The following data protection provisions apply exclusively to the Internet sites of laut von leise GmbH on the website: www.lautvonleise.de.
I. Name and Address of the Controller
The Controller within the meaning of the European General Data Protection Regulation, other national data protection legislation and other data protection provisions is:
II. Name and address of the Data Protection Officer
The Controller’s Data Protection Officer is:
III. General information on Data Processing
1. Scope of the processing of personal data
As a matter of principle your personal data are processed only if this is necessary for the provision of a functional website, plus our contents and services. The data is processed only if you give your consent, unless it is impossible on de facto grounds to obtain your consent in advance and the data must be processed by virtue of legal provisions.
2. Legal bases for the processing of personal data
We use the factors standardized in Article 6 (1) GDPR as legal bases for the processing of personal data as follows:
Art. 6 para. 1 lit. a DS-GVO, provided that we obtain the consent of the data subject for processing his or her personal data.
Art. 6 para. 1 lit. b DS-GVO, provided that the processing of personal data is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract
Art. 6 para. 1 lit. c DS-GVO, provided that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject;
Art. 6 para. 1 lit. d DS-GVO, provided that processing is necessary in order to protect the vital interests of the data subject or of another natural person;
Art. 6 para. 1 lit. f DS-GVO, provided that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our company
3. Erasure of data and storage period
As soon as the purpose for storage ceases to exist, your personal data are erased or locked. If the European or national legislators make provision in European Union legal regulations, laws or other provisions, to which the Controller is subject, for storage for a period longer than the original purpose, the data can be stored until the expiry of the storage period provided for by the said requirements. The data are subsequently also locked or erased, unless there is a requirement that the data are stored to conclude a contract or to fulfill a contract.
IV. Provision of the website and generation of log files
1. Description and scope of the data processing
Every time our Internet sites are accessed our system automatically collects data and information from the computer system of the accessing computer.
In this process the following data are collected:
a) The user’s IP address
b) Date and time of access
c) Your Internet provider
d) Information on the accessing browser type and the version used
e) Your operating system
f) Websites, from which your system entered our Internet site
g) Websites, which are accessed by your system through our Website
These data are also stored in the log files in our system. These data are not stored together with your other personal data.
2. Legal basis for the data processing
Article 6 (1) (f) GDPR sets out the legal basis necessary for the temporary storage of the data and log files.
3. Purpose of the data processing
The system must store your IP address temporarily to provide the website on your computer. For this purpose the IP address must be stored for the duration of the session.
These data are stored in log files to safeguard the functionality of the websites and the security of our IT systems, as well as to optimize the website. In this regard the data are not analyzed for marketing purposes. These purposes also represent our legitimate interest in the data processing in accordance with Article 6 (1) (f) GDPR.
4. Storage period
If it is no longer necessary to collect data to achieve the purpose, the data are erased. Where data are collected in order to provide the website, they are collected until the end of the respective session.
If the data are stored in log files, they are erased after seven days at the latest. Storage for a longer period is also possible. For this purpose, the user IP addresses are erased or alienated, so that it is no longer possible to map the accessing client.
5. Objection and correction option
You do not have the option of objection, since the collection and storage of data is compellingly necessary for the provision and operation of the website.
1. Description and scope of the data processing
Our website uses what are known as cookies. These are text files, which are stored in the Internet browser or by the Internet browser on your computer system. A cookie can be stored on an operating system, as soon as the system accesses a website. This cookie contains a characteristic character string, to make it possible to identify the browser without error the next time the website is accessed.
Cookies are used to make the design of our website user-friendly, because some parts of our website need to identify the browser used, even when a different page is consulted.
2. Preventing the storage of cookies
Depending on the browser used, you can adjust the settings so that cookies are stored only with your consent. If you wish to accept cookies used by us, but not the cookies from any service providers and partners, you can select the “Block cookies from third party suppliers” setting in your browser. As a rule the Help function in the Menu List in your web browser shows how to eliminate new cookies and deactivate cookies already on the system. We recommend that you always log out completely at the end of a session when you use jointly used computers, which are configured to accept cookies and flash cookies.
3. Legal basis for the data processing
Article 6 (1) (f) GDPR sets out the legal basis required for the processing of personal data when cookies are used.
4. Purpose of the data processing
The following applications require cookies:
a) Bookmarking search terms
b) Acceptance of language settings
User data collected by technically necessary cookies are not used to generate user profiles.These purposes also represent our legitimate interest in the data processing in accordance with Article 6 (1) (f) GDPR.
5. Storage period, objection and correction option
VI. Passing on your data to third parties
In order to make our website as pleasant and convenient as possible for you as a user, we occasionally use the services of external service providers. Below you have the possibility to inform yourself about the data protection regulations for the use and application of the services and functions used, in order to possibly also exercise your rights with these service providers.
Social Media Plugins
1. Google Analytics
Google Analytics is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information collected by the cookie about your use of our website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States.
At our request, Google will only record your IP address in abbreviated form, which ensures anonymity and does not allow any conclusions to be drawn about your identity. If IP-anonymization is activated on our websites, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Google will use this information to evaluate your use of our websites, to compile reports on website activity for us and to provide us with other services relating to the use of websites and the Internet. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. A transfer of this data by Google to third parties only takes place due to legal regulations or in the context of order processing. Under no circumstances will Google combine your data with other data collected by Google.
By using this website, you consent to the processing of data about you by Google and the manner of data processing and purpose described above. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.For more information about Google Analytics and privacy, please visit https://tools.google.com/dlpage/gaoptout?hl=en.
2. Facebook Pixel
Within our online offer, so-called “Facebook pixels” of the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), are used. With the help of the Facebook pixel, Facebook is able to determine the visitors of our offer as a target group for the presentation of ads, so-called “Facebook ads”. Accordingly, we use the Facebook pixel to display the Facebook ads we have placed only to those Facebook users who have shown interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the users. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were directed to our website after clicking on a Facebook ad.
The Facebook pixel is integrated directly by Facebook when our web pages are accessed and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our offer is noted in your profile. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. Facebook processes the data in accordance with Facebook’s data usage guidelines. Accordingly, you will receive further information on how the remarketing pixel works and on the presentation of Facebook ads in general in Facebook’s data usage policy: https://www.facebook.com/policy.phpYou may opt out of Facebook pixel collection and use of your information to display Facebook ads. To do this, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads=ads or explain the objection about the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
3. Social media plugins
Our website uses social media plugins (“plugins”) from various social networks. With the help of these plugins you can, for example, share content or recommend products. The plugins are deactivated by default on our websites and therefore do not send any data. You can activate the plugins by clicking on the “Activate Social Media” button. The plugins can of course be deactivated with one click.
If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as they call up a website of our Internet presence. The content of the plugin is transmitted directly from the social network to your browser, which then integrates it into the website.
By integrating the plugins, the social network receives the information that you have called up the corresponding page of our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plugins, for example by clicking on the Facebook “Like” button or by commenting on them, your browser sends the corresponding information directly to the social network and stores it there.
The purpose and scope of the data collection and the further processing and use of the data by social networks as well as your related rights and setting options for the protection of your privacy, please refer to the data protection information of the respective networks or websites. You will find the links below.
Even if you are not signed in to social networks, websites with active social plug-ins can send data to the networks. An active plugin sets a cookie with an identifier each time the website is called. Since your browser sends this cookie each time you connect to a network server without being asked, the network could in principle use it to create a profile of which web pages the user belonging to the identifier has visited. And it would then also be quite possible to assign this identifier to a person again later – for example when registering later with the social network.
On our websites we use the following plugins:
Facebook, Instagram, Vimeo.
If you don’t want social networks to collect information about you through active plug-ins, you can either disable the social plug-ins simply by clicking on them on our websites or select the “Block third-party cookies” feature in your browser settings. Then the browser does not send cookies to the server for embedded contents of other providers. With this setting, however, other functions than the plugins may no longer work under certain circumstances.
For the embedding of videos, we use the provider Vimeo. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011.
On some of our websites we use plugins from Vimeo. If you call the Internet pages of our Internet presence provided with such a plugin, a connection to the Vimeo servers will be established and the plugin will be displayed. This will transmit to the Vimeo server which of our Internet pages you have visited. If you are logged into Vimeo as a member, Vimeo will assign this information to your personal user account. This information is also assigned to your user account when using the plugin, e.g. clicking the start button of a video. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.For more information about Vimeo’s data processing and privacy practices, please visit https://vimeo.com/privacy
VII. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR. For this reason, you have the following rights as regards the Controller:
1. Right of access
You may request from the Controller a statement as to whether personal data concerning you are processed by us.
If such data are being processed, you may request from the Controller disclosure of the following information:
a) the purpose of processing;
b) the categories of personal data, which are processed;
c) the recipients and/or the categories of recipients to whom the personal data at issue have been disclosed or are still being disclosed;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.You may also request information as to whether personal data concerning you have been transferred to a third country or to an international organization. If this is the case, you may request information on the appropriate guarantees connected with the transfer pursuant to Article 46 GDPR.
2. Right to rectification
You may request from the Controller the correction of incorrect personal data concerning you. While taking into account the purposes of the processing you may also request the completion of incomplete personal data, including by means of a supplementary declaration. The Controller must undertake the correction without delay.
3. Right to erasure (‘right to be forgotten’)
You may request the Controller to erase the personal data pertaining to you without delay and the Controller is obliged to erase these data without delay, provided that one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
You withdraw your consent on which the processing pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR relied and there are no other legal bases for the processing.
You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21 (2) GDPR.
Your personal data have been unlawfully processed.
The personal data must be erased to comply with a legal obligation in the law of the European Union or of its Member States, to which the Controller is subject;
The personal data pertaining to you has been collected in relation to services offered by an information society pursuant to Article 8 (1) GDPR.
Where the Controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not exist, if the processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
for reasons of public interest in the area of public health in accordance with Article 9(2) (h) and (i) as well as Article 9(3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right to erasure referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing; orfor the establishment, exercise or defense of legal claims.
4. Right to restriction of processing
You can request the Controller to restrict the processing of your personal data, if one of the following prerequisites exists:
a) you have disputed the accuracy of your personal data during a period, which made it possible for the Controller to check the accuracy of your personal data;
b) the processing is unlawful and you refuse erasure of your personal data and instead request that the use of your personal data be restricted;
c) the Controller no longer needs your personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims, or
d) you have lodged an objection to the processing pursuant to Article 21 (1) GDPR and it has not yet been established whether the legitimate grounds of the Controller override your grounds.
Where the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.If you have obtained restriction of processing in accordance with the aforementioned prerequisites, you will be notified by the Controller before the restriction is suspended.
5. Right to information
If you have asserted the right to correction, erasure or restriction of processing against the Controller, the latter is obliged to notify this correction, erasure or restriction of processing to all the recipients, to whom the personal data pertaining to you have been disclosed, unless this proves impossible or is linked to disproportionate effort.
At your request the Controller must inform you of the identity of this recipient.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Likewise, you have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where
a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a)or on a contract pursuant to Article 6 (1)
b) the processing is carried out by automated means.
Furthermore, in exercising this right you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.Similarly, the right to data portability must not interfere with the rights and freedoms of other persons.
7. Right to register an objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data pertaining to you which is based on point € or (f) of Article 6 (1) € or (f) GDPR, including profiling based on those provisions.
We shall then cease to process your personal data, unless we can prove compelling legitimate grounds for the processing, which override your interests, rights and freedoms or the processing serves the purpose of the establishing, exercise or defense of legal claims.
If the personal data pertaining to you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data pertaining to you for such marketing; This applies also to profiling, if it is connected with such direct advertising.
If you object to processing for the purposes of direct advertising, we shall no longer process your personal data for those purposes.In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications
8. Right to withdraw the declaration of consent under the provisions of data protection law
You may at any time withdraw your declaration of consent under data protection law. The withdrawal of consent does not affect the legality of the processing carried out prior to the withdrawal.
9. Automated individual decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply if the decision:
is necessary for entering into, or performance of, a contract between you and the Data Controller;
is authorized by European Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
In the cases referred to in points (a) and (c), the Data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and to contest the decision.
Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
This data privacy statement is currently valid with the status July 2019.