The controller, as defined by the law, is:
745 39 Enköping
The controller’s data protection officer can be reached at:
audatis Consulting GmbH
Datenschutz und Informationssicherheit
Fon: 05221 85496-91
Fax: 05221 85496-99
This website collects a range of general data and information each time a website is accessed by a data subject or an automated system. This general data and information is stored in the web server’s log files. The browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (called a referrer), the sub-pages accessed via an accessing system on our website, the date and time the website is accessed, an internet protocol address (IP address), the accessing system’s internet service provider and other similar data and information useful in the event of an attack on our information technology systems may be collected.
No conclusions are drawn with respect to the data subject when using this general data and information. Instead, this information is needed to properly deliver our website content, to optimise the content of the website as well as to advertise it, to ensure the continued functioning of our information technology systems and our website’s technology as well as to provide the information necessary for law enforcement authorities to prosecute in the event of a cyber attack. This anonymously collected data and information is therefore statistically analysed and further analysed with the aim of increasing data protection and data security within the company to ultimately ensure an optimum level of protection for the personal data being processed. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.
We generally collect and use our users’ personal data only to the extent necessary to provide a functional website as well as our content and services. Our users’ personal data are regularly collected and used, but only with the user’s consent. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
If and insofar as we obtain the consent of the data subject to process their personal data, Art. 6 Para. 1(a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.
When processing personal data that are necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1(b) GDPR shall serve as the legal basis. The same shall apply to processing operations required to carry out pre-contractual measures.
If and insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1(c) GDPR shall serve as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or those of a third party, and if the interests and fundamental rights and freedoms of the data subject do not prevail over those interests, Art. 6 Para. 1(f) GDPR shall serve as the legal basis for processing.
The data subject’s personal data are erased or blocked as soon as the purpose of the storage no longer applies. The data may continue to be stored if this is stipulated by European or national legislation in EU regulations, laws or other provisions to which the controller is subject. Data are also blocked or erased upon the expiry of a storage deadline stipulated by the standards mentioned above, unless further storage of the data is necessary to conclude or fulfil a contract.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected:
[Option 1: The log files contain IP addresses or other data that can be attributed to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website which the user switches to contains personal data.
The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.]
[Option 2: The log files do not contain any IP addresses or other data that can be attributed to a user.
The data are also stored in our system’s log files. This does not apply to the user’s IP addresses or other data that enable the data to be attributed to a user. These data are not stored together with other personal data of the user.]
The legal basis for the temporary storage of data is Art. 6 Para. 1(f) GDPR.
The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
Data are erased once they are no longer necessary for the purpose for which they were collected. If data have been collected for the provision of the website, they are erased when the respective session is concluded.
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. As such, the user has no option to object.
The following data are therefore stored and transmitted in the cookies:
Here, the following data may be transmitted:
The user data collected in this way are pseudonymised through technical measures. This means it is no longer possible to attribute this data to the user accessing our website. These data are not be stored together with the user’s other personal data.
The legal basis for the processing of personal data using cookies is Art. 6 Para. 1(f) GDPR.
The legal basis for the processing of personal data using cookies that are technically necessary is Art. 6 Para. 1(f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes after obtaining the user’s consent in this regard is Art. 6 Para. 1(a) GDPR.
We need cookies for the following applications:
The user data collected through technically necessary cookies are not used to create user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. Analysis cookies enable us to learn how the website is used so that we can continue to optimise our services.
These purposes pursuant to Art. 6 Para. 1(f) GDPR] also reflect our legitimate interest in processing personal data.
The transmission of Flash cookies cannot be prevented by adjusting your browser’s settings. This must be done by adjusting Flash Player’s settings.]
The newsletter is sent out when users register on the website.
Users have the option of subscribing to a free newsletter on our website. The data from the input mask are sent to us when they register for the newsletter.
A minimum requirement for registration is the user’s email address, but additional personal information may be provided for the purpose of personalisation:
In addition, the following data are collected when registering:
The newsletter is sent on the basis of the sale of goods or services.
If you purchase goods or services on our website and supply your email address in the process, we may then use this to send you a newsletter. In this case, the newsletter will only be used to send you direct mail for goods or services similar to those you have purchased.
We will not disclose your data to third parties in connection with the processing of your data for the purpose of sending newsletters. These data are only used to send out the newsletter.
The newsletter is sent out when users register on the website.
The legal basis for processing the data after the user has registered for the newsletter is Art. 6 Para. 1(a) GDPR, once the user’s consent has been obtained.
The legal basis for sending the newsletter as a result of the sale of goods or services is Sec. 7 Para. 3 of the Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb [UWG]) in conjunction with Art. 6 Para. 1(f) GDPR.
The user’s email address is collected in order to deliver the newsletter.
Other personal data are collected during the subscription process to prevent any misuse of the services or the email address used.
Data are erased once they are no longer necessary for the purpose for which they were collected. The user’s email address is therefore only stored as long as their newsletter subscription is active.
The other personal data collected during the subscription process is normally deleted after a period of seven (7) days.
Subscription to the newsletter may be terminated by the user in question at any time. A corresponding link is provided in each newsletter for this purpose.
This also allows the user to revoke their consent to the storage of the personal data collected during the subscription process.
A contact form is provided on our website, which can be used to engage in electronic contact. If a user avails themselves of this option, the data entered in the input mask are transmitted to us and stored. These data include:
The following data are also stored at the time the message is sent:
You may also contact us via the email address provided. In this case, the user’s personal data transmitted with the email are stored.
No data are forwarded to third parties in this regard. These data are used exclusively for processing the conversation.
The legal basis for the processing of data upon obtaining the user’s consent is Art. 6 Para. 1(a) GDPR.
The legal basis for the processing of data transmitted when sending an email is Art. 6 Para. 1(f) GDPR. If the aim of the contact via email is to conclude a contract, processing shall also be legally based on Art. 6 Para. 1(b) GDPR.
We only process the personal data from the input mask in order to process the contact. In the case of contact via email, this also includes the required legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.
Data are erased once they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner.
The other personal data collected during the sending process is normally erased after a period of not more than seven (7) days.
The user has the option to revoke their consent in respect to the processing of their personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation may not continue.
Any and all personal data stored as part of the contact process will be erased in this case.
If your personal data are being processed, you are the “data subject” as defined by the GDPR, and you are entitled to the following rights with respect to us as the controller. You may exercise your rights by contacting our data protection officer or the service centre staff, indicating your concerns.
Any data subject affected by the processing of personal data has the right to obtain information about the personal data stored about them at any time, free of charge, as well as the right to access a copy of such data from the controller.
You may request confirmation from the controller as to whether they are processing the personal data that relates to you.
Any data subject affected by the processing of personal data has the right to request the immediate correction of any incorrect personal data that relates to them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.
Any data subject affected by the processing of personal data has the right to request the controller immediately restricts processing if the conditions stipulated by Art. 18 Para. 1 GDPR are met.
Any data subject affected by the processing of personal data has the right to request that the personal data regarding the data subject be erased if and insofar as one of the reasons stipulated in Art. 17 Para. 1 GDPR applies.
Any data subject affected by the processing of personal data has the right obtain personal data relating to the data subject and provided by the same to the controller in a structured, commonly used and machine-readable format. They also have the right to transfer these data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 Para. 1(a) GDPR or Art. 9 Para. 2(a) GDPR or on a contract pursuant to Art. 6 Para. 1(b) GDPR, and the data are processed using automated procedures.
Any data subject affected by the processing of personal data has the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) or (f) GDPR. This also applies to profiling based on these provisions.
In the event of an objection, the company will longer process the personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh the interests, rights and freedoms of the data subject, or where processing serves the assertion, exercise or defence of legal claims.
If the company processes personal data in order to run a direct mail campaign, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should the data subject object to the processing of their data for direct marketing purposes, we will no longer process their personal data for this purpose.
Any data subject affected by the processing of personal data has the right to revoke their consent to the processing of personal data at any time.
You have the right to revoke any declaration of consent granted in relation to data protection at any time. The revocation of consent does not affect the lawfulness of the processing based on consent before revocation.
Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe your personal data are being processed in violation of the GDPR.
The processing controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis is the surveying, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on the website from which a person has accessed a website (called a referrer), which sub-pages of the website were accessed or how often and for what length of time a sub-page was viewed. Web analytics is primarily used to optimise a website and provide a cost-benefit analysis of web advertising.
The company operating Google Analytics components is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
The controller uses the “_gat._anonymizeIp” add-on for web analytics via Google Analytics. This add-on allows the data subject’s IP address for their internet connection to be truncated and anonymised by Google if they access our website from a Member State of the European Union or from another country which is a signatory to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us that show activity on our website and to provide other services related to the use of our website.
Google Analytics places a cookie on the data subject’s information technology system. Cookies have already been explained above. The placement of this cookie enables Google to analyse the usage of our website. Each time someone opens an individual page of this website which is run by the controller responsible for processing and on which a Google Analytics component is integrated, the Google Analytics component in question will trigger the browser on the data subject’s information technology system to automatically send data to Google for the purpose of online analysis. As part of this technical process, Google receives information about personal data, such as the data subject’s IP address, which, among other things, enables Google to track the origin of visitors and clicks, and subsequently charge commission.
The cookie stores personally identifiable information, such as the time of access, the location from which access was made and the frequency of site visits by the data subject. Each time someone visits our website, these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
The processing controller has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to run adverts in both Google and Google advertising network search engine results. Google AdWords allows an advertiser to predefine keywords that will display an ad on Google’s search engine results only when the search engine retrieves a keyword-related search result. On the Google Network, ads are distributed to relevant websites using an automated algorithm and according to predefined keywords.
The company operating the Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third-party websites and in the search engine results of Google’s search engine and by displaying third-party ads on our website.
If the data subject arrives on our website via a Google advert, what is known as a conversion cookie will be stored on the data subject’s information technology system by Google. Cookies have already been explained above. A conversion cookie expires after 30 days and is not used to identify the data subject. Provided the cookie has not expired, the conversion cookie is used to trace whether certain sub-pages, such as the shopping cart of an online shop system, were accessed on our website. The conversion cookie tells us and Google whether any revenues was generated by a data subject who arrived on our website via an AdWords ad, i.e. if they completed or cancelled a purchase.
The data and information collected through the use of the conversion cookie is used by Google to provide visitor statistics for our website. We then use these visitor statistics to determine the total number of users who have been directed to us through AdWords ads in order to determine the success or failure of each AdWords ad and to optimise our AdWords ads for the future. Neither our company nor any other Google AdWords advertisers receive any information from Google that could identify the data subject.
The conversion cookie stores personally identifiable information, such as the web pages visited by the data subject. Each time someone visits our website, these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
Furthermore, the data subject has the option to object to Google’s interest-based advertising. To do this, the data subject must visit www.google.com/settings/ads from each of the web browsers they use and change the settings there as desired.
The processing controller has integrated YouTube components into this website. YouTube is an online video portal that allows video publishers to freely place video clips and allows other to view, rate and comment on videos free of charge. YouTube allows the publication of all types of videos. Both full film and television broadcasts as well as music videos, trailers and user-generated videos are available via the online portal.
YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
Each time a visitor opens an individual page of the website run by the controller responsible for processing and on which a YouTube component (YouTube video) is integrated, the YouTube component in question will trigger the browser on the data subject’s information technology system to download a representation of the corresponding YouTube component from YouTube. Additional information on YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google receive information about the specific sub-page of our website visited by the data subject.
If the data subject is logged onto YouTube at the same time as they visit our website, YouTube identifies the specific sub-page of our website visited by the data subject when a sub-page containing a YouTube video is accessed. This information is collected through YouTube and Google and assigned to the appropriate YouTube account of the data subject.
If the data subject is logged onto YouTube when they access our website, YouTube and Google always receive a notification through the YouTube component that the data subject has visited our website. This happens regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not want this information transferred to YouTube and Google, they can prevent this by logging out of their YouTube account before visiting our website.