Terms of service
DATA PROTECTION REGULATIONS
INTRODUCTION AND TERMS
1. INTRODUCTION
In operating our website https://www.festivalstore-wacken.com (hereinafter referred to as the "website"), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new). With our privacy policy, we want to inform you which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. We will also explain what rights you have to protect and enforce your data privacy.
2. DEFINITIONS
Our data protection provisions contain technical terms that are used in the GDPR and the BDSG-new. For your better understanding, we would like to explain these terms in simple terms in advance:
2.1 Personal data
"Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Details of an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their address or bank details, their date of birth or user name, their IP addresses and/or location data. All information that can be used to identify a person in any way is relevant here.
2.2 Processing
Art. 4 No. 2 GDPR defines "processing" as any operation involving personal data. This applies in particular to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
RESPONSIBLE COMPANY AND DATA PROTECTION OFFICER
3.
the data controller is responsible for data processing:
Company: SH Promotion GmbH ("we")
Authorized representatives: Thomas Jensen and Holger Hübner
Address: Schenefelder Str. 17,25596 Wacken
Tel: +49 48 27 / 999 66 666
Fax: +49 48 27 / 999 66 980
E-mail: info@festivalstore-wacken.com
4 DATA PROTECTION
OFFICER We have appointed an external data protection officer for our company. You can reach him at:
Name: Reinher Karl
Address: HABEWI GmbH & Co KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 18189800
Fax: 040/ 181898099
E-mail: datenschutz@habewi.de
PROCESSING FRAMEWORK
5. PROCESSING FRAMEWORK: WEBSITE
As part of the website with the URL https://www.metaltix.com, we process the personal data of you listed in detail in sections 6-25 below. We only process data that you actively provide on our website (e.g. by filling out forms) or that you automatically provide when using our website.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorized to issue instructions to our contractors. We use external service providers to operate our website for hosting, maintenance, care and further development. If other external service providers are used for individual processing operations listed in sections 6-25, they will be named there.
Data transfer to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.
THE PROCESSING OPERATIONS IN DETAIL
6. PROVISION OF THE WEBSITE AND SERVER LOG FILES
6.1 Description of processing
Each time you visit the website, we automatically collect information that your browser transmits to our server. This information is also stored in the so-called log files of our system. This involves the following data
- your IP address
- the browser software you are using, as well as its version and language
- the operating system you are using
- the website from which you accessed our website (so-called referrer)
- the subpages you accessed on our website
- the date and time you accessed our website
- the amount of data transferred
The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the user's end device. For this purpose, the user's IP address must remain stored for the duration of the session. However, your IP address is not recorded in our log files.
6.2 Purpose
Processing is carried out to enable the website to be accessed and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offer.
6.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 6.2.
6.4 Storage period
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
7. REGISTRATION AND PROFILE
7.1 Description of processing
Individual functions and offers on our website are only available to you as a registered user. By registering, you conclude a free user agreement with us. By registering, you will receive your own user account on our website. You register by completing the registration form at https://www.metaltix.com and sending it to us electronically. To register, you must enter your e-mail address and a password of your choice. By clicking on the "Register" button, you submit the form to us. As a registered user, you can shop faster and more conveniently on our website by entering your billing and delivery addresses as well as your preferred payment method in your user profile. This means that you do not have to re-enter your personal data for subsequent (further) purchases.
In addition to the information you provide when registering, we process the following personal data from you to set up and maintain your user account:
- First name and surname
- E-mail address
- Address
- Date of birth
- Delivery address (if different from address)
- Telephone number
- Company name
7.2 Purpose
The processing is carried out in order to provide you with the functions of our website for registered users.
7.3 Legal basis
The processing is necessary for the conclusion and fulfillment of the user contract (Art. 6 para. 1 lit. b GDPR). Without providing your personal data as part of the registration process, we cannot provide our contractually owed services.
7.4 Storage period
The data will be automatically deleted by us upon termination of your user contract. You can terminate the user contract yourself by sending an email to datenschutz@metaltix.com to inform us that you no longer wish to be a registered user of our website. We will then delete your user account immediately. In addition, as a logged-in user you can edit your own details and information at any time.
8. PURCHASING
8.1 Description of processing
You can shop on our website as a guest or as a registered user. We process your personal data as part of your order process. The mandatory fields marked with an asterisk "*" in our online store must be completed by you. Otherwise, we will not be able to conclude a purchase contract with you and send you the desired goods, such as event tickets, vouchers, gift packaging and merchandise products. All other information is voluntary. When making a purchase on our website, you can also select one of the payment methods offered (credit card, instant bank transfer, advance payment) to settle the purchase price. When you complete your order, the data required for payment will be forwarded to the relevant payment service provider. If you shop on our website as a registered user, you can enter your billing and delivery addresses as well as your preferred payment method in your user profile for faster and more convenient ordering.
8.2 Purpose
The processing takes place for the conclusion and processing of purchase contracts.
8.3 Legal basis
The processing is necessary for the conclusion and fulfillment of the purchase contracts (Art. 6 para. 1 lit. b GDPR).
8.4 Storage period
Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after two years. This means that your data will then only be stored separately to comply with the statutory retention periods and will be deleted immediately after these have expired.
8.5 Recipients
To process your payment, personal data will be forwarded to one of the external payment service providers listed below and selected by you as part of your purchase:
- Sofortüberweisung: Sofort GmbH. Further information on data protection with Sofortüberweisung can be found at
https://www.klarna.com/sofort/datenschutz/
- Credit card: Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany
- Purchase in advance
9. CONTACT FORM AND CONTACT BY E-MAIL
9.1 Description of processing
We have provided a contact form on our website for contacting us. In this form, you will be asked to enter your e-mail address, your name and a message to us. If you click on the "Send" button, the data will be transmitted to us. The contact form can only be transmitted if you accept our privacy policy by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
9.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
9.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 9.2. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).
9.4 Storage period
We will delete the data as soon as it is no longer required for the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication ends when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period has expired.
10 COOKIES
10.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user's device when they visit a website. Cookies contain information that enables the recognition of an end device and, if necessary, certain functions of a website. In most cases, we only use so-called "session cookies". These are automatically deleted when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time and enable partner companies to recognize your browser or computer (persistent cookies). Depending on the cookie, persistent cookies are automatically deleted after the specified storage period.
10.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 10.1. Among other things, we work with advertising partners who help us to make our website as interesting as possible for you. For this purpose, cookies from third-party providers, our partner companies, may also be stored on your hard disk on our website. If we allow third parties to use such cookies, we will inform you about the information collected in this way in the following sections.
10.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 10.2.
10.4 Storage period
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your end device, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.
Below we have compiled the links that will take you to instructions on how to change the settings in the most common browsers. Further information can be found in the support menu of your browser:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent
11 NEWSLETTER
11.1 Description of processing
We send out a monthly newsletter. We use the newsletter to inform you about goods and services that you can purchase via our store and other information in this context. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe by filling out and submitting a newsletter registration form on our website. You only need to enter your e-mail address to subscribe to the newsletter. All other details (such as your first name and surname) are voluntary and are used solely to personalize the emails.
We use the so-called double opt-in procedure to carry out and verify newsletter registrations. Registration takes place in several steps. First, you register for the newsletter on our website. You will then receive an e-mail from us at the e-mail address you have provided. In this e-mail, we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. Confirmation is provided by clicking on a confirmation link in the e-mail. Only after successful confirmation will we add you to our newsletter mailing list and send you future e-mails. As part of the double opt-in procedure, we store the date, time and your IP address both when you register and when you confirm.
11.2 Purpose
The processing takes place in order to offer the newsletter function and to be able to send subscribers newsletter e-mails. The collection and storage of the date, time and IP addresses when registering for the newsletter serves to document the consent given and to protect against the misuse of email addresses.
11.3 Legal basis
The processing of our subscriber newsletter is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent is voluntary. The collection and storage of date, time and IP addresses when subscribing to the newsletter is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 11.2.
11.4 Storage period and withdrawal of consent
If you do not confirm your registration for our newsletter within 24 hours of receiving the corresponding registration email, your data will be deleted automatically. We process your personal data for the duration of your newsletter subscription. You can unsubscribe from our newsletter at any time by withdrawing your consent. All you need to do is unsubscribe via the Unsubscribe newsletter page or send a simple declaration by email to datenschutz@metaltix.com. If you withdraw your consent, we will no longer send you newsletters and your personal data will be removed from our active mailing list. We will add your e-mail address to our so-called black list in order to enforce your revocation. This enables us to ensure that you do not receive any newsletters from us in future and that your e-mail address is not misused by third parties.
12. SOCIAL NETWORKS
Our website does not use any social media plugins. The logos of the social networks Facebook, Twitter and Instagram displayed on our website are merely linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.
13. GOOGLE WEBFONTS
13.1 Description of processing
Our website uses "Google Web Fonts", a font replacement service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Web Fonts replaces the standard fonts of your device with fonts from Google's catalog when displaying our website. If your browser prevents the integration of Google Web Fonts, the text on our website will be displayed in the standard fonts of your device. The Google fonts are loaded directly from a Google server. In order for this to happen, your browser sends a request to a Google server. As a result, your IP address may also be transmitted to Google in connection with the address of our website. However, Google Web Fonts does not store any cookies on your end device. According to Google, data processed as part of the Google Web Fonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be related to the use of other Google services such as the search engine of the same name or Gmail. Further information on data protection at Google Webfonts can be found at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.
13.2 Purpose
The purpose of processing is to make the text on our website easier to read and more aesthetically pleasing.
13.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 10.2.
13.4 Recipients and transfer to third countries
The use of Google Web Fonts may result in personal data being transferred to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
14. YOUTUBE VIDEOS
14.1 Description of processing
Our website uses services from "YouTube", a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. The videos are embedded in the "extended data protection mode" offered on YouTube, i
.e. no personal data will be transferred from you to Google as long as you do not play the videos. Only when you play a video will data be transferred to Google, over which we have no influence. If you play an embedded video on a subpage of our website, Google will be informed which subpage you have visited and which video you have watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will assign this information to your user account. Google stores your data as user profiles and uses them for advertising purposes, for market research and/or for the needs-based design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google directly. Further information on data protection at Google can be found at http://www.google.com/intl/de-DE/policies/privacy/.
14.2 Purpose
The processing is carried out in order to be able to show you videos on our website.
14.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 16.2.
14.4 Recipients and transmission to third countries
By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
15. VIMEO VIDEOS
15.1 Description of processing
Our website uses services from "Vimeo", a video platform operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as "Vimeo"). We use Vimeo by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. When you visit a subpage of our website on which a video is embedded, a connection to the Vimeo servers is established and the video is displayed on our website. This tells Vimeo which website you have visited. Your IP address may also be transmitted to Vimeo. If you play an embedded video, this information will also be passed on to Vimeo. If you are logged in as a Vimeo user, Vimeo assigns this data to your user account. Further information on data protection at Vimeo can be found at http://vimeo.com/privacy.
15.2 Purpose
The processing takes place in order to be able to show you videos on our website.
15.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 13.2.
15.4 Recipients and transfer to third countries
Vimeo also processes data in the USA.
16. GOOGLE ANALYTICS
16.1 Description of processing
Our website uses "Google Analytics", a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google Analytics uses cookies (see section 10), which enable your use of our website to be analyzed. We use Google Analytics in the "Universal Analytics" version offered, which allows this analysis across devices by assigning the data to a pseudonymous user ID. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we only use Google Analytics with IP anonymization. This means that your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The statistics compiled by Google Analytics record in particular how many users visit our website, the country or location from which access is made, which subpages are accessed and which links or search terms visitors use to reach our website. You can find the Google Analytics user conditions at http://www.google.com/analytics/terms/de.html. An overview of data protection at Google Analytics can be found at http://www.google.com/intl/de/analytics/learn/privacy.html Google's privacy policy can be viewed at http://www.google.de/intl/de/policies/privacy.
16.2 Purpose
Processing takes place in order to be able to evaluate the use of our website. The information obtained is used to improve our online presence and design it in line with requirements.
16.3 Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 21.2.
16.4 Storage period and right to object
We have explained the storage period and your control and setting options for cookies in Section 10. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. The analysis data processed and stored by Google Analytics will be automatically deleted by us after 14 months.
16.5 Recipients and transfer to third countries
Google Analytics acts as a service provider for us within the scope of order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
17. FACEBOOK PIXEL
17.1 Description of processing
Our website uses the remarketing service "Facebook Pixel", which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The "Facebook Pixel" enables us to place advertisements on the social network that are targeted precisely to those Facebook users who have shown an interest in our offer - e.g. through a previous visit to our website. With the help of the "Facebook Pixel", we can also track and evaluate the effectiveness and reach of our advertising on Facebook by recording whether Facebook users interact with our ads on the social network by clicking on the ads and being redirected to our website. When you visit our website, a connection to the Facebook servers is therefore established and the "Facebook pixel" is embedded in our website. In addition, Facebook may store a cookie on your device (see section 9 above). If you are logged in to Facebook or log in to Facebook later, your visit to our website will be assigned to your user account. The data collected about you using the "Facebook pixel" is anonymous to us. It does not allow us to draw any conclusions about your person. However, Facebook can make a connection to your user profile. Data processing by Facebook is carried out in accordance with the company's data policy, which can be accessed at https://www.facebook.com/policy.php.
17.2 Purpose
The processing takes place in order to carry out targeted online advertising for our own offers and to be able to evaluate their effectiveness and reach.
17.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 16.2.
17.4 Storage period and right to object
We have explained the storage period and your control and setting options for cookies in section 9. You can object to
the collection of data by the "Facebook Pixel" and the use of your data to display Facebook ads at any time. To do so, you can click on the opt-out link below:
17.5 Recipients and transmission to third countries
By integrating the "Facebook Pixel", personal data may be transmitted to Facebook. Facebook also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
18. CONTENT DELIVERY NETWORKS (CDN)
18.1 Description of processing
This webshop uses Amazon Cloudfront, a CDN (content delivery network) from Amazon Inc ("Amazon"). Through a CDN, files are sent from a very fast server that is as close as possible to your location. This shortens the loading time of the website, as only a small amount of data has to be loaded directly from our slower actual server. Amazon operates numerous servers in Europe (including in Frankfurt and Milan) in order to be able to send our files to you as quickly as possible. Purpose
18.2 Purpose
The processing is carried out in order to shorten the loading time of our website.
18.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 25.2.
18.4 Recipients and transfer to third countries
However, it cannot be technically ruled out that your browser (e.g. because you access this website from outside the EU or for any other reason) accesses a server from outside the EU. In such a case, data will be sent from your browser directly to the respective country (North and South America, Asia, Australia). In this case, you consent to the transfer of your data to the USA and/or the country in which the respective server is located.
19. GOOGLE ADWORD CONVERSION AND GOOGLE REMARKETING
19.1 Description of processing
Our website uses the advertising service "Google Adword Conversion", which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). With the help of Google Adwords Conversions, we can place advertisements on external websites to draw your attention to our offers. The service also enables us to determine the reach and success of individual advertising measures. Our advertisements are delivered by Google via so-called "ad servers". For this purpose, Google uses so-called "Ad Server" cookies, which measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your device (see section 9). According to Google, these cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. The cookies enable Google to recognize your Internet browser. If you visit the website of an Adwords customer and the cookie stored on your end device has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to our website. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not process any personal data with our Google Adwords advertising measures. Google only provides us with statistical evaluations. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. When you visit our website, a connection is therefore established to the Google servers. We have no influence on the scope and further use of the data collected by Google through the use of Google Adwords Conversion and therefore inform you according to our state of knowledge: Through the integration of Google Adwords Conversion, Google receives the information which subpage of our website you have accessed or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for Google to find out and store your IP address.
Our website also uses the "Google Remarketing" advertising service, which is also operated by Google. With Google Remarketing, we can address you again with advertisements for our offers on other websites that have joined the Google advertising network after you have visited our website. Google also uses cookies for this purpose, which are stored in your browser and through which your usage behavior is recorded and evaluated by Google when you visit various websites. This enables Google to determine your previous visit to our website and to show you advertisements for our offers on other websites. According to its own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.
19.2 Purpose
The processing takes place in order to carry out targeted online advertising for our own offers and to be able to evaluate their effectiveness and reach.
19.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 17.2.
19.4 Storage period and right to object
We have explained the storage period and your control and setting options for cookies in Section 9. You can object to data processing by Google Adwords Conversion and Google Remarketing at any time via the following website: http://www.google.com/ads/preferences.
19.5 Recipients and transmission to third countries
The integration of Google Adwords Conversion and Google Remarketing may result in personal data being transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
20. DOUBLECLICK BY GOOGLE
20.1 Description of processing
Doubleclick by Google is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to present you with advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads have been displayed in your browser and which ads have been accessed. The cookies do not contain any personal information.
20.2 Purpose
The use of DoubleClick cookies only enables Google and its partner websites to display ads based on previous visits to our or other websites on the Internet.
20.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 19.2.
20.4 Storage period and right to object
We have explained the storage period and your control and setting options for cookies in section 10. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our websites to their full extent. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the websites and from processing this data by Google by downloading and installing the browser plug-in available under the following link under the DoubleClick deactivation extension: https://adssettings.google.com/authenticated?hl=de . Alternatively, you can deactivate the DoubleClick cookies on the Digital Advertising Alliance website at the following link: http://optout.aboutads.info/?c=2#!/.
20.5 Recipients and transmission to third countries
The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. Google observes the data protection provisions of the "Privacy Shield" agreement and is registered with the "Privacy Shield" program of the US Department of Commerce. A transfer of data by Google to third parties only takes place on the basis of legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google. Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework. Google's privacy policy can be viewed at http://www.google.de/intl/de/policies/privacy
SECURITY MEASURES
21. security measures
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo that is displayed on the far left in the address bar of the browser.
YOUR RIGHTS
22
DATA SUBJECT RIGHTS With regard to the data processing described above by our company, you are entitled to the following data subject rights:
22.1 Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have a right of access to this personal data and to the further information listed in Art. 15 GDPR under the conditions set out in Art. 15 GDPR.
22.2 Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.
22.3 Erasure (Art. 17 GDPR)
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.
22.4 Restriction of data processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute
the accuracy of your personal data, data processing will be restricted for the period of time that enables us to verify the accuracy of your data.
22.5 Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request the handover of the data concerning you in a structured, commonly used and machine-readable format.
22.6 Withdrawal of consent (Art. 7 para. 3 GDPR)
You have the right to withdraw your consent at any time if the processing is based on consent. The revocation applies from the time of its assertion. In other words, it is effective for the future. Withdrawal of consent therefore does not retroactively render the processing unlawful.
22.7 Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement.
22.8 Prohibition of automated decision-making/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
22.9 Objection (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6 para. 1 lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies if there are grounds relating to your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case - regardless of a particular situation - you have the right to object to the processing of your personal data for direct marketing purposes at any time.