Responsible party within the meaning of the EU General Data Protection Regulation (GDPR):
WP/StB/RA Dr. Siegfried Merz
Data protection officer:
Purposes and legitimate interests for which personal data is collected, processed, used and/or stored:
when you access our public website, personal data (e.g. IP addresses, date and time of the query, specific website, access status/http status code, data volume transmitted in each case, browser (settings), language and version of the browser software, operating system (configurations) and its user interface, anonymous web server logbooks, user behaviour, etc., i.e. data transmitted by your browser and system) is collected, processed, used and saved in relation to its specific purpose for the fulfilment of the client agreement, for the display and stability of the website, for error tracking and for the protection of the functionality of the website within the framework of the applicable IT security concept (e.g. identification of attacks). The purposes are in accordance with Article 13, Section 1 c GDPR and our legitimate interests within the meaning of Article 13, Section 1 d) in conjunction with Art. 6 Section 1 f GDPR). In collecting, processing, using and storing personal data, we comply with the principles of legality, good faith, transparency, restriction to purpose, data minimisation, accuracy, storage limitation, integrity and confidentiality (principles as defined by Art. 5 Section 1 GDPR).
Legal basis for the collection, processing, use and/or storage of your personal data:
the legal basis for any collection, processing, use and/or storage of your personal data is in particular Art. 6 Section 1 a), b), c), d) and/or f) GDPR.
in addition, your personal data (e.g. name, address, email address, telephone number, message etc.) will only be collected, processed, used and/or stored if you provide it to us of your own accord, e.g. by entering it in contact forms. Your data will only be used for the purpose stated on the respective page, e.g. within the scope of your contact enquiry or application.
If you access pages, files or other information via our public website and are asked to enter personal data, please note that the related data transfer via the Internet is unencrypted. The data can thus be accessed or falsified by unauthorised persons.
Handling email addresses:
if you send us an email, we will only use your email address for correspondence with you. Your email address will not be passed on without your prior consent.
we use technical and organisational security measures to protect the data we administer from manipulation, loss, destruction and access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
cookies are small amounts of data that are stored on your computer by the operator of a website.
We use temporary and permanent cookies on our website. Temporary cookies contain data such as an identification number (so-called ‘session ID’). They allow the server to assign successive browser requests to the same user. They are automatically deleted as soon as the user closes the browser.
Permanent cookies, however, are retained even after the user has closed the browser. They are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. So-called "third-party cookies" are cookies set by a third party, therefore not by the actual website you are currently visiting. Please note that you may not be able to use all functions of this website by deactivating cookies.
Links to other websites:
if you call up an external website from our website (external link), the external provider may receive information from your browser about the page from which you accessed it. The external provider is responsible for this data. Like any other website operator, we are not in a position to influence this process.
information transmitted via the Internet (e.g. also when communicating by email) is usually unencrypted. Since the path of the data between the server and the local PC can never be predicted exactly, transmitted information can be viewed in many places. We therefore draw your attention to these security vulnerabilities. The complete protection of data against access by third parties is not possible.
Recipients of personal data:
The employees and external service providers entrusted with the administration of our website and our internal IT structure are recipients / categories of recipients of personal data within the meaning of Article 13, Section 1 e GDPR.
We use external service providers (contractors), e.g. DATEV eG, Nuremberg, to fulfil the client agreement. A separate order data processing agreement has been concluded with the respective service provider in order to guarantee the protection of your personal data.
Information according to Art. 13 Section 2 GDPR:
the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), to whose content full reference is made, apply.
Personal data relevant to tracking errors and protecting the functionality of the website within the framework of the IT security concept is collected, processed, used and stored in accordance with the applicable data protection regulations. After 30 days, personal data such as IP addresses, browser (settings) and operating system (configurations) will be deleted. Other personal data is generally stored for up to two months for a specific purpose. Data for which statutory retention obligations apply are stored for a specific purpose until the expiry of these retention obligations.
If we have stored personal data about you, you can obtain information about your personal data stored on request free of charge. Please inform us if we have stored incorrect data about you so that we can correct, block or delete it. As the data subject, you have the right to confirmation and information about personal data and its processing, the right to correct, delete, restrict and object to the processing of personal data, as well as the right to data transferability. As a data subject, you have the right to revoke your consent to the processing of your personal data at any time, without prejudice to the legality of any processing carried out on the basis of the consent prior to revocation.
As the data subject, you also have a right of appeal to the competent supervisory authority for data protection (cf. Art. 77 GDPR) and/or rights to judicial remedies (Art. 78f. GDPR). For this purpose, please contact the respective state data protection officer.
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
Integration of Google Maps
On this website we use the Google Maps service. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
When you visit the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data collected when you visit our website is transmitted. This is regardless of whether Google provides a user account that you are logged in with, or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for users not logged-in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.
Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Our service is basically aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
"Processing" means any operation carried out, with or without the aid of automated procedures, or any such series of operations relating to personal data, such as the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction of data.
"Responsible party" means a natural or legal person, authority, institution, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by EU law or the law of the Member States, the responsible party or the criteria for its designation may be laid down in accordance with EU law or the law of the Member States.
"Third parties" means natural or legal persons, authorities, institutions or other bodies other than the data subject, the responsible party, the data processor and the persons authorised to process the personal data under the direct responsibility of the responsible party or the data processor.
Valid from: May 2018