Privacy Policy. 1. Definitions

Transcription

1 Privacy Plicy We are very delighted that yu have shwn interest in ur enterprise. Data prtectin is f a particularly high pririty fr the management f the PhtCde. The use f the Internet pages f the PhtCde is pssible withut any indicatin f persnal data; hwever, if a data subject wants t use special enterprise services via ur website, prcessing f persnal data culd becme necessary. If the prcessing f persnal data is necessary and there is n statutry basis fr such prcessing, we generally btain cnsent frm the data subject. The prcessing f persnal data, such as the name r address f a data subject shall always be in line with the General Data Prtectin Regulatin (GDPR), and in accrdance with the cuntry-specific data prtectin regulatins applicable t the PhtCde. By means f this data prtectin declaratin, ur enterprise wuld like t infrm the general public f the nature, scpe, and purpse f the persnal data we cllect, use and prcess. Furthermre, data subjects are infrmed, by means f this data prtectin declaratin, f the rights t which they are entitled. As the cntrller, the PhtCde has implemented numerus technical and rganizatinal measures t ensure the mst cmplete prtectin f persnal data prcessed thrugh this website. Hwever, Internet-based data transmissins may in principle have security gaps, s abslute prtectin may nt be guaranteed. Fr this reasn, every data subject is free t transfer persnal data t us via alternative means, e.g. by telephne. 1. Definitins The data prtectin declaratin f the PhtCde is based n the terms used by the Eurpean legislatr fr the adptin f the General Data Prtectin Regulatin (GDPR). Our data prtectin declaratin shuld be legible and understandable fr the general public, as well as ur custmers and business partners. T ensure this, we wuld like t first explain the terminlgy used. In this data prtectin declaratin, we use, inter alia, the fllwing terms: a) Persnal data Persnal data means any infrmatin relating t an identified r identifiable natural persn ( data subject ). An identifiable natural persn is ne wh can be identified, directly r indirectly, in particular by reference t an identifier such as a name, an identificatin number, lcatin data, an nline identifier r t ne r mre factrs specific t the

2 physical, physilgical, genetic, mental, ecnmic, cultural r scial identity f that natural persn. b) Data subject Data subject is any identified r identifiable natural persn, whse persnal data is prcessed by the cntrller respnsible fr the prcessing. c) Prcessing Prcessing is any peratin r set f peratins which is perfrmed n persnal data r n sets f persnal data, whether r nt by autmated means, such as cllectin, recrding, rganisatin, structuring, strage, adaptatin r alteratin, retrieval, cnsultatin, use, disclsure by transmissin, disseminatin r therwise making available, alignment r cmbinatin, restrictin, erasure r destructin. d) Restrictin f prcessing Restrictin f prcessing is the marking f stred persnal data with the aim f limiting their prcessing in the future. e) Prfiling Prfiling means any frm f autmated prcessing f persnal data cnsisting f the use f persnal data t evaluate certain persnal aspects relating t a natural persn, in particular t analyse r predict aspects cncerning that natural persn's perfrmance at wrk, ecnmic situatin, health, persnal preferences, interests, reliability, behaviur, lcatin r mvements. f) Pseudnymisatin Pseudnymisatin is the prcessing f persnal data in such a manner that the persnal data can n lnger be attributed t a specific data subject withut the use f additinal infrmatin, prvided that such additinal infrmatin is kept separately and is subject t technical and rganisatinal measures t ensure that the persnal data are nt attributed t an identified r identifiable natural persn. g) Cntrller r cntrller respnsible fr the prcessing

3 Cntrller r cntrller respnsible fr the prcessing is the natural r legal persn, public authrity, agency r ther bdy which, alne r jintly with thers, determines the purpses and means f the prcessing f persnal data; where the purpses and means f such prcessing are determined by Unin r Member State law, the cntrller r the specific criteria fr its nminatin may be prvided fr by Unin r Member State law. h) Prcessr Prcessr is a natural r legal persn, public authrity, agency r ther bdy which prcesses persnal data n behalf f the cntrller. i) Recipient Recipient is a natural r legal persn, public authrity, agency r anther bdy, t which the persnal data are disclsed, whether a third party r nt. Hwever, public authrities which may receive persnal data in the framewrk f a particular inquiry in accrdance with Unin r Member State law shall nt be regarded as recipients; the prcessing f thse data by thse public authrities shall be in cmpliance with the applicable data prtectin rules accrding t the purpses f the prcessing. j) Third party Third party is a natural r legal persn, public authrity, agency r bdy ther than the data subject, cntrller, prcessr and persns wh, under the direct authrity f the cntrller r prcessr, are authrised t prcess persnal data. k) Cnsent Cnsent f the data subject is any freely given, specific, infrmed and unambiguus indicatin f the data subject's wishes by which he r she, by a statement r by a clear affirmative actin, signifies agreement t the prcessing f persnal data relating t him r her. 2. Name and Address f the cntrller Cntrller fr the purpses f the General Data Prtectin Regulatin (GDPR), ther data prtectin laws applicable in Member states f the Eurpean Unin and ther prvisins related t data prtectin is:

4 PhtCde Lle Ribara Pžarevac Serbia Phne: Website: phtcde.c.rs 3. Ckies The Internet pages f the PhtCde use ckies. Ckies are text files that are stred in a cmputer system via an Internet brwser. Many Internet sites and servers use ckies. Many ckies cntain a s-called ckie ID. A ckie ID is a unique identifier f the ckie. It cnsists f a character string thrugh which Internet pages and servers can be assigned t the specific Internet brwser in which the ckie was stred. This allws visited Internet sites and servers t differentiate the individual brwser f the data subject frm ther Internet brwsers that cntain ther ckies. A specific Internet brwser can be recgnized and identified using the unique ckie ID. Thrugh the use f ckies, the PhtCde can prvide the users f this website with mre userfriendly services that wuld nt be pssible withut the ckie setting. By means f a ckie, the infrmatin and ffers n ur website can be ptimized with the user in mind. Ckies allw us, as previusly mentined, t recgnize ur website users. The purpse f this recgnitin is t make it easier fr users t utilize ur website. The website user that uses ckies, e.g. des nt have t enter access data each time the website is accessed, because this is taken ver by the website, and the ckie is thus stred n the user's cmputer system. Anther example is the ckie f a shpping cart in an nline shp. The nline stre remembers the articles that a custmer has placed in the virtual shpping cart via a ckie. The data subject may, at any time, prevent the setting f ckies thrugh ur website by means f a crrespnding setting f the Internet brwser used, and may thus permanently deny the setting f ckies. Furthermre, already set ckies may be deleted at any time via an Internet brwser r ther sftware prgrams. This is pssible in all ppular Internet brwsers. If the data subject deactivates the setting f ckies in the Internet brwser used, nt all functins f ur website may be entirely usable.

5 4. Cllectin f general data and infrmatin The website f the PhtCde cllects a series f general data and infrmatin when a data subject r autmated system calls up the website. This general data and infrmatin are stred in the server lg files. Cllected may be (1) the brwser types and versins used, (2) the perating system used by the accessing system, (3) the website frm which an accessing system reaches ur website (s-called referrers), (4) the sub-websites, (5) the date and time f access t the Internet site, (6) an Internet prtcl address (IP address), (7) the Internet service prvider f the accessing system, and (8) any ther similar data and infrmatin that may be used in the event f attacks n ur infrmatin technlgy systems. When using these general data and infrmatin, the PhtCde des nt draw any cnclusins abut the data subject. Rather, this infrmatin is needed t (1) deliver the cntent f ur website crrectly, (2) ptimize the cntent f ur website as well as its advertisement, (3) ensure the lngterm viability f ur infrmatin technlgy systems and website technlgy, and (4) prvide law enfrcement authrities with the infrmatin necessary fr criminal prsecutin in case f a cyber-attack. Therefre, the PhtCde analyzes annymusly cllected data and infrmatin statistically, with the aim f increasing the data prtectin and data security f ur enterprise, and t ensure an ptimal level f prtectin fr the persnal data we prcess. The annymus data f the server lg files are stred separately frm all persnal data prvided by a data subject. 5. Cntact pssibility via the website The website f the PhtCde cntains infrmatin that enables a quick electrnic cntact t ur enterprise, as well as direct cmmunicatin with us, which als includes a general address f the s-called electrnic mail ( address). If a data subject cntacts the cntrller by r via a cntact frm, the persnal data transmitted by the data subject are autmatically stred. Such persnal data transmitted n a vluntary basis by a data subject t the data cntrller are stred fr the purpse f prcessing r cntacting the data subject. There is n transfer f this persnal data t third parties. 6. Rutine erasure and blcking f persnal data The data cntrller shall prcess and stre the persnal data f the data subject nly fr the perid necessary t achieve the purpse f strage, r as far as this is granted by the Eurpean legislatr r ther legislatrs in laws r regulatins t which the cntrller is subject t.

6 If the strage purpse is nt applicable, r if a strage perid prescribed by the Eurpean legislatr r anther cmpetent legislatr expires, the persnal data are rutinely blcked r erased in accrdance with legal requirements. 7. Rights f the data subject a) Right f cnfirmatin Each data subject shall have the right granted by the Eurpean legislatr t btain frm the cntrller the cnfirmatin as t whether r nt persnal data cncerning him r her are being prcessed. If a data subject wishes t avail himself f this right f cnfirmatin, he r she may, at any time, cntact any emplyee f the cntrller. b) Right f access Each data subject shall have the right granted by the Eurpean legislatr t btain frm the cntrller free infrmatin abut his r her persnal data stred at any time and a cpy f this infrmatin. Furthermre, the Eurpean directives and regulatins grant the data subject access t the fllwing infrmatin: the purpses f the prcessing; the categries f persnal data cncerned; the recipients r categries f recipients t whm the persnal data have been r will be disclsed, in particular recipients in third cuntries r internatinal rganisatins; where pssible, the envisaged perid fr which the persnal data will be stred, r, if nt pssible, the criteria used t determine that perid; the existence f the right t request frm the cntrller rectificatin r erasure f persnal data, r restrictin f prcessing f persnal data cncerning the data subject, r t bject t such prcessing; the existence f the right t ldge a cmplaint with a supervisry authrity; where the persnal data are nt cllected frm the data subject, any available infrmatin as t their surce; the existence f autmated decisin-making, including prfiling, referred t in Article 22(1) and (4) f the GDPR and, at least in thse cases, meaningful infrmatin abut the lgic invlved, as well as the significance and envisaged cnsequences f such prcessing fr the data subject.

7 Furthermre, the data subject shall have a right t btain infrmatin as t whether persnal data are transferred t a third cuntry r t an internatinal rganisatin. Where this is the case, the data subject shall have the right t be infrmed f the apprpriate safeguards relating t the transfer. If a data subject wishes t avail himself f this right f access, he r she may, at any time, cntact any emplyee f the cntrller. c) Right t rectificatin Each data subject shall have the right granted by the Eurpean legislatr t btain frm the cntrller withut undue delay the rectificatin f inaccurate persnal data cncerning him r her. Taking int accunt the purpses f the prcessing, the data subject shall have the right t have incmplete persnal data cmpleted, including by means f prviding a supplementary statement. If a data subject wishes t exercise this right t rectificatin, he r she may, at any time, cntact any emplyee f the cntrller. d) Right t erasure (Right t be frgtten) Each data subject shall have the right granted by the Eurpean legislatr t btain frm the cntrller the erasure f persnal data cncerning him r her withut undue delay, and the cntrller shall have the bligatin t erase persnal data withut undue delay where ne f the fllwing grunds applies, as lng as the prcessing is nt necessary: The persnal data are n lnger necessary in relatin t the purpses fr which they were cllected r therwise prcessed. The data subject withdraws cnsent t which the prcessing is based accrding t pint (a) f Article 6(1) f the GDPR, r pint (a) f Article 9(2) f the GDPR, and where there is n ther legal grund fr the prcessing. The data subject bjects t the prcessing pursuant t Article 21(1) f the GDPR and there are n verriding legitimate grunds fr the prcessing, r the data subject bjects t the prcessing pursuant t Article 21(2) f the GDPR. The persnal data have been unlawfully prcessed. The persnal data must be erased fr cmpliance with a legal bligatin in Unin r Member State law t which the cntrller is subject. The persnal data have been cllected in relatin t the ffer f infrmatin sciety services referred t in Article 8(1) f the GDPR.

8 If ne f the afrementined reasns applies, and a data subject wishes t request the erasure f persnal data stred by the PhtCde, he r she may, at any time, cntact any emplyee f the cntrller. An emplyee f PhtCde shall prmptly ensure that the erasure request is cmplied with immediately. Where the cntrller has made persnal data public and is bliged pursuant t Article 17(1) t erase the persnal data, the cntrller, taking accunt f available technlgy and the cst f implementatin, shall take reasnable steps, including technical measures, t infrm ther cntrllers prcessing the persnal data that the data subject has requested erasure by such cntrllers f any links t, r cpy r replicatin f, thse persnal data, as far as prcessing is nt required. An emplyees f the PhtCde will arrange the necessary measures in individual cases. e) Right f restrictin f prcessing Each data subject shall have the right granted by the Eurpean legislatr t btain frm the cntrller restrictin f prcessing where ne f the fllwing applies: The accuracy f the persnal data is cntested by the data subject, fr a perid enabling the cntrller t verify the accuracy f the persnal data. The prcessing is unlawful and the data subject ppses the erasure f the persnal data and requests instead the restrictin f their use instead. The cntrller n lnger needs the persnal data fr the purpses f the prcessing, but they are required by the data subject fr the establishment, exercise r defence f legal claims. The data subject has bjected t prcessing pursuant t Article 21(1) f the GDPR pending the verificatin whether the legitimate grunds f the cntrller verride thse f the data subject. If ne f the afrementined cnditins is met, and a data subject wishes t request the restrictin f the prcessing f persnal data stred by the PhtCde, he r she may at any time cntact any emplyee f the cntrller. The emplyee f the PhtCde will arrange the restrictin f the prcessing. f) Right t data prtability Each data subject shall have the right granted by the Eurpean legislatr, t receive the persnal data cncerning him r her, which was prvided t a cntrller, in a structured, cmmnly used and machine-readable frmat. He r she shall have the right t transmit

9 thse data t anther cntrller withut hindrance frm the cntrller t which the persnal data have been prvided, as lng as the prcessing is based n cnsent pursuant t pint (a) f Article 6(1) f the GDPR r pint (a) f Article 9(2) f the GDPR, r n a cntract pursuant t pint (b) f Article 6(1) f the GDPR, and the prcessing is carried ut by autmated means, as lng as the prcessing is nt necessary fr the perfrmance f a task carried ut in the public interest r in the exercise f fficial authrity vested in the cntrller. Furthermre, in exercising his r her right t data prtability pursuant t Article 20(1) f the GDPR, the data subject shall have the right t have persnal data transmitted directly frm ne cntrller t anther, where technically feasible and when ding s des nt adversely affect the rights and freedms f thers. In rder t assert the right t data prtability, the data subject may at any time cntact any emplyee f the PhtCde. g) Right t bject Each data subject shall have the right granted by the Eurpean legislatr t bject, n grunds relating t his r her particular situatin, at any time, t prcessing f persnal data cncerning him r her, which is based n pint (e) r (f) f Article 6(1) f the GDPR. This als applies t prfiling based n these prvisins. The PhtCde shall n lnger prcess the persnal data in the event f the bjectin, unless we can demnstrate cmpelling legitimate grunds fr the prcessing which verride the interests, rights and freedms f the data subject, r fr the establishment, exercise r defence f legal claims. If the PhtCde prcesses persnal data fr direct marketing purpses, the data subject shall have the right t bject at any time t prcessing f persnal data cncerning him r her fr such marketing. This applies t prfiling t the extent that it is related t such direct marketing. If the data subject bjects t the PhtCde t the prcessing fr direct marketing purpses, the PhtCde will n lnger prcess the persnal data fr these purpses. In additin, the data subject has the right, n grunds relating t his r her particular situatin, t bject t prcessing f persnal data cncerning him r her by the PhtCde fr scientific r histrical research purpses, r fr statistical purpses pursuant t Article

10 89(1) f the GDPR, unless the prcessing is necessary fr the perfrmance f a task carried ut fr reasns f public interest. In rder t exercise the right t bject, the data subject may cntact any emplyee f the PhtCde. In additin, the data subject is free in the cntext f the use f infrmatin sciety services, and ntwithstanding Directive 2002/58/EC, t use his r her right t bject by autmated means using technical specificatins. h) Autmated individual decisin-making, including prfiling Each data subject shall have the right granted by the Eurpean legislatr nt t be subject t a decisin based slely n autmated prcessing, including prfiling, which prduces legal effects cncerning him r her, r similarly significantly affects him r her, as lng as the decisin (1) is nt is necessary fr entering int, r the perfrmance f, a cntract between the data subject and a data cntrller, r (2) is nt authrised by Unin r Member State law t which the cntrller is subject and which als lays dwn suitable measures t safeguard the data subject's rights and freedms and legitimate interests, r (3) is nt based n the data subject's explicit cnsent. If the decisin (1) is necessary fr entering int, r the perfrmance f, a cntract between the data subject and a data cntrller, r (2) it is based n the data subject's explicit cnsent, the PhtCde shall implement suitable measures t safeguard the data subject's rights and freedms and legitimate interests, at least the right t btain human interventin n the part f the cntrller, t express his r her pint f view and cntest the decisin. If the data subject wishes t exercise the rights cncerning autmated individual decisinmaking, he r she may, at any time, cntact any emplyee f the PhtCde. i) Right t withdraw data prtectin cnsent Each data subject shall have the right granted by the Eurpean legislatr t withdraw his r her cnsent t prcessing f his r her persnal data at any time. If the data subject wishes t exercise the right t withdraw the cnsent, he r she may, at any time, cntact any emplyee f the PhtCde.

11 8. Data prtectin prvisins abut the applicatin and use f Facebk On this website, the cntrller has integrated cmpnents f the enterprise Facebk. Facebk is a scial netwrk. A scial netwrk is a place fr scial meetings n the Internet, an nline cmmunity, which usually allws users t cmmunicate with each ther and interact in a virtual space. A scial netwrk may serve as a platfrm fr the exchange f pinins and experiences, r enable the Internet cmmunity t prvide persnal r business-related infrmatin. Facebk allws scial netwrk users t include the creatin f private prfiles, uplad phts, and netwrk thrugh friend requests. The perating cmpany f Facebk is Facebk, Inc., 1 Hacker Way, Menl Park, CA 94025, United States. If a persn lives utside f the United States r Canada, the cntrller is the Facebk Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbur, Dublin 2, Ireland. With each call-up t ne f the individual pages f this Internet website, which is perated by the cntrller and int which a Facebk cmpnent (Facebk plug-ins) was integrated, the web brwser n the infrmatin technlgy system f the data subject is autmatically prmpted t dwnlad display f the crrespnding Facebk cmpnent frm Facebk thrugh the Facebk cmpnent. An verview f all the Facebk Plug-ins may be accessed under During the curse f this technical prcedure, Facebk is made aware f what specific sub-site f ur website was visited by the data subject. If the data subject is lgged in at the same time n Facebk, Facebk detects with every call-up t ur website by the data subject and fr the entire duratin f their stay n ur Internet site which specific sub-site f ur Internet page was visited by the data subject. This infrmatin is cllected thrugh the Facebk cmpnent and assciated with the respective Facebk accunt f the data subject. If the data subject clicks n ne f the Facebk buttns integrated int ur website, e.g. the "Like" buttn, r if the data subject submits a cmment, then Facebk matches this infrmatin with the persnal Facebk user accunt f the data subject and stres the persnal data. Facebk always receives, thrugh the Facebk cmpnent, infrmatin abut a visit t ur website by the data subject, whenever the data subject is lgged in at the same time n Facebk during the time f the call-up t ur website. This ccurs regardless f whether the data subject clicks n the Facebk cmpnent r nt. If such a transmissin f infrmatin t Facebk is nt

12 desirable fr the data subject, then he r she may prevent this by lgging ff frm their Facebk accunt befre a call-up t ur website is made. The data prtectin guideline published by Facebk, which is available at prvides infrmatin abut the cllectin, prcessing and use f persnal data by Facebk. In additin, it is explained there what setting ptins Facebk ffers t prtect the privacy f the data subject. In additin, different cnfiguratin ptins are made available t allw the eliminatin f data transmissin t Facebk. These applicatins may be used by the data subject t eliminate a data transmissin t Facebk. 9. Data prtectin prvisins abut the applicatin and use f Ggle Analytics (with annymizatin functin) On this website, the cntrller has integrated the cmpnent f Ggle Analytics (with the annymizer functin). Ggle Analytics is a web analytics service. Web analytics is the cllectin, gathering, and analysis f data abut the behavir f visitrs t websites. A web analysis service cllects, inter alia, data abut the website frm which a persn has cme (the s-called referrer), which sub-pages were visited, r hw ften and fr what duratin a sub-page was viewed. Web analytics are mainly used fr the ptimizatin f a website and in rder t carry ut a cst-benefit analysis f Internet advertising. The peratr f the Ggle Analytics cmpnent is Ggle Inc., 1600 Amphitheatre Pkwy, Muntain View, CA , United States. Fr the web analytics thrugh Ggle Analytics the cntrller uses the applicatin "_gat. _annymizeip". By means f this applicatin the IP address f the Internet cnnectin f the data subject is abridged by Ggle and annymised when accessing ur websites frm a Member State f the Eurpean Unin r anther Cntracting State t the Agreement n the Eurpean Ecnmic Area. The purpse f the Ggle Analytics cmpnent is t analyze the traffic n ur website. Ggle uses the cllected data and infrmatin, inter alia, t evaluate the use f ur website and t prvide nline reprts, which shw the activities n ur websites, and t prvide ther services cncerning the use f ur Internet site fr us. Ggle Analytics places a ckie n the infrmatin technlgy system f the data subject. The definitin f ckies is explained abve. With the setting f the ckie, Ggle is enabled t analyze the use f ur website. With each call-up t ne f the individual pages f this Internet

13 site, which is perated by the cntrller and int which a Ggle Analytics cmpnent was integrated, the Internet brwser n the infrmatin technlgy system f the data subject will autmatically submit data thrugh the Ggle Analytics cmpnent fr the purpse f nline advertising and the settlement f cmmissins t Ggle. During the curse f this technical prcedure, the enterprise Ggle gains knwledge f persnal infrmatin, such as the IP address f the data subject, which serves Ggle, inter alia, t understand the rigin f visitrs and clicks, and subsequently create cmmissin settlements. The ckie is used t stre persnal infrmatin, such as the access time, the lcatin frm which the access was made, and the frequency f visits f ur website by the data subject. With each visit t ur Internet site, such persnal data, including the IP address f the Internet access used by the data subject, will be transmitted t Ggle in the United States f America. These persnal data are stred by Ggle in the United States f America. Ggle may pass these persnal data cllected thrugh the technical prcedure t third parties. The data subject may, as stated abve, prevent the setting f ckies thrugh ur website at any time by means f a crrespnding adjustment f the web brwser used and thus permanently deny the setting f ckies. Such an adjustment t the Internet brwser used wuld als prevent Ggle Analytics frm setting a ckie n the infrmatin technlgy system f the data subject. In additin, ckies already in use by Ggle Analytics may be deleted at any time via a web brwser r ther sftware prgrams. In additin, the data subject has the pssibility f bjecting t a cllectin f data that are generated by Ggle Analytics, which is related t the use f this website, as well as the prcessing f this data by Ggle and the chance t preclude any such. Fr this purpse, the data subject must dwnlad a brwser add-n under the link and install it. This brwser add-n tells Ggle Analytics thrugh a JavaScript, that any data and infrmatin abut the visits f Internet pages may nt be transmitted t Ggle Analytics. The installatin f the brwser add-ns is cnsidered an bjectin by Ggle. If the infrmatin technlgy system f the data subject is later deleted, frmatted, r newly installed, then the data subject must reinstall the brwser add-ns t disable Ggle Analytics. If the brwser add-n was uninstalled by the data subject r any ther persn wh is attributable t their sphere f cmpetence, r is disabled, it is pssible t execute the reinstallatin r reactivatin f the brwser add-ns. Further infrmatin and the applicable data prtectin prvisins f Ggle may be retrieved under and under

14 Ggle Analytics is further explained under the fllwing Link Data prtectin prvisins abut the applicatin and use f Instagram On this website, the cntrller has integrated cmpnents f the service Instagram. Instagram is a service that may be qualified as an audivisual platfrm, which allws users t share phts and vides, as well as disseminate such data in ther scial netwrks. The perating cmpany f the services ffered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Flr, Menl Park, CA, UNITED STATES. With each call-up t ne f the individual pages f this Internet site, which is perated by the cntrller and n which an Instagram cmpnent (Insta buttn) was integrated, the Internet brwser n the infrmatin technlgy system f the data subject is autmatically prmpted t the dwnlad f a display f the crrespnding Instagram cmpnent f Instagram. During the curse f this technical prcedure, Instagram becmes aware f what specific sub-page f ur website was visited by the data subject. If the data subject is lgged in at the same time n Instagram, Instagram detects with every call-up t ur website by the data subject (and fr the entire duratin f their stay n ur Internet site) which specific sub-page f ur Internet page was visited by the data subject. This infrmatin is cllected thrugh the Instagram cmpnent and is assciated with the respective Instagram accunt f the data subject. If the data subject clicks n ne f the Instagram buttns integrated n ur website, then Instagram matches this infrmatin with the persnal Instagram user accunt f the data subject and stres the persnal data. Instagram receives infrmatin via the Instagram cmpnent that the data subject has visited ur website prvided that the data subject is lgged in at Instagram at the time f the call t ur website. This ccurs regardless f whether the persn clicks n the Instagram buttn r nt. If such a transmissin f infrmatin t Instagram is nt desirable fr the data subject, then he r she can prevent this by lgging ff frm their Instagram accunt befre a call-up t ur website is made. Further infrmatin and the applicable data prtectin prvisins f Instagram may be retrieved under and

15 11. Data prtectin prvisins abut the applicatin and use f Twitter On this website, the cntrller has integrated cmpnents f Twitter. Twitter is a multilingual, publicly-accessible micrblgging service n which users may publish and spread s-called tweets, e.g. shrt messages, which are limited t 280 characters. These shrt messages are available fr everyne, including thse wh are nt lgged n t Twitter. The tweets are als displayed t s-called fllwers f the respective user. Fllwers are ther Twitter users wh fllw a user's tweets. Furthermre, Twitter allws yu t address a wide audience via hashtags, links r retweets. The perating cmpany f Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisc, CA 94103, UNITED STATES. With each call-up t ne f the individual pages f this Internet site, which is perated by the cntrller and n which a Twitter cmpnent (Twitter buttn) was integrated, the Internet brwser n the infrmatin technlgy system f the data subject is autmatically prmpted t dwnlad a display f the crrespnding Twitter cmpnent f Twitter. Further infrmatin abut the Twitter buttns is available under During the curse f this technical prcedure, Twitter gains knwledge f what specific sub-page f ur website was visited by the data subject. The purpse f the integratin f the Twitter cmpnent is a retransmissin f the cntents f this website t allw ur users t intrduce this web page t the digital wrld and increase ur visitr numbers. If the data subject is lgged in at the same time n Twitter, Twitter detects with every call-up t ur website by the data subject and fr the entire duratin f their stay n ur Internet site which specific sub-page f ur Internet page was visited by the data subject. This infrmatin is cllected thrugh the Twitter cmpnent and assciated with the respective Twitter accunt f the data subject. If the data subject clicks n ne f the Twitter buttns integrated n ur website, then Twitter assigns this infrmatin t the persnal Twitter user accunt f the data subject and stres the persnal data. Twitter receives infrmatin via the Twitter cmpnent that the data subject has visited ur website, prvided that the data subject is lgged in n Twitter at the time f the call-up t ur website. This ccurs regardless f whether the persn clicks n the Twitter cmpnent r nt. If such a transmissin f infrmatin t Twitter is nt desirable fr the data subject, then he r she may prevent this by lgging ff frm their Twitter accunt befre a call-up t ur website is made.

16 The applicable data prtectin prvisins f Twitter may be accessed under Data prtectin prvisins abut the applicatin and use f Ggle+ On this website, the cntrller has integrated the Ggle+ buttn as a cmpnent. Ggle+ is a s-called scial netwrk. A scial netwrk is a scial meeting place n the Internet, an nline cmmunity, which usually allws users t cmmunicate with each ther and interact in a virtual space. A scial netwrk may serve as a platfrm fr the exchange f pinins and experiences, r enable the Internet cmmunity t prvide persnal r business-related infrmatin. Ggle+ allws users f the scial netwrk t include the creatin f private prfiles, uplad phts and netwrk thrugh friend requests. The perating cmpany f Ggle+ is Ggle Inc., 1600 Amphitheatre Pkwy, Muntain View, CA , UNITED STATES. With each call-up t ne f the individual pages f this website, which is perated by the cntrller and n which a Ggle+ buttn has been integrated, the Internet brwser n the infrmatin technlgy system f the data subject autmatically dwnlads a display f the crrespnding Ggle+ buttn f Ggle thrugh the respective Ggle+ buttn cmpnent. During the curse f this technical prcedure, Ggle is made aware f what specific sub-page f ur website was visited by the data subject. Mre detailed infrmatin abut Ggle+ is available under If the data subject is lgged in at the same time t Ggle+, Ggle recgnizes with each call-up t ur website by the data subject and fr the entire duratin f his r her stay n ur Internet site, which specific sub-pages f ur Internet page were visited by the data subject. This infrmatin is cllected thrugh the Ggle+ buttn and Ggle matches this with the respective Ggle+ accunt assciated with the data subject. If the data subject clicks n the Ggle+ buttn integrated n ur website and thus gives a Ggle+ 1 recmmendatin, then Ggle assigns this infrmatin t the persnal Ggle+ user accunt f the data subject and stres the persnal data. Ggle stres the Ggle+ 1 recmmendatin f the data subject, making it publicly available in accrdance with the terms and cnditins accepted by the data subject in this regard. Subsequently, a Ggle+ 1 recmmendatin given by the data subject n this website tgether with ther persnal data, such as the Ggle+ accunt name used by the data subject and the stred pht, is stred and prcessed n ther Ggle services, such as search-engine results f the Ggle search engine, the Ggle accunt

17 f the data subject r in ther places, e.g. n Internet pages, r in relatin t advertisements. Ggle is als able t link the visit t this website with ther persnal data stred n Ggle. Ggle further recrds this persnal infrmatin with the purpse f imprving r ptimizing the varius Ggle services. Thrugh the Ggle+ buttn, Ggle receives infrmatin that the data subject visited ur website, if the data subject at the time f the call-up t ur website is lgged in t Ggle+. This ccurs regardless f whether the data subject clicks r desn t click n the Ggle+ buttn. If the data subject des nt wish t transmit persnal data t Ggle, he r she may prevent such transmissin by lgging ut f his Ggle+ accunt befre calling up ur website. Further infrmatin and the data prtectin prvisins f Ggle may be retrieved under Mre references frm Ggle abut the Ggle+ 1 buttn may be btained under Legal basis fr the prcessing Art. 6(1) lit. a GDPR serves as the legal basis fr prcessing peratins fr which we btain cnsent fr a specific prcessing purpse. If the prcessing f persnal data is necessary fr the perfrmance f a cntract t which the data subject is party, as is the case, fr example, when prcessing peratins are necessary fr the supply f gds r t prvide any ther service, the prcessing is based n Article 6(1) lit. b GDPR. The same applies t such prcessing peratins which are necessary fr carrying ut pre-cntractual measures, fr example in the case f inquiries cncerning ur prducts r services. Is ur cmpany subject t a legal bligatin by which prcessing f persnal data is required, such as fr the fulfillment f tax bligatins, the prcessing is based n Art. 6(1) lit. c GDPR. In rare cases, the prcessing f persnal data may be necessary t prtect the vital interests f the data subject r f anther natural persn. This wuld be the case, fr example, if a visitr were injured in ur cmpany and his name, age, health insurance data r ther vital infrmatin wuld have t be passed n t a dctr, hspital r ther third party. Then the prcessing wuld be based n Art. 6(1) lit. d GDPR. Finally, prcessing peratins culd be based n Article 6(1) lit. f GDPR. This legal basis is used fr prcessing peratins which are nt cvered by any f the abvementined legal grunds, if prcessing is necessary fr the purpses f the legitimate interests pursued by ur cmpany r by a third party, except where such interests are verridden by the interests r fundamental rights and freedms f the data subject which require prtectin f persnal data. Such prcessing peratins are particularly permissible because they have been specifically mentined by the Eurpean legislatr. He cnsidered that a

18 legitimate interest culd be assumed if the data subject is a client f the cntrller (Recital 47 Sentence 2 GDPR). 14. The legitimate interests pursued by the cntrller r by a third party Where the prcessing f persnal data is based n Article 6(1) lit. f GDPR ur legitimate interest is t carry ut ur business in favr f the well-being f all ur emplyees and the sharehlders. 15. Perid fr which the persnal data will be stred The criteria used t determine the perid f strage f persnal data is the respective statutry retentin perid. After expiratin f that perid, the crrespnding data is rutinely deleted, as lng as it is n lnger necessary fr the fulfillment f the cntract r the initiatin f a cntract. 16. Prvisin f persnal data as statutry r cntractual requirement; Requirement necessary t enter int a cntract; Obligatin f the data subject t prvide the persnal data; pssible cnsequences f failure t prvide such data We clarify that the prvisin f persnal data is partly required by law (e.g. tax regulatins) r can als result frm cntractual prvisins (e.g. infrmatin n the cntractual partner). Smetimes it may be necessary t cnclude a cntract that the data subject prvides us with persnal data, which must subsequently be prcessed by us. The data subject is, fr example, bliged t prvide us with persnal data when ur cmpany signs a cntract with him r her. The nn-prvisin f the persnal data wuld have the cnsequence that the cntract with the data subject culd nt be cncluded. Befre persnal data is prvided by the data subject, the data subject must cntact any emplyee. The emplyee clarifies t the data subject whether the prvisin f the persnal data is required by law r cntract r is necessary fr the cnclusin f the cntract, whether there is an bligatin t prvide the persnal data and the cnsequences f nn-prvisin f the persnal data. 17. Existence f autmated decisin-making As a respnsible cmpany, we d nt use autmatic decisin-making r prfiling.

19 18. Changes t Privacy Plicy This privacy plicy may change frm time t time in line with legislatin r industry develpments. We will nt explicitly infrm ur clients r website users f these changes. Instead, we recmmend that yu check this page ccasinally fr any plicy changes. 19. Cnsent By using ur website, yu hereby cnsent t ur Privacy Plicy and agree t its terms. This plicy is effective as f 09 July 2018.