Data privacy notice

In the following, you will find information on which personal data we process, to what purpose and on what basis:

Overview / table of contents

You will find the following information in our data privacy statement:

A. Our contact information and general information on data processing

A.1. Name and contact data of the data controller

The following entity is responsible for the collection and use of personal information in the sense of the data protection law:

 

Staatliche Schlösser und Gärten
Baden-Württemberg – Zentrale
Schlossraum 22a
76646 Bruchsal, Germany

Represented by CEOs Michael Hörrmann and Manuel Liehr (provisionally)

+49 (0) 72 51.74 -27 11
info@ssg.bwl.de
http://www.schloesser-und-gaerten.de

You can find more information about us on our website at https://www.schloesser-und-gaerten.de/wir-ueber-uns/impressum/.

A.2. Contact information of the data security officer

Our data security officer can be reached at the following address:

Official Data Security Officer
Vermögen und Bau Baden-Württemberg
Betriebsleitung
Rotebühlplatz 30
70173 Stuttgart, Germany
datenschutz@vbv.bwl.de

A.3. General information on the legal basis for the processing of personal data

When we process personal data, the following applies in general:

  • When we have obtained your consent for processing operations for the processing of your personal data, Article 6(1)(a) of the EC General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
  • When the processing of personal data is necessary for the performance of a contract, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies when processing is necessary in order to take required steps prior to entering into a contract.
  • When the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR serves as the legal basis.
  • When processing of personal data is necessary in order to protect your vital interests or the vital interests of another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
  • If the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, and these interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data, then Article 6(1)(f) of the GDPR serves as the legal basis for processing.

A.4. General information on the deletion of data and storage period

We will generally delete or block personal data once the purpose of the storage of the data no longer applies. Furthermore, data may also be stored if this storage is permitted by the European or national legislative authorities in EU regulations, laws or other guidelines to which we as controller are subject. Data is also deleted or made unavailable to users once the storage period defined by the specified norms elapses as long as continued storage of the data is not required in order to conclude or perform a contract.


Specifically, this means:
When we process personal data on the basis of consent given to the processing of personal data (Article 6(1)(a) of the EC General Data Protection Regulation or GDPR), processing ends when you withdraw your consent, unless there is another valid legal reason for your data to be processed, which is the case when we are still authorized to process your data for the purpose of performance of a contract at the time when consent is withdrawn, or when data processing is necessary for the purposes of our legitimate interests (see below for further information).

If, in exceptional cases, we process data on the basis of our legitimate interests (Article 6(1)(f) of the GDPR) as part of considerations made prior to the processing, we store this data until these legitimate interests no longer apply, the consideration results in a different conclusion, or you object to the processing pursuant to Article 21 of the GDPR (see highlighted text under “Information on special right to object” under C.).

If we process data necessary for the performance of a contract, then we store this data until the contract has been completely fulfilled and settled and none of the claims from the contract can be asserted, meaning when the statute of limitations has elapsed. The general statute of limitations in accordance with Paragraph 195 of the German Civil Code (BGB) is three (3) years. However, certain claims, such as claims for damages, have a statute of limitations of 30 years (see Paragraph 197 of the BGB). If there is legitimate grounds to believe that this may be relevant in specific cases, we will save a data subject’s personal data for this period of time. The statute of limitations specified start at the end of the year (December 31) in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and of the debtor, or must have become aware of them in the absence of gross negligence.

Here, we would like to point out that we are also subject to statutory retention obligations for tax and accounting purposes. In accordance with these obligations, we must store certain data, which could include personal data, as proof for the purposes of our accounting over a period of six (6) to ten (10) years. These retention periods override the obligations to delete data described above. The retention periods also begin at the end of the year in question, meaning on December 31 of that year.

A.5. General information on the sources of personal data

The personal data that we process is primarily provided to us by the data subject, for example when this person:

  • transmits information, such as an IP address, via the web browser and their end device (e.g. a PC, smartphone, tablet or notebook) to our web server,
  • requests information or an offer from us as an interested party,
  • places an order with us or enters into a contract with us as a client,
  • requests information, press releases, statements, and the like from us as a media representative and/or journalist,
  • supplies us with goods or services in accordance with contracts and/or agreements as a supplier.

Only in exceptional cases do we receive the personal data that we process from third parties, for example in the event that a person is acting on behalf of a third party.

A.6. General information on the categories, purposes and legal bases for the processing of personal data

We process the following categories of personal data:

  • website users,
  • interested parties,
  • media representatives,
  • clients, as well as
  • suppliers.

Depending on the category of data in question, we process personal data for the following purposes and in accordance with the legal basis specified as defined in the EC General Data Protection Regulation (GDPR):
 

User data: We collect and process data from the users of our website in a pseudonymized format. It is not possible for us to connect this data to a specific individual. IP addresses are solely processed in an anonymized format. If, in exceptional cases, personal data is involved in this context, we only process this data for the purposes of our legitimate interests on the basis of Article 6(1)(f) of the GDPR. In this context, our legitimate interests are our interests in the security and integrity of our website and the data on our web server (in particular fault and error detection as well as tracking unauthorized access), as well as marketing interests and interests in statistical data (which allows us to improve our web presence as well as our services and offers). After careful consideration, we have come to the conclusion that data processing for the purposes of our legitimate interests as specified above is necessary, and that your interests or fundamental rights and freedoms which require protection of personal data do not override these interests.
 

Data of interested parties/media representatives: In the event that we process the data of persons interested in our services or of media representatives, this only occurs when such persons provide us with this data by filling out a form or sending us an e-mail for the purposes of submitting a request or an inquiry. You are not obligated to provide us with this information. We only process this data in order to process your request or inquiry. We process the data that you voluntarily provide us with for the purposes of finding out more information about our services as part of the steps required prior to entering into a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of the consent you have given us by providing us with this data in accordance with Article 6(1)(a) of the GDPR.
 

Client data: We process the data of our clients if this is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent granted by them in accordance with Article 6(1)(a) of the GDPR. This also applies for processing operations that are required in order to take the necessary steps prior to entering into a contract (for example as part of issuing and negotiating offers).
 

Supplier data/data from our business partners: We process the data from our suppliers and business partners if this is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent granted by these parties in accordance with Article 6(1)(a) of the GDPR. This also applies for processing operations that are required in order to take the necessary steps prior to entering into a contract (for example as part of issuing and negotiating offers).

A.7. General information on the recipients or categories of recipients of personal data

Your personal data is only transferred or otherwise provided to third parties if this is necessary for the performance of a contract (for example for the purpose of processing a request), or for the purposes of invoicing (for example to carry out a payment transaction when purchasing goods or services), a legitimate interest in the transfer/processing exists and your interests and basic rights and fundamental freedoms do not take precedence, or if you have effectively granted us your consent in advance.
 

Recipient categories include:

  • service providers (publishers, printers, conference organizers, etc.)
  • distribution services providers, suppliers
  • payment services providers, banks

A.8. Data processing in the distribution of our newsletter

It is possible to subscribe to a free newsletter via our website or by request. When registering for this newsletter, the data from the form is transmitted to us. This includes:

  • salutation, first name, last name and
  • e-mail address.

When registering for the newsletter, the following data is also collected:

  • the user's IP address as well as
  • the date and time of registration.

This serves to prevent the misuse of the services or the data subject's e-mail address.
 

Registering for our newsletter requires a double-opt-in process. This means, after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with an e-mail address that is not their own.


As part of the registration process, we obtain your consent to process your data and you are directed to this privacy policy.


We do not pass your data on to third parties, with the exception of a legal obligation to share. The data is used exclusively for the mailing of the newsletter.
 

Purpose of data processing: The user's e-mail address is collected and processed for the purpose of delivering the newsletter. We use the e-mail address for advertising purposes.

The collection of other personal data as part of the registration process serves to prevent the misuse of services or the e-mail address provided.


Legal basis for data processing: Legal basis for the processing of data following registration for the newsletter on the part of the user and with user consent is Article 6(1)(a) of the GDPR.

Other personal data collected during the registration process is processed based on legitimate interests as per Article 6(1)(f) of the GDPR. Our legitimate interest here is based on the prevention of misuse of our services, our web server or mail server or the e-mail address provided.


Duration of storage: Data is deleted as soon as it is no longer required for the purpose for which it was obtained. The user’s e-mail address will be stored for at least as long as the subscription is active.

We may store e-mail addresses for up to an additional three years on the basis of our legitimate interests for providing proof of previously given consent before deleting them for newsletter distribution purposes. Processing of this data is limited to potentially disputing any claims. An individual request to delete data can be submitted at any time, insofar as the former existence of consent is simultaneously confirmed.

Other personal data collected as part of the registration are typically deleted after a period of seven days.


Options for objection and removal: The newsletter subscription can be canceled by the user at any time free of charge and with no form required. A link to do so is provided in each newsletter.

This also enables the revocation of consent to store personal data collected during the registration process.

B. Scope of the processing of personal data on our website

We only collect and use our users’ personal data as part of their use of our website to the extent necessary for the use of our website as well as the provision of our content and services. Generally, we only collect and use our users’ personal data with the users’ consent. One exception is in cases when it is not possible to obtain the user’s consent in advance for practical reasons and/or we are permitted to process this data within the scope of the law.

B.1. Provision of the website and creation of log files

With each visit to our website, our system automatically collects data and information for technical reasons. This data is stored in log files on our server. It includes:

  • the date and time of access,
  • URL address of the referring website,
  • websites visited by the user's system as referred from our website,
  • user's screen resolution,
  • file(s) accessed and notifications on the success of this access,
  • quantities of data sent,
  • user's internet service provider,
  • browser, browser type and version, browser engine and engine version,
  • operating system, operating system version and type, as well as
  • the user's anonymized IP address and internet service provider.

This data is processed separately from other data. This data is not processed together with the user’s other personal data. It is not possible for us to connect this information to a specific person.


Purpose of data processing: The temporary processing of data by the system is necessary for the provision of content from our website to the user's computer. In order to do this, the user’s IP address must be stored for the entire session.

The data is stored in log files in order to ensure the functionality of the website. Furthermore, we use this data to optimize the services we offer and our website and to ensure that our information technology systems are secure. The data saved for these reasons is not used or evaluated for marketing purposes.


Legal basis for data processing: The temporary storage of data and log files follows the legal basis of Article 6(1)(f) of the GDPR. Our predominant legitimate interest in processing this data is based on the aforementioned purposes.


Duration of storage: Data is deleted as soon as it is no longer required for the purpose for which it was obtained. In terms of the data collected for the provision of the website, this is the case as soon as the session in question ends. Data saved in the log files is deleted after seven days at the latest. It is possible that data could be stored beyond this window. In this case, the IP address of the user is deleted or anonymized so that it is no longer possible to associate it with the client that accessed the website.


Options for objection and removal: The collection of data required for the provision of the website and the storage of data in log files is essential in order to use the website. For this reason, the user cannot opt out. However, the user may terminate use of the website at any time, thereby preventing the further collection of the listed data.

B.2. Contact through the contact form, e-mail contacts, faxes and phone calls

Contact forms are available on our website and can be used to contact us electronically regarding various areas and topics. Should you make use of this option, the data you enter in the form will be transmitted to us and stored.

This data includes:

  • salutation, first name, last name, e-mail, your query (required fields)
  • title, street, house number, zip code, city (optional fields)

At the time the message is sent the following data is also stored:

  • the user's IP address,
  • the date and time sent.

As part of the transmission process, we obtain your consent to process your data and simultaneously make reference to our legitimate interest in processing your data. You are again informed of the processing of your data and directed to this privacy policy.

Alternatively, you may contact us via the provided e-mail address, fax number or phone number. Should you do so, the personal data included with your e-mail, fax or phone call are stored.

None of the data provided in this context is shared with third parties. The data is used exclusively for the processing of the conversation.
 

Purpose of data processing: The processing of personal data taken from contact forms as well as e-mails, faxes or phone calls helps us process your contact with us and your request, and if you are registering for an event, helps us register you and complete the transaction. We absolutely require your e-mail address or fax number or phone number or mailing address in order to be able to answer at all. Our legitimate interest in processing the data is based on this.

Other personal data collected during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
 

Legal basis for data processing: The legal basis for processing of data for instances where consent is given is Article 6(1)(a) of the GDPR, otherwise it is Article 6(1)(f) of the GDPR.

Should your contact or query be for the purpose of concluding a contract, further legal basis for processing is found in Article 6(1)(b) of the GDPR (performance of pre-contractual steps).
 

Duration of storage: Data is deleted as soon as it is no longer required for the purpose for which it was obtained.

This is the case for personal data collected from the contact form as well as from e-mails once our conversation with you has been concluded. The conversation is considered concluded when the circumstances indicate that the issue in questions has been conclusively resolved.

Other personal data collected as part of the sending process is deleted after a period of no more than seven days.

Fax data and printed data are stored separately in the device's internal storage. After printing a fax, the occupied storage space is again made available so that the next fax can be received and stored there. After printing, portions of the fax may be stored temporarily on the device's storage until these are overwritten by the next incoming fax. As a rule, this results in an automatic deletion of the data after 1 to 2 weeks.

For incoming phone calls or calls going out of our system, your phone number or the name/company registered with your phone provider along with the time and date of the call are stored in our phone system in a circular memory in which the oldest data is constantly overwritten by new data. As a rule, this results in an automatic deletion of the data from the phone system after no more than 3 months.
 

Options for objection and removal: You always have the option to revoke consent given to process your personal data or to object to the further processing of your data on the basis of legitimate interests (see above item regarding special right to object). In this case, the conversation cannot be continued.

Revocation of consent or objection to further processing are possible by contacting us via a regular message (e.g. via e-mail).

In this case, all personal data that was stored as part of the exchange is deleted.

B.3. Use of cookies

Our website uses cookies. Cookies are small text files that are stored on your device. A cookie may be stored by your browser when you access one of our websites. This cookie contains a string of characters that enables us to clearly identify your browser whenever you return to our website.

On principle, we only use cookies that are technically necessary and thus essential for the use of our website. These cookies, and any possible associated processing of personal data (e.g., your IP address), are contained exclusively on our own web servers.

Only in exceptional cases may cookies be used by third-party providers. Our data privacy statement shall address each potential case separately in the sections relating to the respective third-party tools.
 

Purpose of data processing:  Technically necessary cookies are used to simplify the use of websites for their users. Some functions of our internet site cannot be provided without the use of cookies. This functionality requires that the user's browser be recognized after navigating to a new page. The user data collected by technically necessary cookies is not used to create user profiles.
 

Legal basis for data processing: The legal basis for the processing of personal data via technically necessary cookies is Article 6(1)(f) of the GDPR (General Data Protection Regulation), i.e., legitimate interests. Our legitimate interest is based on the fact that, without the use of such cookies, providing our internet services would be impossible, or at least not possible in their current form. Our assessment has revealed that our legitimate interests are at the very least not outweighed by your interests (or basic rights or fundamental freedoms) demanding the protection of personal data.
 

Duration of storage: Some of the cookies we use are deleted at the end of the browser session, i.e., after you close your browser (session cookies). Other cookies remain on your end device and enable us to recognize your browser during subsequent visits (persistent cookies).

Otherwise, we store data collected on the basis of our legitimate interests until those legitimate interests no longer exist, the assessment of legitimate interest yields different results, or you have submitted a valid objection as per Article 21 of the GDPR (see highlighted statement of your “Right to object to processing based on legitimate interests,” under item C).
 

Options for objection and removal: Cookies are stored on your computer and are shared with our site by your computer. This means that you have complete control over the use of cookies. By changing your internet browser settings, you can deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time. This process can also be automated. If you set your browser to such a “do-not-track” setting, we will interpret this as an objection to the further collection and use of your personal data. Note: Deactivating cookies for our website may limit website functionality.

B.4. Use of Like buttons on Facebook

Our website contains Like buttons and/or Share buttons that link to the Facebook social network. This network is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and for all data within Europe by their subsidiary Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter jointly referred to as: Facebook). Our contracting party is the European company in Dublin.

The button can be identified by the Facebook logo (“f”) and/or the word “Like” and/or “Share.”

When visiting one of our internet sites containing such a button, your browser only connects to Facebook's servers (which, according to Facebook, may be located not only within the EU, but also outside the EU, such as in the USA) if you first approve the transfer of data by actively clicking on the button. This means that there is no data transfer to Facebook through the Facebook buttons used on our website simply by accessing our site. This kind of data transfer only occurs after you take a corresponding deliberate action (= clicking the button). Only through your first click on the button is the information that you have visited our site transferred to Facebook.

If you are logged into your personal Facebook account when you visit our website and click on the button, Facebook can link the website visit to your account. Whenever the Facebook button is used, the corresponding interaction is transferred to Facebook and stored there. If you would like to prevent this kind of connection to your Facebook account, you must log out of your Facebook account before you visit our website. However, certain data, such as your IP address, the time of the click, the browser in use, etc., will still be transferred to Facebook in that case. By logging out, you only prevent the direct linking of the data to your specific Facebook account.

Shared responsibility with Facebook: Concerning the collection of personal data through the use of the button and the subsequent transfer of data to Facebook, we share responsibility with Facebook in the context of data protection (Article 26 GDPR). Therefore, within the scope of our data protection obligations, we are hereby informing you of the processing of data which takes place within the sphere of our knowledge and influence. We do not transfer any personal data in connection with the button other than to Facebook itself.

However, we have no influence over, or knowledge of, how the data is further processed by Facebook after data transfer has occurred. Facebook is therefore solely responsible for all subsequent data processing after data transfer (cf. Judgment of the ECJ from 07/29/2019 – C-40/17).
Information about the purpose and scope of further data collection by Facebook, as well as your rights and options for protecting your privacy with regards to such collection within your Facebook account, can be found in Facebook's data privacy statement (http://facebook.com/privacy/explanation.php).

According to Facebook itself, it uses standard contractual clauses sanctioned by the European Commission and draws on the European Commission's adequacy decisions with regard to specific countries as necessary for data transfers from the EEA to the USA and other countries (cf. https://www.facebook.com/about/privacy/update).

Concerning your questions and your rights as a user: If you contact us, we will answer your inquiry ourselves to the extent that we are able to do so based on our own data processing and will otherwise forward your inquiry directly to Facebook with a request for full information, since we have no insight into Facebook's data processing.


Purpose of data processing: Use of the Facebook button serves the purpose of providing our website's users with a direct feedback option (Like) and/or the option of sharing our content and information (Share), thus serving our advertising and marketing interests, as the further dissemination of our content and websites expands the reach of our services.


Legal basis for data processing: The legal basis for the processing of personal data when using this button is your consent as per Article 6(1)(a) of the GDPR, which is given by clicking on the button.


Duration of storage: We do not store any personal information related to the use of the Facebook button. Our interests in providing this button and the related Like and Share functions lie solely in increasing our reach. We have no knowledge of how long Facebook will make use of the data resulting from the click of the button—in particular how long Facebook stores and processes this data. Additional information about how Facebook handles personal data is available in their privacy policy.


Options for objection and removal: If you would like to avoid the processing of data associated with the use of the button, you can prevent such use by simply choosing not to click the button.
If you would like your visit to our website not to be assigned to your Facebook account by Facebook, please log out of your Facebook account and block the use of Facebook scripts in your browser, e.g., by using a script blocker like www.noscript.net or www.ghostery.com, before you click on the Facebook button.

B.5. Use of Twitter's Tweet button

Our website uses the Tweet button for the Twitter social network, which is operated by Twitter Inc., 750 Folsom Street, Suite 600, San Francisco, CA 94107, United States (“Twitter”). The Tweet button can be identified by its bird symbol.

When visiting one of our internet sites containing such a button, your browser only connects to Twitter's servers (which, according to Twitter, may be located not only within the EU, but also in the USA) if you first approve the transfer of data by actively clicking on the button. This means that there is no data transfer to Twitter through the Twitter buttons used on our website simply by accessing our site. Such data transfer only occurs after you take a corresponding deliberate action (= clicking the button). Only through your first click is the information that you have visited our site transferred to Twitter.

If you are logged into your Twitter account when you visit our website and click on the button, Twitter can link the website visit to your account. Whenever the Tweet button is used, the website visit and the corresponding interaction is transferred to Twitter and stored there. If you would like to prevent this kind of connection to your Twitter account, you must log out of your Twitter account before you visit our website. However, certain data, such as your IP address, the time of the click, the browser in use, etc., are still transferred to Twitter in that case. By logging out, you only prevent the direct assignment of the data to your specific Twitter account.


Shared responsibility with Twitter: Concerning the collection of personal data through the use of the button and the subsequent transfer of the data to Twitter, we share responsibility with Twitter in the context of data protection (Article 26 of the GDPR). Therefore, within the scope of our data protection obligations, we are hereby informing you of the processing of data which takes place within the sphere of our knowledge and influence. We do not transfer any personal data in connection with the button, other than to Twitter itself.

However, we have no influence over, or knowledge of, how the data is further processed by Twitter after data transfer has occurred. To the best of our knowledge, only your IP address and the respective website's URL are transferred. Interactions, especially the clicking of a Re-Tweet button, are also shared with Twitter. Twitter is therefore solely responsible for all subsequent data processing after data transfer (cf. Judgment of the ECJ from 07/29/2019 – C-40/17).

Information regarding the purpose and scope of data collection and the further processing and use of the data by Twitter, as well as your rights and options to protect your privacy with regards to such collection, can be found in Twitter's data privacy statement at http://twitter.com/privacy.

Twitter itself indicates that whenever personal data is transmitted outside the European Union, the EFTA countries or the United Kingdom, Twitter provides an appropriate protection level for the rights of data subjects based on the suitability of the data protection laws in the receiving country or the contractual obligations of the data recipient (cf. https://twitter.com/privacy#chapter6).

Concerning your questions and your rights as a user: If you contact us, we will answer your inquiry ourselves to the extent that we are able to do so based on our own data processing and will otherwise forward your inquiry directly to Twitter with a request for full information, since we have no insight into Twitter's data processing.


Purpose of data processing: Use of the Twitter plug-in serves the purpose of a direct feedback option and/or serves to enable direct sharing of our content and information (Tweet), thus expanding and positively impacting our reach and thereby our advertising and marketing interests.


Legal basis for data processing: The legal basis for the processing of personal data when using this button is your consent as per Article 6(1)(a) of the GDPR, which is given by clicking on the button.


Duration of storage: We do not store any personal information related to the use of the Twitter button. Our interests in providing this button and the related Like and Share functions lie solely in increasing our reach. We have no knowledge of how long Twitter will make use of the data resulting from the click of the button, in particular how long Twitter stores and processes this data. Additional information on how Twitter handles personal data is available in Twitter's privacy policy at http://twitter.com/privacy.
 

Options for objection and removal: If you would like to avoid the processing of data associated with the use of the button, you can prevent such use by simply choosing not to click the button.
If you would like your visit to our website not be assigned to your Twitter account by Twitter, please log out of your Twitter account and block the use of Twitter scripts in your browser, e.g., by using a script blocker like www.noscript.net or www.ghostery.com, before clicking on the Twitter button.

You also have the option of changing your data privacy settings in Twitter by accessing your Twitter account settings at http://twitter.com/account/settings.

B.6. Use of the Matomo analysis tool (previously Piwik)

This website uses an open-source web analysis tool called Matomo (Piwik) of the company InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org) to collect and store data used for marketing and optimization purposes. A usage profile can be established from this data under a pseudonym. Cookies may be used in this process. Cookies are small text files stored locally in the temporary storage of the internet browser of the visitor to the site. Cookies allow the internet browser to be recognized upon a return to the site. Data collected by Matomo (Piwik) are not used to identify the visitor to the website personally and not added to personal data on the pseudonym subject without the separate consent of the data subject.


Purpose of data processing: The use of analysis tools and analysis cookies serves the purpose of improving the quality of our website and its content. Through these tools, we learn how the website is used and can thus continually optimize our offers.
 

Legal basis for data processing: The legal basis for the processing of personal data via cookies is Article 6(1)(f) of the GDPR, i.e. legitimate interests. Our legitimate interest is based on the aforementioned purposes.


Duration of storage: The cookies are stored on the user's computer and are shared with our site by the user's computer. The IP address is anonymized immediately after being processed and before being stored. This means that you as a user have complete control over the use of cookies. By changing your internet browser settings, you can deactivate or limit the transfer of cookies. Previously stored cookies can be deleted at any time. This process can also be automated. If you set your browser to such a “Do-Not-Track” setting, we will interpret this as an objection to the further collection and use of your personal data. Note: Deactivating cookies for our website may limit full website functionality.

Otherwise, we store data collected on the basis of a legitimate interest until the legitimate interest no longer exist, the assessment of legitimate interest yields different results, or you have submitted a valid objection as per Article 21 of the GDPR (see highlighted “Notice of special right to object,” under “Right to object to processing based on legitimate interests”). The existence of legitimate interest is verified regularly, at least once per year. Our interest no longer exists in particular when data has become so old that it no longer possesses sufficient relevance to the analysis and statistics of website use, which is no later than three years.


Options for objection and removal: You can prevent the storage of cookies with a corresponding setting in your browser software; we point out that, should you deactivate cookies, you may not be able to use all functions of this website fully. You can prevent the collection of the cookie data related to your use of the website (incl. your IP address) as well as the processing of this data by us by making use of the opt-out option at the bottom of the data privacy statement.

B.7. Use of fonts from Fonts.net

Our website downloads JavaScript code from Monotype GmbH, Werner-Reimers-Strasse 2-4, 61352 Bad Homburg, Germany (Fonts.net).


Purpose of data processing: The use of fonts serves the purpose of an improved and distinctive presentation of our website for users and thus our advertising and marketing interests as well.

For information regarding the purpose and scope of data collection and the further processing and use of the data by Monotype, as well as your rights and options to protect your privacy with regards to such collection, can be found in Monotype's data privacy statement at https://www.monotype.com/legal/privacy-policy.


Legal basis for data processing: The legal basis for the processing of personal data via cookies is Article 6(1)(f) of the GDPR, i.e. legitimate interests. Our legitimate interest is based on the aforementioned purposes.


Duration of storage: As user, you can decide on the execution of the JavaScript code required for the tool via your browser settings. By changing these settings in your internet browser, you can deactivate JavaScript or limit its execution, thus preventing storage. Note: Deactivating JavaScript may limit full website functionality.


Options for objection and removal: If you do not want your data processed, you can deactivate JavaScript in your browser settings.   

If you activate JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit data to Fonts.net. We do not know how Fonts.net connects the data they receive and for what purpose Fonts.net uses this data. Additional information on this can be found in the data privacy statement of Fonts.net: www.monotype.com/legal/privacy-policy. In order to prevent the execution of JavaScript code from Fonts.net entirely, a JavaScript blocker can be installed (e.g. www.noscript.net or www.ghostery.com).

B.8. Website encryption

The website and the data transmitted via the same are encrypted in accordance with the SSL standard (HTTPS protocol).

B.9. Transfer of personal data to third countries (non-EU)

We intend to transfer personal data into the United States of America (USA). This intention rests concretely on data transfers to the following companies:

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA as provider of the social network Facebook.
  • Twitter Inc., 750 Folsom Street, Suite 600, San Francisco, CA 94107, USA as provider of the short message service Twitter.

The agreement of the EU standard data protection clauses (Article 46(2)(c) of the GDPR) and other contractual standards for recipients outside the EU provide a sufficient level of data protection.

C. Rights of the data subject

When your personal data is processed, then you are the “data subject” and you have the following rights vis-à-vis us as the controller:

C.1. Right to request access

You have the right to obtain free confirmation from us as to whether we are processing your personal data. If this is the case, you have the right to request access to this personal data and also have the right to obtain further information as specified in Article 15 of the GDPR. You can contact us regarding this matter by mail or by e-mail.

C.2. Right to rectification

You have the right to request that we immediately rectify your personal data in the event that this data is incorrect. You also have the right—taking into account the purposes of processing specified above—to request the completion of incomplete personal data—also by means of a supplemental statement. You can contact us regarding this matter by mail or by e-mail.

C.3. Right to erasure

You have the right to request the immediate deletion of your personal data if one of the conditions specified in Article 17 of the GDPR applies. You can contact us regarding this matter by mail or by e-mail.

C.4. Right to restriction of processing

You have the right to request the restriction of processing of your personal data if one of the conditions specified in Article 18 of the GDPR applies. You can contact us regarding this matter by mail or by e-mail.

C.5. Right to information

If you exercise your right of rectification, to erasure or to restriction of processing vis-à-vis the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You also have the right to be informed about those recipients by the controller upon request.

C.6. Right to data portability

You have the right to receive the personal data that you have provided us with in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance by us if the conditions specified in Article 20 of the GDPR apply. You can contact us regarding this matter by mail or by e-mail.


C.7. Right to object to processing for legitimate interests

If, in exceptional cases, we process personal data on the basis of Article 6(1)(f) of the GDPR (meaning for the purposes of legitimate interests), you have the right to object to the processing of your personal data by us at any time for reasons relating to your unique situation. If we cannot demonstrate any compelling legitimate grounds for the further processing of your data which overrides your interests, rights, and freedoms, or if we are processing the data in question concerning you for the purposes of direct marketing, we will no longer process your personal data (refer to Article 21 of the GDPR). You can contact us regarding this matter by mail or by e-mail.

Technical mechanisms that you use such as, for example, “Do Not Track” mechanisms installed in your web browser that send us clear information regarding your preferences, are also considered an objection in this context.


C.8. Right to withdraw consent

You have the right to withdraw your consent to the collection and use of your personal data with effect for the future at any time. You can contact us regarding this matter by mail or by e-mail. This does not alter the legality of the processing carried out on the basis of the consent until revocation.

C.9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between us and you, is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.


We do not make these kinds of automated decisions.

C.10. Voluntary provision of personal data

As a rule, if the provision of personal data is a statutory or contractual requirement, we will inform you of such at the time when we obtain the personal data. Some of the data that we obtain is necessary for entering into a contract; specifically in the event that we are otherwise unable to meet or to sufficiently meet our contractual obligations to you. You are not obligated to provide us with your personal data. However, failure to provide data may result in us being unable to provide you with or offer you a desired service, action, measure, or the like, or make it impossible for us to enter into a contract with you.

C.11. Right to lodge a complaint with a supervisory authority

Without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority for data protection at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you violates the GDPR.

 

The supervisory authority responsible for us is: Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstrasse 10a, 70173, Stuttgart, Germany, website: www.baden-wuerttemberg.datenschutz.de

 

 

Our data protection information was last updated on: 10/05/2020