With the following information we would like to give you an overview of how we handle your data which we collect in connection with visits to our website www.hasa-burg.de and your use of the functions and services offered on these sites. We would also like to inform you of your data protection rights. What data is processed in particular and how it is used depends on the respective services claimed.
1. Controller, Art. 4 (7) GDPR
The controller who determines the processing of your data in the meaning of Art. 4 (7) General Data Protection Regulation (GDPR) is
2. What is ‘personal data’?
Personal data is information about a person which provide clues as to their identity, for example your name, address or telephone number. This does not include information that gives no clue as to the identity of a determined person.
3. Scope of data collection, processing and use
You can visit our website and access all of the content without us collecting personal data from you, or you having to enter personal data.
Our websites use so called cookies, in part. They are needed to make our offer more user friendly, effective and safer. Cookies are small text files, that are saved on your computer by your browser. Most of the cookies we use are „session-cookies“. These are automatically deleted after your visit. Cookies do not harm your device and do not contain viruses.
b) Contact via e-mail
If you contact us via e-mail, your e-mail, including the personal data contained within it (such as for example, name and address) is saved on our incoming mail server. The e-mail is then forwarded to the relevant contact within our company.
Under the menu heading ‘Service/Contact’, you can find directions to our locations. You can provide information via the route planner on the location from which you are starting. Your route to us is displayed via the service ‘Google Maps’, a Google Inc. service. In this case we do not obtain any data. You can find out about the scope of Google’s data processing in Google’s data protection policy which you can find at https://policies.google.com/privacy?hl=de.
4. Purpose of the processing and legal bases
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz [German Federal Data Protection Act] (BDSG).
a) For the performance of a contract (Point (b) of Art. 6 (1) GDPR)
Data is processed to provide our contractual services or to carry out pre-contractual measures which occur upon request.
b) In the context of balancing interests (Point (f) of Art. 6 (1) GDPR)
Beyond using it for the actual performance of the contract, it may be necessary to process your data for the purposes of legitimate interests pursued by us or by a third party, for example,
- guaranteeing the IT security of our system
c) Your consent (Point (a) of Art. 6 (1) GDPR)
We require your consent for certain purposes. Processing will only take place if you have explicitly given your consent. You can revoke your consent at any time. The revocation does not affect the legality of processing before receiving the revocation.
5. Recipients of the data
We only forward your personal data to third parties if we have informed you beforehand and have obtained your consent in each individual case.
6. Transmission of data to a third country
We do not transmit data to recipients with a registered office outside of the EU and the EEA.
7. Length of storage
We delete e-mail enquiries as soon as we have answered the query and the reason for the enquiry is settled.
If you send us data which are necessary for the performance of contractual and legal obligations, then we store these only until the obligations are fulfilled.
If the data is no longer required for this, they are regularly deleted. They shall not be deleted if
- legal commercial or tax requirements oppose this,
- data must be kept as evidence of claims arising from a contractual relationship in the context of the regular exemption period (3 years, Section 195 Bundesgesetzbuch [German Civil Code] (BGB)).
8. Security of your data
We take all appropriate technical and organisational measures to guarantee that your data are protected.
9. Your data protection rights
Every ‘data subject’ has the right to information pursuant to Art. 15 GDPR, the right to a correction pursuant to Art. 16 GDPR, the right to cancellation pursuant to Art. 17 GDPR, the right to limit processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. The limitations according to Sections 34 and 35 BDSG (new version) apply to the right to information and the right to cancellation. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG (new version)).
10. Obligation to provide data
You are neither legally nor contractually obliged to provide us with data when you visit our website. However, to use our services it is necessary for you to provide us with those data which are required for these services to be provided. Without this data, it is not possible to use these services.
11. Automated decision-making and profiling
Automated decision-making and/or profiling in the meaning of Art. 22 (1) and (4) GDPR do not take place.
12. Data protection officer
If you have any questions or comments on the subject of data protection, send us an e-mail to firstname.lastname@example.org
13.Amendments to the data protection policy
We reserve the right to adjust the provisions of our data protection policy from time to time. You can request older versions of our data protection policy via the above e-mail address.
V 1.0 Burg, April 2018