Data protection

General

1. Your personal data within the meaning of Art. 4 No. 1 GDPR (e.g. IP address, name, email address) will only be processed by us in accordance with the provisions of German data protection law and taking into account the European General Data Protection Regulation (GDPR). The following provisions inform you about the type, scope and purpose of the collection, processing and use of personal data.


2. The processing of personal data within the meaning of Art. 4 No. 2 GDPR is lawful according to Art. 6 GDPR if one of the following conditions is met:

(a) the data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary to protect the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


3. The processing of special personal data (e.g. health data) within the meaning of Art. 9 Para. 1 GDPR is lawful in particular pursuant to Art. 9 Para. 2 GDPR if one of the following conditions is met:

– there is an explicit consent from the person;

– processing is necessary for the establishment, exercise or defence of legal claims or for actions by courts in the exercise of their judicial capacity.


4. There is no automated decision-making or profiling regarding personal data within the meaning of Art. 22 GDPR.


5. The operator ensures the security of the data in accordance with Art. 32 GDPR, taking into account the principle of proportionality, by means of appropriate technical measures.


6. If, contrary to expectations, a data protection violation occurs, the competent supervisory authority will be notified in accordance with Art. 33 GDPR, as well as the data subject in accordance with Art. 34 GDPR.


scope


This privacy policy only applies to our websites and social media profiles. If you are redirected to other websites via links on our pages, please inform yourself there about how your data is handled.


duration of data storage


The length of time for which the data you transfer is stored depends on the statutory retention periods. According to commercial and tax laws, invoices must be stored for a period of 10 years.


transfer of data to third parties


Data transmitted as part of the contractual relationship will only be passed on to third parties (Art. 4 No. 10 GDPR) if you have expressly given your consent (Art. 4 No. 11 GDPR) or if the transfer is necessary to fulfill the contract. Consent can be revoked at any time without any formalities. Data collected by visiting the website is only collected by third parties who are expressly named below.


controller within the meaning of the GDPR


The controller within the meaning of the General Data Protection Regulation (GDPR), as well as other data protection laws applicable in the European Union and other provisions of a data protection nature is:


Florian Bach

Berliner Allee 65

64295 Darmstadt


E-Mail: mail@flomp89.de

Phone: 4960713917845


cookies


We use cookies on our website. These are small files that your browser automatically creates and that are saved on your device (PC, laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific device used. However, this does not mean that we thereby receive immediate knowledge of your identity.


The use of cookies serves, on the one hand, to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.


In addition, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already visited us and what entries and settings you have made so that you do not have to enter them again.


These cookies enable us to automatically recognise that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time. The data processed by cookies are required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer.


Cookies are stored on your computer or a notice always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.


The following data is collected and processed as part of the cookie consent tool:


  • Consent data: Information whether and which cookies you have accepted or rejected (cookie category, time and date of consent).

  • Technical data: IP address (anonymized), device information, browser information, information about the operating system.

  • Log data: Your consent will be stored in a log to provide evidence of your decision in the event of a later withdrawal of consent.

This data is stored in a cookie on your device to save your preferences and take them into account on future visits to our website. The consent tool ensures that only the cookies that you have explicitly allowed are loaded.


Your data will be processed for the following purposes:

  • Obtaining and managing consent: Your consent is required to control the use of cookies in accordance with legal regulations. The processing is carried out on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

  • Proof of consent: In order to comply with legal obligations, we store proof of your consent as documented by the cookie consent tool. This is done on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as we are legally obliged to be able to provide evidence of consent.

  • Website optimization: The data collected helps us to manage consents correctly and use only the necessary cookies to ensure the best possible user experience.


Storage of access data in log files


You can visit our websites without providing any personal information.


The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This is:



  • browser type/version
  • operating system used
  • referrer URL
  • hostname of the accessing computer
  • time of the server request


This data cannot be assigned to specific people. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete evidence of illegal use.


The purpose of the processing arises from our legitimate interest within the meaning of Art. 6 Para. 1 Clause 1 Letter f) GDPR.

A contract for order processing was concluded with our host.



Instagram


We operate a presence on the social media platform Instagram, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When you interact with us via Instagram (e.g. through comments, likes or messages), Instagram processes data such as your user name, IP address, device information and your activities on the platform.

Meta can also process this data for its own purposes, such as analysis and personalized advertising. The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR in order to communicate with users and present our content.


For more information, seehttps://help.instagram.com/519522125107875


YouTube


We use YouTube, a platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to provide videos. When you visit a page with embedded YouTube videos, data such as your IP address, browser information and usage behavior are transmitted to YouTube. YouTube may set cookies to analyze your behavior.


The processing is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR to provide you with videos. You can find further information athttps://policies.google.com/privacy


Google reCAPTCHA


We use Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure that entries on our website (e.g. in forms) are made by a natural person and not by automated programs or bots. This service is designed to ensure the security of our website and prevent misuse.


When using Google reCAPTCHA, the following data may be processed:


  • user's IP address
  • Browser and device information (e.g. browser type, operating system, screen resolution)
  • Information about user interactions on the website (e.g. mouse movements and click behavior)
  • URL of the accessed page
  • date and time of access
  • language settings in the browser


Google reCAPTCHA analyzes this data to determine whether the access is from a human or a bot. The analysis takes place completely in the background, without the user being informed. Google can set cookies or read existing cookies that could be linked to other Google services (e.g. YouTube or Gmail) if the user is logged into a Google account.


The use of Google reCAPTCHA is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to ensure the security of our website and the data transmitted. Protection against misuse and spam is an essential goal that is in the interest of trouble-free and secure operation of our website.


For more information about data processing by Google, please see Google’s privacy policy athttps://policies.google.com/privacy


Content Delivery Network (CDN)


We use a content delivery network (CDN) to improve the loading speed and availability of our website. A CDN is a network of geographically distributed servers that delivers content (e.g. images, stylesheets, JavaScript files) by retrieving it from a server that is closest to the user's location. This reduces loading time and increases website performance.

When using a CDN, technical data is processed that is necessary for the provision of the content. This includes:


  • your IP address
  • Information about the browser and operating system used
  • Requested content (e.g. files or pages)
  • Date and time of the request
  • URL of the visited website


This data is used exclusively to efficiently deliver the website content and to ensure the security of the CDN infrastructure. No personal profiling takes place.

The use of a CDN is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as we have a legitimate interest in improving the performance and availability of our website and minimizing loading times for our users.


Depending on the CDN used, data may be processed outside the European Union. In such cases, the transfer takes place on the basis of standard contractual clauses.


contact form


When you use the contact form provided on these pages, the information you enter will be transferred and stored for the purpose of answering your request. The data will not be passed on to third parties. The legality of using the form arises from Art. 6 Paragraph 1 Sentence 1 Letter f) GDPR.


newsletter


We offer you the opportunity to sign up for our newsletter to be regularly informed about news, offers, services and other relevant content. The newsletter will be sent exclusively on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR or, if you are already a customer of ours, on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Section 7 Para. 3 UWG.


Which data is processed?

As part of sending the newsletter, we process the following data:

· E-mail address: This is mandatory in order to send you the newsletter.

Name (optional): Will be processed to personalize the newsletter (if provided).

Time and type of registration: This includes the IP address and the time of consent to fulfill the proof obligations within the framework of the double opt-in procedure.

· Interaction data (tracking): Information about whether the newsletter was opened, which links were clicked and how often the newsletter was read. This data helps us to optimize the content of the newsletter.


Double opt-in procedure:


Registration for our newsletter is done using the double opt-in procedure. After registration, you will receive an email asking you to confirm your registration. Only after this confirmation will your email address be added to our mailing list. This procedure serves to prove the legality of your consent.


Purpose of data processing:


The purpose of processing your data is to send you the newsletter and to provide content that is tailored to your interests. Interaction data is used to analyze and continuously improve the relevance and success of the newsletter.


Legal basis for processing:


Consent: The newsletter is sent based on your consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR. You can revoke your consent at any time.


Legitimate interest: For existing customers, processing is carried out in accordance with Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG, as we have a legitimate interest in informing you about similar products and services.


Storage period:


Your data will be stored for the duration of your newsletter subscription. After unsubscribing from the newsletter, your data will be deleted from the mailing list. Data collected as part of the double opt-in process (e.g. IP address and time of consent) will be stored for a maximum of three years to fulfill our proof obligations in accordance with Art. 6 Para. 1 lit. c GDPR.


Right of withdrawal and deregistration:

You can revoke your consent to receive our newsletter at any time by using the unsubscribe link at the end of each newsletter or by contacting us directly. After your revocation, your email address will be immediately removed from the mailing list.


Inquiry by email or telephone


If you contact us by email or telephone, your request, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) GDPR) and/or on our legitimate interests (Art. 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of the requests addressed to us.

The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.


social media links


We have our own social media pages for third-party providers that can be reached via links from this website. Using the links takes you to the respective third-party websites and you can also share our content. No data is transferred when you access our website. As soon as you have accessed the third-party website, you are in the area of responsibility of the respective third-party provider, so that their privacy policy or their statements on data use also apply. We have no influence on this, but we recommend logging out of the respective third-party provider before using a corresponding link to avoid unnecessary data transfer, so that the third-party provider cannot create user profiles simply by using the link.



Security of your data / SSL encryption


In accordance with legal regulations, this site uses SSL encryption, which can be identified by a lock symbol in the address bar of your browser. If SSL encryption is activated, transmitted data cannot be read by third parties.


This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.


We also use suitable technical and organizational security measures (TOM) to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.



user rights


You can request information about the personal data stored about you at any time and free of charge. Your rights also include confirmation, correction, restriction, blocking and deletion of such data and the provision of a copy of the data in a form suitable for transmission, as well as the revocation of consent granted and the objection. Statutory retention periods remain unaffected by this.


Your rights arise in particular from the following provisions of the GDPR:


  • Article 7 Paragraph 3 – Right to withdraw consent under data protection law
  • Article 12 – Transparent information, communication and modalities for exercising the rights of the data subject
  • Article 13 – Obligation to inform when personal data are collected from the data subject
  • Article 14 – Obligation to provide information where the personal data were not collected from the data subject
  • Article 15 – Right of access of the data subject, right to confirmation and provision of a copy of the personal data
  • Article 16 – Right to rectification
  • Article 17 – Right to erasure (“right to be forgotten”)
  • Article 18 – Right to restriction of processing
  • Article 19 – Obligation to notify in relation to rectification or erasure of personal data or restriction of processing
  • Article 20 – Right to data portability
  • Article 21 – Right to object
  • Article 22 – Right not to be subjected to a decision based solely on automated processing, including profiling
  • Article 77 – Right to lodge a complaint with a supervisory authority


To exercise your rights (with the exception of Art. 77 GDPR), please contact the office named under the point “Responsible person within the meaning of the GDPR” (e.g. by email).



Competent supervisory authority:


The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1

65189 Wiesbaden


Phone: 0611-1408 0

E-mail:poststelle@datenschutz.hessen.de

Website:https://datenschutz.hessen.de