Privacy policy
In the following I inform you according to the legal requirements - in particular the General Data Protection Regulation (GDPR), available under https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG – about the processing of personal data by our company.
1. General Information
In this section of the Privacy Policy you will find information on the scope, data controller, data protection officer and data security. I also explain in advance the meaning of important terms used in the data protection declaration.
1.1. Important terms
Analytics: a method to statistically measure the reach of an online service. This includes information such as user duration, device used, operating system, language settings, origin, region, location or user action. It is a statistical evaluation.
Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari).
Cookies: Text files placed on the user's computer by the web server accessed using the browser used. The stored cookie information can contain both an identifier (cookie ID), which serves for recognition, as well as content information such as registration status or information about visited websites. The browser sends the cookie information back to the web server with each request on subsequent, new visits to this page. Most browsers automatically accept cookies. You can manage cookies using the browser functions (usually under "Options" or "Settings"). This may disable cookie storage, make it dependent on your consent on a case-by-case basis, or otherwise restrict it. You can also delete cookies at any time.
Third countries: Countries outside the European Union (EU).
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the basic Regulation on data protection), available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG.
Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: Any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement.
Services: Our offers, to which this data protection declaration applies (see scope of application).
Tracking: The collection of data and its evaluation with regard to the behaviour of visitors over a longer period of time in order to subsequently assign personal characteristics and interests.
Tracking technologies: Tracking can be done both via the activity logs (log files) stored on web servers and by collecting data from your terminal device via pixels, cookies and similar tracking technologies.
Processing: Any operation or set of operations which is carried out with or without the aid of automated means relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML e-mails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, where the download is registered. In this way, the server operator can see if and when an e-mail was opened or a website visited. Usually this function is realized by calling a small program (Javascript). In this way, certain types of information can be recognized and passed on on your computer system, such as the content of cookies, the time and date of the page call and a description of the page on which the pixel-code is located.
1.2. Scope
This privacy policy applies to the following offers:
- Our online service „www.silent-air-remover.de“ (website), available in particular at "https://www.silent-air-remover.de",
- Whenever reference is otherwise made to this data protection declaration from one of our offers (e.g. websites, subdomains, mobile applications, web services or links to third party sites), regardless of how you access or use it.
- All these offers are together also referred to as "services".
1.3. Responsible person
The person in charge of data processing - i.e. the person who decides on the purposes and means of processing personal data - in connection with the Services:
Michael Woineck, Tegernseer Str. 5, DE-83624 Otterfing, +49 (0)8024 4753237, info@silent-air-remover.de
1.4. Data protection officer
No data protection officer has been appointed.
2. Data processing in detail
In this section of the data protection declaration I will inform you in detail about the processing of personal data within the scope of our services. For the sake of clarity, I have structured this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can take place one after the other or at the same time.
2.1 General information about data processing
Unless otherwise indicated, all processing operations set out below are subject to this Regulation.
2.1.1 No obligation to provide & consequences of non-delivery
The provision of personal data is not required by law or contract and you are not required to provide data. In the course of the input process, we will inform you if the provision of personal data is necessary for the respective service (e.g. by designating it as a "mandatory field"). If data is required, the non-availability of this data means that the service in question cannot be provided. Otherwise, the non-availability may result in us not being able to provide our services in the same form and quality.
2.1.2 Consent
In various cases you have the opportunity to give us your consent to further processing in connection with the processing operations described below (possibly for some of the data). In this case, we will inform you separately about all modalities and the scope of the consent and about the purposes that we pursue with these processing operations in connection with the submission of the respective declaration of consent.
2.1.3 Transfer of personal data to third countries
If we transmit data to third countries, i.e. countries outside the European Union, then the transmission takes place exclusively in compliance with the legally regulated conditions of permissibility.
If the transfer of data to a third country does not serve to fulfil our contract with you, if we have no consent on your part, if the transfer is not necessary for the assertion, exercise or defence of legal claims and if no other exception pursuant to Art. 49 DSGVO applies, we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 DSGVO or suitable guarantees pursuant to Art. 46 DSGVO have been provided.
One of these adequacy decisions is the Commission's implementing decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Privacy Shield" for the USA. For transfers to companies that are certified in accordance with the EU-US data protection shield, the data protection level is generally regarded as appropriate in the sense of Art. 45 DSGVO. Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving authority, suitable guarantees in accordance with Art. 46 Para. 2 c) DSGVO as well as an appropriate data protection level are created. Copies of the EU standard data protection clauses are available on the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de.
2.1.4 Hosting with external service providers
Our data processing is carried out to a large extent by means of a so-called hosting service provider, which provides us with storage space and processing capacities in its computer centres and also processes personal data on our behalf in accordance with our instructions. Personal data may be transmitted to the hosting service provider for all the functions listed below. This service provider processes data exclusively in the EU.
2.1.5 Transmission to public authorities
We transfer personal data to government authorities (including law enforcement agencies) if this is necessary to fulfil a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c) DSGVO) or if it is necessary to assert, exercise or defend legal claims (legal basis: Art. 6 Para. 1 f) DSGVO).
2.1.6 Storage period
In the column "Storage period" is indicated in each case, how long we use the data for the respective processing purpose. After this period has expired, the data will no longer be processed by us, but will be deleted at regular intervals, unless continuous processing and storage is provided for by law (in particular because it is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims) or you give us consent beyond this.
2.1.7 Designations of data categories
In the next sections, the following summary category names are used for certain types of data:
- Person master data: Title, Salutation/Gender, First Name, Last Name, Date of Birth
- Address data: Street, house number, address supplements if applicable, postal code, city, country
- Contact details: Telephone number(s), fax number(s), e-mail address(es)
- Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration
- Access data: Date and time of the visit to our service; the page from which the accessing system accessed our site; pages accessed during use; session ID data; also the following information about the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system and similar technical information
2.2 Calling up our services
In the following, we describe how your personal data is processed when you access our services (e.g. loading and viewing the website, opening and navigating within the mobile app). We would particularly like to point out that the transmission of access data to external content providers (see b.) is unavoidable due to the technical mode of operation of information transmission on the Internet. The third-party providers themselves are responsible for the data protection-compliant operation of the IT systems they use. The decision on the storage period of the data is incumbent on the service providers.
a) Purpose of data processing and legal basis and, if applicable, legitimate interests, storage period
Data Category: Access Data
Purpose: Establishing a connection; displaying the contents of the service; detecting attacks on our site based on unusual activities; fault diagnosis
Legal basis: Article 6(1)(f) DSGVO
Legitimate interest: proper functioning of services; security of data and business processes; prevention of misuse; prevention of damage caused by interference with information systems
Storage period: 4 weeks
Data category: Account data
Purpose: Order processing
Storage period: 10 years after last order
b) Recipient of the personal data
Recipient Category: External content providers that provide content (such as images, videos, fonts, update information, shortened links) that is required to display the Service
Affected data: Access data
Legal basis: Article 6(1)(f) DSGVO
Legitimate interest: proper functioning of services; (accelerated) presentation of content
Recipient Category: IT Security Service Provider
Affected data: Access data
Legal basis: Article 6(1)(f) DSGVO
Legitimate interest: Prevention of attacks by exploiting security vulnerabilities / weak points
2.3 Analysis
In the following, we describe how your personal data is processed using analysis technologies to evaluate and optimize our services.
The description of the analysis procedures also includes information on how you can prevent or object to data processing. Please note that this so-called "opt-out", i.e. the refusal of processing, is generally stored via cookies. If you use our services via a new terminal device or in another browser or if you have deleted the cookies set by your browser, you must declare your rejection again.
The presented analysis procedures process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.
With the help of the analysis procedures and the information transmitted directly, such as cookie ID or abbreviated IP address, further information is assigned to the pseudonym. Typically, this is technical device information of the terminal device used to obtain information about its usage behaviour on the Internet, its interests and location data.
2.3.1 Analysis and optimization of our services and their use
2.3.1.1 Purpose of processing
The analysis of user behaviour by means of tracking helps us to check the effectiveness of our services, to optimise them and to adapt them to the needs of the users as well as to correct errors. In addition, it serves to statistically determine characteristic values about the use of our services (reach, intensity of use, surfing behaviour of users) - on the basis of uniform standard procedures - and thus to obtain market-wide comparable values.
2.3.1.2 Legal basis of the processing
In the case of services provided by us in connection with a contract, tracking and the associated analysis of user behaviour are performed in order to fulfil our contractual obligations. The legal basis for this processing of personal data is Art. 6 Para. 1 b) DSGVO. The evaluation of information obtained through tracking is necessary in order to provide you with optimised services in accordance with the contractual purpose and to guarantee you the greatest possible benefit.
Otherwise, i.e. outside the context of a contractual relationship, the legal basis for this processing of personal data is Art. 6 para. 1 f) DSGVO. With it, we pursue the legitimate interest of providing attractive services as efficiently as possible on the basis of the information obtained through tracking and of marketing these services in the best possible way.
2.3.2 The analysis methods used in detail
2.3.2.1 Matomo (name of the service)
Scope(s): all services
Supplier: Matomo is a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand
Purpose of the analytical methods: With Matomo, we collect information on user behaviour in order to improve the user-friendliness of the website
Processing of personal data: The IP address is processed. This is made unrecognizable in the last byte (e.g. 213.78.315.xxx)
Storage period: The transferred data is deleted after 26 months. Data whose retention period has been reached is automatically deleted once a month
Legal basis: Legitimate interest pursuant to Art. 6, item 1), lit. f) DSGVO
Data transfer to third country: No
3. Rights concerned
3.1 Right of objection
If I process your personal data for the purpose of direct advertising, you have the right to object at any time with effect for the future to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.
You also have the right, for reasons arising from your particular situation, to object at any time with future effect to the processing of personal data concerning you carried out pursuant to Article 6(1)(e) or (f) of the DSGVO, including profiling based on these provisions.
You may exercise your right to object free of charge.
You can reach me via the contact data mentioned in the imprint or use the following methods:
By e-mail to: info@silent-air-remover.de
By phone: +49 (0)8024 4753237
3.2 Right of information
You have the right to request confirmation from us as to whether personal data relating to you are being processed, as well as information about such personal data and any other information listed in Art. 15 DSGVO.
3.3 Right of rectification
You have the right to demand from us immediately the correction of incorrect personal data concerning you (Art. 16 DSG-VO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
3.4 Right to cancellation ("right to be forgotten")
You have the right to demand that we delete your personal data immediately if one of the reasons stated in Art. 17 para. 1 DSGVO applies and the processing is not necessary for one of the purposes regulated in Art. 17 para. 3 DSGVO.
3.5 Right to limitation of processing
You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Art. 18 Para. 1 Letters a) to d) DSGVO is met.
3.6 Right to data transferability
Under the conditions set out in Art. 20 Para. 1 DSGVO, you have the right to receive the personal data concerning you which you have provided to us in a structured, common and machine-readable format and the right to forward this data to another responsible person without any hindrance on our part. When exercising your right to data transfer, you have the right to have your personal data transferred directly by us to another responsible party, insofar as this is technically feasible.
3.7 Right of withdrawal with consent
If the processing is based on your consent, you have the right to revoke the consent at any time. This does not affect the legality of the processing carried out on the basis of your consent until revoked.
3.8 Right of appeal
You have the right to appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach, Germany, https://www.lda.bayern.de