The protection of your personal data is very important to us. We have compiled the following information to inform you about the about the nature, extent and purpose of the processing of personal data (hereinafter referred to as “data”) within your use of our website as well as the functions and content contained in the website, your rights and possibilities for contacting us to ask any questions.
Regarding the terms used, e.g. “processing” or “controller”, we refer you to the definitions listed in Article 4 of the General Data Protection Regulation (GDPR) [Datenschutzgrundverordnung (DSGVO)]. We collect, process and use your personal data in full compliance with these data protection rules and regulations. We therefore ask you to read the following information carefully, and if you have any queries to contact our controller.
1. General / Contact / Rights
Responsible controller in terms of data protection law, in particular the EU General Data Protection Regulation (GDPR) (Datenschutzgrundverordnung: DSGVO):
You can contact us or our data protection officer under these contact data or via firstname.lastname@example.org at any time if you wish to exercise the following rights.
You have the right to
- information about any of your personal data that we have stored and processed (Art. 15 GDPR),
- rectification of incorrect personal data (Art. 16 GDPR),
- erasure of your data which we have stored (Art. 17 GDPR),
- restriction of the processing of your data, in the case that we are not yet permitted to erase your data because of legal requirements (Art. 18 GDPR),
- objection to the processing of your data by us (Art. 21 GDPR)
- data portability if you have consented to data processing or have concluded a contract with us. (Art. 20 GDPR).
You can withdraw the consent granted in connection with the use of your personal data at any time with future effect. You also have the right to lodge a complaint with the responsible data protection authority, e.g. with the data protection authority of the federal state in which you live or with the authority responsible for our company.
A list of data protection authorities (for the private sector) and their addresses is given under: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
2. Definition of Terms
“Personal Data”means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing”means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This term is broad in scope. Practically it refers to handling of data by any means.
“Pseudonymisation”means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling”means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Controller”means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor”means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient”means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
“Third party”means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent”of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her and that these data are sufficiently and clearly known;
“Restriction of processing”means the marking of stored personal data with the aim of limiting their processing in the future.
“Cookies”are small text files which are stored on each user’s computer. Cookies can store different types of data. Their main purpose is to store data relating to the user (or the device on which the cookie is stored) during and sometimes after the user has visited a website. Cookies usually contain the name of the domain from which the cookie data are sent and information about the age of the cookies and an alphanumerical identifier. Cookies enable our systems to recognise the user’s device and immediately provide any previous settings entered by the user. There are different types of cookie:
- Temporary cookies, also known as “session cookies” or “transient cookies”, are cookies which are erased after the user has left a website and closed the browser. These cookies may, for instance, contain the items in shopping cart/basket or a login status.
- “Permanent” or “persistent” cookies remain stored after the user has closed the browser. This may be, for example, a login status that continues even if the user does not visit the website again until a few days later. These cookies can also store the user’s preferences, for example to enable reach measurement analysis or for marketing purposes.
- A “third-party cookie” is one that is placed on the user's hard disk by a website from a domain other than the one the user is visiting.
3. Legal Bases
We also wish to inform you about the most important legal bases for the processing of your data. This list is not complete, its purpose is to give you a basic understanding. If you require information regarding specific legal issues, please refer to the full text of the relevant laws, e.g. the GDPR (EU law which is effective in German Federal Law), the BDSG (German Federal Data Protection Law), the TMG (German Federal Telemedia Law) and other or supplementary regulations. This obligation to provide information is contained in Art. 13, Paragraph 1 lit c GDPR, which stipulates that users of our website must be informed about the legal bases for our data processing.
If no specific legal basis is given in the data protection statement, the following legal bases apply:
- Regarding consent: Art. 6, Paragraph 1 lit. a and Art. 7 GDPR. This applies, for example, to the processing of data you have entered in the contact form (see below).
- Regarding processing of data to enable us to carry out our services and implement pre-contractual measures as well as reply to inquiries: Art. 6, Paragraph 1 lit. b GDPR. Regarding processing of data to enable us to comply with legal obligations: Art. 6, Paragraph 1 lit. c GDPR, and protect our legitimate interests: Art. 6 paragraph 1 lit. f GDPR. If data processing is necessary to protect the vital interests of the data subject or another natural person, this is performed in accordance with Art. 6, Paragraph 1 lit. d GDPR.
4. Requests for Quotes / Information
The use of our contact form is voluntary. The data you enter in the contact form are stored for the purpose of carrying out the communication you have requested on an individual basis. For this you must give us a valid email address and your name. These data serve to co-ordinate your inquiry and the reply to it. Submission of any further data is optional. The contact form provides an uncomplicated method of contacting us. The personal data you enter in the form is stored for the purpose of processing your inquiry and any further questions which may arise. If you contact us to obtain a quote for our services, the data in the contact form is processed to enable us to implement pre-contractual measures (Art. 6, Paragraph 1 lit. b GDPR). We and our processors are the recipients of the contact form data. The data is stored for six months after processing of your inquiry and then erased. If you conclude a contract with us, we are required by law to observe the legal retention periods in accordance with the HGB (German Commercial Code), UstG (German Turnover Tax Act) (VAT Law), AO (Regulation of Taxation) and BGB (German Civil Code). We will erase your data after expiry of these legal retention periods, at the latest after ten years.
Our website uses Google maps. This service is provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter referred to as “Google”). The interactive map enables our website to show you our location and create a route description of how to find us. For specific information about data processing by Google, please see Google’s data protection notice.
There, in the data protection centre you can also change your personal data protection settings. For detailed information and instructions, please click here. The legal basis for integration of Google Maps in our website and the resulting data transfer to Google is your consent (Art. 6 Paragraph 1 lit. a GDPR) by using this function. Google, not Culminasceum GmbH, is the recipient of your data. When you visit our website, Google receives information that you have called up the corresponding sub-page of our website. This happens irrespective of whether Google has provided a user account via which you are logged in, or not. When you are logged in to Google, your data are assigned directly to your account. If you do not wish to have this data assigned to your profile with Google, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for advertising purposes, market research and/or needs-based design of its website. This data evaluation is performed especially (even for users who are not logged in) to provide needs-based advertising and to inform other users in the social network about your activities on our website. You have the right to object to the formation of these usage profiles. To exercise this right, you must send your objection direct to Google.
Special Note: Transfer of Personal Data to Third Countries!
To protect the security of your data during transmission we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
Amendments to Our Data Protection Regulations
We reserve the right to amend our data protection statement if necessary. We make every effort to ensure that it always corresponds to the current legal requirements. Amendments may also be necessary to cover any changes to our services, e.g. if new services are included in our programme. If you visit our website again, the new data protection statement will then be valid.
Your Questions or Remarks:
If you notice any irregularities on our website or have any questions, please do not hesitate to contact us. We make every effort to ensure that our information is up-to-date and easily understood and are glad to receive any appropriate comments which can help us to optimise our website.
If you have any queries concerning data protection or any other aspect of our website please send us an email (email@example.com)or contact our data protection officer direct.