Privacy Policy

This privacy policy explains the type, scope and purpose of processing of personal data („data“) within our online offer and the associated websites, functions and content, as well as external online presence, e.g., our social media profiles („online offer“). With regard to the used terms, e.g., “processing” or “controller” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

 

Controller

Landhaus Carstens GmbH & Co. KG
Strandallee 73
23669 Timmendorfer Strand
Germany
motz(at)landhauscarstens.de
Managing Director/ Owner:  Dr. Manuela Guth
http://www.landhauscarstens.de
Contact data protection officer:  CMotz(at)gmx.net

 

Type of Processed Data:

- Inventory data (e.g., names, addresses)
- Contact data (e.g., email addresses, telephone numbers)
- Content data (e.g., text input, photos, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta/ communications data (e.g., device information, IP addresses).

 

Categories of Data Subjects

Website visitors und users of the online offer („users“).

 

Purpose of the Processing

- Making the online offer, its functions and content available
- Responding to contact requests and communication with users
- Security measures
- To measure range of coverage/ marketing

 

Used Terms

„Personal data“ means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular with reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„Processing“ is every procedure executed with or without automatic processing or series of processes in connection with personal data.  The term is expansive and encompasses practically every contact with data.

„Pseudonymisation“ is processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the addition of information, insofar as this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person.

„Profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” refers to a natural person or legal entity, public agency, institution or other place that decides and designates, alone or with others, regarding the purpose or means of processing personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

Legal Basis

According to Art. 13 GDPR we hereby give notification of the legal basis of our data processing.  Insofar as the legal basis is not explained in the privacy policy, the following applies:  The legal basis for obtaining consents is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing the fulfilment of our services and execution of contractual measures, as well as answering queries is Art. 6 Para. 1 lit. b GDPR.  In the event that crucial interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.

 

Security Measures

In accordance with Art. 32 GDPR in consideration of the state-of-the-art, implementation costs and type, scope, circumstances and purposes of the processing, as well as the various likelihoods of occurrence and seriousness of the risk for the rights and liberties of natural persons, we meet suitable technical and organisational measures in order to ensure an appropriate level of protection from such risks.

In particular, these measures include the safeguarding of confidentiality, integrity and availability of data by monitoring the physical access to data, as well as the access of those concerned, the input, transfer, securing availability and its separation. Moreover, we have set up procedures that ensure the awareness of data subjects, deletion of data and reactions to compromised data. Moreover, we take the protection of personal data into consideration during the development and/or selection of hardware, software, as well as procedures in according with the principle of technology engineering and via data protection friendly default settings (Art. 25 GDPR).

 

Cooperation with Processors and Third Parties

Provided we disclose data within the scope of our processing to other persons and companies (processors or third parties), transfer said data or otherwise provide them access to the data such action shall occur only on the basis of statutory permission (e.g., when the data transfers to third parties, as well as payment service providers in accordance with Art. 6 para 1 lit. b GDPR for the purpose of contract fulfilment is necessary), you have given consent, due to legal obligation or on the basis of our legitimate interests (e.g., in engaging processors, web hosts, etc.

In the event we engage third parties to process data on the basis of a so-called “processing contract” said with occur in accordance with Art. 28 GDPR.

 

Transfers to Third Countries

Any transfer of personal data which is undergoing processing or is intended for processing after transfer to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA) will occur only if necessary for the (pre)contractual fulfilment of our obligations on the basis of your consent, based on a statutory obligation or our legitimate interests.  Subject to legal or contractual authorisations, legitimate obligation we will process or have data processed in third countries only upon the provision of special legal requirements of Art. 44 et seq. GDPR.  That means the processing is implemented, e.g., on the basis of special guarantees, such as the officially recognised statement of a data protection level equivalent to that of the EU (e.g., the USA via the „Privacy Shield“) or compliance to officially recognised contractual obligations (so-called „standard contractual clauses“).

 

Rights of the Data Subject

You have the right to demand a confirmation of whether affected data is processed and to obtain information about said data, as well as other information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR you have the right to the complete data that affects you or the right to have the affected inaccurate data corrected 

In accordance with Art. 17 GDPR you have the right to demand that affected data be deleted immediately or the right to request the affected inaccurate data.

In accordance with Art. 17 GDPR you have the right to demand that the affected data be deleted immediately and/or demand a restriction of the processing of the data in accordance with Art. 18 GDPR.

You have the right to receive data that affects you, and that you have made available to us, demand its transfer to other controllers in accordance with Art. 20 GDPR.

Moreover, in accordance with Art. 77 GDPR, you have the right to file a complaint with the relevant supervisory authority.

 

Right of Cancellation

You have the right to revoke consent in accordance with Art. 7 GDPR with affect for the future.

 

Right to Object

You may, at any time, object to the future processing of data that affects you in accordance with Art. 21 GDPR.  The objection may apply especially apply to the processing for the purposes of direct marketing.

 

Cookies and Right to Object with regard to Direct Marketing

„Cookies“ are small data files that are stored on users’ computers.  Cookies can contain various types of information.  A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or even after visiting a website.  Temporary or „session cookies“ or „transient cookies“ are cookies that are deleted after a user exits a site and closes his browser.  This type of cookie, e.g., can store the content of a shopping cart of an online shop or a login status.  A “permanent” or “persistent” cookie is stored even after a browser has been closed.  This enables the storage of a login status, if a user visits the site after several days.  This type of cookie can also store a user’s interests, which can be used for range measurements or marketing purposes.  “Third party cookies” are offered by providers other than the controller (whose cookies would be considered “first party cookies”).

We can use temporary and permanent cookies and declare this in our privacy policy.

If users do not wish to have cookies stored on their computers, they are asked to deactivate this option in their browser system preferences.  Stored cookies can be deleted in the browser system preferences.  The exclusion of cookies can result in functional restrictions of our online offer.

A general objection to the use of cookies by numerous services used for the purpose of online marketing can be explained, especially in the case of tracing from the US site http://www.aboutads.info/choices/ or the EUsite http://www.youronlinechoices.com/.  Moreover, the storage of cookies can be switched off in the browser settings.  Please note that doing so may make some functions of this online offer unusable.

 

Deletion of Data

Data processed by us is deleted or its processing restricted in accordance with Art. 17 and 18 GDPR.  If not stated expressly in this privacy policy the data stored by us is deleted as soon as it is no long needed for its intended purpose and its deletion does not contradict any legal obligations.  If the data is not deleted because it is required for other and legally permitted purposes its use is restricted.  That means the data is blocked and not used for other purposes.  That applies, e.g., for data that must be stored for commercial or tax law related reasons.

Statutory requirements in Germany necessitate the retention for 10 years in accordance with §§ 147 Para. 1 AO, 257 Para. 1 No. 1 and 4, Para. 4 HGB (books, logs, status reports, booking documents, accounting records, for taxation of relevant receipts, etc.) and 6 years in accordance with § 257 Para. 1 No. 2 and 3, Para. 4 HGB (commercial correspondence).

Statutory requirements in Austria necessitate the retention for 7 years in accordance with § 132 Para. 1 BAO (booking documents, receipts/invoices, accounts, bills, business papers, revenue and expenditures, etc.), for 22 years relating to properties and 10 years for documents relating to electronically supplied services, telecommunication, radio and television services provided to non-entrepreneurs in EU countries and for Mini-One-Stop-Shops (MOSS).

 

Business Purposes

In addition, we process the
- Contractual data (e.g., contractual object, terms, client category)
- Payment data (e.g., bank details, payment history)
of our clients, interested parties and business partners for the purpose of fulfilling contractual performance, service and customer care, marketing, advertising and market research.

 

Establishing Contact

When establishing contact with us (e.g., via contact form, email, telephone or social media) the information provided by the users to process and execute the contact request is processed in accordance with Art. 6 Para. 1 lit. b. (within the scope of contractual/pre-contractual relationships), Art. 6 Para. 1 lit. f. (other requests) GDPR.  The information provided by the user could be stored in a customer relationship management system („CRM system“) or comparable request organization.

We delete the requests, when they are no longer needed.  We check the necessity every two years; additionally, statutory archiving law applies.

 

Hosting und Email Dispatch

The hosting services we use service to make the following services available:  infrastructure and platform services, computing capacity, storage and databank services, email dispatch, security services, as well as technical support, which we use for the purpose of operating our online offer.

In doing so, we and/or our hosting provider process inventory data, contact data, content data, contractual data, usage data, client meta and communications data, interested parties and visitors to our online offer on the basis of our legitimate interests in an efficient and secure availability of this online offer in accordance with
Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion processing contract).

 

Google Analytics

In order to pursue our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offer in accordance with Art. 6 Para. 1 lit. f. GDPR) we use Google Analytics, a web analysis service from Google LLC („Google“).  Google uses cookies.  The information created by the cookie about the user’s usage of the online offer is usually transferred to a Google server in the USA and stored there.

Google is certified by the EU-US Privacy Shield, thus providing a guarantee of upholding European data protection law
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our account in order to evaluate users’ usage of our online offer to create reports about the activity within our online offer and produce additional services related to the usage of our online offer and services associated with Internet usage.  In doing so, the processed data pseudonymous user profiles of users may be created.

We only use Google Analytics with IP anonymisation.  That means the user’s IP address will be abbreviated by Google within member states of the European Union or in other contracting member states of the treaty with the European Economic Area.  Only in exceptional cases will Google transfer the complete IP address USA and abbreviate it there.

The IP addresses transmitted by a user’s browser will not be coupled with other Google data.  Users can prevent the storage of cookies on their computers by selecting the appropriate settings on their browser; moreover, You can stop the collection of data created by cookies and through your use of the website (including your IP address) and its transmission to Google, as well as the processing of such data by downloading and installing the browser plugin at the following link:   http://tools.google.com/dlpage/gaoptout?hl=de.

Additional information regarding data usage by Google, setting and objection options can be accessed at Google’s privacy policy (https://policies.google.com/technologies/ads), as well as the setting for presentation of advertising by Google (https://adssettings.google.com/authenticated).

Users’ personal data is deleted or anonymised after 14 months.

 

Facebook Pixel, Custom Audiences and Facebook Conversion

In order to pursue our legitimate interests in the analysis, optimization and commercial operations of our online offer we use Facebook’s so-called “Facebook Pixel” operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

Facebook is certified by the EU-US Privacy Shield, thus providing a guarantee of upholding European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Facebook Pixel enables Facebook to establish visitors to our online offer as a target group for the presentation of advertising (so-called “Facebook ads”).  Accordingly, we use Facebook Pixel so that we only show our Facebook ads to those Facebook users who have shown an interest in our online offer or who have specific characteristics (e.g., interest in specific topics or products determined by websites they have visited), which we transmit to Facebook (so-called “custom audiences”).  With the help of Facebook Pixel, we want to ensure that our Facebook ads correspond to users’ potential interest and not seem annoying.  Moreover, with Facebook Pixel we can comprehend the effectiveness of Facebook ads for statistical and market research purposes by seeing if users are linked to our homepage after clicking a Facebook ad (so-called “conversion”).

Facebook’s data processing occurs within the scope of Facebook’s privacy policy.  Accordingly, general information regarding the presentation of Facebook ads in Facebook’s privacy policy: https://www.facebook.com/policy.php.  Specific information and details regarding Facebook Pixel and operating principles can be found at Facebook’s help area:  https://www.facebook.com/business/help/651294705016616.

You may object to the collection and usage of your data for the presentation of Facebook ads by Facebook Pixel.  In order to determine which type of advertising you are shown on Facebook, you can call up Facebook and follow the instructions regarding usage-based ad settings: https://www.facebook.com/settings?tab=ads.  The settings are platform-independent, i.e., they will be taken over on all devices.

Moreover, you can object to the use of cookies, which serve to measure reach and advertising purposes, on the deactivation page of the network initiative
(http://optout.networkadvertising.org/) and the American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

Online Presence on Social Media

We maintain an online presence in social networks and platforms in order to communicate with clients, interested persons and users and to provide them with information about our services.  The respective terms and conditions and privacy policies of the respective networks and platforms apply when calling up the respective operators.

If not otherwise declared in our privacy policy, we processes users’ data, if they communicate with us via social media and platforms, e.g., when they post on our online presence or send us messages.

 

Inclusion of Services and Third-Party Content

In order to pursue our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offer in accordance with Art. 6 Para. 1 lit. f. GDPR) we use third-party content or service offers in order to incorporate their content and services, e.g., videos or fonts (“content”).

This always assumes that our online offer that third-party providers of this content will perceive users’ IP addresses, since they cannot transmit the content to users’ browsers without said IP addresses.  We endeavour to use only such content; whose respective providers only use the IP address for the delivery of content.  Moreover, third-party providers can use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes.  Pixel tags enable the evaluation of information, such as visitor traffic to this website.  The pseudonymous information can also be stored as cookies on users’ computers and contain, among other things, information regarding the browser and operating system, referring websites, visiting time, as well as other information regarding the usage of our online offer, as well as being coupled with information from other sources.

 

Google Maps

We integrate the maps from the „Google Maps“ services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.  The processed data can include a user’s IP address and location data, however, not without express consent (usually set in your mobile device settings.  The data can be processed in the USA.  Privacy policy:  https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Created with the privacy policy generator from RA Dr. Thomas Schwenke

 

Translation

In case of differences in the English and German version of the GDPR, the German original version is leading and arbitrative.