Privacy Statement

A. General data processing conditions on our website

1. Object of this data protection declaration

We, Don Quichotte B.V. (hereinafter referred to as de DQ), thank you for your interest in our website and our offers on our website.

For us, the protection of personal data is a major and important issue. For this reason, we would like to provide you with comprehensive information as to which data is collected when you visit our websites and use the offers there and how we then process or use it. In addition, we would like to inform you about which accompanying protection measures we have made in a technical and organisational regard.

The processing of personal data, such as name, address, e-mail address or telephone number of an affected person, will always occur in accordance with the valid data protection regulations. Through this data protection declaration, we wish to inform you about the type, scope and purpose of the personal data we collect, use and process and explain them to you, if you are affected by the data processing.

Although, as the party responsible for the processing of personal data, we have implemented countless technical and organisational measures, Internet-based data transmission can always present security flaws, meaning that absolute protection cannot be guaranteed. We would ask you to take this into account when using our Internet presence.

3. Name and address of the party responsible for processing

The responsible party in the sense of data protection law is:

Don Quichotte B.V.

Postbox 60, 5700 AB Helmond
Industrial Zone 9081
Gerstdijk 17, 5704 RG Helmond
Netherlands

Tel. +31 (0)492 745000
Fax. +31 (0)492 745099
E-Mail: info@don-quichotte.nl

5. Deletion and blocking of personal data/ storage period

Should nothing to the contrary be regulated for the processing of the personal data in Chapter B of this data protection declaration, then the data we have saved is deleted, when storage is no longer required and no statutory storage obligations contradict the deletion. If the data of the affected person is not deleted because it is required for other legally permitted purposes, its processing will be restricted. This means that the data will be blocked and not used for other purposes. This applies, for example, to data of the affected person, which must be stored for commercial and taxation law reasons.

According to statutory requirements, storage takes place for six years according to § 257 Para. 1 to the German Commercial Code (account books, inventory, opening balances, annual reports, trade letters, booking receipts, etc.) as well as for ten years according to § 147 Para. 1 of the German Revenue Code (books, recordings, storage reports, booking receipts, commercial and business laws, etc.).

6. Rights of the affected person

6.1. Right to confirmation

Each affected person shall have the right to demand a confirmation from the party responsible for processing as to whether their personal data is being processed. Should an affected person make use of this right of confirmation, then they can contact us or our Data Protection Officer at any time.

6.2. Right to be informed

Each person affected by the processing of personal data shall have the right, at any time, to obtain information on the personal data saved on their person at no charge and to obtain a copy of this information. In addition, the affected person shall be able to obtain information about the following:

- The processing purposes

- The categories of personal data being processed

- The recipients or categories of recipients to whom personal data has been or is being published, in particular with recipients in third countries or with international organisations

- If possible, the planned period for which the personal data is saved or, if this is not possible, the criteria for specifying this period

- The existence of a right to correction or deletion of the personal data affecting them or to limitation of processing by the responsible party or a right of revocation against this processing

- The existence of a right to complain to a supervisory authority

- If the personal data is not collected from the affected person: All the available information on the original of the data

- The existence of automated decision-making, including profiling according to Article 22 Para 1 and 4 of the GDPR and - at least in these cases - expressive information on the involved logic and the scope and intended effects of such processing for the affected person

In addition, the affected person shall have a right to information as to whether personal data was transmitted to a third country or an international organisation. If this is the case, then the affected person shall also have right to obtain information on the suitable guarantees in conjunction with the transmission.

Should an affected person make use of this right to information, then they can contact us or our Data Protection Officer at any time.

6.3 Right to rectification

Any person affected by the processing of personal data shall have the right to demand immediate correction of incorrect personal data affecting them. In addition, the affected person shall have the right, subject to the purposes of the processing, to completion of incomplete personal data through a supplementary declaration.

Should an affected person make use of this right to correction, then they can contact us or our Data Protection Officer at any time.

6.4 Right to erasure

Each person affected by the processing of personal data shall have the right to demand that the responsible party delete personal data affecting them immediately, should one of the following reasons be applicable and processing not be required:

- The personal data was only collected for such purposes or was processed in such a way for which it is no longer required.

- The affected person shall revoke their permission on which processing is based according to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a of the GDPR and there is no other legal basis for processing.

- The affected person objects to the processing according to Art. 21 Para. 1 of the GDPR and there are no superior, valid reasons for the processing or the affected person objects to the processing in accordance with Art. 21 Para. 2 of the GDPR.

- The personal data was processed illegally.

- The deletion of the personal data is required to fulfil a legal obligation according to the law of the European Union or the member states, to which the responsible party is subject.

- The personal data was collected with reference to offered services of the information society in accordance with Art. 8 Para. 1 of the GDPR.

Should one of the above cases be applicable and an affected person wish to instigate the deletion of personal data saved at DQ, then they can contact our Data Protection Officer or another employee at any time. We will then ensure that the deletion demand is met immediately.

If DQ has published the personal data and if our company is obliged, as the responsible party, to delete the data in accordance with Art. 17 Para. 1 of the GDPR, then we shall be required, subject to the available technology and implementation costs, to take appropriate measures, also of a technical nature, in order to inform other parties responsible for the data processing, who are processing the published personal data, that the affected person has demanded that this other party responsible for the data processing delete all links to this personal data or of copies or replicas of this personal data, if the processing is not required. In this regard, we will instigate the necessary work in individual cases.

6.5 Right to restriction of processing

Each person affected by the processing of personal data shall have the right to demand that the responsible party restrict processing, should one of the following preconditions be applicable:

- The affected person asserts the incorrectness of the personal data for a period allowing the responsible party to check the correctness of the personal data.

- The processing is improper, the affected person refuses the deletion of the personal data and, instead, demands limitation of the use of the personal data.

- The responsible party no longer requires the personal data for the purposes of processing, although the affected person requires them to make, assert or defend legal claims.

- The affected person has revoked processing according to Art. 21 Para. 1 GDPR and it is not yet clear whether the valid reasons of the responsible party outweigh those of the affected person.

Should one of the above cases occur and an affected person wish to demand the limitation of personal data saved at DQ, then they can contact us or our Data Protection Officer at any time. We will then limit processing.

6.6 Right to data portability

Each person affected by the processing of personal data shall have the right to demand to obtain the personal data provided to the responsible party by the affected person in a structured, standard and machine-readable format. In addition, the affected person has the right to transfer this data to another responsible party without hindrance by the responsible party to whom the personal data was made available, insofar as the processing is based on an authorisation according to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a of the GDPR or a contract according to Art. 6 Para. 1 Letter b of the GDPR and processing occurs using automated methods, providing that the processing is not required for the execution of a task, which is in the public interest or in the execution of public authority, which was transferred to the responsible party.

In addition, the affected person will have the right to exert their right to data transfer according to Art. 20 Para. 1 of the GDPR to cause the personal data to be transferred from one responsible party to another responsible party, providing that this is technically feasible and no rights and freedoms of other people are impeded in doing so.

To exert their right to data transfer, the affected person can contact us or our Data Protection Officer at any time.

6.7 Right to object

Any person affected by the processing of personal data shall have the right to object to the processing of personal data affecting them due to Art. 6 Para. 1 Letter e or f of the GDPR, for reasons resulting from their particular situation. This also applies to profiling based on these conditions.

In the case of an objection, DQ will cease to process the personal data unless we can prove essential, legitimate reasons for processing, which are superior to the interests, rights and freedoms of the affected person, or the processing serves to make, exert or defend legal claims.

If DQ processes personal data in order to perform direct marketing, then the affected person has the right, at any time, to object to the processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is connected to such direct marketing. Should the affected person make their objection known to us regarding processing for the purposes of direct marketing, then we will no longer process the personal data for these purposes.

In addition, the affected person has the right to object, for reasons resulting from their particular situation, to processing of personal data connected to them for purposes of scientific or historical research by us or for statistical purposes in accordance with Art. 89 Para. 1 of the GDPR, unless such processing is required to fulfil a task in the public interest.

The affected person can contact us directly to exert their right to object. In addition, the affected person is also able, in connection with the use of the services of the information society, irrespective of the directive 2002/58/EC, to exert their right to object via automated methods in which technical specifications are used.

6.8 Automated decisions in individual cases, including profiling

Each person affected by the processing of personal data has the right, as declared by the European Directive and Ordinance authority, not to be subjected to a decision solely made by an automated procedure - including possible profiling - which has a legal impact on them or which impedes them in a similar manner, should the decision

- Not be required to complete or fulfil a contract between the affected person and the responsible party or

- Be permitted due to legal requirements of the Union or member states, to which the responsible party is subject, and these legal requirements contain reasonable measures to protect the rights, freedoms and valid interests of the affected person or

- Occur with the express authorisation of the affected person.

If the decision

- Is required to complete or fulfil a contract between the affected person and the responsible party or

- Takes place with the express permission of the affected person, DQ will take appropriate measures to protect the rights and freedoms and the valid interests of the affected person, which includes at least the right to obtain intervention by a person belonging to the responsible party, to presentation of one's own opinion and to a challenge to the decision.

Should an affected person wish to exert their rights with regards to the automated decision-making, then they can contact us or our Data Protection Officer at any time.

6.9 Right to withdraw consent under data protection law

Any person affected by the processing of personal data shall have the right to revoke an authorisation to process personal data affecting them at any time.

Should the affected person wish to exert their right to revoke an authorisation, then they can contact us or our Data Protection Officer at any time.

Each affected person can contact us directly and at any time with regard to any questions and suggestions about data protection.

6.10 Right to lodge a complaint with a data protection supervisory authority

Any person affected by the processing of personal data shall have the right to complain to a data protection supervisory authority about our processing of their personal data.

7. Lawful basis for processing personal data

If the description of the appropriate data processing procedure in chapter B of this data protection declaration does not state otherwise, then the following regulations shall apply.

Art. 6 I lit. a of the GDPR serves as DQ legal basis for processing procedures, in which an authorisation must be obtained for a specific processing purpose. If the processing of personal data, by ourselves or one of our subsidiaries – whose services and/or products are referenced by the inquiry – is required to fulfil a contract in which the affected person is one of the contractual parties, then the processing shall be based on Art. 6 I lit. b of the GDPR. The same applies to processing procedures required to carry out precontractual measures, such as enquiries about our services and products.

If DQ is subject to a legal obligation requiring the processing of personal data, then processing will be based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data may be required to protect essential interests of the affected person or another natural person. In this case, processing takes place based on Art. 6 I lit. d of the GDPR.

Finally, processing procedures may be based on Art. 6 I lit. f of the GDPR. This forms the legal basis of processing operations not included in any of the above legal basis, if the processing is required to protect a valid interest of DQ or a third party, provided that the interests, basic rights and basic freedoms of the affected person do not outweigh this. We are particularly permitted to perform such processing operations, because they were particularly mentioned by the European jurisdiction (cf. Recital 47 Clause 2 of the GDPR).

8. Consideration of legitimate interests

If, in the description of the appropriate data processing operation in Chapter B of this data protection declaration, there are no other stipulations and the processing of personal data is based on Article 6 I lit. f of the GDPR, then our valid interest lies in the execution of our business activity and the connected economic interest.

9. Data protection when using our contact data / option to revoke

If you have used the contact data stated on our website (e.g. our e-mail address or fax number) to make contact with us, then the personal data transmitted by you will only be used for the purpose intended on making contact. If your inquiry does not refer to services and/or products of DQ B.V. (DQ), but to those of a subsidiary, this subsidiary will process and answer your inquiry, which is why it must be passed on to them.

If the reason for your making contact is in the interest in our services or products or in the fulfillment of an existing contract with us, then the legal basis is Art. 6 Para. 1 lit. b of the GDPR. In all other cases when contact is made, we have a valid interest in data processing according to Art. 6 Para. 1 lit. f of the GDPR due to the communication initiated by you.

The personal data recorded to answer your inquiry or to carry out the contractual relationship shall be stored until the inquiry is completely processed or until termination of the contractual relationship and later deleted (not before expiry of any guarantee periods), unless we are required to store the data longer in accordance with Article 6 Para. 1 s. 1 lit. c GDPR due to storage and documentation duties (from German Commercial Code, tax and revenue code) or you have approved longer storage in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. In addition, we would like to maintain contact with you even after the order is processed or the contract is ended and inform you of our services and offering in electronic form - e.g. through the e-mail address you gave us. We base data processing for the purposes of customer retention and maintenance, as well as making contact easier, on a legitimate interest as defined by Art. 6 Para. 1 lit. f GDPR, whereby in balancing our interests with your basic rights and freedoms, we also see advantages for you from our maintaining contact, such as the opportunity resulting from timely information about our services and offers to ask us to make an offer on additional building projects or clarify questions directly with our contact partners. You have the right to challenge the data processing occurring on the basis of Art. 6 Para. 1 f) of the GDPR and which is not for direct marketing for reasons resulting from your particular situation at any time. In the case of direct marketing, you can challenge the processing at any time without the need to state reasons.

Data that are processed for customer retention or direct contact in accordance with Art. 6 Para. 1 lit f. GDPR will be processed until the legitimate interest no longer applies and then deleted, but not later than your declaration of objection to processing of the data. Legal retention obligations are also granted with regard to these data.

Recipients of the personal data processed according these regulations are IT service providers (particularly hosting companies), with whom we have appropriate order processing agreements according to Art. 28 of the GDPR, and possibly subsidiaries, whose services and/or products are referred to in your inquiry.

10. Data protection during applications and during the application procedure

We collect and process the personal data of applicants for the purposes of carrying out the application procedure and thus due to a pre-contract measure in the sense of Art. 6 Para. 1 lit. b GDPR and our valid interest according to Art. 6 Para. 1 lit. f GDPR in the hiring of employees.

Processing can also occur in an electronic manner, e.g. if an applicant transfers the appropriate application documents to us via electronic means, e.g. via e-mail or via our contact form. Should we complete an employment contract with an applicant, then the transferred data will be saved for the purposes of handling the employment relationship, subject to statutory requirements. If no employment contract is completed with the party responsible for the processing, then the application documents will be deleted two months after promulgation of the refusal decision, unless deletion is in contravention of other valid interests of the party responsible for the processing. In this area, another valid interest is, for example, the obligation to proof of a procedure according to the General Equal Treatment Act (AGG).

Due to the digitalised collection of the incoming applications, recipients of the processed personal data are our IT service provider (particularly hosts), with whom we have completed appropriate order processing agreements in the sense of Art. 28 of the GDPR.

11. Changes to these data protection regulations

DQ reserves the right to change these data protection regulations at any time effective in future. A current version is available on the website. Please visit the website regularly and inform yourself about the valid data protection regulations.

B. Special data processing conditions on our website

1. Collection and use of your data

The scope and type of the collection and use of your data differs according to whether you visit our website merely to view information or whether you wish to take advantage of the services we offer, e.g. to complete a contract via the website, and possibly need to register.

2. Informational use/ collected data/ cookies

(1) When the website is used solely for information purposes, i.e. when you do not make a booking via our website, for example, or provide us with other information, then we will only collect the personal data which your browser sends to our server. If you wish to view our website, then we collect the following data, which we require for technical reasons in order to present our website to you and to guarantee the stability and security (the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR):

  • IP address
  • Date and time of the inquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Transmitted volume of data
  • Website from which the request comes
  • Browser
  • Operating system and its desktop
  • Language and version of the browser software.

(2) The data processed according to Para. 1 of these regulations is saved for the specified purposes for a period of 30 days and then deleted.

(3) In addition to the above data, cookies will be saved on your computer when you use our website. This occurs on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR, if you agreed to the use of cookies when you accessed our Internet offering. In these cases, a so-called Accept Cookie is set, which has no other content than the remark that the cookie was clicked on and setting of the session cookies has been allowed. This occurs on the basis of our valid interest in accordance with Art. 6 Para. 1 lit. f GDPR in the optimisation and economic operation of our online presence. Cookies are small text files, which are saved on your hard drive and allocated to the browser you use and through which the party setting the cookie (in this case, us) receives specific information. Cookies cannot execute any programs or transmit viruses to your computer. They are used to make the Internet presence more user-friendly and effective overall.

(4) Use of cookies:

a) Our website uses the following types of cookies, whose scope and function are explained below:

- Transient cookies (see b)
- Persistent cookies (see c).

b) Transient cookies are deleted automatically when you close the browser. This particularly includes session cookies. These save a so-called Session ID, with which various enquiries by your browser can be assigned to a joint session. This means that your computer can be recognised again when you returning to our website. The session cookies are deleted automatically when you log out or close the browser.

c) Persistent cookies are deleted automatically after a preset period, which differs according to the cookie and can last several years. You can delete the cookies at any time in the security settings of your browser.

d) You can configure your browser setting according to your requirements and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.

(5) Recipients of the data processed according to the above paragraphs are IT service providers (particularly hosting companies), with whom we have appropriate order processing agreements according to Art. 28 of the GDPR.

3. Google Analytics

Based on our valid interest in the analysis, optimisation and economic operation of our online presence in the sense of Art. 6 Para. 1 lit. f. of the GDPR, we use "Google Analytics", a web analysis service of Google Inc. ("Google") Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google uses cookies. The information about the user's use of the online presence generated by the cookie is usually transmitted to a Google server in the USA and saved there.

Google is certified under the Privacy Shield Agreement and hereby offers a guarantee of compliance with European data protection law:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Google will, at our behest, use the information to evaluate the use of our online presence by users, in order to compile reports on the activities within this online presence and to provide additional services to us, connected with the use of this online presence and Internet use. In so doing, use profiles of users with pseudonyms may be created from the processed data.

We use Google Analytics, in order to present advertising within the publicity services of Google and its partners to such users as have shown an interest in our online presence or show specific characteristics (e.g. interest in specific topics or products, determined through the visited websites), which we transmit to Google (so-called "remarketing", or "Google Analytics Audiences"). Using the Remarketing Audiences, we also wish to ensure that our advertisements correspond to the potential interest of the users and are not a burden.

When using Google Analytics, we also use the functions of Universal Analytics. Universal Analytics allow us to analyse the activities on our pages across multiple devices (e.g. for access from a laptop and later from a tablet). This is done by the assignment of a user ID to a user as a pseudonym. Such an assignment occurs, for example, when you register for a customer account or log into your customer account. However, no personal data is forwarded to Google. Even if Universal Analytics add additional functions to Google Analytics, this does not mean that there is a restriction of data protection measures, such as IP masking or the browser add-on.

We only use Google Analytics with activated IP anonymisation. This means that Google will shorten the user's IP address within the member states of the European Union or in other states which are members of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transferred by the user's browser will not be combined with other data by Google. The user can prevent saving of the cookies using the appropriate setting in their browser software. In addition, users can prevent collection of the data generated by the cookie and related to their use of the online presence by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on data use by Google, setting and revocation options here:

https://www.google.de/intl/de/policies/
http://www.google.com/policies/technologies/ads
http://www.google.de/settings/ads

You can also prevent Google Analytics from collecting your data (in particular with mobile terminals that do not permit installation of the above browser software) by clicking on the following link. An opt-out cookie is set, which prevents collection of your data when you visit this website in future: Deactivate Google Analytics

5. Use of functions and offers on our website

If you take advantage of services offered on our website, such as chargeable bookings in our online shop or subscription to our newsletter, then it will be necessary for you to state other personal data. Refer to the regulations below for individual details.

5.1 Contact form

(1) With the voluntary use of our contact forms, you will be asked to state your company, first name and surname, and your e-mail address, where these are marked as mandatory information. You also have the option to provide additional information as needed to optimise your personal reachability and adressability, e.g. telephone number, profession and the reason for your inquiry/contact (message).

(2) When you send your inquiry, we save the IP address you have used and the log-in time. The purpose of this procedure is to be able to prove your inquiry and, if necessary, to clarify possible abuse of your personal data.

(3) The legal basis for the processing of your personal data is, first, the authorisation expressly given by you according to Art. 6 Para. 1 lit. a of the GDPR. Moreover, data processing enables us to answer the initiated inquiry and thus also (pre-) contractual purposes ad defined by Art. 6 Para. 1 lit. b. of the GDPR. Further, data processing takes place on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR in answering your inquiry regarding our services and offers and proof of possible abuse of the e-mail address used for it. To the extent that mandatory information and voluntary information are differentiated, mandatory information as defined by Art. 5 Para. 1 lit. c, Art. 25 of the GDPR is only such data that would typically be transmitted through other inquiry paths – e.g. through the e-mail signature of the inquirer – and for which experience has shown that this data (see Paragraph 2) is necessary for answering the inquiry. For example, we typically need this data to
- assign the inquirer to the correct sales region
- assign the inquirer to the correct salesperson
- purposefully invite the inquirer to trade fairs, seminars, etc.
- send the inquirer certificates for participation in seminars
- be able to send the inquirer printed material
- supply the inquirer with material / samples, etc.
- recommend local wholesalers to the inquirer

Voluntary information, such as profession or the background of the inquiry, help us serve you as well as possible directly without having to ask for more information, as we provide different products and information for different professional categories, for example. A legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR finally consists of using the data you provided to be able to contact you later for the purposes of (potential) customer service and to inform you of our offers and services.

(5) We will erase the data you provided as soon as their storage is no longer required for the above-named purposes. If you have revoked your authorisation for data processing, which is possible at any time with future effect but does not affect data processing up to the time of the revocation, and/or objected to data processing as a legitimate interest (Art. 6 Para. 1 lit. f of the GDPR), we will erase the data without delay. This does not apply only if, and to the extent that another legal reason (e.g. that of pre- and post-contractual fulfillment from Art. 6 Para. 1 lit. b of the GDPR) justifies further processing or legal requirements to maintain the data prevent immediate deletion (Art. 6 Para. 1 lit. c of the GDPR).

(6) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies), with whom we have appropriate order processing agreements according to Art. 28 of the GDPR, and possibly subsidiaries, whose services and/or products are referred to in your inquiry.

5.2 Newsletter

(1) With your authorisation and subject to provision of your e-mail address, you will be able to subscribe to our newsletter, through which we will inform you of our current interesting offers, services and products, news from our company and additional current DQ topics. Only your e-mail address is mandatory for subscription to the newsletter.

(2) We use the so-called double opt-in method for subscription to our newsletter. This means that, after you have registered, we will send an e-mail to the stated e-mail address, in which we ask for your confirmation that you wish to subscribe to the newsletter. If you do not confirm your subscription within 72 hours, your information will be blocked and deleted automatically. In addition, we save the IP address you have used and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify possible abuse of your personal data. After you confirm your ordering of the newsletter, we will save the data you have provided in accordance with Para. 2 for the purpose of sending the newsletter and identify possible misuse of your e-mail address according to Para. 2.

(4) The legal basis for the processing of your personal data is, first, the authorisation expressly given by you in accordance with Art. 6 Para. 1 lit. a of the GDPR and with regard to the data processed according to Para. 2 our legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR to identify possible misuse of the e-mail address used for it.

(5) You can revoke your authorisation for sending the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking the link available in each newsletter e-mail or sending an e-mail to info@dewit-helmond.nl or through a message to the contact data specified in the imprint.

(6) To send the newsletter, your e-mail address will only be saved for length of the desired subscription. We will delete the other data saved according to Para. 1 after a period of max. one month after your unsubscription.

(7) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies), with whom we have appropriate order processing agreements according to Art. 28 of the GDPR.

6. Social plug-ins

No "social plug-ins" are used on our website. We only maintain links to various "social media services". Please refer to the data protection information of the appropriate service regarding the data collected by the service provider.

7. Google Maps

This website uses Google Maps to depict interactive maps and prepare route descriptions. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. This service shows you our location and makes it easier to come it us, if desired. This represents a legitimate interest as defined in Art. 6 Para. 1 lit. f) of the GDPR.

Through use of Google Maps, information about your use of our website, including your IP address and the (start) address entered into the route planner function, is transmitted to a Google server in the USA. When you call up one of our Internet websites that contains Google Maps, your browser makes a direct connection to Google's servers. The map contents are transmitted by Google directly to your browser, and from there included in the website. We therefore have no influence on the extent of the data collected by Google in this way. To the best of our knowledge, this includes at least the following data:
- Date and time of the visit to the website involved,
- Internet address or URL of the called-up website,
- IP address together with the starting address entered in the route planner.

This takes place independently of whether Google makes available a user account through which you are logged in, or whether there is no user account. If you are logged into Google, then your data will be allocated directly to your account. If you do not want the allocation to your Google profile, then you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place particularly in accordance with Art. 6 Para. 1 lit. f of the GDPR based on the legitimate interests of Google in showing personalised advertising, market research and/or needs-based design of its website.

You have a right to object to formation of these user profiles, although you must contact Google directly to do so. Please read Google's data protection declaration at https://www.google.com/policies/privacy. The objection option (opt-out) should be reachable over the following link, www.google.com/settings/ads/.

Google LLC, with headquarters in the USA, is certified for the US-European data protection convention “Privacy Shield“, which ensures compliance with the data protection level applicable in the EU according to the (criticised) opinion of the EU Commission.

If you do not agree to future transmission of your data to Google through the use of Google Maps, you also have the possibility to completely deactivate the web service of Google Maps by switching off the JavaScript application in your browser. Google Maps, and with it the map display on this Internet page, can then no longer be used.

You will find the terms of use of Google at http://www.google.de/intl/de/policies/terms/regional.html and the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html. You will find detailed information on data protection in connection with the use of Google Maps on Google's Internet page (“Google Privacy Policy“): http://www.google.de/intl/de/policies/privacy/

Through use of our website, you declare your agreement to Google's using the data collected from you through Google Maps Route Planner in the way described above and for the purpose described above.

8. Security measures

We take organisational, contractual and technical security measures according to the state of the art, in order to ensure that the data protection regulations are complied with and that the data we process is protected against random or intentional manipulations, loss, destruction or access by unauthorised persons. The security measures particularly include encrypted transmission of data between your browser and our server.