Datenschutzerklärung - Fortna

DATA PROTECTION DECLARATION IN ACCORDANCE WITH THE GDPR (GENERAL DATA PROTECTION REGULATION)

I. Name and address of the person responsible

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is:

Pierau Unternehmensberatung GmbH
Grotenbleken 33
22931 Hamburg
Germany
Phone: +49 (0)40 606899-0
Email: info@fortna-pierau.de
Website: www.fortna-pierau.de

 

II. Name and address of the Data Protection Officer

The data protection officer of the responsible party is:

Pierau Unternehmensberatung GmbH
Data Protection Department
Email: datenschutz@fortna-pierau.de
Phone: +49 (0)40 606899-0

 

III. General information on data processing

1. Scope of processing of personal data

We collect and use the personal data of our users only to the extent necessary to provide a functional website including our content and services. The collection and use of personal data of our users takes place regularly and only with their consent. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. Art. 6 para. 1 lit. b GDPR serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or fulfillment of a contract.

 

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  1. Information about the browser type and the version used
  2. The user's operating system
  3. The user's Internet Service Provider
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user's system accesses our website
  7. Websites accessed by the user's system through our website

The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the session in question has ended.

If the data is stored in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of opposition and removal

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use functional cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

When calling up our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this combination is obtained. In this context there is also a reference to this data protection declaration.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

3. Purpose of the data processing

In these purposes also our legitimate interest lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to the full extent.

 

VI. Newsletter

1. Description and scope of data processing

Our website www.fortna-pierau.de enables users to register to receive our newsletter.

1.1 Summary
To send and personalize the newsletter, the following personal data is collected when you register:

  • Salutation and title
  • First name and surname
  • Company
  • Preferred Language
  • E-mail address
  • Information on extend of newsletter reception (regional options selected by the user upon registration)

1.2 Rapidmail
Registration takes place via online forms from rapidmail GmbH. These forms can be accessed via our website via a direct link, for example in email signatures and advertisements from our company, and by reading QR codes, for example in print advertisements.
Once you subscribe to the newletters of our company, your supplied data will be transferred from the form to the entity responsible for the processing of the data.

1.3 Double Opt-In
The subscription for our newsletter takes place in a so-called double opt-in procedure. This means that after submitting your data in the form you will receive an email in which you will be asked to confirm your subscription.

This confirmation is necessary so that nobody can register with someone else's e-mail address. When registering for the newsletter, the user's IP address and the date and time of registration are saved. This serves to prevent misuse of the services or the e-mail address of the person concerned.

1.4 Transfer of Data
The data will not be passed on to third parties (exception: Rapidmail, see "2. Use of Rapidmail"). There is an exception if there is a legal obligation to pass it on.

1.5 Use of Data
The data will only be used to send the newsletter. The data subject can cancel the subscription to the newsletter at any time. The consent to the storage of personal data can also be revoked at any time. There is a corresponding link in every newsletter for this purpose. The legal basis for the processing of the data after the user has registered for the newsletter is Article 6 (1) (a) GDPR if the user has given his / her consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

2. Use of Rapidmail
1.1 Description and Purpose

We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany.

Mit rapidmail wird u.a. der Versand von Newslettern organisiert und analysiert. Die von Ihnen für den Zweck des Newsletterbezugs eingegeben Daten werden auf den Servern von rapidmail in Deutschland gespeichert. Wenn Sie keine Analyse durch rapidmail möchten, müssen Sie den Newsletter abbestellen. Hierfür stellen wir in jeder Newsletternachricht einen entsprechenden Link zur Verfügung.

For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links are clicked on in the newsletter message. All links in the e-mail are so-called tracking links with which your clicks can be counted.

2.2 Legal Basis
The legal basis for data processing is Art. 6 Para. 1 lit. a) GDPR.

2.3 Recipient
The recipient of the data is rapidmail GmbH.

2.4 Transfer to Third Countries
The data will not be transferred to third countries.

3. Duration
The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. This does not affect data that we have stored for other purposes.

4. Possibility of Opposition and Removal
You have the option of withdrawing your consent to data processing with future effect at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

You will find a link to unsubscribe from our newsletter in every issue of our newsletter. If you do not have an issue of the newsletter, please send us an email to datenschutz@fortna-pierau.de.

5. Addional Data Protection Information
For more information, see the data protection information from rapidmail at: https://www.rapidmail.de/datensicherheit. Näheres zu den Analyse-Funktionen von rapidmail entnehmen Sie folgendem Link: https://www.rapidmail.de/wissen-und-hilfe

The information on data protection and data analytics provided by rapidmail is provided in German. For a translation to English, please contact marketing@fortna-pierau.de

 

VII. E-mail contact

1. Description and scope of data processing

Contact can be established via the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored.

In this context, it does not pass on the data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of personal data from the received e-mail is solely for processing the contact. In this case, this is also the necessary legitimate interest in the processing of the data.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. With regard to the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Possibility of opposition and removal

The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To revoke your consent to the use of your personal data for processing, please send an e-mail to datenschutz@fortna-pierau.de..

In this case, all personal data stored in the course of establishing contact will be deleted.

 

VIII. Rights of the data subject

If your personal data is processed, you are the data subject within the context of the GDPR and you are entitled to the following rights in relation to the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you will be processed by us.

In the event of such processing, you may request the following information from the person responsible:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal information about you has been or will be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if it is not possible to provide specific information in this regard, criteria for determining the duration of the storage;
  5. the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the person responsible or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personal data is not collected from the data subject;
  8. the existence of automated decision-making including profiling in accordance with Article 22 para. 1 and para. 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to have your personal data corrected and/or completed by the person responsible if the personal data processed concerning you is inaccurate or incomplete. The person responsible must carry out the rectification immediately.

3. Right to restrict processing

Under the following conditions, you may request that the processing of your personal data be restricted:

  1. for a period of time which allows the person responsible to verify the accuracy of the personal data if you dispute the accuracy of the personal data concerning you;
  2. if the processing is unlawful and you refuse to delete the personal data, requesting instead that use of the personal data be restricted;
  3. the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you have lodged an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the justified reasons of the person responsible outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a Member State.

If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to deletion

a) Duty to delete

You may request that the person responsible deletes the personal data concerning you immediately and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the person responsible is subject.
  6. The personal data relating to you has been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 para. 1 GDPR, they shall take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation required by the law of the European Union or of the Member States to which the person responsible is subject, or to carry out a task of public interest or in the exercise of public authority delegated to the person responsible;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 para. 1 GDPR, to the extent that the law referred to in subparagraph a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.
    The right to deletion does not exist if the processing is necessary.

5. Right to information

If you have exercised your right to rectify, delete or restrict the processing of your personal data against the person responsible, the latter is obliged to notify all recipients to whom the personal data concerning you has been disclosed of such rectification, deletion or restriction, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

6. Right to data portability

You have the right to receive the personal data concerning you, that you have provided to the responsible person, in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another person responsible without being hindered by the person responsible to whom the personal data was provided, provided that

  1. the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. processing is carried out using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the person responsible.

7. Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in relation to the use of Information Society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.

9. Automated decision in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the person responsible,
  2. is authorized by legislation of the European Union or of the Member States to which the person responsible is subject and contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the person responsible shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right of the person responsible to obtain the intervention of a person, to present his or her point of view and to contest the decision.

10. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

IX. Use of the Google Tag Manager

This section was created with the Datenschutz Generator by AdSimple

Der Text ist urheberrechtlich geschützt.

1. What is the Google Tag Manager?

For our website we use the Google Tag Manager from Google Inc. For the European area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Using the Google Tag Manager, we can centrally integrate and manage code sections from various tracking tools that we use on our website.

In this data protection declaration we want to explain in more detail what the Google Tag Manager does, why we use it and in what form data is processed.

The Google Tag Manager is an organizational tool with which we can integrate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record (track) your activities on our website. For this purpose, JavaScript code sections are used in the source code of our site. The tags often come from Google - internal products such as Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the manager. Such tags take on different tasks. You can collect browser data, feed marketing tools with data, integrate buttons, set cookies and also track users across multiple websites.

2. Why do we use Google Tag Manager for our website?

In order to make our website as good as possible for you and everyone who is interested in our products and services, we need various tracking tools such as Google Analytics. The data collected by these tools shows us what interests you most, where we can improve our services and who might be most interested in our offers. And for this tracking to work, we have to integrate the corresponding JavaScript code into our website. In principle, we could incorporate each code section of the individual tracking tools separately into our source code. However, this takes a relatively long time, and it is easy to lose track of things. That is why we use the Google Tag Manager. We can easily integrate the necessary scripts and manage them from one place. In addition, the Google Tag Manager offers an easy-to-use user interface and no programming knowledge is required. This is how we organize our tags.

3. What data is saved by the Google Tag Manager?

The Tag Manager itself is a domain that does not set any cookies and does not save any data. It acts as a mere "administrator" of the implemented tags. The data is recorded by the individual tags of the various web analysis tools. In the Google Tag Manager, the data is passed through to the individual tracking tools and not saved.

The situation is completely different, however, with the integrated tags of the various web analysis tools, such as Google Analytics. Depending on the analysis tool, various data about your web behaviour are usually collected, saved and processed with the help of cookies. To do this, please read our data protection texts on the individual analysis and tracking tools that we use on our website.

In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this only concerns the use and use of our Tag Manager and not your data, which is stored via the code sections. We enable Google and others to receive selected data in anonymized form. We therefore consent to our website data being passed on anonymously. In spite of long research, we were unable to find out exactly which summarized and anonymous data is forwarded. In any case, Google will delete all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking compares your own results with those of your competitors. Processes can be optimized on the basis of the information collected.

4. How long and where will the data be stored?

When Google stores data, this data is stored on its own Google servers. The servers are distributed all over the world. Most of them are in the USA. At https://www.google.com/about/datacenters/locations/ you can read exactly where the Google servers are located.

How long the individual tracking tools store your data can be found in our individual data protection texts for the individual tools.

5. How can I delete my data or prevent data storage?

The Google Tag Manager itself does not set cookies but manages tags from various tracking websites. In our data protection texts for the individual tracking tools (use of Google Analytics), you will find detailed information on how to delete or manage your data.

Please note that when you use this tool, your data can also be stored and processed outside the EU. Most countries outside of the EEA (including the USA) are not considered secure under current European data protection law. Data to these insecure countries may not simply be transferred, stored and processed there unless there are suitable guarantees in place (such as EU standard contractual clauses) between us and the non-EEA service provider.

6. Legal Basis

The use of the Google Tag Manager requires your consent, which we obtained with our cookie pop-up. This agreement provides, according to Art. 6 para. 1 lit .a GDPR (consent) is the legal basis for the processing of personal data, as it can occur when it is collected by Google Fonts.

In addition to consent, we have a legitimate interest in analyzing the behaviour of website visitors and thus improving our offer both technically and economically. With the help of Google Tag Managers we can also improve profitability. The legal basis for this is Art. 6 para. 1 lit . f GDPR (legitimate interests).We only use the Google Tag Manager if you have given your consent.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is mainly done by Google (if, for example, Google Analytics is used in the Google Tag Manager). This can lead to data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It can also happen that this data is linked to data from other Google services with which you have a user account.

If you want to find out more about the Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.