This data protection statement explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data” for short) within our online services and the associated websites, functions and contents as well as external online profiles, such as our social media profiles. (Referred to hereinafter collectively as “online services”). With regard to the terminology used, for example “processing” or “responsible party”, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Hermann Sewerin GmbH
Tel.: + 49 (0) 52 41/ 9 34- 0
Fax: + 49 (0) 52 41/ 9 34- 444
Dr. Dipl.-Phys. Swen Sewerin
Dipl.-Wirt.-Inf. Benjamin Sewerin
Register court: Gütersloh District Court
Registration number: HRB 14 53
- User-related data (e.g. names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Usage data (e.g. websites visited, interest in contents, access times).
- Metadata/communication data (e.g. device information, IP addresses).
Visitors to and users of the online services (hereinafter we will also refer to persons concerned collectively as “users”).
- To provide the online services, their functions and contents.
- To reply to contact enquiries and communicate with users.
- Security measures.
- Reach measurement/marketing
“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter “person concerned”); identifiable refers to any natural person, who can be directly or indirectly identified, in particular by matching with an identifier, such as a name, an identification number, location data, an online code (e.g. cookie) or one or more special features, which express the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
“Processing” is any action performed with or without the help of automated procedures or any such series of actions in relation to personal data. The concept is wide-ranging and includes virtually all handling of data.
“Responsible party“ refers to the natural or legal person, authority, institution or other body, who, alone or together with others, decides on the purposes and means of processing personal data.
Art. 13 GDPR stipulates that we must inform you of the legal bases of our data processing. Insofar as the legal basis is not stated in the data protection statement, the following shall apply: the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services and perform contractual measures as well as respond to any enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vitally important interests of the person concerned or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Insofar as we disclose, share or otherwise make available data to other persons and companies (data processors or third parties) within the scope of our processing, this shall only occur on the basis of legal permission (e.g. if it is necessary to transfer the data to a third party, such as a payment service provider, in accordance with Art. 6 para. 1 lit. b GDPR for fulfilment of a contract), if you have consented to it, if a legal obligation stipulates it or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.).
Insofar as we entrust third parties with the processing of data based on a so-called “order processing contract”, this shall occur on the basis of Art. 28 GDPR.
Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEC)) or this occurs in the scope of availing of services of third parties or disclosure/transfer of data to third parties, this shall only occur if it is in order to fulfil our (pre)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual authorisation, we shall only process or have the data processed in a third country if the special conditions of Art. 44 ff. GDPR exist. In other words, processing shall take place e.g. on the basis of special guarantees, such as the officially recognised confirmation of a level of data protection equivalent to that of the EU (e.g. the “Privacy Shield” for the USA) or in compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
You can ask for confirmation as to whether relevant data will be processed and details of this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you can request completion of the data concerning you or the correction of any incorrect data concerning you.
In accordance with Art. 17 GDPR, you can request that data concerning you be deleted immediately, or alternatively as per Art. 18 GDPR request that the data processing be limited.
You can request to obtain the data concerning you that you have provided to us in accordance with Art. 20 GDPR and ask it to be sent to other responsible parties.
Further, you can lodge a complaint with the responsible supervisory body in accordance with Art. 77 GDPR.
You are entitled to withdraw consents given in accordance with Art. 7 para. 3 GDPR with future effect.
You can object to the future processing of the data concerning you as per Art. 21 GDPR at any time. The objection can, in particular, apply to processing for the purposes of direct advertising.
“Cookies” are small files saved on users’ computers. Various information can be stored within the cookies. A cookie primarily serves to save the information about a user (or the device on which the cookie is saved) during or even after his visit to online services. Temporary cookies, i.e. “session cookies” or “transient cookies”, are cookies that are deleted once a user leaves the online services and closes his browser. Such cookies can be used, for example, to save the contents of a shopping basket in an online shop or a login status. Cookies are “permanent” or “persistent” if they continue to be stored after the browser is closed. This allows, for example, the login status to be saved for when users visit again several days later. Likewise, this type of cookie can save the interests of the user for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the party responsible for operating the online services (the cookies of the responsible party are “first-party cookies”).
We may use temporary and permanent cookies and explain this in our data protection statement.
If users do not want cookies to be saved on their computer, they will be requested to disable the relevant option in the system settings of their browser. Saved cookies can be deleted from the system settings of the browser. Disabling cookies can result in limited functionality of these online services.
The data processed by us is deleted as per Art. 17 and 18 GDPR or processing thereof is limited. Unless expressly stated in this data protection statement, the data saved by us will be deleted as soon as it is no longer required for purpose, and the deletion does not breach any legal obligations to preserve records. If the data is not deleted because it is required for other legally permitted purposes, processing thereof will be limited. In other words, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for reasons of commercial or tax law.
According to German law, records must be kept in particular for 6 years as per § 257 para. 1 German Commercial Code (HGB) (account books, stock, opening balance sheets, annual financial statements, business letters, accounting records, etc.) and 10 years as per § 147 para. 1 German Fiscal Law (AO) (books, records, annual reports, accounting records, business and commercial correspondence, documents relevant to taxation etc.).
According to Austrian law, documents must be kept in particular for 7 years as per § 132 para. 1 Austrian Fiscal Code (BAO) (accounts, bills and receipts, ledgers, vouchers, business papers, income and expense statements, etc.), for 22 years in relation to land, and for 10 years for documents relating to electronic services, telecommunication, radio and television services provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is used.
The hosting services used by us help to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services, which we use to operate the online services.
This involves us, or our hosting providers, processing user-related data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to these online services on the basis of our legitimate interests in an efficient and secure provision of these online services as per Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (signing of order processing contract).
Collection of access data and logfiles
We, or our hosting provider, collect data about any access to the server on which this service is located (so-called server logfiles) on the basis of our legitimate interests in the sense of Art. 6 para. 1 lit. f. GDPR. Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type including version, the user’s operating system, referrer URL (webpage previously visited), IP address and the requesting provider.
Logfile information is saved for a maximum duration of 7 days for security reasons (e.g. to resolve acts of misuse or fraud) and then deleted. Data, which needs to be kept for longer as evidence, is excluded from the deletion until the respective incident is resolved.
Users have the option of creating a user account. During the registration process, users are informed of the information they are required to submit. The data entered within the scope of the registration is used for the purposes of availing of the services. Users can be sent information relevant to the service or registration, such as changes to the scope of service or technical circumstances, by email. When users close their user account, their data regarding the user account is deleted, unless it must be kept for reasons relating to commercial or tax law in accordance with Art. 6 para. 1 lit. c GDPR. It is up to users to back up their data when they close their account before the end of the contract. We can irretrievably delete all of the user’s data saved for the duration of the contract.
The IP address and the time of the respective user action are saved as part of our registration and login functions as well as usage of the user account. This information is saved on the basis of our legitimate interests, as well as to protect the user against misuse and other unauthorised use. This data is never shared with third parties, unless necessary to prosecute our claims, or there is a legal obligation to do so as per Art. 6 para. 1 lit. c GDPR. The IP addresses will be anonymised or deleted after 7 days at the latest.
When users contact us (e.g. by contact form, email, telephone or via social media), their data will be processed to handle and process the enquiry in accordance with Art. 6 para. 1 lit. b) GDPR. Users’ data may be stored in a Customer Relationship Management System ("CRM system") or similar enquiry facility.
We delete the enquiries provided they are no longer required. We check whether or not they are required every two years; the legal archiving obligations also apply.
The information below explains the contents of our newsletter as well as subscription, circulation and statistical evaluation procedures and your rights to object. By subscribing to our newsletter, you agree to receiving it and the procedures described.
Content of newsletter: we send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the recipient’s consent or legal permission. Provided the contents of the newsletter have been specifically explained during the subscription process, they shall apply for the user’s consent. Our newsletters also contain information about our services and us.
Double opt-in and logging: subscription to our newsletter takes the form of a so-called double opt-in process. This means that, after subscribing, you will receive an email, in which you will be asked to confirm your subscription. This confirmation is required to ensure that no one can subscribe with someone else’s email address. Newsletter subscriptions are logged in order to prove that the subscription process has taken place in accordance with the legal requirements. This includes saving of the time of subscription and confirmation as well as the IP address. Changes to your data saved by the email marketing service are also logged.
Subscription data: all that is required to subscribe to the newsletter is your email address. We also ask for a name, which is optional, so that we can address you personally in the newsletter.
Germany: the newsletter is sent and the associated success measured on the basis of the recipient’s consent as per Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 of the German law against unfair competition (UWG) or on the basis of legal permission as per § 7 para. 3 of the German law against unfair competition (UWG).
The subscription process is logged on the basis of our legitimate interests as per Art. 6 para. 1 lit. f GDPR. Our interest is aimed at implementing a user-friendly and secure newsletter system, which both serves our business interests and meets the expectations of users, and which also enables us to prove consent.
Termination/withdrawal - You can unsubscribe from our newsletter at any time, i.e. withdraw your consents. There is a link to unsubscribe from the newsletter at the bottom of every newsletter. We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them for the purposes of sending the newsletter to allow us to prove the previously granted consent. This data will be processed solely for the purpose of defending potential claims. Individual requests for deletion can be accepted at any time provided previous consent is confirmed at the same time.
The newsletter is circulated using the email marketing service “MailChimp”, a newsletter automation platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection policy of the email marketing service here: mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and guarantees to provide the same level of data protection as the EU (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The email marketing service is used on the basis of our legitimate interests as per Art. 6 para. 1 lit. f GDPR and an order processing contract as per Art. 28 para. 3 p. 1 GDPR.
The newsletter is circulated via the email marketing service IDL Distribution, Klauspeter Hankel GmbH, Isselhorster Str. 259, 33335 Gütersloh, Germany. You can view the data protection policy of the email marketing service here: https://www.idl-distribution.de/datenschutzerklaerung.html. The email marketing service is used on the basis of our legitimate interests as per Art. 6 para. 1 lit. f GDPR and an order processing contract as per Art. 28 para. 3 p. 1 GDPR.
The email marketing service can use the recipient’s data in pseudonymous form, i.e. without matching it with a user, to optimise or improve its own services, e.g. use it for technical optimisation of the circulation and display of the newsletters or for statistical purposes. The email marketing service, however, does not use the data of our newsletter recipients to write to them itself or share data with third parties.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is accessed by our server or, if we use an email marketing service, their server, when the newsletter is opened. As part of this access, firstly technical information, such as information about the browser and your system, as well as your IP address and time of access is collected.
This information is used for technical improvement of the services using the technical data or the target groups and their reading habits using their access locations (which can be determined using the IP address) or the access times. The statistical information collected also indicates whether the newsletters are opened, when they are opened and which links were clicked. This information can be matched to individual newsletter recipients for technical reasons. However, neither we nor the email marketing service if used, aim to monitor individual users. Rather, the evaluations serve to show us the reading habits of our users and allow us to adapt our contents to them or issue different contents according to the interests of our users.
Google is certified under the Privacy Shield agreement and thus guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google shall use this information on our behalf to evaluate use of our online services by the users, to compile reports about activities within these online services and to provide us with other services associated with use of these online services and internet use. This might involve creating pseudonymous usage profiles of users from the processed data.
We only use Google Analytics with active IP anonymisation. This means that the IP addresses of the users are shortened by Google within member states of the European Union or in other contracting states to the agreement on the European Economic Area. The full IP address will only be sent to one of Google’s servers in the USA and shortened there in exceptional cases.
The IP address sent by the user’s browser is not merged with other data by Google. Users can suppress the cookies using the relevant setting in their browser software; users can also stop the collection of the data generated by the cookie and related to their use of the online services for Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information about Google’s use of data, setting and objection options can be found on Google’s webpages: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).
Based on our legitimate interests in the analysis, optimisation and economic operation of our online services and for these purposes, the so-called “Facebook pixel" of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are registered in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used within our online services.
Facebook is certified under the Privacy Shield agreement and thus guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The Facebook pixel allows Facebook on the one hand to identify visitors to our online services as a target group for displaying advertisements (“Facebook ads”). Accordingly, we use the Facebook pixel to advertise through the Facebook ads activated by us only to those Facebook users, who have also shown interest in our online services or who display certain characteristics (e.g. interest in certain topics or products based on the websites visited), which we send to Facebook (“custom audiences”). We would also like to ensure by using the Facebook pixel that our Facebook ads match the potential interest of users and are not irritating. Using the Facebook pixel also helps us to understand the effectiveness of Facebook advertisements for statistical and market research purposes by allowing us to see whether users have been redirected to our website after clicking on a Facebook advertisement (known as “conversion”).
Data is processed by Facebook within the scope of Facebook’s data policy. Corresponding general information about displaying Facebook ads in Facebook’s data policy: https://www.facebook.com/policy.php. Special information and details about the Facebook pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
You can object to the collection of your data by the Facebook pixel and its use to show Facebook ads. To set which type of advertisements are shown to you on Facebook, open your Facebook page and there follow the instructions for usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they apply to all devices, including desktop computers and mobile devices.
We have online profiles in social networks and platforms to allow us to communicate with the customers, interested parties and users active there and to inform them about our services. When the respective networks and platforms are accessed, the terms and conditions of business and the data processing guidelines of the respective operators apply.
Unless otherwise stated in our data protection statement, we process users’ data insofar as they communicate with us on social networks and platforms, e.g. write posts on our online profiles or send us messages.
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services in the sense of Art. 6 para. 1 lit. f. GDPR), we use content and service products of third party providers in our online services to incorporate their contents and services, for example, videos or fonts (hereinafter referred to collectively as “contents”).
This always requires that the third-party suppliers of these contents know the user’s IP address, as they would not be able to send the contents to their browser without the IP address. The IP address is, therefore, required to display these contents. We strive to use only contents provided by suppliers who will only use the IP address to deliver the contents. Third-party suppliers may also use pixel tags (invisible images also known as “web beacons") for statistical or marketing purposes. The “pixel tags" can be used to evaluate information, such as traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can contain, for example, technical information about the browser and operating system, referring websites, visiting times as well as other information about the use of our online services, and can be linked to this type of information from other sources.
We incorporate videos from the “YouTube” platform by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
We incorporate maps from “Google Maps” by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
We incorporate the function for detecting bots, e.g. when data is entered in online forms ("ReCaptcha") by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services in the sense of Art. 6 para. 1 lit. f. GDPR), we use social plugins (“plugins") of the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interactive elements or contents (e.g. videos, images or text posts) and can be identified by one of the Facebook logos (white “f” on blue tile, "Like", or a “thumbs up” sign) or include the suffix "Facebook social plugin". You can view the list and appearance of Facebook social plugins here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement and thus guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a function of these online services containing this type of plugin, his device will connect directly to the Facebook servers. Facebook sends the content of the plugin directly to the user’s device and it is incorporated into the online services. Usage profiles of users could be created from the processed data. We, therefore, have no influence over the scope of data collected by Facebook using this plugin and can, therefore, only inform the user of what we know.
By incorporating the plugin, Facebook receives information that a user has accessed the respective page of the online services. If the user is logged into Facebook, Facebook can match the visit to his Facebook account. If users interact with the plugins, for example, click Like or write a comment, the relevant information is sent from your device directly to Facebook and saved there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save his IP address. According to Facebook only anonymised IP addresses are saved in Germany.
For the purpose and scope of the data collection and further processing and use of the data by Facebook as well as rights in this respect and setting options to protect the user’s privacy, please see Facebook’s data privacy statement: https://www.facebook.com/about/privacy/.
If a user is a member of Facebook and does not want Facebook to collect data about him via these online services and link it to his membership data saved by Facebook, he must log out of Facebook and delete his cookies before using our online services. Other settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they apply to all devices, including desktop computers and mobile devices.
Our online services may incorporate functions and contents of the Twitter service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, contents such as images, videos or text and buttons, which the user can use to express their liking of the contents to the authors of the contents or subscribe to our posts. If the users are members of the Twitter platform, Twitter can match access to the aforementioned contents and functions with the user profiles there. Twitter’s data protection statement: https://twitter.com/de/privacy. Twitter is certified under the Privacy Shield agreement and thus guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
). Data protection statement: twitter.com/de/privacy, opt-out:https://twitter.com/personalization.
Our online services may incorporate functions and contents of the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, contents such as images, videos or text and buttons, which the user can use to express their liking of the contents to the authors of the contents or subscribe to our posts. If the users are members of the Instagram platform, Instagram can match access to the aforementioned contents and functions with the user profiles there. Instagram’s data protection statement: http://instagram.com/about/legal/privacy/.
Our online services may incorporate functions and contents of the Xing service provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, contents such as images, videos or text and buttons, which the user can use to express their liking of the contents to the authors of the contents or subscribe to our posts. If the users are members of the Xing platform, Xing can match access to the aforementioned contents and functions with the user profiles there. Xing’s data protection statement: https://www.xing.com/app/share?op=data_protection..
Our online services may incorporate functions and contents of the LinkedIn service provided by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, contents such as images, videos or text and buttons, which the user can use to express their liking of the contents to the authors of the contents or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can match access to the aforementioned contents and functions with the user profiles there. LinkedIn’s data protection statement: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield agreement and thus guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
). Data protection statement: www.linkedin.com/legal/privacy-policy, opt-out:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
If you have further questions about our data protection information and how your personal data is processed, please contact us at datenschutz[at]sewerin[dot]com.