Privacy protection policy according to the GDPR
Name and address of the data controller
Painhofener Strasse 11
82279 Eching am Ammersee
Phone: +49 (0) 81 43 / 92 04-0
is the data controller as defined in the EU General Data Protection Regulation (GDPR) and the national data privacy laws.
Name and address of the data protection officer
General information about data processing
1. The extent to which personal data is processed
We collect and use the personal data of users of our homepage only to the extent that this is necessary for keeping our website, contents and services functioning properly.
Basically, we collect and use our users’ personal data only after they give their consent. An exception to this principle applies in cases where processing the data by statutory provisions is permitted or when obtaining prior consent for actual reasons is not possible.
2. Legal basis for processing personal data
- Art. 6 Section 1 S. 1 lit. a GDPR upon obtaining the consent of the data subject.
- Art. 6 Section 1 S. 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
- Art. 6 Section 1 S. 1 lit. c GDPR for processing required to fulfill a legal obligation.
- Art. 6 Section 1 S. 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
- Art. 6 Section 1 S. 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest. In order to be able to base the processing of personal data on a legitimate interest, an assessment is carried out in each case in consultation with the data protection officer for each relevant process, whereby the following three conditions must be met:
1) The controller or a third party has a legitimate interest in the processing of the personal data.
2) The processing is necessary to safeguard the legitimate interest.
3) The interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not override.
3. Data erasure and storage duration
The personal data of users will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Additional storage may be provided for by European or national legislators through EU regulations, laws or other regulations to which the data controller is subject. Blocking or deleting the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for additional storage of the data for concluding a contract or fulfilling the contract.
Use of our website, general information
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the user′s computer system. The following information is collected:
- Information about the browser type and version used
- The user′s operating system
- The user′s Internet service provider
- The user′s IP address
- Date and time of access
- Websites the user′s system accesses to get to our website
- Websites that the user′s system invokes by accessing our website
The described data are stored in the log files of our system. This data is not stored together with any other personal user data.
2. Purpose and legal basis for data processing
Our system must temporarily store user IP addresses to allow us to deliver our website to the user′s computer. To do this, the user′s IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. This data is not evaluated for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 Section 1 S. 1 lit. f GDPR.
Collecting your personal data to ensure our web presence and storing this data in log files is essential for operating our website. A contradictory possibility of the user therefore does not exist.
3. Duration of storage
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your data will be deleted when the session ends if your data has been collected to ensure the site′s availability.
If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, whereby in this case, the IP addresses of the users are deleted or alienated. This means that it is then no longer possible to assign the client who has accessed our website.
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user‘s terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the German Telecommunications and Telemedia Data Protection Act (TTDSG).
Please note that the legal basis for the processing of the personal data collected in this context then results from GDPR (Art. 6 section 1 sentence 1 GDPR). The relevant legal basis for the processing of personal data in a specific case can be found below the respective cookie or the respective processing itself.
The primary legal basis for the storage of information in the end user's terminal equipment – consequently in particular for the storage of cookies – is your consent, section 25 (1) sentence 1 TTDSG. Consent is given when visiting our website, although this consent is of course not mandatory, and can be revoked at any time in the cookie settings.
Pursuant to section 25 (2) sentence 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service, in order to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exemption of section 25 (2) TTDSG and thus do not require consent.
The legal basis for the processing of personal data using cookies results from Art. 6 Section 1 Sentence 1 lit. f GDPR. The purpose of the use of technically necessary cookies is to simplify the use of our website.
The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 Section 1 Sentence 1 lit. a GDPR if the user has consented to this.
You can view and adjust your cookie settings using the button at the bottom left of your browser window.
Cookie consent with Cookiehub
Our website uses cookie consent technology by Cookiehub to obtain your consent to store certain cookies in your browser and to document this consent in a data protection compliant manner. The provider of this technology is the company CookieHub ehf, Hafnargata 18, 230 Reykjanesbær, Iceland (hereinafter referred to as Cookiehub).
When you enter our website, a cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This stores the following information:
- Choices made and consents,
- Do-not-track preferences made
- random key to track consent.
The cookie with the corresponding data is stored for one year, unless other browser settings are stored. Mandatory legal retention periods remain unaffected. Details on Cookiehub's data processing can be found at https://www.cookiehub.com/legal/privacy-policy.
Your rights/rights of the data subject
According to the EU General Data Protection Regulation, as an affected party you have the following rights:
1. Right to receive information
You have the right to receive information from us as the data controller as to whether and which personal data concerning you are being processed by us, as well as further information in accordance with the legal requirements under Art. 13, 14 GDPR.
You can assert your right to information at .
2. Right to rectification
If we process your personal data incorrectly or in an incomplete manner, then you have a right for it to be corrected/completed. The correction will be made immediately.
3. Right to restriction
You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).
4. Right to delete
If the reasons set out in Art. 17 GDPR apply, you may request that the personal data relating to you be deleted without delay.
We would like to point out that the right to delete does not apply if the processing is necessary for one of the exceptional circumstances listed in Art. 17 Section 3 GDPR.
5. Right to information
If you have asserted the right to rectify, delete or restrict the processing, we are obligated to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients.
6. Right to data portability
You also have the right under the GDPR to obtain the personal data relating to you that has been provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another data controller.
7. Right to revoke the declaration of consent to data protection
You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.
8. Right to objection
Furthermore, for reasons based on your particular situation, you have the right at any time to file an objection to the processing of personal data relating to you, as it is defined in Art. 6 Section 1 Sentence 1 lit. e or f GDPR.
9. Automated decision on an individual basis, including profiling
Under the EU General Data Protection Regulation, you remain entitled not to be subjected to a decision based solely on automated processing – including profiling – which would have legal effect or would affect you in a similar manner.
10. Right to complain to a supervisory authority
Finally, if you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.
Data transfer outside the EU
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services.
We only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognised determination by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognised special contractual obligations, the so-called “standard data protection clauses”.
You will find a contact form on our homepage that you can use to contact us electronically. The data entered into the input mask are transmitted to us and stored. These data include:
- Name of the company,
- Your first and last name,
- Your e-mail-address,
- Your message to us,
and on a voluntary base:
- Your website,
- Your address and your country
- Your phonenumber
- and, in order to deliver a better reply to your request, if you are printer or specialized dealer.
The following data is also stored once the message has been sent:
- Date and time of contact
It is also possible to contact us via our provided email address. In this case, the user′s personal data transmitted by email will be stored.
A transfer of your data to third parties will not take place in this context; this data will be used exclusively for processing the communication record.
The legal basis for the processing of the contact request and its handling is regularly Art. 6 Section 1 Sentence 1 lit. b GDPR.
If further personal data are processed during the sending process, then they serve only to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Regarding the personal data from the input form on the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
We use the “Friendly Captcha” tool on our website. This is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee (Germany).
The tool is used to prevent automated and abusive requests by so-called “bots”.
As part of this process, your IP address is captured by Friendly Captcha in order to send a cryptographic task to your terminal device. This task is solved in the background and once solved, a confirmation is sent by Friendly Captcha to the server that this is a natural person.
Friendly Captcha processes and stores the following data in the above process:
- Anonymised IP address of the requesting computer,
- Information about the browser used as well as the operating system,
- Anonymised counter per IP address to control the cryptographic tasks,
- Website from which the access took place (so-called referer URL).
The data is used to protect against bots.
The legal basis for the processing is the legitimate interest within the meaning of Art. 6 Section 1 Sentence 1 lit. f GDPR to prevent abusive access or spam attacks by bots.
If personal data is processed when Friendly Captcha is used, it is deleted after 30 days. More information on data protection is available at: https://friendlycaptcha.com/de/privacy/.
Google Tag Manager
If we have obtained your consent, the legal basis for the use of Google Tag Manager is Art. 6 Section 1 Sentence 1 lit a GDPR. Otherwise, the legal basis for the use of the technically necessary cookie results from our legitimate interest according to Art. 6 Section 1 Sentence 1 lit. f GDPR.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. („Google”). Google Analytics uses so-called „cookies”, text files that are stored on your computer and that allow to analyse how you use the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and is stored there.
In the event that IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and Internet usage to the website operator.
The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google. You can prevent the storage of cookies by enabling a corresponding setting in your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout.
his website uses Google Analytics with the extension „_anonymizeIp()”. As a result, IP addresses are processed shortened so that they cannot be related to any one particular person. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded, and the personal data will be deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. We use the statistics to improve our offer and make it more interesting for you as a user. The legal basis for using Google Analytics is is your consent in accordance with Art. 6 Section 1 Sentence 1 lit. a GDPR.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/gb.html, Opt-Out: https://adssettings.google.com/authenticated.
1. Social Media Platforms
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Opt-Out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Deutschland
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
2. Social media presence
We maintain fan pages within various social networks and platforms for communicating with customers, prospects and users who are active there and for informing them about our services.
We would like to point out that your personal data may be processed outside the European Union, which may pose risks to you (e. g. in enforcing your rights under European/German law).
These users′ data are usually processed for market research and advertising purposes. Thus, for example, user profiles are created based on the user′s behavior and interests. These usage profiles can in turn be used to do such things as place advertisements inside and outside the platforms that are allegedly in line with users′ interests. For these purposes, cookies are usually stored on the user’s computer where the user′s behavior and the user′s interests are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices that the users use (this is especially true if the users are members of the respective platforms and are logged in to them).
Processing personal user data is based on our legitimate interests in an effective user information and communication with users in accordance with Art. 6 Section 1 Sentence 1 lit. f. GDPR. The legal basis for processing user info is Art. 6 Section 1 Sentence 1 lit. a. GDPR, and this entails the respective providers asking users to consent to data processing (that is, that they declare their agreement, for example, by ticking a check box or clicking on a button to confirm).
Additional information about processing your personal data as well as your revocation options can be found under the links for the respective providers listed above. The assertion of information and further rights of the data subjects can likewise take place opposite the offerers, who then have only the direct access to the data of the users and have appropriate information. Of course, we are available for questions and support if you need help.
A supplementary agreement is concluded with some social media platforms when operating a fan page. According to this agreement, data subject rights can usually be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of insights data lies with the social media platform, and it fulfils all obligations under the GDPR with regard to the processing of insights data. In this context, the social media platform provides the essence of the page insights supplement to the data subjects.
We, as the operator of the fan page, do not make any decisions regarding the processing of insights data and all other information resulting from Art. 13 GDPR, such as the legal basis, the identity of the controller and the storage period of cookies on user devices.
3. Integrating with YouTube videos
We have included YouTube videos in our online offering; they are stored on https://www.YouTube.com and are directly playable from our website. These are all included in the „extended privacy mode”, meaning that no data about you as a user will be transferred to YouTube if you are not playing the videos. The data mentioned in Section 2 will be transmitted only if you play the videos. We have no influence on this data transfer.
By visiting the website, YouTube receives information that you have accessed the corresponding sub-page of our website. This happens regardless whether YouTube provides a user account that you are logged in to, or if there is no user account.
YouTube is a company of Google LLC. When you're logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or custom designing its website. This type of an evaluation is carried out (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting to you as a user.
The legal basis for the use of YouTube is our legitimate interest pursuant to Art. 6 Section 1 Sentence 1 lit. f, which is to provide our users with the most extensive and appealing user experience possible.
Click the link below to receive additional information about your rights and setting options for protecting your privacy: https://policies.google.com/privacy.
We use the OpenStreetMap (OSM) mapping service. The provider is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.
The legal basis for the use of OpenStreetMap is our legitimate interest according to Art. 6 Section 1 Sentence 1 lit. f GDPR, which is to provide our users with the most extensive and appealing user experience possible.