Family Gerber
Gerber GesmbH & CoKG
6183 Kühtai
Tirol, Austria
Tel: +43 (0)5239 – 5207
Fax: +43 (0)5239 – 5207 5
E-Mail: info@gerberhotels.com
Agentur fundus GmbH
Wallpachgasse 5
6060 Hall in Tirol
office@agentur-fundus.at
www.agentur-fundus.at
mindstream
Inhaber: Christian Klar
Maria-Theresien-Straße 21, A-6020 Innsbruck
Tel.: +43 664 3826 989, Fax: +43 664 77 3826 989
office@mindstream.at
www.mindstream.at
For reasons of better readability, the simultaneous use of masculine, feminine, and diverse language forms (m/f/d) is omitted. This is intended as a neutral formulation that addresses all people equally, without any discrimination.
Content of the Online Offer
The author assumes no liability for the topicality, correctness, completeness, or quality of the information provided. Liability claims against the author relating to material or immaterial damages caused by the use or non-use of the provided information or by the use of faulty and incomplete information are fundamentally excluded, unless there is demonstrably intentional or grossly negligent misconduct on the part of the author. All offers are non-binding and subject to change. The author expressly reserves the right to change, supplement, delete parts of the pages or the entire offer without separate announcement or to cease publication temporarily or permanently.
References and Links
In the case of direct or indirect references to external Internet sites (links) that lie outside the author's area of responsibility, a liability obligation would only come into effect if the author is aware of the contents and it would be technically possible and reasonable for him to prevent the use in case of illegal contents. The author hereby expressly states that at the time of linking, no illegal contents were recognizable on the linked pages. The author has no influence on the current and future design, content, or authorship of the linked/connected pages. Therefore, he distances himself expressly from all contents of all linked/connected pages that were changed after the link was set. This declaration applies to all links and references set within the author's own Internet offer as well as to foreign entries in guest books, discussion forums, and mailing lists established by the author. For illegal, faulty, or incomplete contents, and especially for damages arising from the use or non-use of such presented information, only the provider of the page to which reference was made is liable, not the one who merely refers to the respective publication via links.
Copyright and Trademark Law
The author strives to respect the copyrights of the graphics, sound documents, video sequences, and texts used in all publications, to use graphics, sound documents, video sequences, and texts created by himself, or to revert to license-free graphics, sound documents, video sequences, and texts. All brands and trademarks mentioned within the Internet offer and possibly protected by third parties are subject without restriction to the provisions of the respective applicable trademark law and the ownership rights of the respective registered owners. It cannot be concluded solely from the mere mention that trademarks are not protected by the rights of third parties! The copyright for published objects created by the author himself remains solely with the author of the pages. The duplication or use of such graphics, sound documents, video sequences, and texts in other electronic or printed publications is not permitted without the express consent of the author.
Information on Online Dispute Resolution according to Art. 14 Para. 1 ODR-VO:
The EU Commission provides the opportunity for online dispute resolution on an external platform (the so-called “OS platform”). The OS platform can serve as a contact point for the out-of-court resolution of disputes arising from online purchase contracts or service contracts. This platform can be accessed via the external link [http://ec.europa.eu/consumers/odr](http://ec.europa.eu/consumers/odr).
GOOGLE MAPS
This website uses Google Maps for displaying map information. When using Google Maps, data about the usage of the Maps features by visitors to the websites is collected, processed, and used by Google. More information about data processing by Google can be found in Google’s privacy policy at [https://www.google.at/intl/de/policies/privacy/](https://www.google.at/intl/de/policies/privacy/). There, you can also change your settings in the Privacy Center to manage and protect your data.
We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of Gerber GesmbH & CoKG. The use of the websites of Gerber GesmbH & CoKG is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company through our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the applicable national data protection regulations for Gerber GesmbH & CoKG. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed about their rights through this privacy policy.
Gerber GesmbH & CoKG, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed through this website. However, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, any data subject is free to transmit personal data to us via alternative means, such as by phone.
The privacy policy of Gerber GesmbH & CoKG is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be both readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy policy, we use the following terms, among others:
a) Personal Data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific features that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, deletion, or destruction.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Profiling
Profiling is any form of automated processing of personal data that involves using that personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects regarding the performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or Data Controller
The controller or data controller is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their designation may be provided for by Union law or the law of the Member States.
h) Processor
A processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, whether or not it is a third party. However, authorities that may receive personal data in the course of a particular inquiry under Union law or the law of the Member States do not qualify as recipients.
j) Third Party
A third party is a natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.
The controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member States of the European Union, and other provisions of a data protection nature is:
Gerber GesmbH & CoKG
Kühtai 40
6183 Kühtai
Austria
Tel.: +43 5239 5207
E-Mail: info@gerberhotels.com
Website: www.gerberhotels.com
The websites of Gerber GesmbH & CoKG use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows websites and servers to be assigned to the specific internet browser in which the cookie is stored. This enables the visited websites and servers to distinguish the individual browser of the affected person from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified through its unique cookie ID.
By using cookies, Gerber GesmbH & CoKG can provide users of this website with more user-friendly services that would not be possible without setting cookies.
With the help of a cookie, the information and offers on our website can be optimized according to the user's needs. Cookies allow us, as mentioned before, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not need to enter their access data again each time they visit the website, as this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.
The affected person can prevent the setting of cookies by our website at any time by adjusting the settings of the internet browser used, thereby permanently objecting to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the affected person disables the setting of cookies in the internet browser used, it is possible that not all functions of our website can be fully utilized.
The website of Gerber GesmbH & CoKG collects a number of general data and information with each access of the website by an affected person or an automated system. This general data and information are stored in the server log files. The following data may be collected: (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system arrives at our website (so-called referrer), (4) the subpages that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to prevent danger in the event of attacks on our information technology systems.
In using this general data and information, Gerber GesmbH & CoKG does not draw any conclusions about the affected person. Rather, this information is needed to (1) deliver the contents of our website correctly, (2) optimize the contents of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack. These anonymized data and information are therefore evaluated statistically by Gerber GesmbH & CoKG and further with the aim of increasing data protection and data security in our company, in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by an affected person.
The affected person has the option to register on the website of the responsible party by providing personal data. The personal data transmitted to the responsible party during registration is derived from the respective input mask used for registration. The personal data entered by the affected person is collected and stored exclusively for internal use by the responsible party and for its own purposes. The responsible party may instruct the transfer of this data to one or more processors, such as a parcel delivery service, which will also use the personal data exclusively for internal purposes attributable to the responsible party.
By registering on the website of the responsible party, the IP address assigned by the internet service provider (ISP) of the affected person, the date, and the time of registration are also stored. The storage of this data occurs against the background that only in this way can misuse of our services be prevented, and this data may enable the investigation of criminal acts if necessary. In this regard, the storage of this data is necessary to secure the responsible party. A transfer of this data to third parties generally does not occur unless there is a legal obligation to disclose or the transfer serves law enforcement.
The registration of the affected person by voluntarily providing personal data allows the responsible party to offer the affected person content or services that can only be offered to registered users due to the nature of the matter. Registered individuals have the freedom to modify the personal data provided during registration at any time or to have it completely deleted from the records of the responsible party.
The responsible party provides any affected person with information upon request at any time regarding which personal data concerning the affected person is stored. Furthermore, the responsible party will correct or delete personal data at the request or notification of the affected person, provided that there are no legal retention obligations to the contrary. All employees of the responsible party are available to the affected person as points of contact in this regard.
The website of Gerber GesmbH & CoKG offers users the opportunity to subscribe to the company’s newsletter. The personal data transmitted to the responsible party when ordering the newsletter is derived from the input mask used for this purpose.
Gerber GesmbH & CoKG informs its customers and business partners at regular intervals through a newsletter about offers from the company. The newsletter from our company can generally only be received by the affected person if (1) the affected person has a valid email address and (2) the affected person registers for the newsletter. A confirmation email will be sent to the email address initially registered by an affected person for the newsletter for legal reasons using the double opt-in procedure. This confirmation email serves to verify whether the holder of the email address has authorized the receipt of the newsletter as an affected person.
When registering for the newsletter, we also store the IP address assigned by the internet service provider (ISP) of the computer system used by the affected person at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace any possible misuse of the email address of an affected person at a later date and thus serves the legal protection of the responsible party.
The personal data collected as part of the newsletter registration will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter service or for a related registration, as may be the case with changes to the newsletter offerings or changes in technical conditions. There will be no transfer of the personal data collected as part of the newsletter service to third parties. The subscription to our newsletter can be canceled by the affected person at any time. The consent to the storage of personal data that the affected person has granted us for the newsletter can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in every newsletter. Furthermore, there is also the possibility to unsubscribe from the newsletter directly on the website of the responsible party or to inform the responsible party in another way.
The newsletters of Gerber GesmbH & CoKG contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails that are sent in HTML format, allowing for log file recording and analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, Gerber GesmbH & CoKG can determine whether and when an email was opened by an affected person and which links within the email were accessed by the affected person.
Such personal data collected through the tracking pixels included in the newsletters is stored and analyzed by the responsible party to optimize the newsletter dispatch and better tailor the content of future newsletters to the interests of the affected person. This personal data will not be shared with third parties. Affected persons have the right to revoke their separate consent given through the double opt-in procedure at any time regarding this matter. After a revocation, this personal data will be deleted by the responsible party. Unsubscribing from the newsletter is automatically interpreted by Gerber GesmbH & CoKG as a revocation.
The website of Gerber GesmbH & CoKG contains information required by law that enables a quick electronic contact with our company as well as direct communication with us, which also includes a general address of so-called electronic mail (email address). If an affected person contacts the responsible party via email or through a contact form, the personal data transmitted by the affected person is automatically stored. Such personal data provided voluntarily by an affected person to the responsible party is stored for the purposes of processing or contacting the affected person. There will be no transfer of this personal data to third parties.
The responsible party processes and stores personal data of the affected person only for the period necessary to achieve the storage purpose or as provided by the European directive and regulation issuer or another legislator in laws or regulations to which the responsible party is subject.
If the storage purpose ceases to exist or if a storage period prescribed by the European directive and regulation issuer or another competent legislator expires, the personal data will routinely be blocked or deleted in accordance with legal requirements.
a) Right to Confirmation
Every data subject has the right granted by the European directive and regulation issuer to request confirmation from the responsible party regarding whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the responsible party at any time.
b) Right to Access
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to receive, at any time, free of charge, information from the responsible party about the personal data stored concerning them and a copy of this information. Furthermore, the European directive and regulation issuer has granted the data subject the right to be informed about the following information:
- The purposes of the processing
- The categories of personal data being processed
- The recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, particularly in the case of recipients in third countries or international organizations
- If possible, the planned duration for which the personal data will be stored or, if not possible, the criteria for determining that duration
- The existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the responsible party, or a right to object to this processing
- The existence of a right to lodge a complaint with a supervisory authority
- If the personal data has not been collected from the data subject: all available information about the source of the data
- The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR, and—at least in these cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject has the right to be informed about the appropriate safeguards related to the transfer.
If a data subject wishes to exercise this right to access, they may contact an employee of the responsible party at any time.
c) Right to Rectification
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data—also by means of a supplementary statement—taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectification, they may contact an employee of the responsible party at any time.
d) Right to Erasure (Right to be Forgotten)
Every person affected by the processing of personal data has the right granted by the European directive and regulation issuer to request from the responsible party the immediate erasure of personal data concerning them, provided one of the following reasons applies and the processing is not necessary:
- The personal data has been collected for such purposes or processed in any other way that is no longer necessary.
- The data subject withdraws their consent on which the processing is based according to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects pursuant to Article 21(2) of the GDPR.
- The personal data has been unlawfully processed.
- The erasure of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the responsible party is subject.
- The personal data was collected in relation to services offered by the information society according to Article 8(1) of the GDPR.
So long as one of the above-mentioned reasons applies and a data subject wishes to request the deletion of personal data stored by Gerber GesmbH & CoKG, they may contact an employee of the responsible party at any time regarding this matter. The employee of Gerber GesmbH & CoKG will ensure that the request for deletion is processed without delay.
If the personal data has been made public by Gerber GesmbH & CoKG and our company is obligated to delete the personal data as the responsible party in accordance with Article 17(1) of the GDPR, Gerber GesmbH & CoKG will take reasonable measures, taking into account the available technology and the implementation costs, including technical measures, to inform other data controllers processing the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data from these other data controllers, as far as the processing is not necessary. The employee of Gerber GesmbH & CoKG will take the necessary actions on a case-by-case basis.
e) Right to Restriction of Processing
Every data subject affected by the processing of personal data has the right granted by the European directive and regulation issuer to request the restriction of processing from the responsible party if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject, for a period enabling the responsible party to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the deletion of the personal data and requests instead the restriction of the use of the personal data.
- The responsible party no longer needs the personal data for the purposes of processing, but the data subject needs it for the establishment, exercise, or defense of legal claims.
- The data subject has lodged an objection to the processing pursuant to Article 21(1) of the GDPR, and it is not yet clear whether the legitimate grounds of the responsible party override those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Gerber GesmbH & CoKG, they may contact an employee of the responsible party at any time regarding this matter. The employee of Gerber GesmbH & CoKG will ensure the restriction of processing.
f) Right to Data Portability
Every data subject affected by the processing of personal data has the right granted by the European directive and regulation issuer to receive the personal data concerning them, which has been provided by the data subject to a responsible party, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another responsible party without hindrance from the responsible party to whom the personal data has been provided, provided that the processing is based on consent according to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract according to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.
Furthermore, when exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transmitted directly from one responsible party to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
To assert the right to data portability, the data subject may contact an employee of Gerber GesmbH & CoKG at any time.
g) Right to Object
Every data subject affected by the processing of personal data has the right granted by the European directive and regulation issuer to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which is carried out based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
In the event of an objection, Gerber GesmbH & CoKG will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If Gerber GesmbH & CoKG processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning them for the purposes of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, Gerber GesmbH & CoKG will no longer process the personal data for these purposes.
In addition, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may contact any employee of Gerber GesmbH & CoKG directly or any other employee. The data subject is also free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, through automated means using technical specifications.
h) Automated Decisions in Individual Cases, Including Profiling
Every data subject affected by the processing of personal data has the right granted by the European directive and regulation issuer not to be subject to a decision based solely on automated processing — including profiling — that produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the responsible party, or (2) is permissible under Union or Member State law to which the responsible party is subject and which provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is based on the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the responsible party, or (2) is made with the explicit consent of the data subject, Gerber GesmbH & CoKG will take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a person by the responsible party, to express their point of view, and to contest the decision.
If the data subject wishes to exercise rights regarding automated decisions, they may contact an employee of the responsible party at any time.
i) Right to Withdraw a Data Protection Consent
Every data subject affected by the processing of personal data has the right granted by the European directive and regulation issuer to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the responsible party at any time.
The responsible party collects and processes the personal data of applicants for the purpose of conducting the application process. The processing may also be carried out electronically. This is particularly the case when an applicant submits corresponding application documents electronically, for example via email or through a web form on the website of the responsible party. If the responsible party concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after the notification of the rejection decision, provided that there are no other legitimate interests of the responsible party opposing deletion. Other legitimate interests in this sense include, for example, the obligation to provide evidence in a procedure according to the General Equal Treatment Act (AGG).
The responsible party has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an online community that typically allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the internet community to provide personal or company-related information. Facebook allows users of the social network, among other things, to create private profiles, upload photos, and connect through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For the processing of personal data, the responsible party is, if a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
By accessing any of the individual pages of this website operated by the responsible party on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be accessed at [https://developers.facebook.com/docs/plugins/?locale=de_DE](https://developers.facebook.com/docs/plugins/?locale=de_DE). As part of this technical procedure, Facebook becomes aware of which specific sub-page of our website is being visited by the data subject.
If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit of our website by the data subject and during the entire duration of their stay on our website which specific sub-page of our website the data subject is visiting. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example, the “Like” button, or leaves a comment, Facebook associates this information with the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information via the Facebook component whenever the data subject visits our website, provided that the data subject is logged into Facebook at the time of accessing our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish for this information to be transmitted to Facebook, they can prevent this transmission by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, which can be accessed at [https://de-de.facebook.com/about/privacy/](https://de-de.facebook.com/about/privacy/), provides information on the collection, processing, and use of personal data by Facebook. Furthermore, it explains the options that Facebook offers for protecting the privacy of the data subject. Additionally, there are various applications available that allow users to suppress data transmission to Facebook. Such applications can be used by the data subject to prevent data transmission to Facebook.
The responsible party has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data about the behavior of visitors to websites. A web analytics service collects, among other things, data on which website a data subject has come to our website from (so-called referrer), which sub-pages of the website have been accessed, and how often and for how long a sub-page has been viewed. Web analytics is primarily used to optimize a website and to conduct cost-benefit analyses of online advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The responsible party uses the “_gat._anonymizeIp” add-on for web analysis via Google Analytics. By means of this add-on, the IP address of the internet connection of the data subject is shortened and anonymized by Google when accessing our websites from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, compile online reports that show the activities on our websites, and provide further services related to the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. With each visit to one of the individual pages of this website, operated by the responsible party and integrated with a Google Analytics component, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data for the purpose of online analysis to Google. As part of this technical process, Google becomes aware of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks, and subsequently to enable commission billing.
Through the cookie, personal information such as access time, the location from which access originated, and the frequency of visits to our website by the data subject is stored. With each visit to our websites, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on the personal data collected through this technical process to third parties under certain circumstances.
The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting in the web browser used, as described above, and thus permanently object to the setting of cookies. Such a setting in the web browser would also prevent Google from placing a cookie on the information technology system of the data subject. Additionally, any cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to the collection of data related to the use of this website generated by Google Analytics and the processing of this data by Google, and to prevent such processing. To do this, the data subject must download and install a browser add-on via the link [https://tools.google.com/dlpage/gaoptout](https://tools.google.com/dlpage/gaoptout). This browser add-on informs Google Analytics via JavaScript that no data and information about the visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection. If the information technology system of the data subject is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or by another person within their sphere of influence, there is the possibility of reinstalling or reactivating the browser add-on.
Further information and the applicable data protection provisions of Google can be retrieved at [https://www.google.de/intl/de/policies/privacy/](https://www.google.de/intl/de/policies/privacy/) and at [http://www.google.com/analytics/terms/de.html](http://www.google.com/analytics/terms/de.html). Google Analytics is explained in more detail at this link: [https://www.google.com/intl/de_de/analytics/](https://www.google.com/intl/de_de/analytics/).
The responsible party has integrated the Google+ button as a component on this website. Google+ is a so-called social network. A social network is an online platform that allows users to communicate and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the online community to provide personal or business-related information. Google+ allows users of the social network to create personal profiles, upload photos, and connect through friendship requests.
The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each visit to one of the individual pages of this website, operated by the responsible party and on which a Google+ button has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google+ button to download a representation of the corresponding Google+ button from Google. As part of this technical process, Google becomes aware of which specific page of our website the data subject visits. More detailed information about Google+ can be found at [https://developers.google.com/+/](https://developers.google.com/+).
If the data subject is logged into Google+ at the same time, Google recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website which specific page of our website the data subject visits. This information is collected through the Google+ button and assigned by Google to the respective Google+ account of the data subject.
If the data subject clicks on one of the integrated Google+ buttons on our website and thereby gives a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly accessible in accordance with the terms accepted by the data subject in this regard. A Google+1 recommendation given by the data subject on this website will subsequently be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in this account, in other Google services, for example, in the search results of the Google search engine, in the data subject’s Google account, or elsewhere, such as on websites or in connection with advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored by Google. Google also records this personal information for the purpose of improving or optimizing the various Google services.
Google receives information through the Google+ button whenever the data subject has visited our website, provided that the data subject is logged into Google+ at the time of the visit; this occurs regardless of whether the data subject clicks the Google+ button or not.
If the data subject does not wish to transmit personal data to Google, they can prevent such transmission by logging out of their Google+ account before visiting our website.
Further information and the applicable data protection provisions of Google can be retrieved at [https://www.google.de/intl/de/policies/privacy/](https://www.google.de/intl/de/policies/privacy/). Additional information from Google regarding the Google+1 button can be found at [https://developers.google.com/+/web/buttons-policy](https://developers.google.com/+/web/buttons-policy).
The responsible party has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to display ads in Google's search results and in the Google advertising network. Google AdWords enables an advertiser to predefine specific keywords, whereby an ad is displayed in Google's search results only when the user retrieves a keyword-relevant search result. In the Google advertising network, ads are distributed to relevant websites using an automated algorithm, taking into account the previously defined keywords.
The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by displaying interest-relevant advertising on third-party websites and in the search results of the Google search engine, as well as displaying third-party advertising on our website.
If a data subject arrives at our website via a Google advertisement, Google places a so-called conversion cookie on the information technology system of the data subject. What cookies are has already been explained above. A conversion cookie becomes invalid after thirty days and is not used to identify the data subject. Through the conversion cookie, it can be tracked whether specific subpages, for example, the shopping cart of an online shop system, have been accessed on our website, as long as the cookie has not yet expired. The conversion cookie allows both us and Google to track whether a data subject, who arrived at our website through an AdWords advertisement, generated revenue, meaning whether a purchase was completed or abandoned.
The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. We use these visit statistics to determine the total number of users who were referred to us through AdWords advertisements, to evaluate the success or failure of each AdWords advertisement, and to optimize our AdWords advertisements for the future. Neither our company nor other advertisers using Google AdWords receive information from Google that could identify the data subject.
The conversion cookie stores personal information, such as the websites visited by the data subject. Therefore, with each visit to our website, personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected through the technical process to third parties.
The data subject can prevent the placement of cookies by our website, as already mentioned, at any time by adjusting the settings of their internet browser, thereby permanently objecting to the placement of cookies. Such an adjustment to the internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. Furthermore, any cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.
Additionally, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must access the link [www.google.de/settings/ads](www.google.de/settings/ads) from each of the internet browsers they use and make the desired settings there.
Further information and the applicable data protection provisions from Google can be retrieved at [https://www.google.de/intl/de/policies/privacy/](https://www.google.de/intl/de/policies/privacy/).
The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos, as well as to disseminate such data across other social networks.
The operating company of Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
With each access to one of the individual pages of this website, operated by the data controller and on which an Instagram component (Insta button) is integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. As part of this technical procedure, Instagram learns which specific subpage of our website the data subject is visiting.
If the data subject is simultaneously logged into Instagram, Instagram recognizes with each visit to our website by the data subject, and for the entire duration of their stay on our website, which specific subpage the data subject visits. This information is collected by the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information transmitted with it will be assigned to the personal Instagram user account of the data subject and will be stored and processed by Instagram.
Instagram receives information through the Instagram component whenever the data subject visits our website, as long as the data subject is logged into Instagram at the time of accessing our website; this occurs regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want such transmission of information to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.
Further information and the applicable data protection provisions of Instagram can be retrieved at [https://help.instagram.com/155833707900388](https://help.instagram.com/155833707900388) and [https://www.instagram.com/about/legal/privacy/](https://www.instagram.com/about/legal/privacy/).
The data controller has integrated components from YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips for free, and other users to watch, rate, and comment on these videos for free. YouTube permits the publication of all types of videos, which means that complete films and television shows, as well as music videos, trailers, or user-generated videos, can be accessed via the internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each access to one of the individual pages of this website, operated by the data controller and on which a YouTube component (YouTube video) is integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at [https://www.youtube.com/yt/about/de/](https://www.youtube.com/yt/about/de/). As part of this technical procedure, YouTube and Google learn which specific subpage of our website is visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube recognizes which specific subpage of our website the data subject is visiting when accessing a subpage that contains a YouTube video. This information is collected by YouTube and Google and associated with the respective YouTube account of the data subject.
YouTube and Google receive information through the YouTube component whenever the data subject visits our website, provided that the data subject is logged into YouTube at the time of accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish to transmit such information to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.
Die von YouTube veröffentlichten Datenschutzbestimmungen, die unter https://www.google.de/intl/de/policies/privacy/ abrufbar sind, geben Aufschluss über die Erhebung, Verarbeitung und Nutzung personenbezogener Daten durch YouTube und Google.
The data controller has integrated components of mPAY24 on this website. mPAY24 is an online payment service provider that enables purchase by invoice or flexible installment payments. Additionally, Klarna offers further services, such as buyer protection and identity and credit checks.
The operating company of mPAY24 is mPAY24 GmbH, Grüngasse 16, 1050 Vienna, Austria.
If the data subject selects either “purchase on invoice” or “installment purchase” as the payment method during the ordering process in our online shop, data of the data subject will be automatically transmitted to mPAY24. By selecting one of these payment options, the data subject consents to the transmission of personal data necessary for processing the invoice or installment purchase or for identity and credit checks.
The personal data transmitted to mPAY24 typically includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, and other data necessary for processing an invoice or installment purchase. Personal data related to the respective order is also necessary for the execution of the purchase contract. In particular, this may involve mutual exchange of payment information, such as bank account details, card number, expiration date, and CVC code, quantity of items, item number, data regarding goods and services, prices and taxes, information on previous purchasing behavior, or other information regarding the financial situation of the data subject.
The purpose of transmitting the data is primarily identity verification, payment administration, and fraud prevention. The data controller will transmit personal data to mPAY24, especially when there is a legitimate interest in the transmission. The personal data exchanged between mPAY24 and the data controller will be transmitted by mPAY24 to credit agencies. This transmission serves the purpose of identity and credit checks.
mPAY24 also shares personal data with affiliated companies (mPAY24 Group) and service providers or subcontractors, as far as this is necessary to fulfill contractual obligations or to process the data on behalf of others.
To make decisions about the establishment, execution, or termination of a contractual relationship, mPAY24 collects and uses data and information about the past payment behavior of the data subject, as well as probability values for their future behavior (known as scoring). The calculation of scoring is carried out based on scientifically recognized mathematical-statistical procedures.
The data subject has the option to withdraw their consent for the handling of personal data at any time with respect to mPAY24. A withdrawal does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
Article 6(1)(a) GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfillment of a contract of which the data subject is a party, as is the case with processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, such as in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our business were injured and their name, age, health insurance data, or other vital information needed to be disclosed to a doctor, hospital, or other third parties. In this case, the processing would be based on Article 6(1)(d) GDPR. Ultimately, processing operations could be based on Article 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are permitted if the processing is necessary for the protection of a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override this interest. Such processing operations are especially permitted because they were specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is conducting our business activities for the benefit of the welfare of all our employees and our stakeholders.
The criterion for the duration of storage of personal data is the respective statutory retention period. After the retention period has expired, the relevant data is routinely deleted, provided that it is no longer necessary for the fulfillment of the contract or for initiating the contract.
We inform you that the provision of personal data is partially required by law (e.g., tax regulations) or may also result from contractual arrangements (e.g., information about the contracting party). Sometimes, it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Non-provision of personal data would result in the inability to conclude the contract with the data subject. Before the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and what the consequences of not providing personal data would be.
As a responsible company, we refrain from automated decision-making or profiling.
This privacy policy was created using the privacy policy generator from Datenschutz-Generator.de in cooperation with RC GmbH, which recycles used notebooks, and the file-sharing lawyers from WBS-LAW.