Privacy Statement

Data Protection Information

This document contains information about which item of personal data we process, its purpose, the
basis on which we process it and for how long.

Overview / Contents

You will find the following information in our Data Protection Information

A. Our contact data and general matters relating to our data processing
  • Name and contact data of the controller
  • Contact data of the data protection officer
  • The legal basis for the processing of personal data.
  • Data deletion and duration of archiving
  • Our sources of personal data
  • General categories, purposes and legal basis for processing personal data
  • Recipients and categories of recipients of the personal data
  • Data processing related to the distribution of the Newsletter
  • Contacting by email, fax and phone call
B. The scope of the processing of personal data via our web-site
  • Provision of the web-site and creation of log files
  • Data transmission to payment service providers
  • Registration facility / login on the site
  • Contact form and email contact
  • Using of cookies by us and third party provider
  • Use of the maps service Google Maps
  • Twitter feed / Twitter for websites link
  • Use of the analysis tool "Matomo" (previously PIWIK)
  • Use of Google reCAPTCHA
  • Encryption of the web-site
  • Transmission of personal data to a third country (countries outside Germany but in the EU)
C. Your rights as the data subject
  • The right to be informed
  • The right to rectification
  • The right to erasure
  • The right to object to processing because of a legitimate interest
  • The right to revoke consent
  • The right to restrict processing
  • The right to information
  • The right to data portability
  • The right to object to processing because of a legitimate interest
  • The right to revoke consent
  • Automatic decision-making including profiling
  • Voluntary provision of data
  • The right to complain to a supervisory authority

A. Our contact data and general matters relating to our data
processing

Name and contact data of the controller

The controller within the meaning of data protection legislation for the collection and use of personal
data is

aicas GmbH
Emmy-Noether-Straße 9
D-76131 Karlsruhe
Phone: +49(0)721 / 663968-0
Telefax: +49(0)721 / 663968-66

Email: info@aicas.com
Web-site: www.aicas.com

Managing Director: Dr. James J. Hunt

You can find further information about our company in the Legal Notices section of our web-site
https://www.aicas.com/cms/en/imprint.


Contact data of the controller’s Data Protection Officer

You can reach our Data Protection Officer as follows:

Mr. Thomas Heimhalt
DATENSCHUTZ perfect GbR
Wilhelm-Kolb-Straße 1D
D-76187 Karlsruhe
Phone 0721 / 9663883

Email address datenschutz@aicas.com

The legal basis for the processing of personal data.

In general, the following applies when we process personal data:

  • In so far as we obtain your consent for processing procedures of personal data, Article 6, Paragraph 1, Letter a) of the EU General Data Processing Regulation (GDPR) acts as the legal basis for the processing of personal data.
  • In the case of the processing of personal data which is needed for the performance of a contract with you, Article 6, Paragraph 1, Letter b) of the GDPR acts as the legal basis. This also applies already if the processing for the performance of pre-contractual measures is necessary.
  • In so far as the processing of personal data is necessary for the performance of a legal obligation to which we are bound, Article 6, Paragraph 1, Letter c) of the GDPR acts as the legal basis.
  • In the event that the vital interests of yours or another natural person render the processing of personal data necessary, Article 6, Paragraph 1, Letter d) of the GDPR acts as the legal basis.
  • If the processing is necessary for the protection of a legitimate interest of us or of a third party and your interests, fundamental rights and freedoms do not override this interest, Article 6, Paragraph 1, Letter f) of the GDPR acts as the legal basis.
Data deletion and duration of archiving

Generally we delete or block the personal data as soon as the purpose of the archiving no longer applies. Data can also be archived if this was stipulated by the European or national legislative body in EU regulations, laws or other provisions to which we, as the controller, are subject. Data is also blocked or deleted if a retention period required by the above-mentioned regulations etc. expiresunless it is necessary that the data continues to be archived for the conclusion or performance of a contract

In specific terms this means:

If we are processing the personal data on the basis of consent for data processing (Article 6, Paragraph 1, Letter a) of the General Data Protection Regulation (GDPR), the processing is ended when you revoke your consent unless a further legal basis for processing the data exists. This is the case if, at the time of the revocation, we are still entitled to process your data for the purpose of the performance of a contract, or if the data processing is necessary to protect our legitimate interests (on this point see also below).

If, by way of exception, we are processing the data by reason of our legitimate interests (Article 6, Paragraph 1, Letter f) of the GDPR as part of a previous assessment, we will save this data until the legitimate interest no longer exists, the assessment comes to a different conclusion, or you have lodged a valid objection pursuant to Article 21 of the GDPR (on this point see the highlighted “Note on a particular right to object” under C.).

If we are processing the data for the purpose of the performance of a contract we will save the data until the contract has been finally performed and brought to a conclusion and no further claims can asserted under the contract, in other words until the matter becomes time-barred. The general period of prescription according to § 195 of the German Civil Code is three (3) years. However, certain claims, for example claims for compensation, only become time barred after 30 years (cf. § 197 German Civil Code). If there is a legitimate reason for assuming that this is relevant in a particular case, we will save the personal data during this period of time. The above-mentioned periods of prescription commence at the end of the year (therefore on December 31) in which the claim arose and the obligee becomes aware or should have become aware of the circumstances giving rise to the claim and the person of the liable party becomes or should have become aware of the foregoing without gross negligence.

We wish to point out that we are also subject to statutory retention obligations for reasons associated with taxation and book-keeping. These oblige us to archive certain data as evidence for our book-keeping which can include personal data for a period which can range from six (6) to ten (10) years. These retention periods take precedence over the above-mentioned deletion obligations. The retention periods also commence at the end of the year in question, and therefore December 31.

Sources of personal data

The personal data we process originates primarily from the data subject himself or herself, for example by these persons

  • as users of our web-site via their browser and terminal (e.g. a PC, smartphone, tablet or notebook) transmitting information such as their IP address to our web-server,
  • as interested parties requesting information material or quotation
  • as clients confirm an order with us close a contract with us,
  • as representatives of the press asking for press releases, a statement or similar,
  • as suppliers delivering goods to us which we have ordered or performing services or similar for us.

As a rare exception, the personal data we process may also come from third parties, for example if a
person is acting on behalf of another person.

General categories, purposes and legal basis for processing personal data

We process the following categories of personal data:

  • users of our web-site,
  • interested parties,
  • representatives of the press
  • clients, and
  • suppliers.

Depending on the category of the data involved we process personal data for the following purposes
on the legal basis specified in the General Data Protection Regulation (GDPR):

User data: We do not collect and process data about users of our web-site in personal form. We cannot attribute this data to a particular persons The IP address is only processed in an anonymized form. On the other hand in so far as personal data is involved in exceptional cases, we process this data for the protection of our legitimate interests on the basis of Article 6, Paragraph 1, Letter f) of the GDPR. Our legitimate interests in this sense are our interest in the security and integrity of our website and the data on our web-servers (particularly the detection of disturbances and malfunctions as well as the tracking of unauthorized access) plus marketing interests and interests in statistical surveys for the improvement of our web-site, our services and what we have to offer). After giving the matter our due consideration we came to the conclusion that the processing of data to protect the above legitimate interests is necessary and overrides your fundamental rights and freedoms requiring the protection of personal data.

Data of interested parties/data of representatives of the press: In so far as we process the data of parties interested in our services or of the representatives of the press, this is only done if you enter this data in an input field and send it to us or enter this data in an email for the purpose of a query which is then sent to us. These entries are voluntary We then only process this data in order to deal with your enquiry. This data which is voluntarily sent to us for the purpose of the supply of information about our services is processed as pre-contractual processing in accordance with Article 6, Paragraph 1, Letter b) of the GDPR and/or on the basis of the consent you grant by sending the consent you give in accordance with Article 6, Paragraph 1, Letter a) of the GDPR.

Client’s Data: We process the data of the our clients for the purpose of the performance of a contract as set out in Article 6, Paragraph 1, Letter b) of the GDPR and/or on the basis of consent which is granted pursuant to Article 6, Paragraph 1, Letter a) of the GDPR. This also applies to processing procedures which are necessary for pre-contractual activities (for example as part of the preparation and negotiation of offers).

Suppliers' and business partners' data: We process the data of the our suppliers and business partners for the purpose of the performance of a contract as set out in Article 6, Paragraph 1, Letter b) of the GDPR and/or on the basis of consent which is granted pursuant to Article 6, Paragraph 1, Letter a) of the GDPR. This also applies to processing procedures which are necessary for pre-contractual activities (for example as part of the preparation and negotiation of offers).

Recipients and categories of recipients of the personal data

Your personal data is only passed to third parties or others if this is necessary for the purpose of the performance of a contract (for example for processing of an order) or for invoicing purposes (for example for executing a payment process during the purchase of goods or services) and if there is a legitimate interest in the transmission of the data which overrides your interests, fundamental rights and freedoms, or you have previously and validly granted your consent.

The categories of recipients can be:

  • service providers
  • delivery service-providers, suppliers
  • payment service-providers, banks
  • tax advisers
Data processing related to the distribution of the Newsletter

It is possible to subscribe to a free Newsletter in our web-site or while making an enquiry. When subscribing for the Newsletter the data in the input mask is sent to us. This information is:

  • Email address
  • Title/form of address, given and family name, company name, homepage, phone number. How did you hear about us? (optional)
  • Feedback (optional free form fields)

When subscribing to the Newsletter the following data is also collected (Opt-In-Verification):

  • your IP address, and
  • the data and time of your subscription.

The purpose of this is the prevention of the misuse of the services or your email address and also compliance with our statutory obligation to demonstrate that the customer has truly opted in to the use of his email address - in other words he has expressly granted his consent to receive the newsletter.

Subscribing to our Newsletter uses what is called a "double opt-in process". This means that after subscribing you receive an email which asks you to confirm your subscription. This confirmation is necessary so that no-one can subscribe using another person's email address. When you click on the link by which you confirm your registration your IP address is collected along with the exact point in time (date and time) of the click. The purpose of this item of data processing is to comply with our statutory obligation to prove that the customer has truly opted in to the use of his email address - in other words he has expressly granted his consent to receive the newsletter.

In order to process the data your consent is obtained as part of the registration process and your attention drawn to this data security statement.

If you purchase goods or services on our website and in doing so record your email address, as a consequence we can use it to send you a newsletter. In such a case only direct advertisements for similar goods or services will be sent via the newsletter.

The data is not passed to third parties. The exception is if there is a legal obligation to disclose the data. The data is only used for the distribution of the Newsletter.

The purposes of data processing: The purpose of collecting and processing the user's email address is to send the Newsletter. We use the email address for promotional purposes.
The purpose of collecting the IP address and the time of the click on the confirmation link in the double opt-in email is to enable us to comply with our statutory obligation to prove that we have obtained the express consent of the customer.
The purpose of collecting further personal data as part of the subscription process is to prevent the misuse of the services or the email address used.
The potential archiving of your unsubscription from the newsletter for up to three years has the
purpose of proving that consent was previously granted; this therefore enables us to defend ourselves against potential claims.

The legal basis for the data processing: The legal basis for processing the data after the user subscribes to the Newsletters is your consent in accordance with Article 6, Paragraph 1, Letter a) of
the GDPR.
In the event of previous purchases of goods or services, the legal basis for the data processing in the context of the newsletter is § 7, Paragraph 3 of the Law against Unfair Competition.
The legal basis for saving the IP address and the point in time at which you clicked on the confirmation link in the double opt-in email and for any possible additional archiving for up to three years after you have unsubscribed from the newsletter is our legitimate interest pursuant to Article 6, Paragraph 1, Letter f) of the GDPR. In this case the legitimate interest consists of proving your previous grant of consent and the ability to defend ourselves against claims based on the use of your email address.


Duration of the archiving: The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. Thus your email address is saved all the while the subscription to the Newsletter is active.
We can save the email addresses for up to three years before we delete them as well as the data we collected during confirmation of the consent given for sending the newsletter on the basis of our legitimate interests so that we can demonstrate that consent was previously given. The purpose of processing this data is restricted to a possible defense against claims. An individual request for deletion is possible at all times in so far as the previous existence of a consent is confirmed.

Other data also collected during the subscription process is usually deleted after a period of seven days.

The right to object and the right to erasure: The user can unsubscribe from the Newsletter in any form, at any time and free of charge. There is a link for this purpose in every Newsletter.
This makes it possible to revoke the consent given to saving the personal data collected during the subscription process.

Contacting by email, fax and phone call

If you wish you can contact us in several ways. You will find our email address, phone number and fax number for this purpose on our website. If you send us an email, call us or send a fax we will also inevitably process your personal data as the personal data transmitted with the email, fax or your phone will be saved by us or our systems.

The data is not passed to third parties in this context. The data is only used for the distribution of the Newsletter.

The purposes of data processing: The processing of the personal data when contacting us by email, fax or phone is so that we can deal with your request and the approach you made to us. It is essential that we have your email address, fax or phone number so that we can respond. This also constitutes the legitimate interest in processing the data.

The legal basis for data processing: Given the existence of consent which can be seen from the fact that you contacted us, the legal basis for processing the data is Article 6, Paragraph 1, Letter a) of the GDPR and, apart from that, our legitimate interest in the data processing in accordance with Article 6, Paragraph 1, Letter f) of the GDPR.

If the purpose of the contact or your request is the conclusion of a contract, the additional legal basis for the processing is Article 6, Paragraph 1, Letter b) of the GDPR (execution of pre-contractual measures).

Duration of the archiving: The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected.

For the personal data which was sent by email, this is the case if the relevant exchange with you is at an end and we have then waited for a period of up to 3 months to establish whether we must refer again to your request and the details of the exchange. The conversation is at an end if it can be gathered from the circumstances that the matter in question has been definitely settled.

Fax data is stored separately from printed data in the fax machine’s memory. After the fax has been printed out the memory space which was used is released so that the next fax can be received and saved there. After being printed out, parts of the fax can remain temporarily in the fax machine’s memory until it is overwritten by the next fax to be received. This normally leads to the automatic deletion of the data after about 1 - 2 weeks. If the fax is a computer fax we receive the fax as an email and the information we have provided on emails applies accordingly.

In the case of an incoming or outgoing phone call your phone number or your name / company name which you have registered with your telephone provider as well as the date and time of the call are stored in what is called a “ring memory” in our phone system. This memory overwrites the oldest data with the new data. In normal circumstances this means that the data is automatically deleted in the phone system after about 3-4 months.

It may happen that due to commercial or fiscal law the exchange is subject to a retention obligation which then comes into play (cf. the information above in the section “Data deletion and retention period”) .

The right to object and the right to erasure: You may at any time revoke consent given for the processing of the personal data and object to further data processing because of a legitimate interest (cf. the advice on a particular right to object under C of this Data Protection Information). In such a case the conversation cannot be continued.

You can revoke the consent and object to further data processing without any need for a specific form (e.g. you can use email).

In this case all personal data which was saved in the course of the contact with you is deleted.

B. The scope of the processing of personal data via our website

As a matter of principle we only collect and use the personal data of users during the use of our website in so far as this is necessary for the provision of a functioning web-site, its content and our services. Normally the personal data of our users is collected and used only after the user has granted his/her consent. The exception is such cases in which it is not factually possible to obtain consent in advance and/or the processing is permitted by the provisions of law.

Provision of the web-site and creation of log files

Every time the web-site is accessed our system automatically collects data and information for technical reasons. This is saved in the server's log files. This information is:

  • the data and time of access,
  • the URL of the web-site from which access was made (the referrer),
  • the web-sites which were accessed by the user's system via our web-site,
  • the user's screen resolution,
  • the file(s) accessed and a report of the success of the access,
  • the amount of data sent,
  • the user's Internet service-provider,
  • the browser, browser type and version, the browser engine and engine version,
  • the operating system, operating system version and type, and
  • the user's anonymized IP address and Internet service-provider.

This data is processed separately from other data. This data is not processed in combination with the user's other personal data. We cannot attribute this data to a particular person.

The purposes of data processing: The temporary processing of the data by the system is necessary so that it is possible to send the contents of our web-site to the user's computer. The user's IP address
must be saved for the duration of the session to achieve this.

Data is saved in log files to ensure the functionality of the web-site. The data also enables us to optimize our offering and the web-site, and to protect the security of our computer system. The data is not evaluated for marketing purposes in this connection.

The legal basis for the data processing: The data and the log files are temporarily saved on the legal basis of Article 6, Paragraph 1, Letter f) of the GDPR Our overriding legitimate interest in this data processing is to be found in the purposes stated above.

Duration of the archiving The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data capture for the provision of the web-site, the data is deleted when the session is terminated. The data saved in the log files is deleted after no more than seven days. It is not possible to save the data for longer. In this case the users' IP addresses are deleted or distorted so that it is no longer possible to attribute them to the client accessing the website.

The right to object and the right to erasure: The capture of data is essential for the provision of the web-site, and the saving of data in log files is necessary for the operation of the web-site. As a consequence the user has no right to object to this practice. However, the user may terminate the use of the web-site at any time and therefore prevent the continued collection of the data specified above.

Contact form and email contact

Our website contains contact forms which can be used for contacting us electronically in various areas and on various subjects. if you take advantage of this facility the data you enter in the mask is sent to us and saved. The data processing which follows relates basically to the matter associated with the contact form.

Using our forms you can

  • download a personal edition,
  • download a JamaicaCAR SDK,
  • submit a JamaicaVM evaluation request,request a VeriFlux evaluation,
  • request a White Paper.

You can find details of the information you request in the web form. The mandatory fields in the web form are clearly marked with an asterisk. The data we request in the mandatory fields is essential so that we can process the data you have entered.

The following data is also saved when the message is sent:

  • the user’s IP address,
  • Date and time of the transmission

The data identified in the mandatory fields is data which is essential as without it we cannot respond to your enquiry or deal with the approach you made to us.

Your consent for processing the data is obtained before the data is sent; this relates also to the use of the data for promotional purposes as well as to this data privacy statement.

Alternatively you can contact us via the email address we provide. In this case the user’s personal data transmitted with the email is saved.

In this case the data is not passed to third parties. The data is only used for the distribution of the Newsletter.

The purposes of data processing: When you download material you thereby conclude a user and license agreement with us. You are therefore obliged to accept the license conditions before the
download.

A further purpose of the processing of the personal data from the input mask is that it enables us to deal with the approach you made to us and to clarify your request. Contacting you also constitutes the legitimate interest in processing the data.

The purpose of processing the other personal data during the transmission procedure is to prevent misuse of the contact form and to ensure that out information system remains secure.

The legal basis for data processing: If downloads are requested the legal basis for the processing is Article 6, Paragraph 1, Letter b) of the GDPR, to be specific, data processing for the performance and execution of the license agreement.

The legal basis for processing the data is also our legitimate interest in the data processing as set out in Article 6, Paragraph 1, Letter f) of the GDPR. The legitimate interest is constituted by our need to process the data so we can deal with and respond to your enquiry and the approach you made to us.

The legal basis for processing the other personal data which is processed during the transmission procedure is our legitimate interest in the data processing in accordance with Article 6, Paragraph 1, Letter f) of the GDPR which in this case consists of preventing the misuse of the contact form and ensuring the protection of our IT systems.

Duration of the archiving: In the case of the license agreements we save the data until the agreement comes to an end and no claims arising from the agreement can be asserted (period of prescription).
The personal data from the input mask of the contact form and the data sent by email are deleted when the matter clearly to a definitive end.

The exchange and the contractual data are subject, as applicable under commercial or fiscal law, to a retention period which then commences (cf. the information above in the section “Data deletion and retention period”).

The additional data also collected during the transmission process is deleted after a period not exceeding seven days.

The right to object and the right to erasure: You can object to further data processing at any time due to a legitimate interest (cf. the note about a specific right to object in Section C of this data privacy statement. In such a case the matter cannot be taken any further.

The objection to further data protection can be lodged with us in any form (e.g. by email).

In this case all personal data which was saved in the course of the contact with you is deleted.

Data processing for the purposes of performing a contract are not affected by this objection.

Use of cookies by us and by third party provider

When accessing individual web pages we use so-called cookies. Cookies are small text files which are installed on the terminal (PC, smartphone, tablet etc.). If you access a website a cookie can be saved in your browser. This cookie includes a characteristic sequence of characters which enable the browser to be unmistakably identified if the page is accessed again.

It can also happen that cookies are used by third party service-providers. These cookies could also make it possible to analyze the way in which the user surfs the Internet. If this is the case we will inform you separately and directly about this in the information about third party provider tools (such as analysis tools, plugins or similar) of this data privacy statement.

When you access our website you are informed about the use of cookies for analysis purposes and your consent obtained for the processing of the personal data used in this connection.

Cookies are used to make our website useable or configure it so that it is more user-friendly. Some parts of our web-site require that the browser accessing our site can also be identified after switching
to a different page. The following data is temporarily saved in the cookies at this time:

  • the language settings:

Our content management system uses these cookies which are also necessary for technical reasons to make functions such as logging into the administration area possible or the writing and posting of comments for registered visitors (if we activate this). It is necessary to place cookies so that we can identify visitors who have logged in.

The purposes of data processing: The purpose of using cookies needed for technical reasons is to simplify the use of the web-site for users. Some of the functions of our web-site cannot be provided without the use of cookies. For these it is necessary that the browser is re-identified after switching to a different page. The user data collected by the cookies needed for technical purpose is not used for creating user profiles.

Analysis cookies are used for the purpose of improving the quality of our web-site and its contents. By the analysis cookies we learn how the web-site is used and can therefore continuously optimize our offering.

The legal basis for the data processing: The legal basis for the processing of personal data by means of cookies is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above.

If the user has granted consent for this purpose the legal basis for the processing of personal data using cookies for analytical purposes is Article 6, Paragraph 1, Letter a) of the GDPR and, in other respects a legitimate interest on our part by reason of the purposes already mentioned pursuant to Article 6, Paragraph 1, Letter f) of the GDPR.

Duration of the archiving: Some of the cookies we use are deleted again at the end of the browser session, in other words when you close your browser (these are called "session cookies"). Other cookies remain on your terminal and enable us or our service providers partner (third party providers) to recognize your browser on your next visit (”permanent cookies”).

In all other respects we save the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment comes to a different conclusion, or you have lodged a valid objection pursuant to Article 21 of the GDPR (on this point see the highlighted "Note on a particular right to object" in Section C). Whether or not the legitimate interest still exists is checked regularly, at least once per year. In particular, our interest no longer exists if, due to the lapse of time, the data is no longer sufficiently relevant for us with regard to the evaluation and statistics of the use of the website;
we assume this to be no longer than three years

The right to object and right of erasure Cookies are saved on your computer and transmitted from there to our site. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. We understand a "Do not track" setting of your browser of this nature to be an objection to the further collection and use of your personal data. Note: If cookies for our web-site are deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

Use of Google Maps

This website used Google Maps, a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to provide an interactive map. By the use of Google Maps information about your use of this web-site (including your IP address) can be sent to a Google server in the USA and saved there.

Google may pass the information obtained by Maps to third parties in so far as this is required by law or in so far as third parties process this data on behalf of Google. In no case will Google combine your IP address with other Google data. Nevertheless, it would be technically feasible that, based on the data it has received, Google could identify at least individual users. It would be possible that personal data and personality profiles of users of Google's web-site could be processed for other purposes over which we neither have nor can have any influence.

The purposes of data processing: The purpose for using Google Maps is to improve the quality of our website and its content as well as to provide you with a simple, useful and well-known map service for orientation purposes, to show where we are located and to enable you to plan how to reach us etc.

The legal basis for the data processing: The legal basis for the processing of personal data by means of Maps is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above. Google Inc. has joined the “EU-US-Privacy Shield“ so that data transmission to the USA is permitted.

Duration of the archiving: By using your browser settings you, as the user, can decide for yourself about the implementation of the JavaScript code needed for this tool. You can deactivate or restrict the execution of cookies by changing the settings in your Internet browser. Note: If the execution of cookies is deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

In all other respects we save the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment comes to a different conclusion, or you have lodged a valid objection pursuant to Article 21 of the GDPR (on this point see the highlighted "Note on a particular right to object" in Section C). Whether or not the legitimate interest still exists is checked regularly, at least once per year. In particular, our interest no longer exists if, due to the lapse of time, the data is no longer sufficiently relevant for us with regard to the evaluation and statistics of the use of the website;
we assume this to be no longer than three years.

The right to object and the right to erasure: It is easy to deactivate the service of Google Maps and so prevent the transfer of your data to Google. To do this, deactivate JavaScript in your browser.
In order to prevent the execution of Java Script code totally, you can also install a Java Script-blocker,
for example the browser plugin NoScript (e.g. www.noscript.net or www.ghostery.com).

Note: If the execution of Java-Script is deactivated, it is possible that all functions of the web-site canno longer be used to their full extent.

You will find the data privacy statement and the terms and conditions of use for Google products and particularly Google Maps at https://policies.google.com/technologies/productprivacy?hl=de

Twitter feed / Twitter for websites link

We link our Twitter feed to our website. This service is called “Twitter for websites” and is operated by Twitter Inc., 750 Folsom Street, Suite 600, San Francisco, CA 94107, United States (“Twitter”).
Embedded tweets and timelines, Twitter buttons and “Follow” buttons are included in the embedded Twitter content.

According to information provided by Twitter, when you visit our website Twitter “possibly“ collects the IP address, the browser type, the operating system and the cookie information as well as the page you select. This information helps Twitter to improve its product and services, for example with personalized suggestions and personalized advertisements.

You can learn more about the information which Twitter collects and how this information is used by going to Twitter’s Data protection guideline and the article on the Use of cookies.

Twitter never links the browser history which is collected via our website with the name, email address, phone number or Twitter user name. Twitter deletes, conceals or aggregates the data after a maximum of 30 days.

The purposes of data processing: The Twitter plugin is used so that you have direct access via our website to our tweets and public statements via Twitter and, in order to make a direct feedback facility possible or to make it possible to share our contributions and information (tweets) directly and therefore our promotional and marketing interests.

Please go to Twitter’s data privacy statement at https://twitter.com/de/privacy for more information on the purpose and extent of the collection of data and the further processing and use of the data by Twitter in this respect, as well as your rights and possible settings for the protection of your privacy.

The legal basis for the data processing: The legal basis for the processing of personal data is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. In this respect our legitimate interest consists of the purposes mentioned above.

Duration of the archiving: As the user, you can decide for yourself about the implementation of the JavaScript code needed for this tool by means of your browser settings. By changing the settings in your Internet browser you can deactivate or restrict the use of JavaScript and therefore also prevent your data from being saved. Note: If the execution of Java-Script is deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

The right to object and the right to erasure: If you are a Twitter member and do not want Twitter to collect data about you via our website and link it with your membership data saved by Twitter, you must log off from Twitter before visiting our website.

By using your settings you yourself can also control whether Twitter saves information about other websites on which you see Twitter content. You can see how to change this in the settings in “Personalization and data settings” which is in the setting “Track where you see Twitter content across the web”. If you deactivate this setting, Twitter neither saves nor uses information on the websites you visit.

You can obtain comprehensive information about the embedding of Twitter feeds here: https://help.twitter.com/de/twitter-for-websites-ads-info-and-privacy

Use of the analysis tool "Matomo" (previously PIWIK)

On this web-site Matomo (Piwik), an open-source web analysis tool of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org), is used to collect and save data for marketing and optimization purposes. User profiles with a pseudonym can be compiled from this data. Cookies can be used for this purpose. Cookies are small text files which are saved in the cache of the Internet browser of the visitor to the site. The cookies enable the Internet browsers to be identified on a further visit. The data collected by Matomo (Piwik) is not used to identify the visitor to this web-site and is also not merged with personal data about the owner of the pseudonym without consent by the data subject given separately.

The purposes of data processing: Analysis tools and analysis cookies are used for the purpose of improving the quality of our web-site and its contents. In this way we learn how the web-site is used and can therefore continuously optimize our offering.

The legal basis for the data processing: The legal basis for the processing of personal data is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above.

Duration of the archiving: The cookies are saved on the user's computer from where they are transmitted to our site. The IP is anonymized immediately after processing and before it is saved. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies which have already been saved can be deleted at any time. This can also be done automatically. We understand a "Do not track" setting of your browser of this nature to be an objection to the further collection and use of your personal data. Note: If cookies for our web-site are deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

In all other respects we save the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment comes to a different conclusion, or you have lodged a valid objection pursuant to Article 21 of the GDPR (on this point see the highlighted "Note on a particular right to object" in Section C). Whether or not the legitimate interest still exists is checked regularly, at least once per year. In particular, our interest no longer exists if, due to the lapse of time, the data is no longer sufficiently relevant for us with regard to the evaluation and statistics of the use of the website;
we assume this to be no longer than three years.

The right to object and the right to erasure: You can prevent the installation of cookies by making a corresponding setting in your browser software. If you do this we must point out that in this case you will not be able to use all functions of this web-site to their full extent. You can also prevent the capture of the data created by the cookie relating to your use of the web-site (including your IP address) and the processing of this data by us by using the opt-out option.

Use of Google reCAPTCHA

For protection during the transmission of forms (e.g. contact forms, registration for the internal members' area) we use the services of reCAPTCHA of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA in selected cases.

This service includes sending your IP address and, if appropriate, additional information needed by Google for the reCAPTCHA service. The data protection provisions of Google, which are different from our own, apply to this data.

By the use of Google reCAPTCHA information about your use of this web-site (including your IP address) can be sent to a Google server in the USA and saved there. Google may pass the information obtained by reCAPTCHA to third parties in so far as this is required by law or in so far as third parties process this data on behalf of Google. In no case will Google combine your IP address with other Google data. Nevertheless, it would be technically feasible that, based on the data it has received, Google could identify at least individual users. It would be possible that personal data and personality profiles of users of Google's web-site could be processed for other purposes over which we neither have nor can have any influence.

The purposes of data processing: Google reCAPTCHA is also used for the purpose of excluding what are called bots which are small malware programs which compromise the security and integrity of our
web-site and web servers. We wish to ensure the functionality of the web-site. The data also serves to underpin the security of our IT systems.

The legal basis for the data processing: The legal basis for the processing of personal data by means of reCAPTCHA is Article 6, Paragraph 1, Letter f) of the GDPR, and is therefore a legitimate interest on our part. Our legitimate interest is to be found in the purposes stated above. Google Inc. has joined the “EU-US-Privacy Shield“ so that data transmission to the USA is permitted.

Duration of the archiving: As a user you can decide for yourself about the implementation of the JavaScript code via your browser settings. You can deactivate or restrict the execution of Java-Script by changing the settings in your Internet browser. Note: If the execution of Java-Script is deactivated, it is possible that all functions of the web-site can no longer be used to their full extent.

The right to object and the right to erasure: You have the possibility of not using the services of Google reCAPTCHA by not clicking on the service's button. You can then contact us by other means, for example by email or phone.
You can also deactivate Java Script and thus prevent the transfer of data to Google. In order to prevent the execution of Java Script code totally, you can also install a Java Script-blocker, for example the browser plugin NoScript (e.g. www.noscript.net or www.ghostery.com).
Note: If the execution of Java Script is deactivated, you cannot use the reCAPTCHA service, you are also unable to use our contact and web forms which use reCAPTCHA.

You will find Google's data protection policy at https://policies.google.com/privacy?hl=de

Encryption of the web-site

The web-site and therefore the data transmissions using these forms are encrypted to the SSL standard (https-protocol).

Transmission of personal data to a third country (countries outside Germany but in the EU)

We intend to send personal data to the United States of America. There is an adequacy decision of the EU Commission which states that personal data may be sent to the USA if the recipient has joined the EU-US Privacy Shield. Therefore personal data is only sent to recipients in the USA which demonstrate that they have joined the EU-US Privacy Shield.

The specific intention relates to a transmission of data to the following company:

  • Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (”Google“) as provider of the web analysis tool Google Analytics, of the map services Google Maps.
  • Twitter Inc., 750 Folsom Street, Suite 600, San Francisco, CA 94107, USA as the provider of Twitter’s newsfeed.

The companies mentioned have joined the EU-US Privacy Shield and have submitted to a regulatory framework comparable to the EU data protection standard. The transmission of data to these companies is therefore unquestionably permitted. In addition, in the case of data processing, appropriate data processing contracts were concluded with these companies to protect the data and our rights to issue instructions.

C. Rights of data subjects

If your personal data is processed you are a "data subject" and you are entitled to the following rights in respect of us as the controller.

The right to be informed

You have the right to receive a confirmation from us free of charge whether we are processing personal data relating to you. In this case you have the right to information about this personal data and other information which you can see in Article 14 of the GDPR. You can contact us for this purpose by post or email.

The right to rectification

You have the right to require that we immediately correct inaccurate personal data relating to you. You also have the right, for the purposes set out above, to require additions to incomplete personal data, including by means of a supplementary declaration. You can contact us for this purpose by post or email.

The right to erasure

You have the right to require the immediate deletion of personal data relating to you if one of the conditions of Article 17 of the GDPR is met. You can contact us for this purpose by post or email.

The right to restrict processing

You have the right to require the restriction of processing if one of the conditions of Article 18 of the GDPR is met. You can contact us for this purpose by post or email.

The right to information

If you have asserted the right to the correction, deletion or restriction of the processing to the controller, the latter is obliged to inform all recipients to which the personal data relating to you was disclosed about the correction or deletion of the data or about the restriction of the processing unless this proves to be impossible or is associated with disproportionate effort.
You have the right to be informed by the Controller about these recipients.

The right to data portability

You have the right to receive the personal data you sent to us relating to you in a structured, commonly used and machine-readable format and have the right to transmit this data to another
controller without hindrance from us if the conditions of Article 20 of the GDPR are met. You can contact us for this purpose by post or email.

The right to object to processing because of a legitimate interest

In so far as we process personal data on by way of exception the basis of Article 6, Paragraph 1, Letter f) of the GDPR (therefore for reason of a legitimate interest,) you have the right, for reasons arising from your particular situation, to object at any time to our processing of the personal data relating to you. We will cease processing your data if we can demonstrate no compelling reasons worthy of protection for the further processing which override your interests, rights and freedoms or if we are processing your data for the purposes of direct advertising
(cf. Article 21 of the GDPR). You can contact us for this purpose by post or email.

A technical process which you use, for example an unambiguous statement sent by technical means by your browser (a "do not track" message) is also deemed to be objections in within these meanings.

The right to revoke consent

You have the right at any time to revoke an agreement you have given for the collection and use of personal data with effect for the future. You can contact us for this purpose by post or email. The lawfulness of the processing undertaken by reason of the consent you gave up to the time of its revocation is not affected.

Automatic decision-making including profiling

You have the right not to be subject to a decision based exclusively on automated processing (including profiling) which has a legal effect on you or which is significantly to your detriment in a similar manner unless the decision is necessary for the conclusion of an agreement between you and us, is admissible by reasons of provisions of law of the European Union or member states to which we are subject and these provisions of law contain reasonable measures to protect your rights, freedoms and legitimate interests, or the decision is taken with your express consent.
We do not take automated decisions of this nature.

Voluntary provision of data

If the provision of the personal data is stipulated by law or a contract, we will always point this out when the data is collected. The data we collect is sometimes necessary for the conclusion of a contract, to be specific, if we are unable to meet our contractual obligation to you or cannot adequately meet them in any other way. You are under no obligation to provide personal data. However, the failure to provide such information can mean that we are unable to perform or offer the service, action, measure or similar you require, or that it is impossible to conclude a contract with you.

The right to complain to a supervisory authority

Notwithstanding other rights, if you are of the opinion that the processing of personal data relating to you infringes data protection law, you have the right at all times to complain to a supervisory authority for data protection, particularly in the member state where you reside, where you work or the place of the alleged infringement.

The supervisory body responsible for us is:

The Baden-Württemberg State Commissioner for Data Protection and Freedom of Information,
Königstraße 10A
70173 Stuttgart
Website: www.baden-wuerttemberg.datenschutz.de.

Data privacy statement version: May 25, 2018