Data protection


Privacy Policy



Introduction


With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

As of: August 12, 2022


Table of Contents



Person responsible


Oliver Lindstedt
Gronental 14
52459 Inden

E-mail address:

info@1er-m-register.de


Imprint:

https://www.1er-m-register.de/impressum


Overview of processing


The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.


Types of data processed


  • Inventory data.
  • Contact details.
  • Content data.
  • Usage data.
  • Meta/communication data.


Categories of data subjects


  • Communication partner.
  • Users.


Purposes of processing


  • Provision of contractual services and customer service.
  • Contact requests and communication.
  • Security measures.
  • Direct marketing.
  • Managing and responding to inquiries.
  • Feedback.
  • Marketing.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.


Relevant legal bases


Below you will find an overview of the GDPR legal bases on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Article 6 (1) (a) GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
  • Contractual performance and pre-contractual inquiries (Article 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Legitimate interests (Article 6 (1) (f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail.

In addition to the data protection provisions of the General Data Protection Regulation, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains, in particular, special provisions on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes, and transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), particularly with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.


Data processing in third countries


If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).


Deletion of data


The data we process will be deleted in accordance with legal requirements as soon as the consent to processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is no longer required for that purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Our privacy policy may also contain further information on the storage and deletion of data, which applies primarily to the respective processing operations.


Provision of the online offer and web hosting


We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); security measures; provision of contractual services and customer service.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

  • Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity, and software that we rent from a corresponding server provider (also called a "web host") or obtain from other sources; legal basis: legitimate interests (Art. 6 (1) (f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (particularly in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure server utilization and stability. Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes will not be deleted until the incident in question has been finally resolved.
  • IONOS by 1&1: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/generale-information-zur-datenschutz-grundverfassung-dsgvo/vertragsprocessing/?utm_source=search&utm_medium=global&utm_term=Auft&utm_campaign=HELP_CENTER&utm_content=/hilfe/.


Registration, login and user account


Users can create a user account. During registration, users are provided with the required mandatory information and processed for the purpose of providing the user account based on contractual obligations. The processed data includes, in particular, login information (username, password, and an email address).

When you use our registration and login functions, as well as your user account, we store your IP address and the time of each user action. This storage is based on our legitimate interests and those of the users in protecting against misuse and other unauthorized use. This data is generally not shared with third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about events relevant to their user account, such as technical changes.

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of contractual services and customer service; security measures; administration and response to inquiries; provision of our online offering and user-friendliness.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

  • Registration with pseudonyms: Users may use pseudonyms as usernames instead of real names; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • User profiles are public: User profiles are publicly visible and accessible; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Deletion of data after termination: If users have terminated their user account, their data relating to the user account will be deleted, subject to legal permission, obligation, or consent of the user; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • No obligation to retain data: It is the responsibility of the user to back up their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).


Community features


The community features we provide allow users to engage in conversations or other interactions with one another. Please note that the use of these community features is only permitted in compliance with applicable law, our terms and policies, and the rights of other users and third parties.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of contractual services and customer service; security measures.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Further information on processing procedures, methods and services:

  • Setting the visibility of posts: Users can use settings to determine the extent to which their posts and content are visible or accessible to the public or only to specific individuals or groups. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Protection of personal data: Users decide for themselves which data they disclose about themselves within our online offering. For example, when users provide personal information or participate in conversations. We ask users to protect their data and to publish personal data only with caution and to the extent necessary. In particular, we ask users to note that they must protect their access data with particular care and use secure passwords (i.e., especially long and random character combinations). Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).


Blogs and publication media


We use blogs or similar means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication medium within the framework of this privacy policy.

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service; feedback (e.g. collecting feedback via online form); provision of our online offering and user-friendliness; security measures; administration and response to inquiries.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

  • Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be held liable for the comment or contribution and are therefore interested in the identity of the author. Furthermore, we reserve the right to process user information for the purpose of spam detection based on our legitimate interests. On the same legal basis, we reserve the right to store users' IP addresses for the duration of surveys and to use cookies to prevent multiple voting. The personal information provided in the comments and contributions, any contact and website information, as well as the content information, will be stored by us permanently until the user objects; legal basis: legitimate interests (Art. 6 (1) (f) GDPR).


Contact and inquiry management


When you contact us (e.g. via contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the person making the inquiry will be processed to the extent necessary to answer the contact inquiries and any requested measures.

The answering of contact inquiries and the management of contact and inquiry data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre-)contractual inquiries and otherwise on the basis of the legitimate interests in answering inquiries and maintaining user or business relationships.

  • Types of data processed: Contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: communication partners.
  • Purposes of processing: Provision of contractual services and customer service; contact requests and communication; administration and response to requests; feedback (e.g. collecting feedback via online form); provision of our online offering and user-friendliness.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

  • Contact form: If users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to process the communicated request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment and otherwise on the basis of our legitimate interests as well as the interests of our communication partners in answering the requests and our statutory retention periods; legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).


Newsletters and electronic notifications


We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") only with the recipient's consent or legal permission. If the newsletter's content is specifically described when registering for the newsletter, it is decisive for the user's consent. Furthermore, our newsletters contain information about our services and us.

To subscribe to our newsletter, it is generally sufficient to provide your email address. However, we may ask you to provide a name for the purpose of addressing you personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

Double opt-in process: Registration for our newsletter is generally carried out using a so-called double opt-in process. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else's email address. Newsletter registrations are logged to provide evidence of the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the previous consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address on a block list (so-called "blocklist") for this purpose alone.

The registration process is logged based on our legitimate interests for the purpose of demonstrating its proper execution. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure delivery system.

Contents:Information about us

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); meta/communication data (e.g. device information, IP addresses); usage data (e.g. websites visited, interest in content, access times).
  • Data subjects: communication partners.
  • Purposes of processing: direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • Opt-out: You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or by using one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

  • Measuring opening and click rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened and when they are opened. Newsletter2Go Legal basis: Consent (Art. 6 (1) (a) GDPR).


Presences in social networks (social media)


We maintain online presences within social networks and, in this context, process user data in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This could pose risks for users, for example, because it could make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of the users. These user profiles can then be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on users' computers in which the user behavior and interests are saved. Furthermore, user profiles can also store data independent of the devices used by the users (particularly if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective processing methods and the options for opting out, please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can directly take appropriate measures and provide information. If you still need assistance, please contact us.

  • Types of data processed: Contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
  • Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.

    • Changes and updates to the privacy policy


    We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

    If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.