Neue Saalecker Werkstätten
Am Burgberg 18
Date: 12th September 2021
1. BASIC INFORMATION ON DATA PROCESSING AND LEGAL BASIS
1.1 This data protection declaration explains to you the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and content (hereinafter collectively referred to as "online offer" or "website"). The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is carried out.
1.2 The terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
1.3 The personal data of users processed in the context of this online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the websites of our online offer visited, interest in our products) and content data (e.g., entries in the contact form).
1.4 The term “user” includes all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as "user", are to be understood as gender-neutral.
1.5 We process personal data of users only in compliance with the relevant data protection regulations. This means that user data is only processed if there is legal permission. This means, in particular, if the data processing is necessary or required by law for the provision of our contractual services (e.g. processing of orders) and online services, the consent of the user is available, as well as due to our legitimate interests (i.e. interest in analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 Paragraph 1 lit. f.
1.6 We would like to point out that the legal basis for the consent is Article 6 (1) (a) and Art. 7 GDPR, the legal basis for processing in order to fulfill our services and carry out contractual measures is Art. 6 Paragraph 1 lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 Paragraph 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 Paragraph 1 lit. f.
2. SECURITY MEASURES
2.1 We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2 The security measures include, in particular, the encrypted transmission of data between your browser and our server.
3. DISCLOSURE OF DATA TO THIRD PARTIES AND THIRD-PARTY PROVIDERS
3.1 Data will only be passed on to third parties within the framework of the legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Article 6 (1) (b) GDPR for contractual purposes or on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR on the economical and effective operation of our business operations.
3.2 If we use subcontractors to provide our services, we take suitable legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3 If, within the scope of this data protection declaration, content, tools or other means are used by other providers (hereinafter jointly referred to as "third-party providers") and whose registered office is in a third country, it can be assumed that data will be transferred to the third-party providers' registered offices. Third countries are countries in which the GDPR is not a directly applicable law, i.e. in principle countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, the consent of the user or other legal permission.
4. PROVISION OF CONTRACTUAL SERVICES
4.1 We process inventory data (e.g., names and addresses as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Paragraph 1 lit b GDPR.
5. CONTACTING US
5.1 When contacting us (using the contact form or email), the information provided by the user is processed to fulfill the contact request and to process it in accordance with Article 6 (1) (b) GDPR.
5.2 User information can be saved in our “customer relationship management system” (“CRM system”) or a comparable request organization.
6. COMMENTS AND POSTINGS
6.1 If users leave comments or other contributions, their IP addresses are stored for 7 days on the basis of our legitimate interests within the meaning of Art. 6 Paragraph 1 lit. f.
6.2 This is done for our safety if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.
7. COLLECTION OF ACCESS DATA AND LOGFILES
7.1 We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Paragraph 1 lit. f. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
7.2 For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
8. COOKIES & REACH MEASUREMENT
8.1 Cookies are information that is transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
8.3 If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
(http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/ choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
9. INTEGRATION OF THIRD PARTY SERVICES AND CONTENT
9.1 We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Paragraph 1 lit. f and to integrate services such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they would not be able to send the content to the browser without the IP address. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, and can also be linked to such information from other sources.
9.2 The following illustration provides an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):
- External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). The integration of Google Fonts takes place by calling up a server on Google (usually in the USA).
Data protection declaration:
https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
10. USE OF INSTAGRAM
10.1 We use Instagram itself and the associated applications. With this use, we collect and process personal data with which you can be personally identified.
10.2 You have the opportunity to react to our contributions, to comment on them or to send us messages via private message. Check carefully what personal data you share with us via our Instagram page. If you do not want Instagram to receive your data, please contact us directly. You can find our full contact details in our imprint on Instagram.
10.3 In addition to the content you have submitted, we may also see “likes” and contributions that you have made. You can change this in the context of your privacy settings.
10.4 If you contact us via the messenger, we will collect personal data ourselves. From this, we save and collect the data that we need for technical processing, as well as the data that are necessary for processing your request. These are the only purposes for which we collect your data. The legal basis for the processing is usually our legitimate interest in processing your request, Art. 6 Paragraph 1 lit. f GDPR. If your concern is to conclude a contract, the legal basis is Article 6 (1) (b) GDPR.
10.5 If there are no statutory retention periods, we will delete your data immediately when the purpose of storage no longer applies. This is the case when we have finally processed your request and you have not given us your express consent to longer storage. Processing is completed as soon as we can assume from the circumstances that your request has been finally clarified.
10.6 Responsible for data processing within the meaning of the GDPR is
Design Akademie Saaleck
Neue Saalecker Werkstätten
Am Burgberg 18
provided that we process the data you send to us via Instagram exclusively ourselves. However, we cannot influence data processing by Instagram itself. It is not possible for us to determine which data is collected or stored, to what extent and from which location. We can neither influence nor see whether deletion obligations are complied with or whether analyzes and links are made with the data.
By using cookies, Instagram is able to understand your usage behavior. This even happens on other websites beyond the specific use of Instagram, even if you are not registered with Instagram. We also have no influence on data processing using cookies. However, you can make a limiting setting via the setting of your browser. About the data Instagram processes for its own purposes and means, not only we are responsible, but also or exclusively:
Facebook Ireland Limited ("Facebook)
4 Grand Canal Square
Grand Canal Harbor
11. USE OF LINKEDIN
11.1 We have set up an online presence on the LinkedIn platform to inform visitors of this website about our company and our various services. LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
11.2 The legal basis for the processing is regularly in our legitimate interest, Article 6 Paragraph 1 lit. f GDPR.
11.3 In this regard, we must point out the possibility that website visitor data can be processed outside the European Union, in particular in the USA. A so-called third-country transfer of personal data comes along with an increased risk for users, as for example in the absence of the enforceability of provisions on the GDPR, subsequent access to user data can be realized much harder. We emphasize that we also have no access to this user data. Such an access option is only given for LinkedIn itself.
You can find further information on data protection provisions of LinkedIn at: https://www.linkedin.com/legal/privacy-policy
12. USE OF VIMEO
12.1 We use plugins from the video portal Vimeo for our website. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
12.2 If you call up one of our pages that has a Vimeo video, you will be connected to the Vimeo servers. Information about which of our pages you have accessed and your IP address is also passed on to the Vimeo server. Such data will also be passed on if you have not logged into Vimeo or you have not set up an account with Vimeo at all. Vimeo collects the aforementioned data and forwards it to the Vimeo server in the USA.
12.3 In the event that you have an account with Vimeo and are also logged in there, Vimeo is able to assign your surfing behavior directly to your personal profile, which we would like to point out to you. You can actively prevent the aforementioned tracking by logging out of the Vimeo account. Furthermore, Vimeo "remembers" once you have visited their website. This is done using so-called "cookies" or other recognition technologies (e.g. device fingerprinting).
12.4 We use Vimeo to be able to offer our online videos and other services in a user-friendly manner. The legal basis is therefore our legitimate interest within the meaning of Art. 6 Paragraph 1 lit. f GDPR. If we have obtained your consent, we base our processing on Article 6 (1) (a) GDPR; such consent can be revoked at any time.
12.5 Vimeo carries out data transfers to the USA based on the standard contractual clauses of the EU Commission and, according to its own statements, on "legitimate business interests". Information on data protection and the handling of user data can be found in Vimeo's data protection declaration at:
13.1 You have the option of registering for a free newsletter via our website, which will regularly send you invitations to our events.
13.2 We use MailChimp, the service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter referred to as "The Rocket Science Group", to send our newsletter.
13.3 If you decide to register for our newsletter dispatch, the data requested during the registration process (e.g. your email address and, if applicable, your name and address) will be processed by The Rocket Science Group. The service also saves your IP address and the date of your registration and time. During the registration process, MailChimp asks for your declaration of consent to the sending of the newsletter, presents the content of the data to be processed in detail and refers to its data protection declaration, which can be found with further information on data protection, at:
http: // mailchimp. com / legal / privacy /
13.4 If a newsletter is then sent via MailChimp, it contains a so-called "web beacon". This is a tracking pixel with which we find out whether and when you have read the respective newsletter from us and whether you have clicked on the links that may have been inserted in the newsletter. We process the data of your IT system and your IP address, along with other technical data, in order to improve our newsletter offer and to be able to respond to the concerns and interests of the subscribers in a targeted manner. The legal basis for our newsletter dispatch and the analysis described is therefore your consent in accordance with Art. 6 Paragraph 1 lit. a GDPR.
13.5 You are of course free to revoke your consent to the sending of the newsletter in accordance with Art. 7 Paragraph 3 GDPR at any time with effect for the future. The data processing taken place so far remains unaffected. In order to revoke, you only have to notify us of your revocation, see point 16 below. You can also use the “unsubscribe” link contained in every newsletter.
14. USER RIGHTS
14.1 Users have the right, upon request, to receive information free of charge about the personal data that we have stored about them.
14.2 In addition, users have the right to correct incorrect data, restrict the processing and deletion of their personal data, if applicable, to assert their rights to data portability and, in the event of unlawful data processing, to submit a complaint to the competent supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or work or our headquarters.
14.3 Users can also revoke their consent, generally with effect for the future.
15. DELETION OF DATA
15.1 The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be kept for commercial or tax reasons.
15.2 According to legal requirements, storage takes place for 6 years in accordance with § 257 I German HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 I German AO (books, records, management reports , accounting documents, commercial and business letters, documents relevant for taxation, etc.).16. RIGHT TO OBJECTUsers can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can in particular be made against processing for direct marketing purposes.If you would like to make use of your right of revocation or objection, an email to:
email@example.com is sufficient.
17.1 We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or to changes in the service and data processing. However, this only applies to declarations on data processing. If the consent of the user is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the user.
17.2 Users are asked to inform themselves regularly about the content of this data protection declaration.
18. COOKIE LIST