Data protection declaration for the online shop Reifenboss.com:

 

Thank you for your interest in our online shop. The protection of your personal data is important to us. In the following we would like to explain to you in a transparent manner how we handle your data.

 

1. Responsible body:

The company responsible for data processing is Reifenboss.com, Kolpingstraße 11 in 58706 Menden. If you have any questions or concerns about data protection, you can contact us at info@reifenboss.com

 

2. Collection and processing of data:

We collect and process personal data that you provide to us voluntarily, for example when registering, ordering products or contacting our customer service. The data collected may include: name, address, e-mail address, telephone number, payment information and other relevant information for the ordering and shipping process.

 

3. Purpose of data processing:

We use your data exclusively to process your order, to communicate with you and to improve our service. This includes processing and shipping your order, providing information about your order status, responding to inquiries and conducting customer surveys. In addition, we use your data to provide you with relevant information about our products and offers, provided that you have consented to this.

 

4. Disclosure of data to third parties:

We only pass on your data to third parties if this is necessary to fulfill our contractual obligations or legal requirements. This includes, for example, the shipping service provider for the delivery of your order or the payment service provider for processing your payment. In such cases, your data will only be passed on to the extent required for the respective service.

 

5. Data Security:

We take appropriate technical and organizational measures to protect your data from loss, misuse, unauthorized access or unauthorized disclosure. Your data is stored on secure servers and treated confidentially.

 

6. Cookies and Tracking Technologies:

Our website uses cookies and similar tracking technologies to improve your browsing experience. Cookies are small text files that are stored on your end device and store information about your website usage. You can control and, if necessary, refuse the use of cookies in your browser settings. However, please note that this may affect the functionality of our website.

 

7. Your Rights:

You have the right to receive information about the data we have stored about you. You can also request the correction, deletion or restriction of processing of your data. In addition, you have the right to object to the processing of your data or to withdraw your consent to the processing. Please contact us at info@reifenboss.com

 

8. Changes to the Privacy Policy:

We reserve the right to change this privacy policy at any time. The current version is available on our website. We recommend that you regularly consult the data protection declaration in order to be informed of any changes.

 

Data protection declaration for website operators in accordance with the provisions of the GDPR

A. Explanation of the privacy policy:

The following privacy policy is intended as the basic framework for a data protection policy.

General Data Protection Regulation (GDPR) compliant data protection declaration for website operators. The statement is not exhaustive and does not include all the necessary elements. Please note, however, that we expressly exclude any guarantee and liability for the legality and correctness of the content and strongly warn against the thoughtless adoption of the declaration, which must always be adapted to the specific needs of the individual case.

I. Missing elements of the Privacy Policy Please note that the elements listed below are not part of our Privacy Policy. If a website operator uses one or more of the data processing scenarios described on its website, the declaration must be adapted accordingly. The type, scope, purpose, duration and revocation options of the respective data processing must be specified in the specific individual case.

1. Newsletter tracking: If the website uses newsletter tracking, the associated data processing must be dealt with separately. A justification standard for data processing will be found in Art. 6 (1) (f) GDPR. As of May 2018 

2. Blog with comment function: When operating a blog with a comment function, additional personal data (example: pseudonyms) is stored. It is also necessary to discuss the possibility of subscribing to comments. Commenting should only be possible after obtaining consent to the processing of the personal data. In this case, justification pursuant to Art. 6 (1) (a) GDPR is possible.

3. Processing of special categories of personal data, Art. 9 GDPR : the processing of personal data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs or trade union membership, as well as the processing of genetic data,biometric data for the purpose of uniquely identifying a natural person, health data or data relating to the sex life or sexual orientation of a natural person.

4. E-commerce: If the website operator offers users a platform for concluding contracts (e.g. purchase or service contracts), personal data of the contractual partner is usually also collected in the context of the conclusion of the contract. The website operator must point out this data processing separately and in detail. Insofar as the processing of the data is necessary for the conclusion of the contract, Art. 6 (1) (b) GDPR serves as a permission standard for data processing.

5. Disclosure of personal information to third parties: A large number of websites use third-party extensions. In such implementations, personal data is often passed on to the third-party providers or transmitted automatically. The type, scope, purpose and duration of this processing of personal data may vary from case to case. A comprehensive list of all situations in which personal data is disclosed to third parties would go beyond the scope of this privacy policy. The website operator must therefore check on a case-by-case basis which third-party services it uses on its website and whether personal data is passed on in the process. Accordingly, he must include this data processing in the data protection declaration in accordance with the requirements (A.II.). As of May 2018 3 examples of the disclosure of personal data to third parties may include:

a) Disclosure to service providers: Personal data is often passed on to service providers (e.g. suppliers), especially in the context of concluding contracts via the website. However, service providers can also act solely in the interest of the website operator (e.g. technical service).

b) Payment services and payment methods: A special case of disclosure to service providers is the disclosure of data to payment services.

c) Third-party cookies: The integration of own cookies is part of the Privacy Policy (B.V.). In addition, third-party cookies are often used. These must be described in detail. Users must be made aware of the use of third-party cookies when accessing the website. A way to prevent the storage of these cookies can be found in the settings of the browser. The legal basis for the use of third-party cookies is Art. 6 (1) (f) GDPR. However, a legitimate interest for the use of the cookie must also be stated in individual cases.

d) Use of social media plugins: When using social media plugins, personal data of users is forwarded to the providers of social networks. According to the previous legal situation, it was recommended to use such plugins only as part of a "two-click solution". Accordingly, the data would only be transmitted after the user's prior consent. Even after the introduction of the GDPR, this path is feasible and probably legally secure. The legal basis for the processing of data after the user's consent is Art. 6 (1) (a) GDPR.

e) Website analytics services Website analytics services (e.g. Google Analytics or Adobe Analytics) : in order to increase the efficiency of their own website, which are operated by third-party providers, require the disclosure of data about website visitors to the third-party providers. As a rule, the consent of the users is not obtained. It is conceivable to justify it on the basis of Art. 6 (1) (f) GDPR if a legitimate interest of the website operator can be asserted. However, as of May 2018, in order to protect users' interests in the protection of their personal data, pseudonymisation of the data is advisable. In this case, there is probably nothing to be said against the use of the analysis services and the associated disclosure of pseudonymised data. The exact use must be documented in the privacy policy.

f) Advertising and marketing services: When advertising is placed on the website, this is usually done with the involvement of third-party providers (e.g. Google AdSense or AdWords). In most cases, personal data of the users in the form of the IP address is passed on to the intermediaries. If the advertising is necessary to finance the website, a justification according to Art. 6 (1) (f) GDPR seems possible. II. Requirements for the addition of further elements: The addition of further elements to the privacy policy must specify the type, scope, purpose, duration and revocation options of the respective data processing.

The structure could be designed as follows:

1. Scope of the processing of personal data: This describes in as much detail as possible which personal data is processed on the website, by whom and in what way.

2. Legal basis for the processing of personal data: This is the legal basis for the processing of the personal data. As a rule, this will come from the catalogue of Art. 6 para. 1 GDPR.

3. Purpose of data processing is described in detail which purposes the website operator intends to achieve with the processing of personal data. If the processing is based on the standard of Art. 6 (1) (f) GDPR, this will usually also be seen as the legitimate interest in the processing. In such a case, however, it is always necessary to examine whether, in order to achieve the purpose, there are also more lenient means which are less likely to undermine the interests of users in the protection of their personal data.

4. Duration of storage In principle, the data is deleted as soon as the purpose for which it was collected has been fulfilled. However, it must be specified in more detail in each individual case when this is the case for the specific application. If no precise information can be provided, at least criteria must be mentioned that make it easier for the user to determine the time of deletion. As of May 2018

5. Possibility of objection and deletion : For each data processing, the user must be provided with information on how the processing of the data can be prevented or data that has already been processed can be prematurely deleted. If the user has given his consent to the processing, it must be possible to revoke it at any time. The revocation must not be more serious than the submission of consent. The procedure for submitting the revocation must be described. Privacy policy according to the GDPR :

I. Name and address of the controller. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: Reifenboss.com , Kolpingstr. 11 58706 Menden(Sauerland) Germany Phone: +49 2373 9819865 E-mail: info@reifenboss.com Website: www.reifenboss.com

II. Name and address of the Data Protection Officer : The Data Protection Officer of the Controller is: Dimitrios Paschalis Reifenboss.com Kolpingstr. 11 58706 Menden Germany Phone: +49 2373 9819865 E-mail: info@reifenboss.com Website: www.reifenboss.com As of May 2018

III. General information on data processing :

1. Scope of the processing of personal data: As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is usually only carried out with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data: Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. In the case of the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data,Art. 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3. Data deletion and storage period: The personal data of the data subject will be deleted or blocked as soon as the purpose for which it was stored no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. As of May 2018

IV. Provision of the website and creation of log files :

1. Description and scope of data processing: Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected: This part must be adjusted accordingly. Inaccurate data must be removed, missing data must be supplemented. (1) Information about the browser type and version used (2) The user's operating system (3) The user's Internet service provider (4) The user's IP address (5) Date and time of access (6) Websites from which the user's system accesses our website (7) Websites accessed by the user's system via our website Option 1: The log files contain IP addresses or other data that enable an assignment to a user. This could be the case, for example, if the link to the website from which the user comes to the website or the link to the website to which the user goes contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. Option 2: The log files do not contain any IP addresses or other data that would allow an assignment to a user. The data is also stored in the log files of our system. This does not apply to the user's IP addresses or other data that enables the data to be assigned to a user. This data is not stored together with other personal data of the user.

2. Legal basis for data processing: If IP addresses are stored in log files: The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR. As of May 2018 If IP addresses are not stored in log files: The legal basis for the temporary storage of the data is Art. 6 (1) (f) GDPR.

3. Purpose of data processing : The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. If IP addresses are stored in log files: The data is stored in log files in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. In this context, the data is not evaluated for marketing purposes. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage: The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If IP addresses are stored in log files: If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or altered so that it is no longer possible to assign the calling client.

5. Possibility of objection and deletion : The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user. As of May 2018

 V. Use of cookies :

a) Description and scope of data processing: Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again. If technically necessary cookies are used: We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies: The following is a list of the stored data. Examples may include: (1) Language settings (2) Items in a shopping cart (3) Login information If cookies that are not technically necessary are also used: We also use cookies on our website that enable an analysis of the surfing behavior of users. In this way, the following data can be transmitted: The following is a list of the data collected. These can be, for example: (1) Search terms entered (2) Frequency of page views (3) Use of website functions Until now, according to § 15 para. 3 TMG, it was possible to pseudonymise the processed personal data for technically unnecessary cookies and to inform the user about the use of cookies and his right to object and delete ("opt-out solution"). However, it is controversial in the legal literature whether this standard will continue to apply even after the GDPR has been in force as of May 2018. In case of doubt, it must therefore be assumed that only the provisions of the GDPR now apply. In this case, only Art. 6 (1) GDPR is to be taken into account. According to this standard, a continuation of the previous practice is also conceivable if a "legitimate interest" of the processor pursuant to Art. 6 (1) (f) GDPR is taken into account. If, therefore, the user's consent is not obtained before the technically necessary cookies are set and retrieved, the user's data collected in this way will be pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users. When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings. It is currently not possible to say with certainty whether the current practice of the "opt-out solution" meets the requirements of Art. 6 (1) (f) GDPR. The planned ePrivacy Regulation could provide clarity in this regard. Until then, however, the most legally secure solution is to obtain the user's prior consent ("opt-in solution"). If, therefore, the user's consent is obtained before setting and retrieving the technically unnecessary cookies: When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

b) Legal basis for data processing: If only technically necessary cookies are used or if technically necessary cookies and non-technical cookies are used without prior consent from the user: The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.  If technically necessary and non-necessary cookies are used with prior consent from the user: As of May 2018 The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR if the user has consented to this.

c) Purpose of data processing : If technically necessary cookies are used: The purpose of the use of technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change. We need cookies for the following applications: The following is a list of applications. Examples may be: (1) Shopping cart (2) Adoption of language settings (3) Remembering search terms The user data collected by technically necessary cookies is not used to create user profiles. In addition, if technically unnecessary cookies are used: The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus continuously optimize our offer.

d) The exact purpose of the analysis cookies should be described in more detail here. These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.

e) Duration of storage, possibility of objection and deletion Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies as of May 2018. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. If Flash cookies are also used: The transmission of Flash cookies cannot be prevented via the settings of the browser, but can be prevented by changing the settings of the Flash Player.

VI. Newsletter :

1. Description and scope of data processing The newsletter is sent on the basis of the user's registration on the website: On our website it is possible to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. At this point, a specific mention of the data collected should be given. In the minimum case, this concerns the user's e-mail address. In addition, the following data will be collected during registration: The additional data actually collected must be provided. These may be, for example: (1) IP address of the accessing computer (2) Date and time of registration Your consent will be obtained for the processing of the data as part of the registration process and reference will be made to this privacy policy. The newsletter is sent on the basis of the sale of goods or services: If you purchase goods or services on our website and provide your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for its own similar goods or services. As of May 2018

In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing : The newsletter is sent on the basis of the user's registration on the website: The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 (1) (a) GDPR if the user has given his consent. The newsletter is sent on the basis of the sale of goods or services: The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 para. 3 UWG.

3. Purpose of data processing The collection of the user's e-mail address is used to deliver the newsletter. The newsletter is sent on the basis of the user's registration on the website: The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of storage The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active. The newsletter is sent on the basis of the user's registration on the website: The other personal data collected as part of the registration process are usually deleted after a period of seven days. As of May 2018

5. Possibility of objection and removal The subscription to the newsletter can be terminated by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

6. The newsletter is sent on the basis of the user's registration on the website: this also makes it possible to revoke the consent to the storage of the personal data collected during the registration process.

VII. Registration :

1. Description and scope of data processing On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process: At this point, the relevant data should be listed. At the time of registration, the following data will also be stored: The data must be listed accordingly at this point. Examples may include: (1) The user's IP address (2) Date and time of registration As part of the registration process, the user's consent to the processing of this data is obtained.

2. Legal basis for data processing: The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent. If the registration is for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR. As of May 2018

3. Purpose of data processing : Registration does not serve to conclude a contract with the user: Registration of the user is necessary for the provision of certain content and services on our website. The following is a more detailed description of the contents and services. Why is it necessary to identify the user in individual cases in order to keep them available? The purpose of registration is to conclude a contract with the user: Registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. The following is a more detailed description of the contract offered on the website. Why are the collected data required for these contracts? If the processing of the personal data of the contractual partner at the time of conclusion of the contract is required by law for the contracts offered by you, the respective standards from which the obligation arises must be mentioned.

4. Duration of storage: The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Registration does not serve to conclude a contract with the user: this is the case for the data collected during the registration process if the registration on our website is cancelled or modified. The purpose of registration is to conclude a contract with the user: This is the case during the registration process for the performance of a contract or for the implementation of pre-contractual measures when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations. As of May 2018

Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and the storage of data for tax purposes must be observed. It is not possible to determine which storage periods are to be observed in this context, but must be determined on a case-by-case basis for the contracts and contracting parties concluded in each case.

5. Possibility of objection and removal : As a user, you have the possibility to cancel the registration at any time. You can have the data stored about you changed at any time. The following is a more detailed description of how it is possible to delete the account and change data. The purpose of registration is to conclude a contract with the user: If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal obligations to the contrary.

VIII. Contact form and e-mail contact :

1. Description and scope of data processing: There is a contact form on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are: The following is a list of the data of the input mask At the time the message is sent, the following data is also stored: The following is a list of the data of the input mask At the time the message is sent, the following data is stored: The following is a list of the corresponding data. Examples may include: (1) The user's IP address (2) Date and time of registration For the processing of the data, your consent will be obtained as part of the sending process and reference will be made to this privacy policy. As of May 2018 Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.

2. Legal basis for data processing: The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing: The processing of the personal data from the input mask serves us solely for the purpose of processing the contact. In the case of contact by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage: The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and rectification: The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, as of May 2018, he can object to the storage of his personal data at any time. In such a case, the conversation cannot continue. This is followed by a description of how the revocation of consent and the objection to storage are made possible. In this case, all personal data stored in the course of contacting us will be deleted.

IX. Web analysis by Matomo (formerly PIWIK) :

1. Scope of the processing of personal data: On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data is stored: (1) Two bytes of the IP address of the user's accessing system (2) The website accessed (3) The website from which the user accessed the website (referrer) (4) The subpages that are accessed from the accessed website (5) The time spent on the website (6) The frequency of access to the website The software runs exclusively on the servers of our website. The personal data of the users is only stored there. The data will not be passed on to third parties. Note: In the absence of user consent, it is essential to have the "Automatically Anonymize Visitor IPs" feature enabled. This assumes that the IP address is truncated to 2 bytes. More information can be found here: https://matomo.org/docs/privacy/ . The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the abbreviated IP address to the accessing computer. As of May 2018

2. Legal basis for the processing of personal data: The legal basis for the processing of users' personal data is Article 6(1)(f) of the GDPR.

3. Purpose of data processing : The processing of users' personal data allows us to analyse the browsing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 (1) (f) GDPR. By anonymizing the IP address, the interest of users in their protection of personal data is sufficiently taken into account.

4. Duration of storage: The data will be deleted as soon as it is no longer needed for our record-keeping purposes. The exact time of deletion must be specified here. This can be set in the software (see: https://matomo.org/docs/privacy/). In our case, this is the case after xx.

5. Possibility of objection and deletion : Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. If the opt-out option is offered on the website: We offer our users the option of opting out of the analysis process on our website. To do this, you need to follow the corresponding link. In this way, another cookie is placed on your system, which signals our system not to store the user's data. If the user deletes the cookie corresponding to May 2018 from their own system in the meantime, they must set the opt-out cookie again. You can find more information about the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/. X. Rights of the data subject The following list includes all rights of data subjects under the GDPR. Rights that are not relevant to your own website do not have to be mentioned. In this respect, the list can be shortened. If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing exists, you may request the following information from the controller: (1) the purposes for which the personal data is processed; (2) the categories of personal data that are processed; (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; (4) the envisaged period for which the personal data concerning you will be stored or, if it is not possible to provide specific information on this, criteria for determining the storage period; (5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) all available information about the origin of the data, if the personal data is not collected from the data subject; As of May 2018, 21 (8), the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject. You have the right to request information as to whether your personal data is being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer. In the case of data processing for scientific, historical or statistical research purposes: This right of access may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

2. Right to rectification : You have a right to rectification and/or completion vis-à-vis the Data Controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay. In the case of data processing for scientific, historical or statistical research purposes: Your right to rectification may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

3. Right to restriction of processing: You may request the restriction of the processing of personal data concerning you under the following conditions: (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; As of May 2018 (2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead; (3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or (4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons. If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted. In the case of data processing for scientific, historical or statistical research purposes: Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Right to erasure : a) Obligation to erase You may request from the controller that the personal data concerning you be erased without undue delay, and the controller is obliged to erase such data without undue delay, provided that one of the following grounds applies: (1) The personal data concerning you are necessary for the purposes for which they were collected or otherwise processed:  no longer necessary. As of May 2018 (2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing. (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR. (4) Your personal data has been unlawfully processed. 5. The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR. b) Information to third parties If the controller has made the personal data concerning you public and is obliged to delete them pursuant to Article 17(1) of the GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process the personal data,  that you, as a data subject, have requested that they delete all links to such personal data or of copies or replications of such personal data. c) Exceptions The right to erasure does not apply to the extent that the processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; 3) for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR; As of May 2018 24 (4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or (5) to establish, exercise or defend legal claims.

5. Right to information: If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.  You have the right vis-à-vis the controller to be informed of these recipients.

6. Right to data portability: You have the right to receive the personal data concerning you that you have provided to the Data Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that (1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and (2) the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other persons must not be impaired by this. The right to data portability does not apply to the processing of personal data: necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. As of May 2018 

7. Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. Notwithstanding Directive 2002/58/EC, you have the possibility to exercise your right to object to the use of information society services by means of automated procedures using technical specifications. In the case of data processing for scientific, historical or statistical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR. Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes. As of May 2018

8. Right to revoke the declaration of consent under data protection law: You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

9. Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller; (2) is permitted by Union or Member State law to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or (3) with your explicit consent. However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the Controller shall take reasonable measures to safeguard the rights and freedoms and your legitimate interests, including, at a minimum, the right to obtain the intervention of a person on the part of the Controller, to express one's own point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. As of May 2018

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.