DATA PROTECTION STATEMENT
Thank you for visiting our website. We take compliance with data protection regulations very seriously. The aim of this Data Protection Statement is to explain to you, as a website user, the nature, scope and purpose of processing of personal data and the rights you have as a data subject as defined in Article 4, no. 1 of the General Data Protection Regulation (GDPR). The following Data Protection Statement already takes into account the innovations according to the General Data Protection Regulation (GDPR) that has applied since 25 May 2018. The Statement also meets the requirements of section 13 of the German Telemedia Act, which applied hitherto.
This website and service offering is provided by:
H. von Gimborn GmbH
46446 Emmerich am Rhein
Managing Director: Mr Jan Beckschäfer
We have developed the website so that we collect as little data as possible from you. Basically, it is possible to visit our website without providing personal data. Only when you decide to use specific services (e.g. use the contact form), will it be necessary to process personal data. In so doing, we always ensure that we process your personal data only in accordance with the law, or on the basis of your consent. We abide by the rules contained in the General Data Protection Regulation (GDPR), which has been in force since 25 May 2018 and the respective applicable national provisions, such as the German Federal Data Protection Act, the German Telemedia Act, or other, more specific data protection laws.
In accordance with the GDPR, the terms used in this Data Protection Statement have the following meanings.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Processing’ means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person;
‘Controller’ means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Processor’ means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
‘Recipient’ means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with EU or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection regulations according to the purposes of the processing;
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
When you visit our website, we collect some personal data from you for which we require your consent. This occurs, for example, if you send us a message via our contact or media form.
Declaration of consent
By using the forms we provide, you consent to us collecting the personal data you have provided and processing it in the manner set out in this Data Protection Statement. You may withdraw this consent at any time with future effect by stating this to us. We would like to point out, however, that if you withdraw your consent you will no longer be able to use our services. Please use the contact options mentioned above to withdraw your consent, stating your name, e-mail and postal address.
5. Intended use and legal basis for processing personal data
We process personal data required for substantiating, rendering or implementing our services on the basis of Article 6 (1) b GDPR. If we use external service providers within the scope of data processing, processing is carried out on the basis of Article 28 GDPR.
We collect, process and use the personal data exclusively for the following purposes:
|Purpose of data processing||Legal basis for data processing (‘Why is data processing necessary?’)|
|for making contact and associated correspondence||based on your consent|
|for processing your enquiries and for providing any additional advice you may request||based on your consent|
|to ensure that our website is as effective and interesting to you as possible (e.g. by means of anonymised analysis) and that we can optimise our website||on the basis of our legitimate interests|
|for technical achievement of our offerings||on the basis of our legitimate interests|
|participation in campaigns, such as prize draws or photo competitions||based on your consent|
6. Collected and processed personal data
We only collect and process your personal data if you voluntarily provide this with your knowledge, e.g. by completing forms or sending e-mails.
Within the scope of the available forms, the data is as follows:
- * Name
- * E-mail address
- * Message
- * Name
- * E-mail address
- * Message
The personal data you provide and its contents are kept only by us and our affiliated companies. We will store and process your data only for the purposes mentioned in point 5. Your express consent is required for use that exceeds the stated purpose. The same applies also to transfer and transmission of your data to third parties.
7. General log files
The web server temporarily logs the connection details of the requesting computer (IP address), the pages on our website that you visit, the date and duration of your visit, the identifiers for the browser and operating system used and the website from which you link to us, as well as successful download in log files. Web page technical administration and anonymous collection of statistics make it possible to analyse access to H. von Gimborn GmbH's website, with the aim of increasing data protection and data security in our company, ultimately to ensure the optimum level of protection for the personal data we process.
The data from the server log files is stored separately from any personal data provided by you.
Subject to any legal duties of retention, we erase or anonymise your IP address after you have left our website.
Our website collects and stores information by using what are known as browser cookies.
What are cookies?
These are little text files that are stored on your computer and store specific settings and data for exchange with our system via your browser. In general, a cookie contains the name of the domain that sent the cookie data, as well as information about the cookie’s age and an alphanumeric identification code.
Cookies make it possible for our system to identify the user’s device and potentially to make preferences available immediately. A cookie is transmitted to the hard drive of the user’s computer as soon as a user accesses the platform. Cookies help us to improve our website and to offer you a better, more customised service. They let us recognise your computer or (mobile) end device if you return to our website and, as a result:
- save information about your preferred activities on the website and thus tailor our website to your individual interests
- accelerate the speed with which we process your enquiries.
We use third-party services that help us to make the internet offering and website more interesting for you. When you visit the website, cookies from these partner companies (third-party providers) are also stored on your hard drive. These are cookies that are automatically erased after the specified time.
Below is a list of the cookies we place on your computer:
|Cookie name||First-party cookie or third-party cookie? For third-party cookies: Who is the agent?||Description/Position||Standard elapse time|
|_ga||First party .gimdog.info||Statistical purposes - this cookie lets us count visits and determine access sources, to establish and improve the website’s performance. They help to answer the question about which pages are the most popular, which are used least, and how visitors use the website. All the information collated by these cookies is aggregated and is therefore anonymous.||727 days|
|_gat||First party .gimdog.info||Used by Google Analytics to restrict the request rate||Session|
|_gid||.gimdog.info||Statistical purposes - this cookie lets us count visits and determine access sources, to establish and improve the website’s performance. They help to answer the question about which pages are the most popular, which are used least, and how visitors use the website. All the information collated by these cookies is aggregated and is therefore anonymous.||1 day|
|long||First party .gimdog.info||Language detection cookie|
If you do not want us to store browser cookies on your device, you can adjust your browser’s settings so that they are not stored. Please note that in this case you may have only restricted use of our website, or not be able to use it at all. If you only want to accept our cookies, but not those of our service providers and partners, you can choose the ‘Block third-party cookies’ setting in your browser. We do not assume any responsibility for use of third-party cookies.
9. Inclusion of third-party services and content
Our website uses content and services from other providers, such as videos from YouTube or maps from Google Maps. It is essential for the IP address to be transmitted so that this data can be retrieved and displayed in the user’s browser. The providers (hereafter ‘Third-Party Providers’) are therefore aware of the respective user’s IP address.
Even if we strive to only use Third-Party Providers who need the IP address solely to be able to supply content, we are unable to influence whether or not the IP address is stored. In this case, this process is for statistical and other purposes. If we learn that the IP address is stored, we will make this known to you.
|fonts.googleapis.com||Font (Iconic Font and CSS toolkit)|
|fonts.gstatic.com||Font (Iconic Font and CSS toolkit)|
|maps.googleapis.com||API for determining location|
|maxcdn.bootstrapcdn.com||Bootstrap CDN = public content delivery network|
Use of Google Analytics
Our website uses functions from web analysis service Google Analytics. The web analysis service provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics cookies are stored on the basis of Article 6 (1) f GDPR. As this website’s operator, we have a legitimate interest in analysing user behaviour, in order to optimise our web offering and advertising as applicable.
We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google abbreviates your IP address within EU Member States or in other states that are party to the European Economic Area treaty, before transmission of your IP address to the USA. In some cases, however, Google may transmit the full IP address to a server in the USA and abbreviate it there. Google will use this information on our behalf to analyse your use of the website, to generate reports about website activities and to provide us with other services associated with website and internet use. The IP address transmitted by Google Analytics is not combined with other Google data.
You can prevent cookies being placed by your web browser. This may, however, restrict some of our website’s functions. You can also prevent data about your website use, including your IP address, being collected and subsequently processed by Google. This is possible by downloading and installing the browser plugin via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
We have concluded an agreement with Google concerning processing in order to meet statutory data protection regulations in full.
Our website uses Google Analytics’ ‘Demographics’ feature. It generates reports containing information about the age, gender and interests of website visitors. This data is generated by Google’s interest-related advertising and also obtained from visitor data from Third-Party Providers. It is not possible to attribute data to a specific person. You can deactivate this function at any time. You can do this using the advertising settings in your Google account, or by generally prohibiting collection of your data by Google Analytics as explained under ‘Object to data collection’.
Alternatively, you can prevent data collection by Google Analytics by installing what is known as an ‘opt-out cookie’, by clicking here. If you delete cookies from your browser, you will have to click on this link again.
Use of Google Maps
Our website uses the Google Maps map service to integrate and display map content. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address is recorded when you download a page with an integrated map from Google Maps. This information is generally transferred to a Google server in the USA and stored there. Google learns the IP address that you used to log in, even if you do not have a user account. If you have logged in to your user account, Google is able to attribute your browsing behaviour directly to your personal profile. You can prevent this if you log out first. The provider of this page does not influence this transmission of data.
Google Maps is used in the interests of appealing presentation of our online offering and ease of locating us at the sites we list on the website. This represents a legitimate interest within the meaning of Article 6 (1) f GDPR.
Use of YouTube
Our website uses plugins from YouTube, the site operated by Google, to integrate and display video content. The video portal provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you download a page with an integrated YouTube plugin, this establishes a connection to YouTube’s servers. This tells YouTube which of our pages you have downloaded.
If you have logged in to your YouTube account, YouTube is able to attribute your browsing behaviour directly to your personal profile. You can prevent this if you log out first.
YouTube is used in the interests of appealing presentation of our online offering. This represents a legitimate interest within the meaning of Article 6 (1) f GDPR.
Use of Google Ajax Search API
Our website uses Google’s AJAX Search API. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of DoubleClick
Our website uses Google’s online marketing tool, DoubleClick. This service is provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Cookie IDs also help DoubleClick to record what are known as ‘conversions’, with regard to advertising enquiries. This happens, for example, if you see a DoubleClick advert and, at a later date, make a purchase from the advertiser’s website using the same web browser. According to Google, DoubleClick cookies do not store any personal information.
Because of the marketing tools used, your browser automatically creates a direct link to Google’s server. We have no influence over the scope and use of the data Google collects using this tool. To the best of our current knowledge, from DoubleClick Google learns which areas of our website you have accessed, or on which of our adverts you have clicked. If you are logged in to your Google account, Google can attribute your visit to our website to your account. Even if you are not logged in, it cannot be precluded that the provider identifies and stores your IP address.
A modern web browser lets you monitor, restrict and prevent the installation of cookies. You therefore have the possibility of objecting to the tracking process. Deactivating cookies may limit our website’s functionality.
Google, as a company, is certified according to the EU-US Privacy Shield data protection agreement. This data protection agreement is intended to ensure compliance with the level of data protection applying in the EU.
Details of DoubleClick by Google’s Data Protection Regulations can be found at: http://www.google.de/policies/privacy/
10. General information about social network presence
We make recourse to a presence on social media in order to present our company in the best possible light and to communicate with you as a user, customer, or prospective customer and to be able to inform you of the services we offer.
We can be found on the following platforms or social networks:
Data is processed outside the European Union (EU) and the European Economic Area (EEA) when using social networks. It is not possible to guarantee a level of data protection equivalent to that in the EU in all other countries.
In this context, there may be risks for you, as a user, if the data transmitted is processed in so-called third countries with an unsuitable level of data protection.
This makes enforcement of familiar user rights more difficult. It may also mean that your data is not processed in your interests by providers in third countries.
If providers from the USA are certified under the Privacy Shield Agreement - a data protection agreement between the USA and EU - these providers are obliged to comply with the EU's data protection standards.
As a rule, the purposes for which social networks process data differ from ours. It is usually the case that the data you upload to social networks are processed for the purposes of market research, advertising and creation of user profiles for personalised advertising (e.g. Facebook, Google, etc).
Cookies that record user behaviour and facilitate formation of a profile about the user are used to achieve this. In the case of Facebook, it also creates a user profile for people who do not have a registered Facebook account.
You can find a detailed list of the purposes for which user data is processed in the respective providers’ privacy policies. By making the appropriate adjustments to your user account settings, you can, at least to a certain extent, restrict the creation of a profile on you. Please read the respective providers’ privacy policies for the precise procedure.
When you visit our Facebook page, amongst other things Facebook records your IP address and other information available on your PC in the form of cookies. This information is used to provide us, as the Facebook page’s operator, with statistical information about use of the Facebook page. Facebook provides more detailed information about this under the following link: http://de-de.facebook.com/help/pages/insights .
It is not possible for us to infer the identities of individual users using the statistical information transmitted. We only use this information to be able to address our users’ interests and to continuously improve our online presence and safeguard its quality.
We only collect your data via our fan page in order to facilitate potential communication and interaction with us. The data we collect generally includes your name, message content, comments and the profile information you provide publicly.
We process your personal data for the above purposes on the basis of our legitimate interests in effectively informing users and communicating with them in accordance with Article 6 (1) f GDPR. If you, as a user, have given your consent to data processing vis-à-vis the respective social network provider, the legal basis for processing extends to Article 6 (1) a, and Article 7 GDPR.
Our possibilities for accessing your data are limited due to the fact that data processing is actually performed by the social network provider. Only the social network provider is authorised to access all of your data. Because of this, only the provider can take corresponding direct measures to satisfy your rights as a user (request for information, request for erasure, objection, etc). It is therefore most effective if you assert corresponding rights directly against the respective provider.
Please do not hesitate to contact us, however, if you nevertheless require assistance in this matter.
Below are details of data processing by the providers and the opportunity to opt out via the corresponding link to the provider’s website:
11. Data security
Unfortunately, transmission of data via the internet is never 100% secure, which is why we are unable to guarantee security of the data transmitted to our website via the internet.
We use technical and organisational measures, however, to secure our website against loss, destruction, access, modification or dissemination of your data by unauthorised persons.
In particular, we transfer your personal data in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. We continually improve our security measures in accordance with technological developments.
12. Application process
If you apply to Gimborn electronically, your details will be used exclusively to process your application and will not be passed on to third parties. Please note that applications that you e-mail to Gimborn are transmitted unencrypted. There is therefore a risk that unauthorised persons could intercept and use this data.
You can contact us by e-mail or by using our forms. In this case, we save the personal data you send to deal with your enquiry and to contact you to resolve your query. You send this data to us on a purely voluntary basis. Personal data your provide to us in this way is not passed to third parties.
Our contact details can be found at the beginning of this Data Protection Statement and in our Legal Information.
14. Data subject’s rights
If you are a data subject within the meaning of Article 4 No. 1 GDPR, you have the following rights regarding processing of your personal data according to the GDPR. You can find the wording of the rights described below at
Right to confirmation and information
Under the terms of Article 15 GDPR, you have the right to request confirmation of whether personal data concerning you is being processed, to obtain free information about the personal data stored about you and to request a copy thereof at any time from the Controller responsible for processing.
Right to rectification
Under the terms of Article 16 GDPR, you have the right to request immediate rectification of your incorrect personal data. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
Under the terms of Article 17 GDPR, you have the right to request erasure of your personal data without undue delay if a reason stated in Article 17 GDPR is present and if processing is not required.
Right to restriction of processing
Under the terms of Article 18 GDPR, you have the right to request restriction of processing of your personal data if one of the conditions mentioned in Article 18 GDPR is present.
Right to data portability
Under the terms of Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, if the other terms of Article 20 GDPR are present.
Right to withdraw consent
You have the right to withdraw at any time, with future effect, your consent to process the personal data that you have given us. Please use the contact details given above to withdraw your consent.
Right to object
Under the terms of Article 21 GDPR, you have the right to object at any time to the processing of your personal data. We are no longer allowed to process your data if the requirements for effective objection are met.
Right to complain to a supervisory authority
Notwithstanding any other administrative or judicial appeal process, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work, or the place of the presumed violation, if you are of the opinion that processing of your personal data violates the GDPR regulations.
15. Forwarding of your personal data
Your personal data is forwarded as described below.
The website is hosted by an external service provider in Germany. We will ensure that data processing takes place in Germany only. This is required in order to operate the website and to substantiate, execute and implement the existing licence agreement and is also possible without your consent.
Your data may also be forwarded if, due to statutory provisions and/or official or court orders, we are authorised or obliged to forward data. In particular, this may be a question of provision of information for the purposes of prosecution, to avert risks, or to enforce intellectual property rights.
If your data is forwarded to service providers to the extent necessary, they have access to your personal data only insofar as is necessary for fulfilment of their duties. These service providers are obliged to handle your personal details in accordance with the applicable data protection laws, in particular the GDPR.
Over and above these circumstances, in principle we do not transmit your data to third parties without your consent. In particular, we do not pass personal data on to an agency in a third country or to an international organisation.
16. Duration of personal data storage
With regard to storage duration, we erase personal data as soon as we no longer need to store it to fulfil the original purpose and all statutory periods of retention have elapsed. The statutory periods of retention ultimately are the criterion for the final duration of personal data storage. The corresponding data is routinely erased after the period has expired. Data processing is restricted by blocking the data if statutory retention periods have to be observed.
17. References and links
If you visit websites that are referred to on our website, you may be asked to provide information such as your name, address, e-mail address, browser properties, etc again. This Data Protection Statement does not govern the collection, forwarding or handling of personal data by third parties.
Third-party service providers may have their own provisions on collecting, processing and using personal data that differ from ours. We therefore advise that before inputting personal data, you visit the third-party’s website to learn how they handle personal data.
18. Amendment to Data Protection Statement
We are continually developing our website in order to provide you with a continuously improved service. We will always keep this Data Protection Statement up to date and adapt it accordingly, if and insofar as this should become necessary.
Of course, we will inform you promptly of potential amendments to this Data Protection Statement. We will do so by e-mailing the e-mail address you have provided, for example. Insofar as your additional consent to our handling of your data should be required, we will of course obtain this from you before corresponding amendments take effect.
This Data Protection Statement has been prepared according to the GDPR and EU Data Protection Directive.
19. Data Protection Officer
If you have questions concerning data protection, please contact our Data Protection Officer.
Herold Unternehmensberatung GmbH
Mr. Philipp Herold
23568 Lübeck, Germany
Status: May 2018
‘This Data Protection Statement has been prepared according to the European General Data Protection Regulation and the data protection regulations applying in the European Union and the European Economic Area.’