The entity responsible for the collection, processing and use of your personal data within the scope of Art. 4 No. 7 DSGVO (German General Data Protection Regulation) is
Am Biopark 13
Represented by Franz Xaver Auer
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the person responsible.
Data for the Fulfilment of Our Contractual Obligations /
General Deletion Periods
We process personal data that we require to fulfil our contractual obligations, such as a name, address, e-mail address, ordered products, invoice and payment data. The collection of these data is necessary to conclude the contract. The data will be deleted after expiry of the warranty periods and statutory retention periods. The legal basis for processing these data is Art. 6 para. 1 sentence 1 b) DSGVO because these data are required by us in order to fulfil our contractual obligations towards you.
Unless specifically stated otherwise, we only store personal data for as long as this is necessary to fulfil the purposes pursued.
In some cases, legislation stipulates the retention of personal data, for example, in tax or commercial law. In these cases, the data will only continue to be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after expiry of the legal retention period.
Hosting and Log Files
When you access our websites, the browser being used on your end device transmits a series of data, some of which are stored by our hosting provider in log files, automatically and without your intervention.
In the process, the following information is recorded
- The IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Status code, number of bytes transmitted
- Referrer URL (web address from which you have visited our domain)
We are not able to use the IP address to directly trace back information to you. Nevertheless the IP address is generally regarded as a personal characteristic. Our hosting provider anonymises the IP address after seven days at the latest; the log data provided to us by the hosting provider generally only contains anonymised IP addresses.
We and/or our hosting provider use this protocol data, without tracing them back to you or other profiling for statistical evaluations, for the purpose of the operation, security and optimization of our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO.
If you contact us (e.g. via contact form or e-mail), we will process your data for handling the enquiry as well as in the event that follow-up questions arise. If data processing is carried out in order to perform pre-contractual measures, which are performed at your request, or, if you are already our customer, in order to perform the contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 b) DSGVO. We only process other personal data if you give your consent (Art. 6 para. 1 sentence 1 a) DSGVO) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 f) DSGVO). A legitimate interest is, for example, to reply to your e-mails.
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
This analysis tool is used on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/
On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 month. For details, please click the following link: https://support.google.com/analytics/answer/7667196?hl=en
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. However, we would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible. To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the state of the art of technology. We also do not guarantee that our offer will be available at certain times; disturbances, interruptions or failures cannot be ruled out. The servers/storage systems used by us are regularly and carefully backed up.
Transfer of data to third parties, no data transfer to non-EU countries
In principle, we use your personal data only within our company.
If and to the extent that we involve third parties in the fulfilment of contracts (e.g. logistics service providers), they will only receive personal data to the extent that transmission is necessary for the corresponding service. In the event that we outsource certain parts of data processing (“order processing”), we contractually oblige data processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
Any transfer of data to entities or persons outside the EU, not including the case mentioned in this statement under “YouTube”, shall not take place and is not planned.
Your Rights As Data Subject
Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in paragraph 1. Below you will find an overview of your rights.
Right to Confirmation And Information
You have the right to receive clear information about the processing of your personal data.
You have the right to obtain confirmation from us at any time as to whether personal data pertaining to you is being processed. If this is the case, you have the right to request from us, free of charge, information about the personal data stored about you together with a copy of these data. Furthermore, there is a right to the following information:
- The processing purposes;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right of rectification or erasure of personal data relating to you or of a right of opposition to or restriction of the processing by the responsible entity;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from you, all available information about the origin of the data;
- the existence of automated decision-making, including profiling, in accordance with Art. 22, paras. 1 and 4 DSVGO and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate guarantees under Art. 46 DSGVO in connection with the transfer.
Right of Rectification
You have the right to ask us to correct and, if necessary, provide complete personal data pertaining to you.
You have the right to ask us to correct incorrect personal data pertaining to you without delay. Taking into account the purposes of processing, you have the right to request that incomplete personal data be made complete, including by means of a supplementary declaration.
Right of Cancellation (“Right To Be Forgotten”)
In a number of cases we are obliged to delete personal data pertaining to you.
Pursuant to Art. 17 para. 1 DSGVO, you have the right to demand that we delete personal data relating to you without delay, and we are obliged to delete personal data without delay if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 a) DSGVO or Art. 9 para. 2 a) DSGVO and there is no other legal basis for processing.
- You object to processing pursuant to Art. 21 para. 1 DSGVO and there are no legitimate reasons for processing, or you object to processing pursuant to Art. 21 para. 2 DSGVO.
- The personal data were processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under union law or the law of the Member States to which we are subject.
- The personal data were collected in relation to information society services offered in accordance with Art. 8 para. 1 DSGVO.
If we have made the personal data public and are obliged to delete them pursuant to Art. 17 para. 1 DSGVO, we will take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to these personal data or copies or replications of these personal data.
Right to Restrict Processing
In a number of cases, you are entitled to ask us to restrict the processing of your personal data.
You have the right to demand that we restrict processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by you, for a period of time that allows us to verify the accuracy of the personal data
- Processing is unlawful and you refused the deletion of the personal data and instead requested the restriction of the use of the personal data
- We no longer need the personal data for the purposes of the processing, but you need the data to assert, exercise or defend legal claims
- You have lodged an objection to processing in accordance with Art. 21 para. 1 DSGVO, as long as it is not yet clear whether the legitimate reasons of our company outweigh your own reasons
Right to Data Transferability
You have the right to receive, transmit or have us transmit personal data pertaining to you in machine-readable form.
You have the right to receive the personal data pertaining to you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer these data to another responsible person or entity without hindrance from us, provided that
- processing is based on consent pursuant to Art. 6 para. 1 sentence 1 a) DSGVO or Art. 9 para. 2 a) DSGVO or on a contract pursuant to Art. 6 para. 1 sentence 1 b) DSGVO and
- processing is carried out using automated procedures.
When exercising your right to data transfer in accordance with paragraph 1, you have the right to request that the personal data be transferred directly from us to another responsible party, insofar as this is technically feasible.
Right of Objection
You have the right to object to the lawful processing of your personal data by us if this is justified by your particular situation and if our interests in processing do not outweigh your own interests.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6 paragraph 1 sentence 1 e) or f) FADP; this also applies to profiling based on these provisions. We no longer process the personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.
If personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
You have the right to object, for reasons arising from your particular situation, to the processing of personal data pertaining to you which is carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1 of the DSGVO, unless processing is necessary for the performance of a task carried out in the public interest.
Automated Decisions, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. There shall be no automated decision making on the basis of the personal data collected.
Right To Revoke Data Protection Consent
You have the right to revoke your consent to processing your personal data at any time.
Right of Appeal to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of employment or place of suspected infringement, if you view processing of personal data pertaining to you to be unlawful.