Data privacy

Privacy policy:
Date: 05/2018 

We process users' personal data (hereinafter referred to as “data”) only if this is necessary for the provision of a functional and user-friendly website and of our content and services.

 “Processing” refers to collection, use, forwarding and/or storage. Under the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “personal data” refers to all data by means of which a natural person can be identified. The precise definitions of the terms are set out in Article 4 GDPR.

 The statements below inform you in particular of the nature, scope, purpose, duration and legal basis of the processing of personal data; we, alone or in conjunction with others, decide on the purposes and means of processing of said data, and on the components of third parties that may be used by us for optimisation and quality of use and process data under their own responsibility:

_________________________________________

 A) Information on the controller

B) Rights of the user

C) Information on data processing
_________________________________________

 

A) Information on the controller

The controller (hereinafter referred to as the “provider”) as defined by the GDPR and other national data protection legislation of the member states as well as other data protection regulations is:

Volmary Digital GmbH
Kaldenhofer Weg 70
D-48155 Münster

Tel.: +49 (0)251-270 70-100
Fax: +49 (0)251-270 70-270
E-mail: hobby@volmary.com

The data protection officer of the controller is:
Christian Westkemper
Kaldenhofer Weg 70
D-48155 Münster

Tel.: +49 (251) 27070 312
Fax.: +49 (251) 27070 112
E-mail: datenschutz@volmary.com


B) Rights of the user
With regard to the processing of their personal data carried out by the provider and described below, the user has the right,

1. to request confirmation of whether the data relating to them will be processed and to request precise information on these data as well as further information and copies of the data as per Article 15 GDPR;

2. to request immediate rectification of incorrect data concerning them or completion of said data as per Article 16 GDPR;

3. to request that the data relating to them are erased immediately as per Article 17 GDPR, or alternatively, for example if further processing as per Article 17(3) GDPR is required, to request restriction of processing of the data in accordance with Article 18 GDPR;

4. to receive the personal data concerning them which they have provided in accordance with Article 20 DSGVO, and to request that said data be transmitted to other controllers 

5. to lodge a complaint with the supervisory authority as per Article 77 GDPR if the user considers that processing of their data by the provider infringes the GDPR.

_________________________

6. In accordance with Article 21 GDPR, the user can object at any time to future processing of data concerning them that is performed by a controller on the basis of Article 6(1)(f) GDPR. In particular, the objection can be raised on account of processing for the purpose of direct marketing.

_________________________

 

7. The provider is additionally obliged to communicate any rectification or erasure of personal data or restriction of processing carried out on the basis of Article 16 GDPR, Article 17(1) GDPR and Article 18 GDPR to all data recipients to whom the provider has disclosed the data. This obligation does not apply in the event that this notification proves impossible or would involve a disproportionate effort. The user has the right to receive information on these recipients.

C) Information on data processing
If no detailed information is subsequently provided regarding the individual data processing operations, the user's data processed by the provider shall be deleted or blocked as soon as the storage purpose ceases to apply and no statutory storage obligations stand in the way of erasure.

 

Server data

For communication and security reasons, data such as those listed below are collected during the visit to the website and are sent by the user's web browser to the provider or the provider's web space provider (server log files):

- Browser type and version;
- Operating system used;
- Website from which the user switched to the provider's website (referrer URL);
- Website visited by the user;
- Date and time of access;
- The user's internet protocol (IP) address.

In addition, the data are stored temporarily. These data are not stored together with other personal data of user. The legal basis for temporary storage is Article 6(1)(f) GDPR on the basis of the legitimate interest in improving the stability, functioning and security of the website.

The data are deleted after no more than seven days. Data that has to be stored for longer for verification purposes are exempt from erasure until the respective matter is finally resolved.

 

Cookies

a) Session cookies/persistent cookies

The provider uses cookies on its website. Cookies are small text files or other storage technologies that the user's web browser deposits and stores on the terminal. These cookies process specific information of the user, such as browser and location data and IP address values, to an individual extent. 

Processing allows the provider to make its website more user-friendly, effective and secure. For instance, if applicable, processing of session cookies enables reproduction of the content in different languages or use of a shopping-basket function.

Persistent cookies allow the website to recognise the user via their browser on a regular visit to the website. 

If personal data is processed by these cookies for the purpose of contract initiation or contract execution, the legal basis for processing is Article 6(1)(b) GDPR.

If processing is not intended for contract initiation or contract execution, processing serves the provider's legitimate interest in improving the functioning of the website and is based on the legal basis of Article 6(1)(f) GDPR.

The session cookies are erased when the user closes their browser. The persistent cookies are automatically erased after a period stipulated by the provider. This period differs depending on the cookie, but shall not exceed one year.

 

b) Cookies from third-party providers

If applicable, cookies from third-party providers are also used on the website. These third-party providers are partner companies with which the provider collaborates for the purpose of marketing, analysis or the functions of the website. If this is the case, the purposes and legal bases of the corresponding processing operations are listed in the subsequent statements. 

 

c) Possibility of rectification

The user can prevent or restrict installation of the cookies by configuring their browser accordingly. Cookies that have already been stored can also be erased at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by corresponding configuration of Flash Player.  If the user prevents or restricts installation of cookies, this may mean that some functions of the website are no longer fully usable.

 

Contact requests

If the user makes contact with the provider via contact form or e-mail, the user's personal data entered in this instance shall be used for processing of the request. The data content is essential to a response to the request; only a partial response or no response at all is possible without provision of the data.

If the contact request serves the purpose of fulfilling a contract or implementing precontractual measures, the legal basis is Article 6(1)(b) GDPR. 

The user's data shall be erased if the user's request has been definitively answered and no statutory storage obligations stand in the way of this, e.g. in the event of subsequent contract execution. 

Consent from the user can also be a legal basis as per Article 6(1)(a) GDPR. In the context of the contact form, if applicable, the user's consent to the aforementioned processing shall be obtained and this privacy policy shall be referred to.

The user can withdraw granted consent for the contact request at any time under Article 7(3) GDPR by notifying the provider. The data processed in connection with this shall be erased as soon as processing thereof is no longer required.

 

Newsletter

If the user registers for the provider's free newsletter, the data requested in the input screen (e-mail address and, optionally, name and address) shall be sent to the provider. In addition, the IP address and the date and time of registration shall be stored. The user's consent shall be obtained in the registration process and the content shall be precisely transcribed. At the same time, this privacy policy shall be referred to. The data thus collected shall be used solely for the newsletter subscription. There shall be no forwarding to third parties.

The legal basis is Article 6(1)(a) GDPR. The user can withdraw consent relating to this for the future at any time under Article 7(3) GDPR by notifying the provider or via the 'unsubscribe' link contained in the newsletter.

Google Analytics

This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.

Google is certified under the EU-US Privacy Shield, thus ensuring that data processing in the USA complies with EU data processing requirements.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google Analytics enables the provider to analyse use of the website. The legal basis here is Article 6(1)(f) GDPR. The legitimate interest of the provider consists of analysis, optimisation and commercial operation of the website.

Information such as the time, location and frequency of the user's visits to the web pages, including the user's IP address, is transmitted to a Google server in the USA and stored there.

The provider uses Google Analytics with an anonymisation function here. By means of this additional feature, in this case, the IP address is abbreviated by Google within European Union member states or in other contracting states of the Agreement on the European Economic Area.

Google shall use the data gathered in this way to evaluate the user's visit to the website and to compile reports on website activities for the provider. In addition, the data shall be used in order to perform further services associated with website use and internet use. Google may also transmit this information to third parties if this is legally prescribed or if third parties process these data on Google's behalf.

Google itself has stated that it shall never connect the user's IP address with other Google data. Further information, particularly regarding the opportunities for preventing data use, is available from Google via the following link:

https://www.google.com/intl/de/policies/privacy/partners

In addition, Google offers a deactivation add-on for the most common browsers, giving the user greater control over what data Google gathers regarding the website accessed by the user. The add-on notifies the JavaScript (ga.js) of Google Analytics that no information on the website visit is to be transmitted to Google Analytics. However, the deactivation add-on for browsers from Google Analytics does not prevent information from being sent to the provider or to other web analysis services that may be used by the provider and are listed in this privacy policy. Further information on installation of the browser add-on can be accessed via the following link:

Browser add-on for deactivation of Google Analytics

Alternatively, future analysis of site visits by Google Analytics can be deactivated by clicking on the following link. Clicking on the link deposits an opt-out cookie that results in analysis of visits to the provider's website being prevented in future:

Activate opt-out cookie for Google Analytics

Please note: if the user erases the cookies in their browser settings, the opt-out cookie is usually also erased and must be activated again by the user.

Matomo (formerly PIWIK)

This website uses the software package “Matomo” as a web analysis service. “Matomo” is an open-source software and processes the following visitor information on the provider's server:

  • User's IP address;
  • Accessed website;
  • Website from which the user switched to the provider's website (referrer URL);
  • Website visited by the user;
  • Time spent on the website;
  • Frequency of access to the website:

To gather these data, the software deposits a cookie on the user's terminal. The cookie is stored for a week.

The legal basis here is Article 6(1)(f) GDPR. The legitimate interest of the provider consists of analysis and optimisation of the website.

The provider uses the software with the additional feature “Automatically Anonymize Visitor IPs”. As a result of this, the user's IP address is reduced by two bytes so that it is no longer possible to associate the IP address with the user.

If the user does not consent to this processing, it is possible to prevent installation of the cookies by configuring the browser the accordingly. Further details can be found above in the “Cookies” section.

In addition, the user can end analysis by way of the opt-out:

Clicking on the link causes a cookie to be deposited on the user's terminal, preventing future storage of the analysis.

Please note: if the user erases the cookies in their browser settings, the opt-out cookie is usually also erased and must be activated again by the user.

Facebook social plug-in

The plug-in of the social network Facebook.com is used on this website. Facebook is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and is operated within the EU by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, both hereinafter referred to as “Facebook”.

Facebook is certified under the EU-US Privacy Shield, thus ensuring that data processing in the USA complies with EU data processing requirements. 

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

The legal basis here is Article 6(1)(f) GDPR. The legitimate interest of the provider consists of quality of use of the website.

The possible Facebook plug-ins and their functions can be viewed below:

https://developers.facebook.com/docs/plugins/

The website is equipped with a plug-in of this kind, and each time the website is accessed, this plug-in causes the user's browser to download a corresponding version of the plug-in from Facebook in the USA. It is technically essential here that Facebook processes the user's IP address, and the date, time and the page visited by the user are also recorded.

If the user accesses the provider's website while the user is logged into Facebook, Facebook recognises the user's specific visit on the basis of the information gathered by the plug-in and associates this information with the user's personal Facebook account if applicable.

If the user interacts via the Facebook “Like” button, for example, this information is stored in the user's personal Facebook account and published if applicable.

If the user wishes to prevent Facebook from directly associating the gathered information with their user account, the user must either log out of Facebook before visiting the website or block loading of the Facebook plug-in on the site by using an add-on.

Further information on gathering and use of the data by Facebook and on the related rights and possibilities regarding protection of the user's privacy can be found in Facebook's privacy policy:

https://www.facebook.com/policy.php 

 

Google+ social plug-in

The plug-in of the social network Google+ is used on this website. Google+  is a service of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.

Google is certified under the EU-US Privacy Shield, thus ensuring that data processing in the USA complies with EU data processing requirements. 

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The legal basis here is Article 6(1)(f) GDPR. The legitimate interest of the provider consists of improving the quality of use of the website.

The possible Google plug-ins and their functions can be viewed below:

https://developers.google.com/+/web/ 

The website is equipped with a plug-in of this kind, and each time the website is accessed, this component causes the user's browser to download a corresponding version of the plug-in from Google in the USA. It is technically essential here that Google processes the user's IP address, and the date, time and the site visited by the user are also recorded.

If the user accesses the provider's website while the user is logged into Google, Google recognises the user's specific visit on the basis of the information gathered by the plug-in and associates this information with the user's personal Google account if applicable.

If the user interacts via the Google “Share” button, for example, this information is stored in the user's personal Google account and published if applicable.

If the user wishes to prevent Google from directly associating the gathered information with their user account, the user must log out of Google before visiting the website. It is also possible to configure the user account accordingly.

Further information on gathering and use of the data by Google and on the related rights and possibilities regarding protection of the user's privacy can be found in Google's privacy policy:

https://policies.google.com/privacy

 

Twitter social plug-in

The plug-in of the social network Twitter is used on this website. Twitter is a service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereinafter referred to as “Twitter”.

Twitter is certified under the EU-US Privacy Shield, thus ensuring that data processing in the USA complies with EU data processing requirements. 

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

The legal basis here is Article 6(1)(f) GDPR. The legitimate interest of the provider consists of improving the quality of use of the website.

The website is equipped with a plug-in of this kind, and each time the website is accessed, this component causes the user's browser to download a corresponding version of the plug-in from Twitter in the USA. It is technically essential here that Twitter processes the user's IP address, and the date, time and the site visited by the user are also recorded.

If the user interacts via the Twitter “Tweet” button, for example, this information is stored in the user's personal Twitter account and published if applicable.

If the user wishes to prevent Twitter from directly associating the gathered information with their user account, the user must log out of Twitter before visiting the website. It is also possible to configure the user account accordingly.

Further information on gathering and use of the data by Twitter and on the related rights and possibilities regarding protection of the user's privacy can be found in Twitter's privacy policy:

https://twitter.com/privacy.