1. Our data protection declaration
Südwestdeutsche Salzwerke AG places a top priority on protecting your personal data. We therefore at all times treat your personal data confidentially and in compliance with applicable data protection regulations.
Our Internet site is principally usable without providing personal data. However, personal data may need to be processed if you - as a visitor to our website - wish to take advantage of certain services from our company over our website. We generally obtain the consent of the affected person if personal data needs to be processed and such processing is not governed by legal regulations.
Our data protection declaration gives you details about the nature, scope, and purpose of the the personal data we collect, use, and process. Our data protection declaration also states what rights an affected person is entitled to in connection with your personal data.
As the party responsible for processing, we have instituted a wide range of technical and organizational measures to ensure that the personal data processed by this website provides the highest possible protection. We nevertheless point out that Internet-based data transmission is categorically subject to security gaps, and that absolute protection is therefore not possible.
2. Terminology definitions
Our data protection declaration uses terminology that is also used in the General Data Protection Regulation (GDPR) (hereinafter called GDPR). The most important terminology is defined as follows for ease of reading and comprehension.
2.1 Personal data
Personal data is all information related to an identified or identifiable natural person (hereinafter called "affected person"). A natural person is deemed to be identifiable when said person can be identified directly or indirectly, in particular by their association with an identifier such as a name, an identification number, a location, an online identification number, or one or several special attributes that are an expression of the physical, psychological, genetic, mental, economic, cultural, or social identity of said natural person.
2.2 Affected person
An affected person is any identified or identifiable natural person whose personal data are processed by the party responsible for processing.
Processing is any transaction performed with or without the assistance of automated methods, or any such sequence of transactions in connection with personal data, such as collecting, entering, organizing or sorting, storing, revising or editing, reading, querying, using, disclosing by transmitting, distributing, or another form of provisioning, comparing, or linking, restricting, deleting, or destroying.
2.4 Restricted processing
Restricted processing is the act of flagging personal data with the objective of restricting its future processing.
Profiling is any form of automated processing of personal data. Automated processing is characterized by the fact that this personal data are used to evaluate certain personal aspects related to a natural person, in particular for the purpose of analyzing or predicting aspects related to work performance, economic situation, health, personal preferences, interests, reliability, conduct, location, or change of location of this natural person.
Anonymization is the processing of personal data in a manner by which the personal data can no longer be associated with a specific affected person without relying on additional information, provided this additional information is stored separately and governed by technical and organizational measures intended to ensure that the personal data are not assigned to an identified or identifiable natural person.
2.7 Responsible party or party responsible for processing
The responsible party or the party responsible for processing is the natural or legal person, authority, agency, or other entity that alone or jointly with others makes decisions about the purpose and methods for processing personal data. If the purpose and methods of this processing are mandated by European Union laws or by the laws of member states, the responsible party and/or the specific criteria for appointing the responsible party can be specified by European Union law or the laws of member states.
2.8 Contract processor
A contract processor is a natural or legal person, authority, agency, or other entity that processes personal data on behalf of the responsible party.
A recipient is a natural or legal person, authority, agency, or other entity to whom personal data are disclosed, irrespective of whether or not it is a third party. However authorities who may receive personal data under the scope of a specific investigative order pursuant to European Union law or the laws of the member states are not deemed to be recipients.
2.10 Third party
A third party is a natural or legal person, authority, agency, or other entity other than the affected person, the responsible party, the contract processor, and the persons authorized to process personal data under the immediate responsibility of the responsible party or the contract processor.
Consent is any informed and unmistakable declaration of will voluntarily made by the affected person for the specific case in the form of a declaration or another unmistakable confirming action by which the affected person intends to declare that he/she agrees with the processing of personal data related to them.
3. Name and address of the party responsible for processing
The responsible party as defined by GDPR, other privacy laws applicable in the member states of the European Union, and other legal regulations with privacy character is:
Südwestdeutsche Salzwerke AG
4. Contact data of the data protection representative
The data protection representative has the following mailing address:
Südwestdeutsche Salzwerke AG
Data Protection Representative
You can alternatively use the following email address for your inquiries:
5. How we protect your data
We place a top priority on protecting your personal data and implement appropriate technical and organizational measures to protect your data related to use of this website against unauthorized access, manipulation, destruction, and loss. The employed security measures are continuously improved commensurate at with technological progress.
For instance, communication through our website is protected by an HTTPS protocol (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be read by unauthorized persons. This is intended to protect the transmission of confidential content, such as purchase orders or inquiries you place with us as the website operator.
When service providers are integrated into the processing of services on our website, and these service providers are qualified as contract processors, we have stipulated these contract relationships in a contract processing agreement as defined by Article 28 GDPR in order to safeguard your personal data.
6. General data and information collected while using our website
Every time our website is downloaded, our website collects a range of general data and information that are stored in log files on the server. The collected information can include the used browser types and versions, the operating system employed by the user, the website from which an accessing system reaches our website (so-called referrers), the dependent webpages controlled by an accessing system on our website, the date and time of the access to our website, an Internet protocol address (IP address), the Internet service provider of the access exists. No conclusions are made about the affected person, e.g. about you as the website visitor, when these general data and this information are used. This information is required to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. All anonymous server log file data are stored separately from all other personal data provided by an affected person. The collection of data to provision the website and the storage of data and log files are mandatory for operating the website. The user therefore does not have an option to deny consent. The log file data are deleted as soon as these are no longer required for achieving the purpose of their collection. If the data are collected for provisioning the website, this is the case no later than after seven days.
7. Data under the scope of using a contact form offered by the website (or contact established by a corresponding online function)
For questions of any kind, we give you the option to contact us using a form provided on the website or based on a corresponding online function. This requires entering a valid email address, so that we know who originated the inquiry and in order to respond to the latter. Other mandatory entries required in the contact form are indicated with a star. Depending on the topic, the nature of the data, and whether or not you are already a customer, data are processed based on the contract with you, your consent, or your and/or our justified interest in investigating the matter pursuant to Art. 6 para. 1 sentence 1 a), b) and f) GDPR. If you use the contact form or another corresponding online function to establish contact for the purpose of a purchase order, inquiry, or reservation for individual offers or events, please also note the instructions under subsection 12 "Data under the scope of purchase orders in the ticket shop and inquiries and reservations for individual offers and events".
We will delete the data for the inquiry, provided we are not required by law to continue storing or archiving these. If these data continue to be needed to process outstanding inquiries, the data are deleted no earlier than after these inquiries are completed. Your personal data are not forwarded to third parties.
8. Links to other websites
Our websites can contain links to third-party websites and certain of our services may provide access to third-party services (e.g. social networks). We do not control how the websites and services of third parties process your personal data. We do not review the websites and services from third parties, and we are not responsible for such websites and third-party services or their data protection practices. Please read the data protection declaration of the websites and/or services of third parties that you access through our website or services. When our website integrates other services, you can find a related annotation in this data protection declaration.
9. Cookie declaration
See current settings
9.1 What are cookies?
Cookies are small text files that the web browser uses to store information about visited websites sent by the web server. This includes information about the site visit, such as duration, login data, user entries, etc.
These cookies are stored on your computer or mobile device when you visit a website. They require very little storage space and are automatically deleted when they expire. Certain cookies expire at the end of your Internet session, others are stored for a limited timeframe.
9.2. What type of cookies are there?
9.2.1 Mandatory cookies
These cookies are mandatory to guide you through the website or to give you access to certain functions that you requested.
9.2.2 Functionality cookies
These cookies improve the functionality of the website by storing your settings. For instance, these give you the option to store an existing shopping cart, to optimize the display of a website depending on the end-user device you use, or to store your shipping details for faster payment processing.
9.2.3 Performance cookies
These cookies help to improve the performance of the website and to give you a better user experience.
9.2.4 Cookies for managing Web statistics
Cookies are also used for instance to identify the frequency of use and the repeated visit of web pages. We use the Google Analytics analysis software for this purpose. Information about Google Analytics can be obtained in this data protection declaration under "Data Protection Regulation for Deploying and Using Google Analytics (with anonymization function)".
Targeting cookies, marketing cookies, and social media cookies collect your preferences to display relevant advertising to you on third-party webpages. The Social media cookies can also be used to track your activity on social media platforms.
If we use such services, you can find related information in this data protection declaration.
9.4 How you can manage cookies
You can adjust your browser settings to delete cookies or to prevent certain cookies from being stored on your computer or your mobile device without your consent. You should be able to find information about managing your cookie settings under "Help" in your browser. The following links will help you to find out how to make the proper settings in your browser:
Mozilla Firefox: http://support.mozilla.com/de-DE/kb/Cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Adobe (Flash Cookies): http://www.adobe.com/de/privacy/policies/flash-player.html
9.5. Currentness of the cookie declaration
Our cookie declaration can be modified from time to time, for instance to reflect changes made in the cookies we use, or when this is required for other operational or legal reasons. We therefore ask that you retrieve this cookie declaration regularly to remain up-to-date about our use.
10. Newsletters and informative notifications for advertising purposes (Opt-In)
If we send you newsletters or informative notifications for advertising purposes, we only do so with your prior consent based on the double opt-in procedure. This involves sending you an email with a registration link to the email address entered by you. You are only registered for receiving the newsletter or the informative notifications for advertising purposes after you have activated the link.
Our newsletters and informative notifications for advertising purposes contain an uncomplicated opt-out to stop receiving further notifications going forward, such as a link that you can use to deregister. You can typically find this link at the very bottom in the email newsletter or the e-notification for advertising purposes.
11. Your customer account
As the user of our website, you have the option to set up a customer account with us. This means registering with us as the party responsible for processing by entering personal data. What personal data are transmitted in this case is defined by the relevant data entry screen used for the registration. Individual fields are in certain cases arranged as mandatory fields. This is the case because we are unable to render the services associated with the registration without these details. The personal data entered by you is exclusively processed for the intended purpose. For instance, the customer account is used to process your purchase orders and all associated services. In order to process your purchase orders, we transmit the data to other businesses exclusively to properly fulfill the contract, and then only in the required scope. Information is as a result forwarded to package service providers, suppliers for payment services, and other service providers integrated into the application. The integrated service providers also exclusively use the personal data to process your purchase order, and then only based on our instructions. Your information is not forwarded to third parties without your express consent.
Please address any applicable affected party rights in connection with your customer account to the contact address: firstname.lastname@example.org
If you have general questions concerning data protection, please address these to the contact address listed under subsection 4 in this declaration.
12. Data under the scope of purchase orders in the ticket shop, along with inquiries and reservations for individual offers and events
Our website gives you the ability to purchase tickets for guided tours, events, and various group offers. We also provide the option to place inquiries or reservations for individual offers and events. This necessitates the entry of personal data in the required scope. What personal data are transmitted to us in this case is defined in the relevant data entry screen used for the relevant purchase order/inquiry/reservation. Individual fields are in certain cases arranged as mandatory fields. This is the case because we are unable to render the services associated with the purchase order without these details.
After the contract is processed in full, your information is locked out for further use and deleted after the archive periods mandated by tax and commercial laws have expired, unless you granted your express consent to the continued use of your information. For individual events or offers that are processed with the assistance of cooperation partners, it is necessary to forward your information to these cooperation partners in the required scope. The required data are in this case forwarded exclusively for the purpose of processing the contract. No information is forwarded to third parties. We will at all times treat your information confidentially. For the purpose of processing the payment transaction, we refer to Section 13 "Information under the scope of payment processing (credit card, Giropay, PayPal, Sofortüberweisung (immediate funds transfer))", which you will also find in this data protection declaration.
13. Data under the scope of payment processing (credit card, Giropay, PayPal, Sofortüberweisung (immediate funds transfer))
All information required for the purpose of processing payments are stored by the sole participating payment service provider exclusively for the purpose of processing the payment, and then only for this purpose.
Four payment methods (credit card, Giropay, PayPal, Sofortüberweisung (immediate funds transfer)) are offered for processing purchases for goods and services offered by this website. All payment methods are processed by the payment service provider WIRECARD. Depending on the payment method, payment-relevant information is entered there as required by the relevant payment services for the purpose of completing the payment transaction. For all payment methods, information is transmitted by using the Secure Socket Layer (SSL method) encryption with 256 bits. SSL is used worldwide by banks for online banking and corresponds to the currently highest security standard in the Internet. As soon as you have entered your payment information and press the confirmation button, your details are sent in encrypted format and are thus externally inaccessible. If you use PayPal to process the payment, the latter service is integrated through our payment service provider. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual personal or business accounts. PayPal also offers the option to process virtual payments with credit cards if a user does not maintain a PayPal account. A PayPal account is maintained through an email address, which is why there is no classic account number. PayPal offers the option to initiate online payments to third parties, and also to receive payments. PayPal also offers escrow functions and provides buyer protection services. The European operating entity for PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the affected person selects "PayPal" as the payment option during the purchase or transaction, information about the affected person are automatically transferred to PayPal. By selecting this payment option, the affected person consents to the transmission of personal data required to process the payment.
The personal data transmitted to PayPal generally includes first name, last name, address, email address, IP address, telephone number, mobile telephone number, or other information needed to process the payment. Processing the purchase agreement also necessitates such personal data required in connection with the relevant purchase order. Data are transmitted for the purpose of processing the payment and to prevent fraud. The party responsible for processing will transmit personal data to PayPal in particular when a justified interest is indicated for such a transmission. PayPal may in certain cases transmit the personal data exchanged between PayPal and the party responsible for processing to credit bureaus. This transmission is intended to verify the identity and to check credit.
In certain cases, PayPal may forward the personal data to corporate affiliates and service providers or subcontractors, provided this is required to fulfill the contractual obligation or the information is processed on a contract basis. At any time, the affected person has the option to recall consent from PayPal to handle personal data. A recall has no effect on personal data that must be processed, used, or transmitted for the (contractually compliant) payment processing.
The applicable data protection policies from PayPal are available for download under https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
If you use the Sofortüberweisung (immediate funds transfer) service to process the payment, the latter service is integrated through our payment service provider.
Sofortüberweisung is a payment service that facilitates cashless payment for products and services in the Internet. Sofortüberweisung represents a technical method by which the online retailer immediately receives the payment confirmation. This allows a retailer to ship goods, services, or downloads to a customer immediately after the purchase.
The operating entity for Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.
If the affected person selects Sofortüberweisung as the payment option during the purchase or transaction, data about the affected person are automatically transferred to Sofortüberweisung. By selecting this payment option, the affected person consents to the transmission of personal data required to process the payment.
When processing the purchase with Sofortüberweisung (immediate funds transfer), the buyer transmits the PIN and the TAN to Sofort GmbH. Following a technical check of the account balance and the download of additional data to verify sufficient account funds, Sofortüberweisung then processes an electronic funds transfer to the online retailer. The completion of the financial transaction is then automatically reported to the online retailer.
The personal data transmitted to Sofortüberweisung generally includes first name, last name, address, email address, IP address, telephone number, mobile telephone number, or other information needed to process the payment. Data are transmitted for the purpose of processing the payment and to prevent fraud. The party responsible for processing will transmit personal data to Sofortüberweisung in particular when a justified interest is indicated for such a transmission. Sofortüberweisung may in certain cases transmit the personal data exchanged between Sofortüberweisung and the party responsible for processing to credit bureaus. This transmission is intended to verify the identity and to check credit.
In certain cases, Sofortüberweisung may forward the personal data to corporate affiliates and service providers or subcontractors, provided this is required to fulfill the contractual obligation or the information is processed on a contract basis.
At any time, the affected person has the option to recall consent from Sofortüberweisung to handle personal data. A recall has no effect on personal data that must be processed, used, or transmitted for the (contractually compliant) payment processing.
The applicable data protection policies from Sofortüberweisung are available for download under https://www.paypal.com/de/webapps/mpp/ua/privacy-full
14. Deleting and blocking personal data
The party responsible for processing shall process and store personal data of the affected person only for the timeframe required for achieving the storage purpose, or to the extent this is mandated by laws or regulations issued by European guideline and directive legislators or by another legislator that the governs the party responsible for processing.
The personal data are blocked or deleted in accordance with statutory regulations if the storage purpose expires, or a storage period mandated by European guidelines and directives legislators or another competent legislator expires.
15. Legal framework for processing personal data
Art. 6 I letter a GDPR acts as the legal framework for our company for processing transactions for which we obtain consent for a certain processing purpose, for instance when a contact form integrated on the website is used.
Processing is based on Art. 6 I letter b GDPR when personal data needs to be processed to fulfill a contract whose contractual party is the affected person, as is for instance the case for processing transactions required for delivering goods or to render miscellaneous services or considerations. The same applies for any processing transactions required for completing pre-contractual measures, as is for instance the case for inquiries for our products or services.
Processing is based on Art. 6 I letter c GDPR if our company is governed by a legal obligation by which processing of personal data is required, such as is the case to fulfill tax obligations.
Processing transactions can furthermore be based on Art. 6 I letter f GDPR. This is the case when processing is required to protect the justified interests of our company or a third-party, provided the interests, fundamental rights, and fundamental freedoms of the affected person do not take priority. We are in particular authorized to perform such processing transactions because they are specifically mentioned by the European legislature. In this respect, the European legislature took the position that a justified interest could be assumed if the affected person is a customer of the responsible party or one of its contractors. (recital 47 sentence 2 GDPR) If processing of personal data is based on Article 6 I letter f GDPR, our justified interests are based on the completion of our business activities to the benefit of our shareholders, while observing the justified interests of the affected persons. When assessing these interests, the focus shall at all times be placed on an appropriate relationship between the affected person and us as the company.
16. Duration for which personal data are stored.
The criterion for the storage duration of personal data are statutory archiving periods that can be defined by tax or commercial laws and by other applicable legal regulations, that is to say always when these legal regulations can be applied to your personal data. The corresponding data are deleted when the period expires, provided the data are no longer required to fulfill the contract, to initiate the contract, or to maintain the business relationship. If no archiving periods apply and you give us your consent to store and use your personal data, the data are stored and used for the intended purpose for as long as is indicated under the scope of the consent, or until you recall your consent for use with future affect.
17. Statutory or contractual regulations to provide personal data; necessity for contract conclusion; affected person's obligation to supply the personal data; potential consequences for failure to supply
We are required to inform you that the supply of personal data is in certain cases mandated by law (e.g. tax regulations) or can also be defined in contractual provisions (e.g. information about the contractual partner). A contract conclusion may require an affected person to supply us with personal data that we then need to process. For instance, the affected person is required to supply us with personal data if our company concludes an agreement with the affected person. A failure to supply the personal data may have the consequence that the contract cannot be concluded with the affected person.
18. Data protection regulations for deploying and using Google Analytics (with anonymization function)
We have integrated the component Google Analytics (with anonymization function) into our website.
Google Analytics is a web analysis service. Web analysis is the process of storing, collecting, and analyzing data about visitor behavior on websites. Without limitation, a web analysis service collects data about from which webpage an affected person arrived at a webpage (so-called referrers), which dependent pages of a website where accessed and how often, and for what dwell time a dependent page was viewed. A web analysis service is predominantly used to optimize a website and for a cost/benefit analysis of Internet advertising.
The operating entity of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
As defined by data protection regulations for the web analysis service using Google Analytics, we have integrated the plug-in "_gat._anonymizeIp". Google uses this plug-in to truncate and anonymize the IP address of the Internet connection of the affected person if our webpages are accessed from a member state of the European Union or from another contract state of the accord for the European Economic Area.
The purpose of the Google Analytics component is to analyze the visitor volume on our website. Without limitation, Google uses the collected data and information to analyze the use of our website, to compile online reports for us that show the activities on our webpages, and to render other services in connection with the use of our website.
Google Analytics places a cookie on the IT systems of the affected person. What cookies are was already explained in our cookie declaration, which is an element of this data protection declaration. By placing the cookie, Google has the ability to analyze the use of our website. By downloading one of the individual pages of the website operated by the party responsible for processing and on which a Google Analytics component was integrated, the Internet browser on the IT system of the affected person is automatically commanded by the relevant Google Analytics component to transmit data to Google for the purpose of online analysis. Under the scope of this technical method, Google obtains knowledge of personal data, such as the IP address (anonymized) of the affected person, which Google users without limitation to trace the origin of visitors and clicks, and to then facilitate commission account statements.
Cookies are used to store personal data, such as the access time, the location from which an access originated, and the frequency of visits to our website by the affected person. Every time our webpages are visited, this personal data, including the IP address of the Internet connection used by the affected person are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may under certain circumstances forward personal data collected by the technical method to third parties.
Disabling web analysis by Google Analytics
As the visitor to our webpages, you can prevent the storage of cookies by Google Analytics with corresponding settings in your browser software; furthermore, a cookie already placed by Google Analytics can be deleted at any time with an Internet browser or other software. However, please note that in this case you may not be able to make full use of all functionality in this website.
You can also prevent the collection of data created by the cookie and your use of the website (incl. your IP address) by Google, and the processing of this data by Google by downloading and installing the browser plug-in available under the following link http://tools.google.com/dlpage/gaoptout?hl=de .
Additional information and the applicable data protection policies from Google can be downloaded under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in detail under this link https://www.google.com/intl/de_de/analytics/.
19. Data protection regulations for deploying and using Google AdWords
We have integrated Google AdWords into our website. Google AdWords is an Internet advertising service that gives advertisers permission to display advertising in search engine results generated by Google, as well as in the Google advertising network. Google AdWords gives an advertiser the ability to define pre-defined keywords by which an advert is displayed in the search engine results generated by Google only when the user downloads a keyword-relevant search result with the search engine. The Google advertising network allocates adverts based on an automated algorithm and by observing predefined keywords on theme-relevant websites.
The operating entity for the Google AdWords service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to evaluate our website by overlaying interest-relevant adverts on the websites of third-party businesses and in the search engine results of the Google search engine, and an overlay of third-party adverts on our website
If an affected person is directed to our website by a Google advert, Google places a so-called conversion cookie on the IT system of the affected person. What cookies are was already explained above. A conversion cookie expires after thirty days and is not used to identify the affected person. If the cookie has not yet expired, the conversion cookie creates traceability whether certain dependent pages – for instance the shopping cart from an online shop system – was downloaded on our website. The conversion cookie creates traceability for us and for Google as to whether an affected person directed to our website by an AdWords display generated a sale, e.g. completed or canceled a purchase.
Google uses the data and information collected by use of the conversion cookie to prepare visitor statistics for our website. We in turn use these visitor statistics to determine the total number of users directed to us by AdWords adverts, e.g. to determine the success or failure of the relevant AdWords advert and to optimize our AdWords adverts for the future. Neither our company nor other advertising customers of Google AdWords receive information from Google by which the affected person could be identified.
The conversion cookie is used to store personal data, for instance the websites visited by the affected person. Accordingly, every time our webpages are visited, personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the United States of America These personal data are stored by Google in the United States of America. Google may under certain circumstances forward personal data collected by the technical method to third parties.
As shown in the cookie declaration section of this data protection declaration, the affected person can at any time prevent the placement of cookies by our website with a corresponding setting of the employed Internet browser, and as a result permanently opt out from the cookie placement. Such a setting of the employed Internet browser would also prevent Google from placing a conversion cookie on the IT system of the affected person. Furthermore, a cookie already placed by Google AdWords can be deleted at any time with the Internet browser or other software.
The affected person also has the option to opt out from interest-related advertising by Google. For this purpose, the affected person must download the link www.google.de/settings/ads from each of its employed Internet browsers, and make the desired settings therein.
Additional information and the applicable data protection policies from Google can be downloaded under https://www.google.de/intl/de/policies/privacy/.
20. Use of social media buttons through "Shariff" (Facebook)
Our website uses the c't project "Shariff". It replaces the usual share buttons for social networks and thus protects the surfing behavior of our website users.
"Shariff" merely integrates the share buttons and/or social media plug-ins of social networks on our website as a graphic that contains a link to the corresponding social network. During your visit to our website, these buttons are disabled by default, e.g. they will send no data to the relevant social networks without your involvement. Before you can use these buttons, you will need to enable these with your click. The Shariff button then establishes a direct link between the social network and our visitors only when the user deliberately clicks on the share button. Only then are your data transmitted to the relevant social network. However, if the Shariff button is not clicked, no interchange is initiated between you and the social networks. Our website therefore respects the wishes of many website users: the website can be quickly and conveniently shared on social networks. For this purpose, we created the option with our social buttons to use these services – but by also protecting your privacy.
After the Shariff button is enabled, a direct link is established with the server of the relevant social network. The content of the button is then transmitted by the social networks directly to your browser and integrated by the latter into the website.
After a button is enabled, the relevant social network can already collect data irrespective of whether or not you interact with the button. If you are logged into a social network, the latter can associate your visit to this website with your user account. If you are a member on a social network and do not wish that the latter links the data collected during your visit to our website with your stored member data, you will need to log out from the relevant social network before enabling the button.
We have no control over the scope of information collected by the social networks with their buttons. The purpose and scope of the data collection and to the further processing and use of the information by the relevant social networks and user-related rights and setting options to protect your privacy can be found in the data protection policies of the relevant social networks.
The developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA. More information and the applicable data protection policies of GitHub can be downloaded under https://help.github.com/articles/github-privacy-policy/. You can find more information about the c't project "Shariff" https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html
Our website integrates the following social networks with "Shariff":
You can find the links to the data protection settings of the social services integrated through "Shariff" here:
21. Your rights as an affected person at a glance
Pursuant to GDPR regulations, an affected person has individual request rights that can be asserted in connection with your personal data. These define the right for information, correction, deletion, processing restrictions, ability to transfer data, as well as individual opt out rights, and a right to file a complaint with a supervising authority. The following gives you an overview over the individual rights, along with their deadlines.
21.1 Deadlines for so-called request rights pursuant to Art. 15 - 21 GDPR
As the responsible party, we will give the affected person a response on any requests pursuant to articles 15 - 21 GDPR by a deadline of one month after receipt. This deadline can be extended by an additional two months when this is required based on the complexity and the number of requests. In this case, we will inform you about invoking the deadline extension within one month after receiving your request. If the affected person places the request electronically, we will respond to you electronically whenever possible, unless you instructed otherwise.
21.2 Request channels
Any requests can be placed by standard mail or by email. You can find a contact address under subsection 4 in this declaration.
All requests pursuant to Art. 15-21 GDPR in connection with your customer account must be directed to: email@example.com
21.3 Right to information of the affected person pursuant to Article 15 GDPR
The affected person has the right to demand from the responsible party a confirmation as to whether personal data related to the affected person are being processed; if this is the case, the affected person has a right to information about this personal data and supporting information as described in Article 15 GDPR.
Please note that the responsible party can only provide information if no concerns exist about the identity of the affected person. The responsible party shall use all reasonable means to verify the identity of an affected person who requests information.
21.4 Right to correction pursuant to Art. 16 GDPR
An affected person has the right to demand that the responsible party immediately corrects any incorrect personal data related to the affected person. Based on the processing purpose, the affected person has the right to demand the completion of incomplete personal data – including by way of a supplemental declaration.
21.5 Right to deletion pursuant to Art. 17 GDPR
An affected person has the right to demand from the responsible party that personal data related to the affected person are deleted immediately, and that the responsible party is required to immediately delete personal data if the conditions as described in Article 17 GDPR are met.
21.6 Right to restricted processing pursuant to Art. 18 GDPR
The affected person has the right to demand from the responsible party the restricted processing when the conditions as described in Article 18 GDPR are met.
21.7 Right to data transmissibility pursuant to Art. 20 GDPR
An affected person has the right to receive the personal data related to the affected person that it supplied to a responsible party in a format described in Art. 20 GDPR or to have said data transmitted to another responsible party based on instructions from the affected person, provided the conditions as described in Article 20 GDPR are met.
21.8 Right to object pursuant to Art. 21 GDPR
An affect the person has the right for reasons resulting from its special situation to object at any time to the processing of personal data related to the affected person, where said personal data were collected based on Article 6 para. 1 letter e GDPR [data are processed under the scope of a task assigned to the responsible party in the public interest or for purposes of exercising public force] or Article 6 Abs. 1 letter f GDPR [data are processed on the basis of a justified interest of the responsible party or a third-party].
The responsible party shall in these cases refrain from processing the personal data, unless the responsible party can demonstrate mandatory protected reasons for processing that override the interests, rights, and freedoms of the affected person, or the processing serves to assert, exercise, or defend legal claims.
If the responsible party processes personal data to conduct direct advertising, the affected person has the right at any time to object to the processing of personal data related to the affected person for the purpose of such advertising; this also applies for profiling to the extent it is linked with such direct advertising.
21.9 Right to object pursuant to Article 13 para. 2 letter c GDPR
When the processing of personal data of an affected person is based on Article 6 para. 1 letter a GDPR [the affected person gave its consent to processing of personal data related to the affected person for one or several specific purposes] or Article 9 Abs. 2 letter a GDPR [the affected person gave its consent to processing of special categories of personal data related to the affected person for one or several specific purposes], the affected party has a right to recall the consent at any time without this affecting the lawfulness of the processing performed based on the consent until the recall.
Your recall can be declared by standard mail or by email. You can find the contact address under subsection 4 in this declaration.
All requests pursuant to Art. 15-21 GDPR in connection with your customer account must be directed to: firstname.lastname@example.org
22. Right to file a complaint with a supervising authority pursuant to Article 77 GDPR
Notwithstanding other administrative or court-based legal recourse, any affected person has the right to file a complaint with a supervising authority if the affected person is of the opinion that the processing of personal data related to the affected person violates the GDPR. For this purpose you can generally contact the supervising authority of your regular place of residence or work, or the company's registered offices.
A list of data protection representatives along with their contact information, together with the addresses of national and international supervising authorities can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
23. Currentness of this data protection declaration
Our data protection declaration may need to be revised for legal or technical reasons. We reserve the right to make corresponding revisions at any time, and therefore ask that you keep yourself informed about the latest revision in regular intervals in this data protection declaration.
Revision date: May 2018