Data protection declaration / duty to provide information according to §5 TMG & Art. 13/14 GDPR
Introduction: For us, Claasen Communication GmbH, the protection of personal data is much more than just compliance with legal requirements. We are therefore very pleased about your interest in how we handle personal data. We always process personal data such as a person’s name, address, e-mail address, or phone number in accordance with applicable privacy law. With this privacy notice, we would like to inform everyone about the nature, scope, and purpose of the personal data that we collect, use, and process. Furthermore, we would like to explain to the persons concerned the rights to which they are entitled. Claasen Communication GmbH has implemented numerous technical and organizational measures to ensure that the personal data processed via this Web site is protected as comprehensively as possible. Despite the care we take, Internet-based data transmission is vulnerable to security flaws and, consequently, absolute protection can never be guaranteed. For this reason, you of course have the option of transmitting your personal data by alternative means, for example, by telephone or post.
Name and Address of the Entity Responsible
Claasen Communication GmbH Maria Greiner Ralph Steffen Breslauer Strasse 10 64342 Seeheim-Jugenheim Germany Tel.: +49(0)6257 68781 Fax: +49(0)6257 68382 www.claasen.de You can contact our Privacy Officer by sending a letter to the above-mentioned company address with the addition – Privacy Officer – or by email at: email@example.com
Purposes and Legal Grounds for Processing Data – When Visiting Our Web Site in General
Should you use our Web site purely for informational purposes, not register yourself, or convey information to us in some other way (e.g. by e-mail), we will only collect the data that your browser transfers to our server (“server log files”). This data is processed in accordance with GDPR art. 6(1)(f) on the basis of our legitimate interest in improving the stability and functionality of our Web site. This data is not used in any other way and in no way shared with third parties. However, we do reserve the right to analyze log files at a later date if there are reasons to suspect unlawful usage.
Purposes and Legal Grounds for Processing Data – Contact Form
When you contact us (e.g. using our contact form or by e-mail), we collect personal data. This data is stored and used exclusively for the purposes of answering your inquiry and for the associated technological administration. Our legitimate interest in responding to your inquiry forms the legal grounds for processing this data, in accordance with GDPR art. 6(1)(f). If you contact us for the purpose of entering into a contract, there are additional legal grounds for processing provided in GDPR art. 6(1)(b). Your data will be erased once your inquiry has been conclusively resolved. This is the case if it can be assumed that the relevant matter has been completely resolved and if there are no statutory retention periods barring us from erasing the data.
Purposes and Legal Grounds for Processing Data – Comment Function
When using the comment function on this Web site, details about the time you wrote the comment and the user name you have selected will be stored and published on the Web site alongside the comment. Furthermore, your IP address will also be recorded and stored. We store your IP address for security reasons and in case a comment that is left violates third-party rights or leads to illicit content being posted. The legal grounds for storing your data are provided in GDPR art. 6(1)(b) and (f). We reserve the right to delete comments if third parties contend that they are unlawful or harmful.
Recipients or Categories of Recipients
Facebook, LinkedIn, Xing, Instagram und Pinterest. More details can be found below.
Transfer to Non-EU/EEA Country
Facebook, LinkedIn, Instagram und Pinterest. More details can be found below.
The controller processes and stores the data subject’s personal data only for the period of time required to achieve the purpose for which it is stored or only if the controller is required to store data on account of legislation or regulations that are passed by European Union legislators and regulators, or other legislators, and the controller is subject to this legislation or these regulations. Should there no longer be any reason to store the data or if a retention period prescribed by a European Union directive or regulation or by other relevant law expires, the personal data will be restricted from processing or deleted as a matter of routine and in accordance with statutory regulations.
Notice of Right to Object When Consent Is Selected as Legal Grounds
You have the right at any time to withdraw any consent given to the processing of your data. If you withdraw your consent, we will immediately delete the data concerned, provided there are no other legal grounds to support further processing. If you withdraw your consent, it will not affect the legality of the processing operations conducted until the time of the withdrawal.
Right to Complain to Data Protection Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, GDPR art. 77 provides you the option of filing a complaint with the Privacy Officer named above or with a supervisory authority for data protection. The supervisory authority with jurisdiction over us is: Der Hessische Datenschutzbeauftragte Postfach 3163 65021 Wiesbaden Germany
Notice About Profiling and Scoring
Profiling and scoring does not take place.
Rights of the person concerned
a) Right of confirmation Each person concerned shall have the right, granted by the European directive and regulation provider, to require the controller to be informed of the processing of personal data relating to him or her. If a person concerned wishes to avail himself of this right of confirmation, she may at any time contact an employee of the controller. b) Right to information Any person concerned by the processing of personal data shall have the right granted by the European directive and regulation giver, at any time by the controller, free of charge information on the person’s stored Personal data and a copy of this information. In addition, the European directive and regulation donor has granted information on the following information to the person concerned:
- The processing purposes
- The categories of personal data that are processed
- The recipients or categories of recipients to whom the personal data has been disclosed or is still disclosed, in particular to recipients in third countries or to international organisations
- If possible, the planned duration for which the personal data is stored, or, if this is not possible, the criteria for determining this duration
- The existence of a right to rectify or delete the personal data relating to it or to restrict the processing by the person responsible or a right of objection against such processing
- The existence of a right of appeal by a supervisory authority
- If the personal data are not collected from the data subject: All available information on the origin of the information
- The existence of automated decision-making, including profiling in accordance with article 22 (1) and (4) of the GDPR and, at least in such cases, meaningful information on the logic involved and the scope and impact of a Such processing for the person concerned
- In addition, the data subject is entitled to a right of access to information on whether personal information has been transmitted to a third country or to an international organisation. Where this is the case, the person concerned shall also be entitled to obtain information on the appropriate guarantees in connection with the transfer.
If a data subject wishes to avail himself of this right of access, she can at any time contact an employee of the controller.
c) Right to rectification
Any person affected by the processing of personal data shall have the right granted by the European directive and regulation provider to require the immediate rectification of any incorrect personal data relating to them. In addition, the person concerned shall be entitled, taking into account the purposes of processing, to require the completion of incomplete personal data, including by means of a supplementary declaration. If a person concerned wishes to avail himself of this right of rectification, she may at any time contact an employee of the controller.
d) Right to deletion (right to be forgotten)
Any person concerned by the processing of personal data shall have the right granted by the European directive and regulation giver to require the controller to delete the personal data relating to him without delay, provided that for one of the following reasons and to the extent that the processing is not required:
- The personal data were collected for such purposes or processed in any other way for which they are no longer necessary.
- The person concerned shall revoke the consent to which the processing was based in accordance with article 6 (1) (a) of the GDPR or article 9 (2) (a) of the GDPR, and there is no other legal basis for processing.
- The person concerned shall, in accordance with article 21 (1) of the GDPR, object to the processing and there are no priority reasons for the processing, or the person concerned shall object to the processing in accordance with article 21 (2) of the GDPR.
- The personal data has been processed in an unlawful form.
- The deletion of personal data is necessary for the fulfilment of a legal obligation under union law or the law of the Member States to which the person responsible is subject.
- The personal data were collected in relation to the information society services provided in accordance with article 8 (1) of the GDPR.
If one of the above reasons applies and an affected person wishes to initiate the deletion of personal data stored by Claasen Communication GmbH, it may at any time contact an employee of the controller Apply. The employee of Claasen Communication GmbH will make sure that the request for deletion is immediately fulfilled. If the personal data were made public by Claasen Communication GmbH and if our company is obligated as the person responsible under article 17 (1) GDPR for the deletion of personal data, Claasen Communication GmbH shall, taking into account the available Technology and the implementation costs appropriate measures, including technical means, to inform other data controllers who process the published personal data that the person concerned has requested the deletion of all links to this personal data or of copies or replicas of such personal data, insofar as the processing is not required. The employee of Claasen Communication GmbH will arrange the necessary in individual cases.
e) Right to limitation of processing
Any person concerned by the processing of personal data shall have the right granted by the European directive and regulation giver to require the controller to restrict the processing if one of the following conditions is met:
- The correctness of the personal data is disputed by the person concerned, for a period of time, which enables the controller to verify the accuracy of the personal data.
- The processing is unlawful, the person concerned rejects the deletion of the personal data and instead demands the restriction of the use of the personal data.
- The person responsible no longer needs the personal data for the purposes of the processing, but the individual needs it for the assertion, exercise or defence of legal claims.
- The person concerned has appealed against the processing in accordance with article 21 (1) of the GDPR and it is not yet determined whether the legitimate reasons of the person responsible outweigh those of the data subject.
If one of the above conditions is given and an affected person wants to demand the restriction of personal data stored at Claasen Communication GmbH, it can at any time contact an employee of the controller. The employee of Claasen Communication GmbH will arrange for the restriction of the processing.
f) Right to data transferability
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. It shall also have the right to transmit such data to another person responsible without hindrance by the person responsible for providing the personal data, provided that the processing is based on the consent provided for in article 6 (1) (a) of the GDPR or Article 9 (2) (a) (a) of the GDPR or a contract pursuant to article 6 (1) (b) of the GDPR and the processing is carried out using automated procedures, provided that processing is not necessary for the performance of a task which is in the public interest or in the exercise of public authority which has been transferred to the person responsible. Furthermore, in exercising its right to transfer data in accordance with article 20 (1) of the GDPR, the person concerned shall have the right to obtain that the personal data are transmitted directly by one person responsible to another person responsible, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons. In order to assert the right to transfer data, the person concerned may at any time contact an employee of the controller.
g) Right to objection
Any person concerned by the processing of personal data shall have the right, for reasons arising out of its particular situation, to be subject to the processing of any personal information which the European directive and regulation Data which is made on the basis of article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions. Claasen Communication GmbH no longer processes the personal data in the event of opposition, unless we can prove compelling reasons for the processing that outweigh the interests, rights and freedoms of the person concerned, or the Processing is for the assertion, exercise or defence of legal claims. If Claasen Communication GmbH processes personal data in order to operate direct advertising, the person concerned shall have the right at any time to object to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it is related to such direct advertising. If the data subject conflicts with Claasen Communication GmbH for the purposes of direct marketing, Claasen Communication GmbH will no longer process the personal information for these purposes. In addition, the person concerned shall have the right, for reasons arising from their particular situation, against the processing of personal data relating to them, which may be obtained from Claasen Communication GmbH for scientific or historical research purposes or for statistical Pursuant to article 89 (1) of the GDPR, shall be subject to opposition, unless such processing is necessary to fulfil a public interest task. In order to exercise the right of opposition, the person concerned may directly contact any employee of Claasen Communication GmbH or another employee. The person concerned is also free to exercise its right of objection in connection with the use of information society services, irrespective of Directive 2002/58/EC, by means of automated procedures in which technical specifications be used.
Data Protection Provisions for the Use of Facebook
The controller has integrated components from Facebook, Inc. into this Web site. Facebook is a social network. A social network is a social meeting place and online community run on the Internet that usually enables users to communicate with each other and interact in a virtual setting. A social network can be used as a platform to exchange opinions and experiences or it enables the online community to provide personal or commercial information. Facebook enables the social network’s users to do things such as create private profiles, upload photos, and network with each other through friend requests. The company operating Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. The entity controlling the processing of data, if the data subject is not resident in the United States or Canada, is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Every time the data subject visits our Web site and for the entire length of time he or she spends on our Web site, Facebook will identify the specific sub-site on our Web site that the data subject visits if he or she is simultaneously logged in to Facebook. This information is collected by the Facebook component and matched with the data subject’s Facebook account by Facebook. If the data subject clicks on one of the Facebook buttons integrated into our Web site, for example the “Like” button, or if the data subject leaves a comment, Facebook will match this information with the data subject’s personal Facebook account and store this personal data. The Facebook component always informs Facebook of the data subject visiting our Web site if the data subject is simultaneously logged in to Facebook at the time of visiting our Web site, irrespective of whether the data subject clicks on the Facebook component. If the data subject does not want this information to be transferred to Facebook in the described manner, he or she can prevent it being transferred by logging out of his or her Facebook account before visiting our Web site. The Data Policy published by Facebook, available at https://facebook.com/about/privacy/, provides information about Facebook’s collection, processing, and usage of personal data. Furthermore, it explains the settings that Facebook offers to protect the privacy of data subjects. Additionally, there are various applications available that make it possible to stop data from being transferred to Facebook. Data subjects can use these applications to prevent data from being transferred to Facebook.
Data Protection Provisions for the Use of LinkedIn
Data Protection Provisions for the Use of Xing
On this website, the controller has integrated components of XING. XING is an Internet-based social network that enables users to connect with existing business contacts and to create new business contacts. The individual users can create a personal profile of themselves at XING. Companies may, e.g. create company profiles or publish jobs on XING. The operating company of XING is XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany. If the data subject is logged in at the same time on XING, XING detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the XING component and associated with the respective XING account of the data subject. If the data subject clicks on the XING button integrated on our Internet site, e.g. the “Share”-button, then XING assigns this information to the personal XING user account of the data subject and stores the personal data. XING receives information via the XING component that the data subject has visited our website, provided that the data subject is logged in at XING at the time of the call to our website. This occurs regardless of whether the person clicks on the XING component or not. If such a transmission of information to XING is not desirable for the data subject, then he or she can prevent this by logging off from their XING account before a call-up to our website is made. The data protection provisions published by XING, which is available under https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by XING. In addition, XING has published privacy notices for the XING share button under https://www.xing.com/app/share?op=data_protection.
Data Protection Provisions for the Use of Instagram
The controller has integrated components from Instagram into this Web site. Instagram is a service that can be qualified as an audiovisual platform that allows users to share photos and videos and to redistribute such data on other social networks. The company operating Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject. If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data. Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made. Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
Data Protection Provisions for the Use of Pinterest
The controller has integrated components of the company Pinterest on this website. Pinterest is a social network. A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences or enables the Internet community to provide personal or business-related information. Pinterest allows users of the social network to create private profiles, upload photos and network, among other things. The operating company of Pinterest in Europe is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2 in Ireland. For users in the USA, Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA is responsible. If the data subject is logged into Pinterest at the same time, Pinterest recognizes which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Pinterest component and assigned by Pinterest to the respective Pinterest account of the data subject. If the data subject activates a Pinterest button integrated on our website, Pinterest assigns this information to the personal Pinterest user account of the data subject and stores this personal data. Pinterest always receives information via the Pinterest component that the data subject has visited our website if the data subject is logged into Pinterest at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Pinterest component or not. If the data subject does not want this information to be transmitted to Pinterest, he or she can prevent the transmission by logging out of his or her Pinterest account before accessing our website. Pinterest uses log data, cookies, device information, and clickstream data and inferences. Pinterest’s published data policy provides information about Pinterest’s collection, processing and use of personal data. It can be viewed at https://policy.pinterest.com/de/privacy-policy.