I. Name and Contact Details of the Controller responsible for Processing
Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:
Schloss Helmsdorf OHG
represented by Mrs. Angelika Flemisch and Mr. Tobias Flemisch
Schloss Helmsdorf 1
88090 Immenstaad am Bodensee
II. Collection and Processing of Personal Data as well as Type and Purpose of Use
- Personal data is any information referring to an identified or identifiable natural person. These include apart from the classic data such as name, address, telephone number or e-mail address also the IP addresses.
- We collect and process personal data generally only insofar as this is required for hosting of a functional website as well as of our contents and services (contract initiation and contract conclusion). The legal basis in this case is Art. 6 subsection 1 first sentence lit. b General Data Protection Regulation (GDPR).
- Moreover, we collect and process personal data insofar as the data subject has given its consent. The legal basis is in this case Art. 6 subsection 1 first sentence lit. a GDPR.
- Insofar as processing of personal data is required for compliance with a legal obligation to which our company is subject, Art. 6 subsection 1 first sentence c GDPR is the legal basis for it.
- In the event that vital interests of the data subject or of another natural person require processing of personal data, Art. 6 subsection 1 first sentence lit. d GDPR is the legal basis.
- If processing is required for safeguarding a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 subsection 1 first sentence lit. f GDPR is the legal basis for processing.
III. Use of the Website and Creation of Log Files
When accessing our website, information are automatically sent to the server of our website by the browser used on your terminal device. The following information is gathered in the process without any action on your part, and stored up to automatic erasure which occurs upon termination of the respective session:
- IP address of the requesting terminal device,
- date and time of access,
- browsers used including version used and, where appropriate, the operating system of your terminal device,
- previously visited website from which access to our website occurs,
- subsequent website which is accessed via our website by the system of the user,
- name of your access provider.
The log files do not contain any IP addresses or other data permitting reference to a user. The data are likewise stored in the log files of our system. IP addresses of the user or other data permitting reference of the data to a user are not affected. Storage of these data together with other personal data of the user does not occur.
The legal basis for this data processing is Art. 6 subsection 1 first sentence lit. f GDPR.
Temporary storage of the IP address by the system is required in order to permit delivery of the website to the computer of the user. For this purpose, the IP address of the user must be stored during duration of the session.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 subsection 1 first sentence lit. f GDPR.
The data will be erased when they are no longer required for achievement of the purpose of their collection. In the event of collection of the data for hosting of the website this is the case when the respective session has been terminated.
Collection of the data for hosting of the website and storage of the data in log files is essential for operating the internet page. Consequently, the user has no right to object here.
Our website is using cookies. Cookies are text files stored in the internet browser and/or by the internet browser on the computer system of the user. When a user accesses a website, a cookie can be stored in the operating system of the user. This cookie contains a typical character string permitting clear identification of the browser when the website is accessed again.
We are using cookies in order to make our websites more user-friendly. Some elements of our internet page require that the accessing browser can be identified even after switching to another site. In the cookies it is stored which language setting is stored in the browser, and if the information banner has been approved.
The users’ data collected in this way are pseudonymised by technical provisions. Therefore, reference of the data to the accessing user is no longer possible. The data are not stored together with other personal data of the users.
The legal basis for processing of personal data by using technically necessary cookies is Art. 6 subsection 1 first sentence lit. f GDPR.
The legal basis for processing of personal data by using cookies for analysis purposes is Art. 6 subsection 1 first sentence lit. a GDPR, when the respective consent of the user exists.
The use of the analysis cookies occurs for the purpose of improving the quality of our website and its contents. By the analysis cookies we learn as to how the website is used and thus can constantly optimise our offer.
These purposes also constitute our legitimate interest in processing of the personal data pursuant to Art. 6 subsection 1 first sentence lit. f GDPR.
For an appealing and uniform presentation of fonts we use so-called web fonts on our website which are provided by Monotype GmbH. When accessing a site, the browser of a user is loading the required web fonts into your browser cache in order to display correctly text and fonts. Therefore, it is transmitted to the server in an anonymised manner which of our internet pages you have visited. Use of the web fonts occurs in the interest of a uniform and appealing presentation of our online offer. This constitutes a legitimate interest within the meaning of Art. 6 subsection 1 first sentence lit. f GDPR. If your browser does not support web fonts, a standard font of your computer is used.
VI. Analysis Tools
For the purpose of an appropriate design and continuous optimisation of our webpages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/en/about/). In this context, pseudonymised user profiles are created and cookies (see under IV.) are used. The information created by the cookie on your use of this website such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server request,
are transmitted to a Google server in the US and stored there. The information is used in order to analyse the use of the website, to compile reports on the website activities, and in order to provide further services associated with website and internet use for market research purposes and for an appropriate design of these internet pages. Also, this information is transmitted to third parties, where applicable, if this is prescribed by law or if third parties are processing these data as processors. Your IP address is by no means combined with other Google data. The IP addresses are anonymised so that no reference is possible (IP masking).
You can prevent the installation of cookies by a corresponding setting in the browser software. But we point out that in this case, you may not be able to use all website features to their fullest extent.
Moreover, you can prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) as well as processing of these data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
Alternatively to the browser add-on, in particular for browsers on mobile terminal devices, you can also prevent collection by Google Analytics by clicking on this link. An Opt-out-Cookie is set which prevents future collection of your data when visiting this website. The Opt-out-Cookie is only valid in this browser and only for our website and will be placed on your device. If you erase the cookies in this browser, you must set the Opt-out-Cookie again.
For further information on data protection associated with Google Analytics see, for example, in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en.
Our website uses Google Maps API in order to visually present geographic information. Google Maps is a map service of Google Inc. When using Google Maps, Google is also collecting, processing and using data on the use of map functions by visitors of the websites. For use of the functions of Google Maps it is necessary to store your IP address. This information is usually transmitted to Google servers and stored there. The use of Google Maps occurs in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 subsection 1 first sentence lit. f GDPR. For more detailed information on the data processing by Google, see the Google Privacy Notice. Also, in the privacy center you can modify your settings so that you can manage and protect your data.
We offer to you the establishment of contact by the e-mail address provided. In that case, the personal data of the user transmitted by the e-mail are stored.
The data are not forwarded to third parties in this context. The data are exclusively used for processing of the conversation.
The legal basis for processing of the data, which are transmitted with the scope of sending of an e-mail, is Art. 6 subsection 1 first sentence lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, Art. 6 subsection 1 first sentence lit. b GDPR is the additional legal basis for the processing.
In the case of contacting by e-mail, this also constitutes the required legitimate interest in processing of the data.
The data are erased when they are no longer required for achieving the purpose of their collection. This is the case when the respective conversation with the user is terminated. The conversation is terminated when it can be taken from the circumstances that the respective state of affairs has finally been clarified.
The user can object to storage of his or her personal data at any time. In that case, the conversation cannot be continued.
Objection can be made to the address mentioned under I. The user selects the medium of communication.
All personal data, which have been stored within the scope of contacting, will be erased in that case.
IX. Rights of the Data Subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Rights of Access
You have the right to obtain from the controller confirmation as to whether personal data relating to you are being processed by us.
If such a processing exists, you can demand disclosure of the following information from the controller:
a. the purposes of the processing of personal data;
b. the categories of personal data which are processed;
c. the recipients and/or categories of recipients to whom the personal data relating to you have been or will be disclosed;
d. the envisaged period of storage of the personal data relating to you or, if specific information cannot be given, the criteria used to determine the period of storage;
e. the existence of a right to rectification or erasure of personal data relating to you, a right of restriction of processing by the controller or a right to object such processing;
f. the right to lodge a complaint with a supervisory authority;
g. any available information on the origin of data, where the personal data are not collected from the data subject;
h. the existence of automated decision-making, including profiling pursuant to Article 22 subsection 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to be informed as to whether the personal data relating to you are transferred to a third country or to an international organisation. In this context you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to Rectification
You shall have the right vis-à-vis the controller to rectification and/or completion, if the processed personal data relating to you are inaccurate or incomplete. The controller must carry out the rectification without undue delay.
3. Right to Restriction of Processing
Under the following prerequisites, you have the right to restriction of processing of the personal data relating to you:
a. if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
b. processing is unlawful and you oppose the erasure and request the restriction of use of the personal data instead;
c. the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
d. if you have objected to processing pursuant to Art. 21 subsection 1 GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data relating to you has been restricted, such data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted pursuant to the above mentioned prerequisites, you will be informed by the controller before the restriction is lifted.
4. Right to Erasure
a. Obligation to erase
You can request from the controller that the personal data relating to you are erased without undue delay and the controller has the obligation to erase these data without undue delay where one of the following grounds applies:
(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based pursuant to Art. 6 subsection 1 first sentence lit. a GDPR or Art. 9 subsection 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 subsection 1 GDPR and there are no overriding legitimate grounds for processing or you object to the processing pursuant to Art. 21 subsection 2 GDPR.
(4) The personal data relating to you have been unlawfully processed.
(5) Erasure of the personal data relating to you must occur for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data relating to you have been collected in relation to the offer of information society services pursuant to Art. 8 subsection 1 GDPR.
b. Information to Third Patries
Where the controller has made public the personal data relating to you and is obliged pursuant to Art. 17 subsection 1 GDPR to erase them, taking account of available technology and the cost of implementation, he or she shall take reasonable steps, including technical measures, to inform controllers, who are processing the personal data, that you as the data subject have requested the erasure by them of any links to, or copy or replication of, those personal data.
The right to erase does not exist to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 subsection 2 lit. h and i GDPR and Art. 9 subsection 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 subsection 1 GDPR in so far as the right referred to in paragraph 1) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.
5. Right to Notification
If you have established the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate any rectification or erasure of the data or restriction of processing to each recipient to whom the personal data relating to you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about those recipients.
6. Right to Data Portability
You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where:
a. the processing is based on consent pursuant to Art. 6 subsection 1 first sentence lit. a GDPR or Art. 9 subsection 2 lit. a or on a contract pursuant to Art. 6 subsection 1 first sentence lit. b GDPR, and
b. the processing is carried out by automated means.
Moreover, in exercising this right you shall have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected as a result.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you, which is based on Art. 6 subsection 1 first sentence lit. e or f GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data relating to you, unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights and freedoms or processing serves the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data relating to you for such marketing which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
You can exercise your right to object in connection with the use of information society services, irrespective of Directive 2002/58 EC, by means of automated means where technical specifications are used.
If you want to exercise your right to object, an e-mail to firstname.lastname@example.org is sufficient.
X. Erasure of Data and Duration of Storage
- The personal data of the data subject are erased or blocked when the purpose of storage ceases to exist.
- Moreover, storage can occur, where it has been provided by the European or national legislator in regulations, laws or other provision of Union law to which the controller is subject.
- Blockingor erasure of the data occurs also, where a storage period prescribed by the rules mentioned expires, unless a necessity for further storage of the data exists for a contract conclusion or contract performance.
XI. Data Security
In order to protect your data against accidental or deliberate manipulation, partial or total loss, destruction or against unauthorised third party access, we use appropriate technical and organisational safety measures. Our safety measures are improved on a continuous basis in accordance with technological development.
XII. Up-to-Dateness and Modification of the present Data Protection Declaration
The present data protection declaration is currently valid as of May 2018.
To enable or disable cookies.
If you do not know the type and version of the web browser you use to access the Internet, click on ‘Help’ at the top of your browser window, then click ‘About’. The relevant information you require will then be shown.
Internet Explorer and Edge
Click on the three points at the upper margin and then click on “More actions.” Then click on “Settings”, “Extended Settings” and then on “Show extended Settings”. After that click on the register “Privacy and clients” and choose the required option.
Microsoft Internet Explorer 9.0, 10.0 und 11.0
Click on the ‚Tools‘ option at the top of your browser window and select ‚Internet options‘, then click on the ‚Privacy‘ tab. Ensure that your Privacy level is set to Medium or below, which will then enable cookies in your browser. Settings above Medium will disable cookies.
Google Chrome (Latest Version)
Click on the spanner icon at the top right of your browser window and select ‘Settings’. Click ‘Show advanced settings’ at the bottom and locate the ‘Privacy’ section. Click ‘Content settings’ and within the cookies section at the top, select ‘allow local data to be set’ to enables cookies. To disable cookies please tick the ‘Block sites from setting any data’, ‘Block third-party cookies and site data’ and ‘Clear cookies and other site and plug-in data when I close my browser’ options.
Click on „Tools“ at the top of your browser window and select Options. Next, select the Privacy icon at the top of the overlay that appears. Tick the ‘Accept cookies from sites’ option to enable cookies. If you wish to disable cookies, please untick this box.
Click on the cog icon located top right of your browser window and select ‚Preferences‘. Click on the „Privacy“ icon at the top of the overlay that appears. Tick the option that says „Block third-party and advertising cookies“. If you wish to completely disable cookies, please untick the ‘Never’ box.