Introduction and overview
We have written this data protection declaration (version 04.04.2022-311986887) in order to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as controllers – and the processors commissioned by us (e.g. providers) – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about data that we process about you.
If you still have questions, we would like to ask you to contact the responsible body mentioned below or in the imprint, to follow the existing links and to view further information on third-party sites. Of course, you can also find our contact details in the imprint.
- all online presences (websites, online shops) that we operate
- Social media appearances and e-mail communication
- mobile apps for smartphones and other devices
In short: The data protection declaration applies to all areas in which personal data is processed in the company in a structured manner via the channels mentioned. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
We only process your data if at least one of the following conditions applies:
In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the Access to EU Law, under https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
- Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
- Contract (Article 6 (1) (b) GDPR): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
- Legal obligation (Article 6 (1) (c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting. These usually contain personal data.
- Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website safely and economically. This processing is therefore a legitimate interest.
Other conditions such as the perception of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not usually occur with us. To the extent that such a legal basis should nevertheless be relevant, it will be indicated in the appropriate place.
In addition to the EU regulation, national laws also apply:
- In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
- In Germany, the Federal Data Protection Act, BDSG for short, applies.
If other regional or national laws apply, we will inform you in the following sections.
Contact details of the responsible person
If you have any questions about data protection, you will find the contact details of the responsible person or office below:
ppm experts GmbH
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion at our company. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to retain it.
We will inform you below about the specific duration of the respective data processing, provided that we have further information on this.
Rights under the General Data Protection Regulation
According to Article 13 GDPR, you have the following rights to ensure fair and transparent processing of data:
- According to Article 15 GDPR, you have a right to information as to whether we process your data. If this is the case, you have the right to receive a copy of the data and to receive the following information:
- the purpose for which we carry out the processing;
- the categories, i.e. the types of data processed;
- who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
- how long the data is stored;
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- that you can complain to a supervisory authority (links to these authorities can be found below);
- the origin of the data, if we have not collected it from you;
- whether profiling is carried out, i.e. whether data is automatically evaluated in order to obtain a personal profile of you.
- According to Article 16 GDPR, you have a right to rectification of the data, which means that we must correct data if you find errors.
- According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
- According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but no longer use it.
- According to Article 19 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
- According to Article 21 GDPR, you have a right of objection, which entails a change in processing after enforcement.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
- If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing.
- If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling.
- According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
In short: You have rights – do not hesitate to contact the responsible body listed above!
If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. This is the data protection authority for Austria, whose website can be found under https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Berlin data protection authority
State Commissioner for Data Protection: Maja Smoltczyk
Address: Friedrichstrasse 219, 10969 Berlin
Telephone: 030/138 89-0
E-mail address: firstname.lastname@example.org
All those who seek contact with us via the communication channels provided by us are affected by these processes.
If you call us, the call data will be stored pseudonymously on the respective terminal device and at the telecommunications provider used. In addition, data such as name and telephone number can then be sent by e-mail and stored to answer the request. The data will be deleted as soon as the business case has been terminated and legal requirements permit.
If you communicate with us by e-mail, data may be stored on the respective device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data will be deleted as soon as the business case has been terminated and legal requirements permit.
If you communicate with us via the online form, data will be stored on our web server and, if necessary, forwarded to an e-mail address from us. The data will be deleted as soon as the business case has been terminated and legal requirements permit.
The processing of data is based on the following legal bases:
- Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and continue to use it for purposes relating to the business case;
- Art. 6 para. 1 lit. b GDPR (contract): There is a need for the performance of a contract with you or a processor such as .dem telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
- Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to conduct customer inquiries and business communication in a professional framework. This requires certain technical facilities such as e-mail programs, Exchange servers and mobile operators in order to be able to operate communication efficiently.
What are cookies?
Our website uses HTTP cookies to store user-specific data.
Whenever you browse the Internet, use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again as soon as another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information from your PC.
For example, cookie data can look like this:
Purpose: Differentiation of website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What types of cookies are there?
There are 4 types of cookies:
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages and later goes to checkout. These cookies do not delete the shopping cart, even if the user closes his browser window.
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website with different browsers.
These cookies provide a better user experience. For example, entered locations, font sizes or form data are saved.
These cookies are also called targeting cookies. They serve to provide the user with individually adapted advertising. This can be very practical, but also very annoying.
Usually, when you visit a website for the first time, you will be asked which of these types of cookies you would like to allow. And of course, this decision is also stored in a cookie.
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Purpose of processing via cookies
The purpose ultimately depends on the cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
What data is processed?
Cookies are small aids for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the following data protection declaration.
Storage period of cookies
The storage period depends on the respective cookie and is further specified under . Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
They also have an influence on the storage period. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.
Right to object – how can I delete cookies?
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
- Chrome: Delete, enable, and manage cookies in Chrome
- Safari: Manage cookies and website data with Safari
- Firefox: Delete cookies to remove data that websites have placed on your computer
- Internet Explorer: Deleting and managing cookies
- Microsoft Edge: Delete and manage cookies
If you do not want cookies, you can set your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search the instructions in Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.
For strictly necessary cookies, even if no consent has been given. there are legitimate interests (Art. 6 para. 1 lit. f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and certain cookies are often absolutely necessary for this.
Unless absolutely necessary cookies are used, this will only be done with your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.
WEB HOSTING INTRODUCTION
What is web hosting?
When you visit websites today, certain information – including personal data – is automatically created and stored, including on this website. These data should be processed as sparingly as possible and only with justification. By website we mean the totality of all web pages on a domain, i.e. everything from the homepage to the very last subpage (like this one). By domain we mean, for example, beispiel.de or musterbeispiel.com.
If you want to view a website on a screen, use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.
Dieser Webbrowser muss sich zu einem anderen Computer verbinden, wo der Code der Website gespeichert ist: dem Webserver. Der Betrieb eines Webservers ist eine komplizierte und aufwendige Aufgabe, weswegen dies in der Regel von professionellen Anbietern, den Providern, übernommen wird. Diese bieten Webhosting an und sorgen damit für eine verlässliche und fehlerfreie Speicherung der Daten von Websites.
Bei der Verbindungsaufnahme des Browsers auf Ihrem Computer (Desktop, Laptop, Smartphone) und während der Datenübertragung zu und vom Webserver kann es zu einer Verarbeitung personenbezogener Daten kommen. Einerseits speichert Ihr Computer Daten, andererseits muss auch der Webserver Daten eine Zeit lang speichern, um einen ordentlichen Betrieb zu gewährleisten.
Why do we process personal data?
The purposes of data processing are:
- Professional hosting of the website and safeguarding of operations
- to maintain operational and IT security
- Anonymous evaluation of access behaviour to improve our offer and, if necessary, to prosecute or pursue claims
What data is processed?
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as
- the complete Internet address (URL) of the accessed website
- Browser and browser version (e.g. Chrome 87)
- the operating system used (e.g. Windows 10)
- the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
- the hostname and IP address of the device from which the access is made (e.g. COMPUTERNAME and 18.104.22.168)
- Date and time
- in files, the so-called web server log files
How long is data stored?
As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data will be viewed by authorities in the event of unlawful conduct.
In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without consent!
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and, if necessary, to be able to pursue attacks and claims from them.
As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which guarantees compliance with data protection and guarantees data security.
All texts are protected by copyright.