This Data Protection Statement briefs you on the type, scope and purpose of the processing of personal data (hereinafter referred to as “the data”) within our online offer and its associated websites, functions and content as well as external online presences, such as e.g. your social media profiles (hereinafter referred to jointly as “the online offer”). As far as the use of certain terminology goes, such as e.g. the terms “personal data” or “processing,” we refer you to the recital of definitions in Art. 4, German Data Protection Regulation (GDPR).
CONTROLLER:
Revaler Straße 32 PE GmbH
Bleibtreustraße 24
10707 Berlin
Germany
Commercial register no.: HRA55093 B
Managing Director: Townscape Holding GmbH, Gateway Neunte GmbH
Phone number: +49 30-754 457 23
E-mail address: info@townscape.de
TYPE OF PROCESSED DATA:
Factual data (e. g. names, addresses).
Contact data (e. g. e-mail address, phone numbers).
Content data (e. g. text input, photos, videos).
Meta/communication data (e.g. device information, IP addresses).
PROCESSING DATA OF SPECIAL CATEGORIES (ART. 9, SEC. 1, GDPR):
No data belonging to special categories are processed.
CATEGORIES OF DATA SUBJECTS:
Visitors and users of the online service.
Below, we may also refer to data subjects collectively as “users.”
PROCESSING PURPOSE:
Responding to contact requests and communication with users
Marketing, advertising and market research
Security measures
As of: 04/12/2019
1. RELEVANT LEGAL BASIS
In accordance with Art. 13, GDPR, we are hereby briefing you on the legal basis of our data processing. Whenever no other lawful basis is specified in the Data Protection Statement, the following shall apply: The lawful bases for obtaining consent are Art. 6, Sec. 1, Lit. a and Art. 7, GDPR, while the lawful basis for processing data in order to deliver our services and to perform contractually agreed measures as well as to answer queries is Art. 6, Sec. 1, Lit. b, GDPR, the lawful basis for meeting our legal obligations is Art. 6, Sec. 1, Lit. c, GDPR, and the lawful basis for data processing to protect our legitimate interests is Art. 6,Sec. 1, Lit. f, GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6, Sec. 1, Letter d, GDPR, serves as lawful basis.
2. AMENDMENTS AND UPDATES OF THE DATA PROTECTION STATEMENT
We would like to ask you to stay up to date on the content of our Data Protection Statement. We will update the Data Protection Statement as soon as any changes in the way we process user data necessitates an update. We will notify you whenever such amendments require an act of cooperation on your part (e.g. consent) or any other personal notification.
3. SECURITY MEASURES
In accordance with Art. 32, GDPR, we take adequate technical and organisational measures to ensure a level of protection proportionate to a given risk, taking into account the technological state of the art, the implementation costs and the nature, scope, circumstances and purposes of processing as well as any difference in probability of occurrence and severity of the risk to the rights and freedoms of natural persons; the measures include specifically the protection of the confidentiality, integrity and availability of your data by controlling physical access to the data and by controlling the retrieval, input, forwarding, availability protection and separation of these data. Moreover, we set up procedures which ensure that data subjects may exercise their rights while also ensuring the deletion of data and a response to any endangerment of the data. Moreover, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and through privacy-friendly settings (Art. 25, GDPR).
Security measures include specifically the encrypted transmission of data between your browser and our server.
4. COLLABORATION WITH COMMISSIONED DATA PROCESSORS AND THIRD PARTIES
4.1. If we, within the scope of our data processing, disclose data to other persons and companies (commissioned data processors or third parties), transfer such data to them or otherwise grant them access to the data, we will do so exclusively on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6, Sec. 1, Lit. b, GDPR, is required for the contract performance), if you have consented to it, if a legal obligation mandates it, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. In the event that we commission third parties to process data on the basis of a so-called “order processing contract,” such processing shall be done on the basis of Art. 28, GDPR.
5. TRANSFERS TO THIRD COUNTRIES
If we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA] or if this is done in the context of using third party services or of the disclosure or transfer of data to third parties, we will do so only for the purpose of fulfilling our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Even with legal or contractual permissions in place, we will process, or let someone process, data in a third country only if the specific prerequisites under Articles 44+, GDPR, are met. This means that processing will take place e.g. on the basis of specific guarantees, such as the officially recognised establishment of a level of data protection equivalent to that of the EU (e.g. via the “Privacy Shield” in the United States) or compliance with officially recognised specific contractual obligations (“standard contractual clauses”).
6. RIGHTS OF THE DATA SUBJECTS
6.1. Pursuant to Art. 15, GDPR, you have the right to request confirmation as to whether the data at issue will be processed, and to be notified about the data processing, and to receive detailed information and a copy of such data.
6.2. Pursuant to Art. 16, GDPR, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
6.3. Pursuant to Art. 17, GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18, GDPR.
6.4. Pursuant to Art. 20, GDPR, you have the right to request the data concerning you that you disclosed to us and to demand that they be transferred to other controllers.
6.5. Pursuant to Art. 77, GDPR, you also have the right to file a complaint with the competent supervisory authority.
7. RIGHT OF REVOCATION
Pursuant to Art. 7, Sec. 3, GDPR, you have the right to revoke with effect for the future any consent that you granted.
8. RIGHT TO OBJECT
Pursuant to Art. 21, GDPR, you may object to future processing of the data concerning you at any time. In particular, you may object to the processing of your data for direct advertising purposes.
9. COOKIES AND THE RIGHT TO OBJECT TO DIRECT ADVERTISING
We use both temporary and permanent cookies, i.e. small files that are stored on a user’s endpoint (for an explanation of the term and its function, see the last section of this Data Protection Statement). Some of the cookies serve security purposes or are required for the operation of our online offer (e.g., for the display of the website) or to save the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, about which users are briefed in the relevant section of this Data Protection Statement. For a large number of services, especially with respect to tracking, you can generally opt out of the use of cookies for online marketing purposes on the page http://www.aboutads.info/choices/ for the United States or on the page http://www.youronlinechoices.com/ for the European Union. In addition, you can keep cookies from being saved by disabling the relevant settings of your browser. Please note that you will not be able to use all features of this online offer after disabling these settings.
10. DELETION OF DATA
10.1. The data processed by us will be deleted or else have their processing restricted as specified in Articles 17 and 18, GDPR. Unless expressly stated within the scope of this Data Protection Statement, the data stored by us will be deleted once they are no longer required for their intended purpose and assuming their deletion does not conflict with any statutory retention obligations. Unless the data are deleted because they are required for other and legally permissible purposes, their processing will be restricted. Accordingly, the data are blocked and not processed for any other purpose. This applies, e.g., to data that must be retained for commercial or fiscal law reasons.
10.2. Pursuant to legal requirements, data retention specifically for 6 years is mandated by Art. 257, Sec. 1, German Commercial Code (account books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) while a 10-year retention period is mandated by Art. 147, Sec. 1, German Fiscal Code (accounts, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
11. PERFORMANCE OF CONTRACTUAL SERVICES
11.1. Data we process include inventory data (e. g., names and addresses as well as the contact data of users), contract data (e.g., services used, names of contact persons, payment details) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6, Sec. 1, Lit. b, GDPR. In online forms, entries marked as mandatory are required to conclude a given contract.
If you register with our website, sign in from time to time, and use our online services, we will store your IP address and the time of your respective user action. The legal basis for storing them is provided by our legitimate interests as well as by your legitimate interest as user to be protected against misuse and other unauthorised use. The data are principally not passed on to third parties unless doing so is necessary to enforce our claims or unless there is a legal obligation to do so pursuant to Art. 6, Sec. 1, Lit. c, GDPR.
11.2. Your data will be deleted after the expiry of any legal warranty and comparable obligations, with the necessity of retaining the data reviewed every three years; in the case of statutory archiving obligations, they will be deleted after their expiry (the retention obligations ending after 6 years under commercial law and after 10 years under fiscal law); details that are saved in your customer account will be retained until the account itself is deleted.
12. CONTACTING US
12.1. Whenever a user contacts us (using the contact form or via e-mail), the user’s disclosures will be processed pursuant to Art. 6, Sec. 1, Lit. b, GDPR, so as to process the contact request and its object.
12.2. The disclosures made by users may be stored in our Customer Relationship Management System (“CRM system”) or by a comparable organisation handling such inquiries on our behalf.
12.3. We delete all requests for information whose details are no longer required. We check whether or not they continue to be required every two years; inquiries by customers with a customer account are permanently saved; if you wish to delete the data, please check the section about client accounts. In the case of statutory archiving obligations, they will be deleted after their expiry (the retention obligations ending after 6 years under commercial law and after 10 years under fiscal law).
13. COLLECTION OF ACCESS DATA AND LOG FILES
13.1. Based on our legitimate interests within the meaning of Art. 6, Sec. 1, Lit. f, GDPR, we collect data every time the server hosting a given service is accessed (so-called server log files). Access data include the name of the website accessed, file, date and time of access, the data quantity transferred, the notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
13.2. Log file information is stored for security reasons (e.g. to clarify acts of misuse or fraud) for a maximum of seven days and thereafter deleted. Data whose further retention is required for evidence purposes are exempt from deletion until the respective incident has been finally clarified.
14. ONLINE PRESENCE IN SOCIAL MEDIA
14.1. Based on our legitimate interests within the meaning of Art. 6, Sec. 1, Lit. f, GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to brief them there on our services. Accessing the respective networks and platforms is subject to the terms and conditions and data processing policies of their respective operators.
14.2. Unless otherwise stated in our Data Protection Statement, we will process the data of users whenever they communicate with us on social networks and platforms, e.g. by posting on our online presences or by sending us messages.
15. COOKIES & REACH MEASUREMENT
15.1. Cookies are pieces of information transmitted from our web server or from third-party web servers to the users’ web browsers and stored there for later retrieval. Cookies can take the form of small files or other means of information storage.
15.2. Within the scope of this Data Protection Statement, users are briefed on the use of cookies in the context of pseudonymous reach measurement.
15.3. If users prefer not to have cookies stored on their endpoints, they will be asked to disable the relevant option in the system settings of their browsers. Cookies already stored can also be deleted via the system settings of the browser used. Opting out of the use of cookies can restrict certain features of this online offer.
15.4. You can opt out of the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally via an analogous US-based (http://www.aboutads.info/choices) or European (http://www.youronlinechoices.com/uk/your-ad-choices/) website.
16. GOOGLE ANALYTICS
16.1. We use Google Analytics, a web analysis service of Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online presence within the meaning of Art. 6, Sec. 1, Lit. f, GDPR). Google uses cookies. The information generated by the cookie about your use of the online presence will generally be transmitted to and stored by Google on servers in the United States.
16.2. Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
16.3. Google will use this information on our behalf to analyse the use of our online services by users, to compile reports on the activities within this online presence and to provide other services associated with the use of this online presence and the use of the Internet for us. The processed data may be used to create a pseudonymous use profile of each user.
16.4. We exclusively use Google Analytics with IP anonymisation enabled. This means that Google will truncate your IP address in advance within any member state of the European Union or within any member state of the Treaty on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and truncated there.
16.5. The IP address submitted by your browser will not be matched with other data by Google. Users can prevent the storage of cookies by changing their browser software settings accordingly; in addition, users can keep Google from collecting the data generated by the cookie and related to their use of the online presence and moreover keep Google from processing this data by downloading and installing the opt-out browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
16.6. For more information on the use of data by Google as well as your options to customise settings and raise objections, go to these websites of Google: https://www.google.com/intl/de/policies/privacy/partners (“Data Use by Google When You Use Our Partners’ Websites or Apps”), https://policies.google.com/technologies/ads (“Data Use for Advertising Purposes”) and https://adssettings.google.com/authenticated (“Manage Information that Google Uses to Serve Ads to You”).
16.7. Aside from the foregoing, the personal data will be anonymised or deleted at the end of a 14-month period.
17. INTEGRATION OF THIRD PARTY SERVICES AND CONTENT
17.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation of our online offer within the meaning of Art. 6, Sec. 1, Lit. f, GDPR), we employ content or service offers of third-party providers as part of our online offer in order to integrate their content and services, such as e.g. videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the user’s IP address is disclosed to third-party providers of such services because they would not be able to send the services to that user’s browser without that IP address. In other words, the IP address is necessary to display the aforesaid content. We strive to use only services whose respective providers use the IP address exclusively for the delivery of content. Moreover, third-party providers may use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may moreover be stored in cookies on the user’s endpoint and may contain, inter alia, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, and it may also be linked with analogous information from other sources.