PrivacY Policy

 

Contents
1. Objective and responsible body
2. Basic information on data processing
3. Processing of personal data
4. Collection of access data
5. Integration of third-party services and content
6. User rights and deletion of data
7. Changes to the privacy policy

1. Objective and responsible body

This data protection declaration provides information on the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within our online offer and the websites, functions and content connected with it (hereinafter jointly referred to as “online offer” or “website”). The data protection declaration applies irrespective of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

The provider of the online offer and the office responsible for data protection is the Hamburg Metropolitan Region Office, Alter Steinweg 4, 20459 Hamburg. For contact details, please refer to our imprint.

The term “user” includes all customers and visitors to our online offer. The terms used, such as “user”, are to be understood as gender-neutral.

2. Basic information on data processing

We only process users’ personal data in compliance with the relevant data protection regulations in accordance with the principles of data economy and data avoidance. This means that the user’s data will only be processed if a legal permission exists, in particular if the data is required for the provision of our contractual services and online services, or is required by law, or if consent has been given.

We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

If content, tools or other means from other providers (hereinafter collectively referred to as “third party providers”) are used within the scope of this data protection declaration and their named registered office is abroad, it is to be assumed that a transfer of data to the countries in which the third party providers are based takes place. The transfer of data to third countries takes place either on the basis of legal permission, user consent or special contractual clauses that guarantee the legally required security of the data.

3. Processing of personal data

The personal data are processed, in addition to the uses expressly mentioned in this privacy policy, for the following purposes on the basis of legal authorisations or user consents:

  • The provision, execution, maintenance, optimisation and safeguarding of our services, service and user performance;
  • To ensure effective customer service and technical support.

We transmit users’ data to third parties only if this is necessary for billing purposes (e.g. to a payment service provider) or for other purposes if these are necessary to fulfil our contractual obligations towards users (e.g. communication of addresses to suppliers).

When contacting us (via contact form or e-mail), the user’s details are stored for the purpose of processing the enquiry and in the event that follow-up questions arise.
Personal data is deleted if it has fulfilled its intended purpose and there are no storage obligations that prevent its deletion.

4. Collection of access data

We collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

We use the log data without assigning it to the person of the user or otherwise creating a profile in accordance with the statutory provisions only for statistical evaluations for the purpose of the operation, security and optimisation of our online offer. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use due to concrete indications.

5. Integration of third-party services and content

It may happen that content or services from third-party providers, such as city maps or fonts from other websites, are integrated within our online offer. The integration of content from third-party providers always requires that the third-party providers are aware of the IP address of the user, as without the IP address they would not be able to send the content to the user’s browser. The IP address is thus required for the display of this content. Furthermore, the providers of third-party content can set their own cookies and process the users’ data for their own purposes. In doing so, user profiles can be created from the processed data. We will use this content as sparingly as possible and in a data-avoiding manner and select reliable third-party providers with regard to data security.

The following presentation provides an overview of third-party providers and their content, together with links to their data protection declarations, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out):

– External fonts from Google, Inc, www.google.com/fonts (“Google Fonts”). The integration of Google Fonts is done by a server call at Google (usually in the USA). Privacy policy: www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads/.

6. User rights and deletion of data

Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.
In addition, users have the right to correct incorrect data, revoke consent, block and delete their personal data, as well as the right to lodge a complaint with the competent supervisory authority in the event of the assumption of unlawful data processing.

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

7. Changes to the privacy policy

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Users are requested to inform themselves regularly about the content of the data protection declaration.