KVN Betriebsgesellschaft mbH
Management: Michael Niedermann
Email : firstname.lastname@example.org
Homepage : http://www.concept-living-munich.de
Types of processed data:
- Basic data (e.g.names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Usage data (e.g. visited web sites, contents of interest, access times).
- Meta-/communication data (z.B., device information, IP-addresses).
Categories of affected persons
Visitors and users of the online offer (affected persons are hereinafter summarised as “users”)
Categories of recipients
- Registration office (in terms of the Registration Act)
- Fiscal authority
- Consultants (tax advisors / auditors)
- Payment service providers
- Fees offices
Purpose of processing
- Provision of the online offer, its functions and contents.
- Replying to contact requests and communication with users.
- Security measures
- Reach assessment/marketing
- Fulfilment of legal requirements
”Person-specific data” are all data that refer to identified or identifiable natural persons (hereinunder “affected person”); a natural person that can be directly or indirectly identified by means of assignation to an identifier such as a name, an identification number, location data, to an online identification (e.g. cookie), or to one or several particulars that are expressions of the physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” means any operation, or series of operations, that is carried out with or without the help of automated procedures in connection with person-specific data. The term is comprehensive and includes virtually any handling of data.
Any natural or legal person, authority, establishment or other institution that can, alone or in conjunction with others, decide upon the purposes and means of processing of person-specific data is referred to “person responsible”.
Relevant legal bases
In terms of art. 13 GDPR, we inform you of the legal bases of our data processing. Inasmuch as the legal basis is not identified in the privacy statement, the following applies: The legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 DGPR; the legal basis for processing serving the provision of our services and performance of contractual measures, as well as replying to requests is art. 6 para. 1 lit. b GDPR, the legal basis for processing serving compliance with legal requirements is art. 6 para. 1 lit. c GDPR, and the legal basis for processing serving the safeguarding of our legitimate interests is art. 6 para. 1 lit. f GDPR. In case vital interests of the affected person or another natural person require processing of person-specific data, art. 6 para. 1 lit. d GDPR serves as legal basis.
Collaboration with contract processors and third parties
If we reveal data to other persons or companies (contract processors or third parties) in the course of processing, transmit, or otherwise grant them access to this data, this only occurs on the basis of legal permission (e.g. if transmission of data to third parties such as payment service providers is required for contract performance according to art. 6 para. 1 lit. b DGPR, you have given your consent, a legal obligation provides for it, or on the basis of our legitimate interests (e.g. when deploying agents, web hosts, etc.).
If we instruct third parties to process data on the basis of a so-called “order data processing agreement”, this happens on the basis of art. 28 GDPR.
Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA), or if we do so in the course of the availment of third party services or in the course of disclosure or transfer of data to third persons, this only occurs if it is necessitated by our (pre)contractual obligations, on the basis of your consent, on the basis of a statutory requirement, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process, or instruct to be processed, data in a third country under the specific conditions outlined in art. 44 ff. DGPR. This means that processing occurs e.g. on the basis of special guarantees, such as the officially recognised assessment of a data protection level in conformity with the EU (e.g. by the “Privacy Shield” for the USA), or compliance with officially recognised contractual obligations ( so-called “standard contractual clauses”).
Rights of the affected persons
You are entitled to request confirmation whether the relevant data are processed, as well as information about this data, and other information and copies of the data pursuant to art. 15 GDPR.
According to art. 16 GDPR, you are entitled to request the completion or correction of data concerning your person.
In terms of art. 17 GDPR, you are entitled to demand the immediate deletion of relevant data, or, alternatively, in terms of art. 18 GDPR, to request a limitation of data processing.
In terms of art. 20 GDPR, you are entitled to request data relating to your person that you have provided to us and to request transfer thereof to other responsible persons;
According to art. 77 GDPR, you are furthermore entitled lo lodge an appeal with the competent authorities.
In order to exercise your rights, you can contact us under the following email address: email@example.com
Right of cancellation
According to art. 7 para. 3 GDPR, you are entitled to revoke given consent for the future.
Right to object
According to art. 21 GDPR, you can at any time object to future processing of your personal data. The user can specifically object to having their data processed for the purposes of direct marketing.
Cookies and right to object in case of direct marketing
Small files that are saved on users’ computers are known as “cookies”. Various data can be saved within cookies. A cookie primarily serves the purpose of saving data concerning the user (or the computer on which the cookie is saved) during and possibly after his visit to the online offering. Cookies that are deleted after a user leaves an online offering and shuts his browser are known as temporary cookies, “session cookies” or “transient cookies”. Such a cookie may contain data such as the content of a shopping cart in an online shop, or a login status. Cookies that remain saved after shutting the browser are known as “permanent” or “persistent” cookies. Particulars such as the login status can thus be saved when users revisit them after several days. User interests that are used for reach assessment or marketing purposes can equally be saved in such a cookie. “third party cookies” are cookies that are offered by provider other than the responsible person who operates the online offer (the responsible person’s own cookies are known as “first party cookies”)
If users do not wish for cookies to be saved on their computers, we ask them to activate the appropriate option in their browser’s system preferences. You can delete stored cookies using your browser’s system preferences at any time. The exclusion of cookies can lead to function limitations in this online offering.
A general objection against the use of online marketing related cookies can be lodged for a multitude of services, especially in case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the blocking of cookies can be achieved by disabling them in the browser’s settings. Please note that the functionality of this online offering is limited in this case.
Deletion of data
According to legal requirements in Germany, the retention period is 6 years according to § 257 para. 1 of the Commercial Code (trading books, inventories, opening balances, annual accounts, commercial letters, accounting records, etc.), as well as 10 years according to § 147 para. 1 of the Fiscal Code (accounts, records, reports, accounting records, commercial- and business letters, documents relevant for taxation, etc.).
Purpose, type and extent of processing
In case of general requests that are addressed to us via email or contact form, the relevant person-specific data is only saved fo the purpose of the correspondence at hand. No additional processing is carried out.
Person-specific data, such as name, address, telephone number or email address is not captured, unless you provide such information voluntarily, e.g. for dealing with enquiries, processing of bookings in case of comments, when registering for the newsletter, or for enquiries via the contact form. Voluntarily submitted data is only used for the intended purpose.
In addition, we process - Contract data (e.g. subject matter of the contract, duration, customer category). - Payment data (e.g. bank details, payment history) from our customers, interested parties and business partners, for the purpose of contract performance, services and customer care, marketing, advertising and market research,
Hosting services used by us serve the provision of the following services: Infrastructure- and platform services, computing capacity, data storage, databank services, security services, as well as technical maintenance that we deploy for the operation of this online offering.
In doing so, we, or our hosting service provider, process basic data, contact data, content data contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offering on the basis of our legitimate interest in an efficient and secure provision of this online offering according to art. 6 para. 1 lit. f GDPR in conjunction with art. 28 GDPR (conclusion of order data processing agreement)
Collection of login data and logfiles
On the basis of art. 6 para. 1 lit. f GDPR, we, or our hosting service provider, collect data regarding every access to the server that contains this service (so-called server logfiles). Access data include the name of the website visited, the file accessed, the date and time of the visit, the volume of data transferred, notification of a successful visit, the browser type and version, the user’s operating system, the referring URL (previously visited site), the IP address and the querying provider.
The data contained in the logfiles is used for statistical purposes only. An identification of the user does not take place - unless it is legally required. For security reasons (e.g. for the investigation of improper or fraudulent use), logfile information is stored for a duration of no more than 7 days, then deleted. Data which must be stored for purposes of documentation is excluded from deletion until the event in question is fully clarified.
Administration, financial accounting, office organisation, contact administration
We process data within the framework of administrative tasks, and organisation of our operations, financial accounting and compliance with statutory requirements, such as archiving. In so doing, we process the same data as in the course of provision of our contractual services. The basis for processing are art. 6 para. 1 lit.c. GDPR, art. 6 para. 1 lit. f GDPR. Customers, interested parties, business partners and site visitors are concerned by processing. The purpose of, and our interest in processing is in the administration, financial accounting, office organisation and archiving of data, thus tasks that serve the maintenance of our business activities, performance of our functions and performance of our services. Deletion of data with a view to contractual services and contractual communication correspond to the statements made in these contractual activities.
We thereby disclose or transfer data to fiscal authorities, consultants, such as tax advisors or auditors, as well as fees offices and payment service providers.
Furthermore, on the basis of our business interests, we store information regarding suppliers, organisers and other business partners, e.g. for later contact. Such predominantly company-related data is usually stored permanently.
Business analysis and market research
In order to operate our business efficiently and recognise market trends, customer- and user requirements, we analyse data regarding business transactions, contracts, enquiries, etc. In so doing, we process basic data, communication data, contract data, payment data and metadata on the basis of art. 6 para. 1 lit. f. GDPR, whereas affected persons include customers, business partners, visitors and users of the online offering.
Analyses are carried out for the purposes of business analysis, marketing and market research. We can thereby take into account user profiles with information regarding for example their purchase transactions. Analyses serve to improve user friendliness, optimise our offering, and business efficiency. We are the sole users of such analyses and they will not be disclosed externally, unless they are anonymous analyses with summarised values.
If such analyses or profiles are person-specific, they are deleted or anonymised at the time of user termination, otherwise deleted after two years from contract conclusion. Apart from that, general business analyses and trend assessments are compiled on an anonymous basis whenever possible.
When contact is made with us (e.g. via contact form, email, telephone or social media), user data is processed for the processing and implementation of the enquiry according to art. 6 para. 1 lit. b) GDPR. User information can be stored in a customer relationship management system (“CRM system”) or similar enquiry organisation.
We delete the information once it is no longer required. We review necessity every two years; in addition, legal archiving obligations apply.
Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our behalf, Google will use this information to evaluate use of our online offering by users, to collate reports on activities within this online offering and to provide us with further services related to the use of this online offering and internet use. Pseudonymous user profiles of users can thereby be generated from processed data.
We only use Google Analytics with activated IP anonymisation. This means that your IP address will be abbreviated by Google within the member states of the European Union or in other countries that have signed the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and abbreviated there.
The IP address transmitted by your browser will not be merged with any other Google data. Users can prevent the storage of cookies by using the corresponding setting of their browser software; users can furthermore prevent the collation of cookie-generated data relating to the use of the online offering by Google if they download and install the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on the way Google uses data, settings and the possibilities of objection on the Google websites:https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use our partners’ websites or apps“), http://www.google.com/policies/technologies/ads („Dat a usage for advertising purposes“), http://www.google.de/settings/ads („manage information used by Google to display advertising to you“).
Online presence in social media
Inclusion of services and content from third parties
On the basis of our legitimate interests (i.e. interest in analysis, optimisation and efficient operation of our online offering in terms of art. 6 para. 1 lit. f. GDPR), we use third party content- or service offerings in order to include their contents and services, such as videos or fonts (hereinunder “contents”).
This always takes for granted that third party providers for these contents detect users’ IP address, because they cannot send contents to their browser without the IP address. This means the IP address is needed to display the content in question. We make every attempt to use only the type of content where the supplier only uses the IP address to deliver the content. Third party providers can furthermore use so-called pixel tags (invisible graphics, also known as “web beacons” for statistical or marketing purposes. Through these “pixel tags”, information such as visitor traffic on the pages of this website can be processed. Pseudonymous information can furthermore be stored in cookies on the users’ device and may contain technical information on the browser and operating system, referring websites, visiting time, as well as additional information regarding the use of our online offering, and merged with such information form other sources.
Our site contains links to external websites and we have no influence over the content of these sites. For this reason, we cannot accept liability for such third-party content. The contents of third party websites that are linked here do not reflect the opinion of the website operator, but merely serve informational purposes, and the illustration of contexts. The respective provider or operator of any linked site is always individually responsible for its content. Linked pages were checked for possible legal violations at the time of linking. Illegal content was not evident at that time. However, any permanent control of the content of linked pages is unreasonable without any substantial evidence of a violation. We will immediately remove any links of this type upon being notified of such violations.
Supplemented and adjusted by the website owner.