a pseudonym. Cookies may be used in this process. Cookies are small text files stored locally in the temporary storage of the internet browser of the visitor to the site. Cookies allow the internet browser to be recognized upon a return to the site. Data collected by Matomo (Piwik) are not used to identify the visitor to the website personally and not added to personal data on the pseudonym subject without the separate consent of the data subject.
Purpose of data processing: The use of analysis tools and analysis cookies serves the purpose of improving the quality of our website and its content. Through these tools, we learn how the website is used and can thus continually optimize our offers.
Legal basis for data processing: The legal basis for the processing of personal data using cookies is your consent to the storage and reading out of cookies on your end device in accordance with Section 25(1) TTDSG and your consent to further data processing for analysis purposes in accordance with Article 6(1)(a) GDPR. In both cases, we request your consent in our cookie banner.
Duration of storage: The cookies are stored on the user's computer and are shared with our site by the user's computer. The IP address is anonymized immediately after being processed and before being stored. This means that you as a user have complete control over the use of cookies. By changing your internet browser settings, you can deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time. This process can also be automated. Note: Deactivating cookies for our website may limit full website functionality.
Otherwise, we store data collected on the basis of a legitimate interest until the legitimate interest no longer exist, the assessment of legitimate interest yields different results, or you have submitted a valid objection as per Article 21 of the GDPR (see highlighted “Notice of special right to object,” under “Right to object to processing based on legitimate interests”). The existence of legitimate interest is verified regularly, at least once per year. Our interest no longer exists in particular when data has become so old that it no longer possesses sufficient relevance to the analysis and statistics of website use, which is no later than three years.
You can also withdraw your consent at any time with effect for the future. You can also do this by clicking on the lock symbol at the bottom right of our website, for example.
Options for objection and removal: You can prevent the storage of cookies with a corresponding setting in your browser software; we point out that, should you deactivate cookies, you may not be able to use all functions of this website fully. You can prevent the collection of cookie data relating to your use of the website (incl. your IP address) as well as the processing of this data by us by making use of the opt-out option provided. The easiest way to avoid this data processing is not to give your consent to the use of Matomo.
B.9. Use of fonts from Fonts.net
Our website downloads JavaScript code from Monotype GmbH, Werner-Reimers-Strasse 2-4, 61352 Bad Homburg, Germany (Fonts.net).
Purpose of data processing: The use of fonts serves the purpose of an improved and distinctive presentation of our website for users and thus our advertising and marketing interests as well.
For information regarding the purpose and scope of data collection and the further processing and use of the data by Monotype, as well as your rights and options to protect your privacy with regards to such collection, can be found in Monotype's data privacy statement at https://www.monotype.com/legal/privacy-policy.
Legal basis for data processing: The legal basis for the processing of personal data via cookies is Article 6(1)(f) of the GDPR, i.e. legitimate interests. Our legitimate interest is based on the aforementioned purposes.
Duration of storage: As user, you can decide on the execution of the JavaScript code required for the tool via your browser settings. By changing these settings in your internet browser, you can deactivate JavaScript or limit its execution, thus preventing storage. Note: Deactivating JavaScript may limit full website functionality.
Options for objection and removal: If you do not want your data processed, you can deactivate JavaScript in your browser settings.
If you activate JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit data to Fonts.net. We do not know how Fonts.net connects the data they receive and for what purpose Fonts.net uses this data. Additional information on this can be found in the data privacy statement of Fonts.net: www.monotype.com/legal/privacy-policy. In order to prevent the execution of JavaScript code from Fonts.net entirely, a JavaScript blocker can be installed (e.g. www.noscript.net or www.ghostery.com).
B.10. Website encryption
The website and the data transmitted via the same are encrypted in accordance with the SSL standard (HTTPS protocol).
B.11. Transmission of personal data to third countries (foreign countries-EU/ -EEA)
Personal data may be processed outside the EU or the EEA (European Economic Area). In particular, various third-party providers (see information above) may transfer personal information to the USA.
In Section B of this data privacy statement, under the respective tools, you will find information on which providers may potentially transfer data to third countries, particularly the USA (e.g., YouTube).
For the USA, there is an EU adequacy decision certifying that the USA has an adequate level of data protection, which means that data transfer to the USA is essentially permitted. The third-party providers in the USA are all certified under the EU-U.S. Data Privacy Framework (DPF). This means that data transfer to these third-party providers is permitted without the need for any further action.
All companies for which a third country transfer is relevant and which could potentially transfer personal data to a third country for which there is no EU adequacy decision or US companies that are not certified under the EU-U.S. Data Privacy Framework (DPF) have submitted to a level of regulation comparable to the EU data protection level based on binding agreement to the EU Standard Contractual Clauses (SCC, see Article 46(2)(c) GDPR). The data transfer by these companies is therefore fundamentally allowed.
Furthermore, in the case of data processing, corresponding data processing agreements were concluded to safeguard data and our right to issue directives.
C. Rights of the data subject
When your personal data is processed, then you are the “data subject” and you have the following rights vis-à-vis us as the controller:
C.1. Right to request access
You have the right to obtain free confirmation from us as to whether we are processing your personal data. If this is the case, you have the right to request access to this personal data and also have the right to obtain further information as specified in Article 15 of the GDPR. You can contact us regarding this matter by mail or by e-mail.
C.2. Right to rectification
You have the right to request that we immediately rectify your personal data in the event that this data is incorrect. You also have the right—taking into account the purposes of processing specified above—to request the completion of incomplete personal data—also by means of a supplemental statement. You can contact us regarding this matter by mail or by e-mail.
C.3. Right to erasure
You have the right to request the immediate deletion of your personal data if one of the conditions specified in Article 17 of the GDPR applies. You can contact us regarding this matter by mail or by e-mail.
C.4. Right to restriction of processing
You have the right to request the restriction of processing of your personal data if one of the conditions specified in Article 18 of the GDPR applies. You can contact us regarding this matter by mail or by e-mail.
C.5. Right to information
If you exercise your right of rectification, to erasure or to restriction of processing vis-à-vis the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You also have the right to be informed about those recipients by the controller upon request.
C.6. Right to data portability
You have the right to receive the personal data that you have provided us with in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance by us if the conditions specified in Article 20 of the GDPR apply. You can contact us regarding this matter by mail or by e-mail.
C.7. Right to object to processing for legitimate interests
If, in exceptional cases, we process personal data on the basis of Article 6(1)(f) of the GDPR (meaning for the purposes of legitimate interests), you have the right to object to the processing of your personal data by us at any time for reasons relating to your unique situation. If we cannot demonstrate any compelling legitimate grounds for the further processing of your data which overrides your interests, rights, and freedoms, or if we are processing the data in question concerning you for the purposes of direct marketing, we will no longer process your personal data (refer to Article 21 of the GDPR). You can contact us regarding this matter by mail or by e-mail.
If personal data is processed for the purposes of direct marketing, you have the right to object to the processing of the respective personal data for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
C.8. Right to withdraw consent
You have the right to withdraw your consent to the collection and use of your personal data with effect for the future at any time. You can contact us regarding this matter by mail or by e-mail. This does not alter the legality of the processing carried out on the basis of the consent until revocation.
C.9. Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between us and you, is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.
We do not make these kinds of automated decisions.
C.10. Voluntary provision of personal data
As a rule, if the provision of personal data is a statutory or contractual requirement, we will inform you of such at the time when we obtain the personal data. Some of the data that we obtain is necessary for entering into a contract; specifically in the event that we are otherwise unable to meet or to sufficiently meet our contractual obligations to you. You are not obligated to provide us with your personal data. However, failure to provide data may result in us being unable to provide you with or offer you a desired service, action, measure, or the like, or make it impossible for us to enter into a contract with you.
C.11. Right to lodge a complaint with a supervisory authority
Without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority for data protection at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you violates the GDPR.
The supervisory authority responsible for us is: Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstrasse 10a, 70173, Stuttgart, Germany, website: www.baden-wuerttemberg.datenschutz.de.
Our data protection information was last updated on: 4/08/2023