Dear Steinbrecher-GmbH.de website user,
We know that messages about data processing are generally not particularly interesting to read. However, it is in your own interest to carefully read through the following information – as this explains which personal data we process.
Information about data processing
As at: 06/12/2018
Protecting your data is important to us. After all, you should be able to browse our website – www.steinbrecher-gmbh.de (operated by: corporate group: Steinbrecher Dienstleistungs GmbH, holder: Martin Steinbrecher, Kurt-Schwitters-Platz 6, 26409 Wittmund, Germany [hereinafter referred to as “Steinbrecher Dienstleistungs GmbH”]) – with confidence. That is why we will inform you in the following section about which data we process and which external services we have embedded on our website.
The party responsible for data processing on this website within the meaning of Article 4(7) is:
Steinbrecher Dienstleistungs-GmbH corporate group
Holder: Martin Steinbrecher
Company data protection officer:
26409 Wittmund, Germany
Tel.: +49 (0)4462/955-01
2. Subject of data protection
The subject of data protection is personal data. In accordance with Article 4(1) of the GDPR, “personal data” refers to any information relating to an identified or identifiable natural person (data subject). This includes information such as names, postal address, email address or telephone number, but can also include usage data such as an IP address.
3. Scope and purpose of data collection and data storage
In the following section, we will clarify the scope of data collection, data storage and data usage (in the following section, we will use the term “data processing” in accordance with the definition provided in Article 4(2) of the GDPR) and we will explain the purpose of data processing in the context of the website.
4. Personal data
In principle, this website can be used without sharing any personal data. The IP address is an exception. We need this for a short period (please read section 4.3 for an explanation).
If you would like to contact us using the contact form or via email, you may need to provide personal data so that we can respond to you.
4.1. Contact via email; email hosting
When you contact us via email, you have to provide us with at least the following personal data:
- Email address
- First name and last name
- A telephone number if you would like us to call you back.
We use this data exclusively for the purpose of processing your request, and then to get back to you in response to this request.
Our email server is provided by our hosting provider. The email server receives and stores the emails that you send to us, and then forwards the emails to our own email server. We commission an Internet security service provider to filter out spam emails. We work together with service providers on the basis of data processing agreements.
The legal basis for processing of this data is regularly Article 6(1b) of the GDPR, as we would not be able to get back to you in relation to your request if we did not receive any personal data from you.
4.2. Contact via the contact form
If you would like to get in touch with us via the contact form, then enter the following personal data into the contact form:
- Email address
- First name and last name
- Your request
This data is also only used for the purpose of processing your request, and then to get back to you in response to this request. The legal basis for processing of this data is also Article 6(1b) of the GDPR, as we would not be able to get back to you in relation to your request if we did not receive any personal data from you.
4.3. About IP addresses
The website of Steinbrecher Dienstleistungs GmbH collects a series of general data and information each time the site is accessed by an individual or automated system. This general data and information are saved in log files on the server. The site collects information about
- The browser type and version
- The operating system of the system used to access the website
- The website that directed the system to our website (known as the “referrer”)
- The sub-sites that are activated by a system accessing our website
- The date and time that the website is accessed
- An Internet Protocol address (IP address)
- The Internet service provider of the system accessing the website
- Other similar details and information for used for security purposes to defend against threats in the event of attacks on our information technology systems.
When using this general data and information, Steinbrecher Dienstleistungs GmbH does not allow identification of the data subject. Instead, this information is required to:
- Deliver the contents of the website correctly
- Optimise the contents of our website and the application for the data subject
- Ensure that our information technology systems and the technology of our website continue to function correctly
- Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
This anonymously collected data and information is statistically analysed by Steinbrecher Dienstleistungs GmbH, and then evaluated with the aim of increasing the level of data protection and data security on our web server, in order to eventually provide an optimum level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from all of the personal data provided by the data subject.
If you are wondering why we are explaining all of this: According to predominant legal opinion, the IP address is now considered to be personal data. And when an IP address is considered to be personal data, then we are required to explain that we need to process this data briefly to enable you to use the website.
We commission a hosting provider to host this website, to host the web server and also to process the IP addresses (as described above). We work together with this hosting provider on the basis of an order processing contract.
The legal basis for processing of this data is regularly Article 6(1b) of the GDPR, as we need your IP address in order to give you access to the website and the content it contains.
4.4. Collection of other data
We have implemented various external services on our website. The following section will provide more information on this subject.
You can see the exact cookies that we use in your browser by clicking settings or advanced settings and then on content settings and/or cookies (each browser has a slightly different menu path).
You can prevent the installation of cookies by applying the appropriate setting in your browser software (under “Settings” for most browsers). However, please note that if you do this, you may not be able to use the full functionality of our website.
You can also delete cookies that have already been stored on your computer (also under “Settings” in your browser).
5. Use of data for a specific purpose, disclosure of data
The follow the principle of using data for a specific purpose. We collect, store and process the previously mentioned data exclusively for the previously mentioned purposes. Therefore, we only process the data so that we can offer you the full scope of products and services listed in section 4. Your personal data will not be disclosed to third parties outside of the context explained here without your express consent. In addition to the parties responsible for the website, the data processors mentioned above are also recipients of your data. These recipients are bound to the terms of a data processing agreement. The transmission of data to authorised state institutions and authorities shall only be carried out to the extent required by law, or when we are ordered to provide information as a result of a judicial decision.
6. Duration of processing
The data that you send us via the contact form or via email is stored to process your request and then deleted afterwards. However, if there is a compulsory retention period, the data is retained for up to 6 or 10 years and then deleted in accordance with Section 257 of the German Civil Code. Your IP address is only temporarily stored in the web server log files to establish a connection and to prevent cyber attacks, and is then deleted within 7 days.
7. Rights of the data subject (including the right to information and access to personal data, the right to revoke consent, the right to object and the right to erasure)
You have the right to be provided with information about the personal data we process about you.
You can object to the processing of your data at any point, provided that the requirements set out in Article 21 of the GDPR have been met, and that any consent to the processing of this data that was provided previously has been revoked. When a data subject revokes their consent to the processing of their data or objects to the use of their data, this does not affect the legality of data processing prior to the revocation or objection.
You can also correct and limit the data processed by us at any time or request it to be deleted. We would like to explicitly point out that there may be legal obligations, such as retention obligations, which require us to continue to store your data. In this case, the data can only be restricted. This means that the data is only processed for the purpose of complying with the legal obligations and not used for anything else.
Furthermore, you also have the right to data portability in accordance with Article 20 of the GDPR, as well as the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.
Application process (Article 6(1b) GDPR)
There are supplementary data protection notes for the application process. These are communicated separately within the context of the application.
8. Use of Google Analytics
- This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”. Cookies are small text files which are saved onto your computer and enable your use of the website to be analysed. The information generated by the cookie regarding your use of the website is generally transferred to a Google Server in the USA and stored there. With regards to IP anonymisation on this website, in EU member states or other states that are party to the Agreement on the European Economic Area, your IP address is shortened by Google before this information is transferred to the server. Only in exceptional cases is the full IP address transferred to a Google server in the USA and then shortened there. On behalf of the operator of this website, Google uses this information to analyse your use of the website, to compile reports about website activities and to carry out other services related to the use of website and Internet use for the website operator.
- The IP address sent by your browser in the context of Google Analytics is not combined with other data by Google.
- You prevent cookies from being stored on your computer by applying the appropriate setting in your browser software. However, please note that if you do this, you may not be able to use the full functionality of our website.
- You can also prevent the collection of data generated by the cookie and data related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in linked below: http://tools.google.com/dlpage/gaoptout?hl=de.
- This website uses Google Analytics with the “_anonymizeIp()”extension. This extension shortens IP addresses, ruling out the possibility of this data being used to identify an individual.
- We use Google Analytics to analyse the use of our website and make regular improvements to it. The statistics we gain from this enable us to design our range of products and services in a way that is more attractive to you as a user. For exceptional cases in which personal data is transferred to the USA, Google complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6(1), subparagraph 1, point f of the GDPR.
- This site uses Google Analytics – reports to store interests and demographic characteristics, such as age and gender, and saves these in a cookie. The data collected can not be linked back to certain people and can be deactivated directly on Google via the Ad Settings (https://www.google.de/settings/ads).
9. Use of Facebook
9.1. Facebook plugin
Our website uses the “visitor actions” pixel from Facebook Inc. This makes it possible to track the behaviour of users that have been directed to a provider’s website after clicking on a Facebook advertisement. This process enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and can help to optimise future advertising measures. The data collected by this tool is anonymous, so it gives us no information about the identity of the user. However, the data is stored and processed by Facebook, which means that the data could be linked to the relevant user profile and Facebook could use this data for their own advertising purposes in accordance with the Facebook Data Policy: https://www.facebook.com/about/privacy/
This data can influence the ads you see on and outside of Facebook. Furthermore, a cookie can be stored on your computer for this purpose.
9.2. Facebook Remarketing
Our website uses the “Custom Audiences” remarketing function provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”). This site enables tailored advertisements to be displayed to visitors of the website on the Facebook social media network. For this purpose, a remarketing tag from Facebook is added to the website. This tag establishes a direct connection to the Facebook servers when the website is visited. As a result of this, the Facebook server receives information about which of our sites you have visited. Facebook assigns this information to your personal Facebook user account. When you visit Facebook, you are then shown personalised Facebook ads. The data is processed in accordance with Article 6 (1), point f, of the GDPR based on the legitimate interests for the purpose mentioned above.
You have the right to object to the processing of such data subject to Article 6 (1) point f of the GDPR for reasons that are due to your specific situation. You can also deactivate the “Custom Audiences” remarketing function. You can find more detailed information about the use of data by Facebook, the rights and options you have to protect your private sphere in the Facebook Data Policy, which is you can access at https://www.facebook.com/about/privacy/.
Please feel free to contact us at any time with any questions you may have at firstname.lastname@example.org.