Data protection declaration

1 Definitions

The data protection declaration of REISS Büromöbel GmbH uses terms which were used by the issuer of European directives and regulations when issuing the General Data Protection Regulation (GDPR). We wish for our data protection declaration to be easily readable and understandable both for the public and for our customers and business partners. In order to ensure this, we would like in the following to explain the terms that have been used.

Amongst others, we use the following terms in this data protection declaration:

1. Personal dataPersonal data is all information which relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, ID number, location data, online profile or one or more special characteristics which are the expression of the physical, physiological, genetic, psychiatric, economic, cultural or social identity of this natural person.
2. Data subjectA data subject is any identified or identifiable natural person whose personal data is processed by the body responsible for the processing.
3. ProcessingProcessing is any procedure carried out with or without the assistance of automated processes or any such group of procedures in connection with personal data, such as the gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by transfer, distribution or other form of provision, comparison or connection, restriction, deletion or destruction.
4. Restriction of processingRestriction of processing is the marking of saved personal data with the objective of restricting its processing in the future.
5. ProfilingProfiling is any type of automated processing of personal data where this is used in order to evaluate personal aspects which relate to a natural person, in particular to analyse or forecast aspects relating to work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.
6. PseudonymisationPseudonymisation is the processing of personal data in a way where the personal data can no longer be assigned to a specific data subject without consulting additional information, provided that this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data is not assigned to an identified or identifiable natural person.
7. Controller or body responsible for the processingA controller or body responsible for the processing is a natural or legal person, authority, institution or other body which takes decisions alone or with others concerning the purposes and means of processing of personal data. Should the purposes and means of this processing be prescribed under EU law or the laws of the Member States, the controller and the specific criteria of its nomination can be prescribed by EU law or the laws of the Member States.
8. Order processorAn order processor is a natural or legal person, authority, institution or other body which processed personal data on behalf of the controller.
9. RecipientA recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether the recipient is a third party or not. Authorities which may receive personal data within the framework of a specific investigation order under EU law or the laws of the Member States are not however considered to be recipients.
10. Third partyA third party is a natural or legal person, authority, institution or other body apart from the data subject, the controller, the order processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or order processor.
11. ConsentConsent is any statement of intent issued by the data subject voluntarily for the specific case in an informed manner without any misunderstandings in the form of a declaration or other clear confirming action, by means of which he or she states that he or she agrees to the processing of the personal data relating to him or her.

2 Name and address of the body responsible for the processing.

The controller as defined under the GDPR, other data protection laws which apply in the Member States of the EU and other regulations of a data protection law nature is:

REISS Büromöbel GmbH
Südring 6
04924 Bad Liebenwerda
Germany

Tel: +49 35341 48-0
Email: kontakt@reiss-bueromoebel.de
Website: www.reiss-bueromoebel.de

3 Name and address of the data protection officer

The data protection officer of the body responsible for the processing is:

Werner Schmidgruber
DATEV eG
Virnsberger Str. 63
90329 Nürnberg
Germany

Email: datenschutz@reiss-bueromoebel.de
Website: www.reiss-bueromoebel.de

Each data subject can contact our data protection officer directly at any time in case of queries and suggestions relating to data protection.

4 Cookies

The Internet sites of REISS Büromöbel GmbH use cookies. Cookies are text files which are placed on a computer and saved via an Internet browser.
Numerous Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a clear identifier of the cookie. It consists of a character sequence, by means of which Internet sites and servers can be assigned to the concrete Internet browser in which the cookie was saved. This enables the Internet sites and servers which are being visited to distinguish the individual browser of the data subject from other Internet browsers which contain different cookies. A specific Internet browser can be recognised again and identified via the clear cookie ID.

By means of the use of cookies, REISS Büromöbel GmbH can make this Internet site more user friendly for its visitors, which would not be possible without the setting of cookies.

By means of a cookie, the information and offers on our Internet site can be optimised for the user. As previously explained, cookies enable us to recognise the visitors to our Internet site once again. The purpose of this is to make the use of our Internet site easier for our users. For example, the user of an Internet site which uses cookies is not required to enter his or her access data each time he or she visits the Internet sites, as this is done by the Internet site and the cookie which is saved in the computer system of the user. Another example is the shopping basket cookie in the online shop. The online shop records the items which a customer has placed in the virtual shopping basket by means of a cookie.

The data subject can prevent the setting of cookies by our Internet site by setting the Internet browser used accordingly and by means of such, permanently objecting to the setting of cookies. In addition, cookies which have already been set can be deleted via an Internet browser or other software program. This is possible in all current Internet browsers. Should the data subject de-activate the setting of cookies in the Internet browser used, under certain circumstances it may not be possible to fully use all functions of this Internet site.

5 Recording of general data and information

The Internet site of REISS Büromöbel GmbH records a large amount of general data and information each time the Internet site is accessed by a data subject or automated system. This general data and information is saved in the logfiles of the server. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the Internet site from which an accessing system came across our Internet site (so-called referrer), (4) the sub websites which are managed via an accessing system on our Internet site, (5) the date and time of accessing the Internet site, (6) an Internet protocol (IP) address, (7) the Internet service provider of the accessing system and (8) other similar data and information which protects against risks in the case of attacks against our IT systems.

When using this general data and information, REISS Büromöbel GmbH cannot trace the individual data subject. Rather, this information is required in order to: (1) correctly deliver the content of our Internet site, (2) optimise the content of our Internet site and the advertising for this, (3) ensure the constant functionality of our IT systems and the technology of our Internet site and (4) provide prosecution authorities with the necessary information for criminal prosecutions in case of a cyber attack. This data and information which is gathered anonymously is therefore evaluated statistically on the one hand and is also evaluated with the objective of increasing data protection and data security at our company, in order to ultimately ensure an optimal level of protection for the personal data which is processed by us. The anonymous data of the server logfles is saved separately from all personal data which is provided by the data subject.

6 Registration on our Internet site

The data subject has the option of registering on the Internet site of the body responsible for the processing by providing personal data. The respective entry mask which is used for the registration states which personal data will be transferred to the body which is responsible for the processing during this procedure. The personal data entered by the data subject will only be gathered and saved for internal use by the body responsible for the processing and for its own purposes. The body responsible for the processing can transfer the personal data to one or more order processors, for example a parcel company, which also only uses the personal data for internal use which is attributable to the body which is responsible for the processing.

By means of the registration on the Internet site of the body which is responsible for the processing, the IP address issued by the Internet service provider (ISP) of the data subject, the date and the time of the registration will be saved. The saving of this data takes place in such a way as this is the only option for preventing misuse of our services and this data enables the clarification of criminal offences which have been committed when necessary. To this extent, the saving of this data is necessary in order to safeguard the interests of the body which is responsible for the processing. As a rule, this data is not passed on to third parties, unless a statutory disclosure obligation exists or the purpose of the disclosure is the bringing of criminal prosecutions.

The registration of the data subject will the voluntary provision of personal data enables the body which is responsible for the processing to offer content or services to the data subject which can only be offered to registered users due to their nature. Registered persons have the option of altering the personal data provided during the registration at any time or to have this deleted in full from the data inventory of the body which is responsible for the processing.

The body which is responsible for the processing will provide all data subjects with information at any time on request as to what personal data relating to them has been saved. In addition, the body which is responsible for the processing will correct or delete personal data on the instructions of the data subject, provided that no statutory retention obligations prevent this. The data protection officer named in this declaration and all of the employees of the body which is responsible for the processing can be contacted by the data subject in case of any queries or concerns relating to data protection.

7 Contact option via the Internet site

The Internet site of REISS Büromöbel GmbH contains information in accordance with statutory regulations which enables a speedy electronic contact initiation with our company and direct communication with us, which also includes a general email address. Should a data subject get in touch with the body responsible for the processing by email or via a contact form, the personal data provided by the data subject will be automatically saved. Such personal data which is provided to the body responsible for the processing by the data subject on a voluntary basis is saved for the purposes of processing or getting in touch with the data subject. This personal data is not passed on to third parties.

8 Routine deletion and blocking of personal data

The body responsible for the processing only processes and saves personal data of the data subject for the period of time which is necessary to attain the purpose of this or should this have been mandated by the issuer of European directives and regulations or another legislator in laws or ordinances to which the body responsible for the processing is subject.

Should the purpose of the saving no longer apply or should a saving period prescribed by the European issuer of directives and regulations or another competent legislator expire, the personal data will be routinely blocked or deleted in accordance with the statutory regulations.

9 Rights of the data subject

1. Right of confirmationEach data subject has been granted the right by the European issuer of directives and regulations to request confirmation from the body responsible for the processing as to whether personal data relating to him or her is being processed. Should a data subject wish to claim this right of confirmation, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.
2. Right of informationAny person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to receive free-of-charge information from the body responsible for the processing at any time concerning the personal data relating to his or her person which is being saved and to obtain a copy of this information. Furthermore, the European issuer of directives and regulations has provided the data subject with the right to receive the following information:
   • the purposes of the processing
   • the categories of personal data which is being processed
   • the recipient or categories of recipients to whom the personal data has been disclosed or will be disclosed in the future, in particular in case of recipients in third countries or in case of international organisations
   • if possible, the planned duration of the saving of the personal data or, should this not be possible, the criteria for determining this duration
   • the existence of a right of correction of deletion of the personal data relating to him or her or the right to have the processing by the body responsible for the processing restricted, as well as the right to object to this processing
   • the existence of a right to complain to a supervisory authority
   • should the personal data not be obtained from the data subject: all available information concerning the origin of the data
   • the existence of automated decision making, including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR
   • and, at least in these cases, detailed information concerning the involved logic and the breadth and intended effects of such processing for the data subject

   Furthermore, the data subject has the right to be informed of whether personal data has been transferred to a third country or an international organisation. Should this be the case, the data subject also has the right to receive information concerning the suitable guarantees in connection with the transfer.

   Should a data subject wish to claim this right of confirmation, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.

3. Right of correctionAny person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to request the immediate correction of incorrect personal data. Furthermore, the data subject has the right, taking the purposes of the processing into account, to request the completion of incomplete personal data, also by means of a supplementary declaration.Should a data subject wish to claim this right of confirmation, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.
4. Right of deletion (right to be forgotten)Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to request from the body responsible for the processing that the personal data relating to him or her be deleted immediately, should one of the following reasons be present and unless the processing is necessary:
   • The personal data was gathered for such purposes or processed in another manner for which it is no longer necessary
   • The data subject revokes his or her consent on which the processing in accordance with Article 1 Paragraph 1 Letter a) GDPR
   • or Article 9 Paragraph 2 Letter a) GDPR
   • was based and no other legal basis for the processing is present
   • The data subject raises an objection to the processing in accordance with Article 21 Paragraph 1 GSPR
   • and there are no legitimate reasons for the processing which take priority or the data subject raises an objection to the processing in accordance with
   • Article 21 Paragraph 2 GDPR.
   • The personal data has been processed unlawfully.
   • The deletion of the personal data is necessary to fulfil a legal obligation under EU law or the laws of the Member States to which the body responsible for the processing is subject.
   • The personal data was gathered in relation to services offered by the information company in accordance with Article 8 Paragraph 1 GDPR.

   Should one of the reasons stated above be present and should a data subject wish to have personal data which is saved by REISS Büromöbel GmbH deleted, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time. The data protection officer of REISS Büromöbel GmbH or another employee will ensure that the deletion request is complied with immediately.

   Should the personal data have been made public by REISS Büromöbel GmbH and should our company as the responsible body under Article 17 Paragraph 1 GDPR be obliged to delete the personal data, then taking the available technology and implementation costs into account, REISS Büromöbel GmbH will take reasonable measures, also of a technical nature, in order to inform other bodies responsible for the data processing which process the published personal data that the data subject has requested that this other body responsible for the data processing deletes all links to this personal data or copies or reproductions of this personal data, unless the processing is necessary. The data protection officer of REISS Büromöbel GmbH or another employee will ensure that the necessary actions are carried out in the individual case.

5. Right to have the processing restrictedAny person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to request that the body responsible for the processing restricts the processing, should one of the conditions below be met:
   • The correctness of the personal data is disputed by the data subject for a period of time which enables the body responsible for the processing to check the correctness of the personal data.
   • The processing is unlawful, the data subject rejects the deletion of the personal data and requests instead that the use of the personal data be restricted.
   • The body responsible for the processing no longer requires the personal data for the purposes of the processing, however the data subject requires this in order to assert, exercise or defend legal claims.
   • The data subject has raised an objection to the processing in accordance with Article 21 Paragraph 1 GDPR
   • and it is not yet clear whether the legitimate reasons of the body responsible for the processing outweigh those of the data subject.

   Should one of the reasons stated above be present and should a data subject wish to have the processing of personal data which is saved by REISS Büromöbel GmbH restricted, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time. The data protection officer of REISS Büromöbel GmbH or another employee will ensure that the restriction of the processing of the personal data is carried out.

6. Right of data portabilityAny person affected by the processing of personal data has been granted the tight by the European issuer of directives and regulations to receive the personal data relating to him or her which he or she has provided to a body responsible for the processing in a structured, up-to-date and machine readable format. He or she also has the right to the transfer this data to a responsible body without hindrance on the part of the body responsible for the processing to whom the personal data was provided, should the processing take place on the basis of consent in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 9 Paragraph 2 Letter a) GDPR or be based on a contract in accordance with Article 6 Paragraph 1 Letter b) GDPR and should the processing take place with the assistance of automated procedures, unless the processing is necessary in order to perform a task which is in the public interest or takes place in the course of exercising of public powers which were assigned to the body which is responsible for the processing.
   Furthermore, when exercising his or her right of data portability, the data subject has the right in accordance with Article 20 Paragraph 1 GDPR to have the data transferred directly from one responsible body to another responsible body, provided that this is technically feasible and provided that the rights and freedoms of other persons are not impaired as a result.
   In order to claim the right of data portability, the data subject can contact the data protection officer appointed by REISS Büromöbel GmbH or another employee at any time.
7. Right of objection
   Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to raise an objection for reasons connected to his or her specific situation to the processing of personal data relating to him or her which takes place in accordance with Article 6 Paragraph 1 Letter e) or Letter f) GDPR. This also applies to profiling which is based on these provisions.In case of an objection, REISS Büromöbel GmbH will no longer process the personal data, unless we can provide mandatory protectable reasons for the processing which outweigh the interests, rights and freedoms of the data subject or the purpose of the processing is the assertion, exercising or defence of legal claims.Should REISS Büromöbel GmbH process personal data in order to carry out direct advertising, the data subject has the right to raise an objection at any time to the processing of the personal data for the purposes of such advertising. This also applies to the profiling, should it be connected to such direct advertising. Should the data subject raise an objection to REISS Büromöbel GmbH concerning the processing for the purposes of direct advertising, REISS Büromöbel GmbH will no longer process the personal data for these purposes.In addition, for reasons connected to his or her specific situation, the data subject has the right to object to the processing of personal data relating to him or her which is undertaken by REISS Büromöbel GmbH for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, unless such processing is necessary to fulfil a task which is in the public interest.

   In order to claim the right of data objection, the data subject can contact the data protection officer appointed by REISS Büromöbel GmbH or another employee at any time. The data subject is also free to exercise his or her right of objection in connection with the use of services of the information company by means of automated procedures where technical specifications are used, regardless of Directive 2002/58/EC.

8. Automated decision making in an individual case, including profiling
   Any person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations not to be subjected to a decision based solely on automated processing, including profiling, which has legal effect for him or her or which significantly impacts on him or her in a similar manner, unless the decision is (1) necessary for the conclusion or fulfilment of a contract between the data subject and the body responsible for the processing or the decision is (2) lawful under legal regulations of the EU or of the Member States to which the body responsible for the processing is subject and these legal regulations contain reasonable measures to safeguard the rights and freedoms and legitimate interests of the data subject or (3) the decision takes place with the express consent of the data subject.Should the decision (1) be necessary to conclude or fulfil a contract between the data subject and the body responsible for the processing or should the decision (2) take place with the express consent of the data subject, REISS Büromöbel GmbH will take reasonable measures the safeguard the rights and freedoms, as well as the legitimate interests of the data subject, whereby this includes as a minimum the right to have a person intervene on behalf of the body responsible for the processing, the right to set out one’s own opinion and the right to contest the decision.Should a data subject wish to claim these rights related to automated decision making, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.
9. Right to revoke consent under data protection lawsAny person affected by the processing of personal data has been granted the right by the European issuer of directives and regulations to revoke at any time consent which has been issued in relation to the processing of personal data.
   Should a data subject wish to claim his or her right to revoke consent which has been issued, he or she can contact our data protection officer or another employee of the body responsible for the processing at any time.

10 Data protection provisions concerning the use of Facebook

The body responsible for the processing has integrated components of Facebook on this Internet site. Facebook is a social network.

A social network is a social meeting area operated on the Internet, an online community, which generally enables users to communicate with each other and to interact in the virtual room. A social network can serve the purpose of a platform for the exchange of viewpoints and experiences or enables the Internet community to provide personal or commercial information. Facebook enables users of the social network to create private profiles, upload photos and to create a network of friends amongst others.

The operating company of Facebook is Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. Should the data subject live outside of the USA or Canada, the body responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of the Internet site which is operated by the body responsible for the processing and in which a Facebook component (Facebook plugin) has been integrated is accessed, the Internet browser on the IT system of the data subject is automatically instructed by the Facebook components to download a view of the corresponding Facebook components. An overview of all Facebook plugins can be accessed at: https://developers.facebook.com/docs/plugins Within the framework of this technical process, Facebook is informed which concrete sub page of our Internet site has been visited by the data subject.

Should the data subject be logged into Facebook at the same time, then each time the data subject accessed our Internet site and for the whole duration of the respective visit to our Internet site, Facebook can recognised which concrete sup page of our Internet site is being visited by the data subject. This information is collected by the Facebook components and assigned to the respective Facebook account of the data subject by Facebook. Should the data subject click on one of the Facebook buttons which are integrated into our Internet site, for example the “like” button or should the data subject submit a comment, Facebook assigns this information to the personal Facebook user account of the data subject and saves this personal data.

Via the Facebook components, Facebook is then informed that the data subject has visited our Internet site, should the data subject be logged into Facebook at the same time he or she accesses our Internet site; this takes place regardless of whether the data subject clicks on the Facebook components or not. Should the data subject not wish for this information to be transferred to Facebook in such a way, he or she can prevent the transfer by logging out of the Facebook account before accessing our Internet site.

The data protection guidelines of Facebook which can be accessed at https://de-de.facebook.com/about/privacy/ provide information concerning the gathering, processing and use of personal data by Facebook. In addition, these provide an explanation of the settings options at Facebook in order to protect the private sphere of the data subject. Furthermore, various applications which enable the transfer of data to Facebook to be prevented are available. Such applications can be used by the data subject in order to prevent the transfer of data to Facebook.

11 Data protection provisions concerning the use of Google AdSense

The body responsible for the processing has integrated Google AdSense on this Internet site. Google AdSense is an online service which enables the sharing of advertising on third party sites. Google AdSense is based on an algorithm, which selects the adverts displayed on third party sites in a manner which corresponds to the content of the respective third party site. Google AdSense enables the Internet user to be targeted with adverts which are of interest to him or her, which is implemented by means of the generation of individual user profiles.

The operating company of the Google AdSense components is Alphabet Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google AdSense components is the integration of adverts on our Internet site. Google AdSense places a cookie on the IT system of the data subject. The nature of cookies has already been explained above. By means of the setting of cookies, Alphabet Inc is able to analyse the use of our Internet site. Each time one of the individual pages of the Internet site which is operated by the body responsible for the processing and in which a Google AdSense component has been integrated is accessed, the Internet browser on the IT system of the data subject is automatically instructed by the respective Google AdSense components to transfer data for the purposes of online advertising and to calculate the payment of commission to Alphabet Inc. Within the framework of this technical procedure, Alphabet Inc receives knowledge of the personal data, such as the IP address of the data subject, which allows Alphabet Inc amongst other things to trace the origin of the visitors and clicks and to subsequently issue commission statements.

The data subject can prevent the setting of cookies by our Internet site at any time by setting the Internet browser used accordingly and by means of such, permanently objecting to the setting of cookies. Setting the Internet browser used in such a way will also prevent Alphabet Inc setting a cookie on the IT system of the data subject. In addition, a cookie which has already been set by Alphabet Inc can be deleted at any time via the Internet browser or by means of other software programs.

Google AdSense also uses so-called number pixels. A number pixel is a miniature graphic which is integrated into Internet sites in order to enable the recording of logfiles and to allow a logfile analysis to take place, by means of which a statistical evaluation can be carried out. On the basis of the integrated number pixel, Alphabet Inc can recognise whether and when an Internet site was opened by a data subject and what links the data subject has clicked on. Amongst others, the purpose of number pixels is to evaluate the flow of visitors to an Internet site.

Via Google AdSense, personal data and information which also includes the IP address and which is necessary in order to record and bill the displayed adverts is transferred to Alphabet Inc in the USA. This personal data is saved and processed in the USA. Alphabet Inc may pass the personal data gathered by means of this technical procedure on to third parties under certain circumstances.

A more detailed explanation of Google AdSense can be found via the following link: https://www.google.de/intl/de/adsense/start/

12 Data protection provisions concerning the use of Google Analytics (with anonymisation function)

The body responsible for the processing has integrated Google Analytics components on this Internet site (with anonymisation function). Google Analytics is a web analysis service. Web analysis is the gathering, collection and evaluation of data concerning the behaviour of visitors to Internet sites. Amongst others, a web analysis service recorded from what Internet site a data subject accessed the Internet suite concerned (so-called referrer), which sub pages of the Internet site were accessed or how often and for what duration a sub page was viewed. A web analysis service is usually used to optimise an Internet site and to carry out a cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics components is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The body responsible for the processing uses the “_gat._anonymizeIp” addition for the web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymised by Google, should the accessing of our Internet site take place in a Member State of the European Union or another Member State of the European Economic Area.

The purpose of the Google Analytics components is the analysis of visitor traffic on our Internet site. Amongst others, Google uses the data and information which is gathered in order to evaluate the use of our Internet site, to compile online reports for use which display the activities on our Internet sites and to provide other services connected to the use of our Internet site.

Google Analytics places a cookie on the IT system of the data subject. The nature of cookies has already been explained above. By means of the setting of the cookie, Google is able to analyse the use of our Internet site. Each time one of the individual pages of the Internet site which is operated by the body responsible for the processing and in which a Google Analytics component has been integrated is accessed, the Internet browser on the IT system of the data subject is automatically instructed by the respective Google Analytics components to transfer data for the purpose online analysis to Google.. Within the framework of this technical procedure, Google receives knowledge of the personal data, such as the IP address of the data subject, which allows Google amongst other things to trace the origin of the visitors and clicks and to subsequently issue commission statements.

By means of the cookie, personal information such as the access time, the location from which an access originated and the frequency of the visits to our Internet site by the data subject is saved. Each time our Internet site is visited, this personal data, including the IP address of the Internet connection used by the data subject is transferred to Google in the USA. This personal data is saved by Google in the USA. Google may pass the personal data gathered by means of this technical procedure on to third parties under certain circumstances.

The data subject can prevent the setting of cookies by our Internet site at any time by setting the Internet browser used accordingly and by means of such, permanently objecting to the setting of cookies. Setting the Internet browser used in such a way would also prevent Google setting a cookie on the IT system of the data subject. In addition, a cookie which has already been set by Google Analytics can be deleted at any time via the Internet browser or by means of other software programs.

Moreover, it is possible for the data subject to object to the recording of the personal data generated by Google Analytics which relates to the use of this Internet site, as well as the processing of this data by Google and to prevent this. In order to do so, the data subject needs to download and install a browser add on, which can be obtained via the following link: https://tools.google.com/dlpage/gaoptout This browser add on informs Google Analytics via JavaScript that no data and information relating to the visits to Internet sites may be transferred to Google Analytics. The installation of the browser add on is deemed by Google to represent an objection. Should the IT system of the data subject be subsequently deleted, formatted or re-installed, the data subject needs to install the browser add on again in order to de-activate Google Analytics. Should the browser add on be de-installed or de-activated by the data subject or another person acting on his or her behalf, it is possible to re-install or re-activate the browser add on.

Further information concerning the applicable data provisions of Google can be viewed at https://www.google.de/intl/de/policies/privacy/

and http://www.google.com/analytics/terms/de.html. A more detailed explanation of Google Analytics can be found via the following link: https://www.google.com/intl/de_de/analytics/

13 Data protection provisions concerning the use of AdWords

The body responsible for the processing has integrated Google AdWords on this Internet site. Google AdWords is an Internet advertising service which enables advertisers to display adverts both in the search engine results of Google and in the Google advertising network. Google AdWords enables an advertiser to determine specific key words in advance, by means of which an advert is only displayed in the search engine results of Google if the user access a key word relevant search result with the search engine. In the Google advertising network, the adverts are distributed by means of an automatic algorithm and in compliance with the previously set key words on topic relevant Internet sites.

The operating company of Google AdWords is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is the promotion of our Internet site by means of the integration of adverts which are targeted to user interests in the Internet sites of third party companies and in the search engine results of the Google search engine and the inclusion of third party advertising on our Internet site.

Should a data subject come across our Internet site via a Google advert, a so-called conversion cookie is set on the IT system of the data subject by Google. The nature of cookies has already been explained above. A conversion cookie ceases to be valid after third days and is not used to identify the data subject. Provided that the cookie has not yet expired, the conversion cookie provides information as to whether certain sub-pages, for example the shopping basket of an online shop have been accessed on our Internet site. By means of the conversion cookie, both ourselves and Google are provided with information as to whether a data subject who came across our website via an AdWords advert generated a sale, ie whether he or she completed or terminated a purchase of goods.

The data and information which is gathered by using the conversion cookie is used by Google in order to compile visit related statistics for our Internet site. These statistics relating to visits are then used by us in order to calculate the total number of users who came across our website via AdWords adverts, ie to determine the success or lack of success of the respective AdWords advert and in order to optimise our AdWords adverts in the future. Neither our company nor other advertising customers of Google receive information from Google which enables the data subject to be traced.

BY means of the conversion cookie, personal information such as the Internet sites visited by the data subject is saved. Each time our Internet site is visited, this personal data, including the IP address of the Internet connection used by the data subject is transferred to Google in the USA. This personal data is saved by Google in the USA. Google may pass the personal data gathered by means of this technical procedure on to third parties under certain circumstances.

The data subject can prevent the setting of cookies by our Internet site at any time by setting the Internet browser used accordingly and by means of such, permanently objecting to the setting of cookies. Setting the Internet browser used in such a way would also prevent Google setting a conversion cookie on the IT system of the data subject. In addition, a cookie which has already been set by Google AdWords can be deleted at any time via the Internet browser or by means of other software programs.

In addition, the data subject has the option of objecting to receiving from Google advertising which is tailored to his or her interests. In order to do so, the data subject needs to access each browser used by him or her from the link www.google.de/settings/adsand carry out the requested settings.

Further information concerning the applicable data provisions of Google can be viewed at https://www.google.de/intl/de/policies/privacy/

14 Data protection provisions concerning the use of YouTube

The body responsible for the processing has integrated components of YouTube on this Internet site. YouTube is an Internet video portal which enables video publishers to upload video clips free-of-charge and allows other uses to view and evaluate these free-of-charge too and to submit comments. YouTube permits the publication of all types of video, which means that both complete films and TV programmes, as well as music videos, trailers or videos created by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube is a subsidiary company of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of the Internet site which is operated by the body responsible for the processing and in which a YouTube component (YouTube video) has been integrated is accessed, the Internet browser on the IT system of the data subject is automatically instructed by the respective YouTube components to download a view of the corresponding YouTube components. Further information concerning YouTube can be accessed via the following link: https://www.youtube.com/yt/about/de/ Within the framework of this technical process, YouTube is informed which concrete sub page of our Internet site has been visited by the data subject.

Should the data subject be logged into YouTube at the same time, YouTube is informed at the time of accessing a sub-page which contains a YouTube video as to which concrete sub-page of our Internet site is being visited by the data subject. This information is collected by the YouTube and Google and assigned to the respective YouTube account of the data subject.

Via the YouTube components, YouTube and Google are then informed that the data subject has visited our Internet site, should the data subject be logged into YouTube k at the same time he or she accesses our Internet site; this takes place regardless of whether the data subject clicks on a YouTube video or not. Should the data subject not wish for this information to be transferred to YouTube and Google in such a way, he or she can prevent the transfer by logging out of their YouTube account before accessing our Internet site.

The data protection guidelines YouTube which can be accessed at https://www.google.de/intl/de/policies/privacy provide information concerning the gathering, processing and use of personal data by YouTube and Google.

15 Legal basis of the processing

Article 6 I Letter a) GDPR serves the purpose of the legal basis for processing actions where we obtain consent for a specific processing reason. Should the processing of personal data be necessary to fulfil a contract where the contracting party is the data subject, which is the case during processing actions which are necessary to deliver goods or provide other services or consideration, the processing is based on Article 6 I Letter b) GDPR. The same apply to processing actions which are necessary to carry out pre-contractual measures, such as in case of queries relating to our products or services. Should our company be subject to a legal obligation by means of which it becomes necessary to process personal data, for example in order to fulfil tax obligations, the processing is based on Article 6 I Letter c) GDPR. In a small number of cases, the processing of personal data may become necessary in order to protect vital interests of the data subject or of another natural person. For example, this would be the case if a visitor were to be injured when visiting our premises and his or her name, age, health insurance company data or other essential information needed to be passed on to a doctor, hospital or other third parties. The processing would then be based on Article 6 I Letter d) GDPR. The processing could ultimately be based on Article 6 I Letter f) GDPR. Processing actions which do not come under any of the legal positions above are based on this legal framework if the processing is necessary in order to safeguard a legitimate interest of our company or of a third party, provided that the interests, basic rights and basic freedoms of the data subject do not outweigh this. Such processing actions are therefore permitted on our part in particular as these were specifically mentioned by the European legislator. To this extent, the European legislator was of the opinion that a legitimate interest could be assumed if the data subject is a customer of the body responsible for the processing (reason for the opinion 47 Sentence 2 GDPR).

16 Legitimate interests in the processing which are pursued by the body responsible for the processing or a third party

Should the processing of personal data be based on Article 6 I Letter f) GDPR, our legitimate interest is the performance of our business activities for the wellbeing of all of our customers and shareholders.

17 Period of time for which the personal data is saved

The criteria for the duration of the saving of personal data is the respective statutory retention period. Following the expiry of this period, the relevant data is routinely deleted, unless it remains necessary for fulfilment of the contract or for contractual negotiations.

18 Statutory or contractual regulations concerning the provision of the personal data

Necessity for conclusion of the contract obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data

We wish to make clear that the provision of personal data is required in part by law (for example tax regulations) or as part of the provisions of a contract (for example information concerning the contracting partner). It may be necessary in order to conclude a contract for a data subject to provide us with personal data, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean the contract not being able to be concluded with the data subject. Prior to the provision of personal data by the data subject, he or she must contact our data protection officer. Our data protection officer will provide the data subject with clarification in the individual case as to whether the provision of the personal data is mandated by law or required in order to conclude the contract, whether an obligation to provide the personal data exists and the consequences of failure to provide the personal data.