Data protection


1. Preface and selected terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations that do not primarily take place online.

  1. “Personal data” are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 (1) GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
  2. The ” processing of personal data” includes all processes, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 (2) GDPR).
  3. The ” data subject” within the meaning of data protection law is any natural person from whom personal data is processed.
  4. Further definitions of terms can be found in the General Data Protection Regulation, which you will find mainly in Art. 4 of the GDPR (Definitions).  

2. Responsibilities

Name and address of the responsible party

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

United Soft Media Verlag GmbH
Thomas-Wimmer-Ring 11
D-80539 Munich
Phone: +49 / 89 / 290 88 175
Fax: +49 / 89 / 290 88 160
E-Mail: info@usm.de

Name and address of the data protection officer

The data protection officer of the person responsible is:

DSB External data protection officer Stuttgart
Fabian Henkel
Kantstrasse 14
71277 Rutesheim
Telephone: +49 7152564773
E-Mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

3. Brief overview of data processing

The following content gives you a brief overview of the processing of personal data; you can find more information in the passages presented in detail.

Security on our website (SSL Secure Socket Layer)
Our website is provided with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, when you send us a message using the form. As a precaution, however, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.

Data that you transmit to us
On the one hand, we process the data that you enter yourself on this page, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by email, for example, or contact us in any other way, we will process your data in accordance with the purpose for which you were contacted.

Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves to defend against attacks, analyze access numbers and ensure smooth operation.

Use of cookies
Cookies help us to provide various services. Cookies are small text files that can be saved and read in your browser. We use our own cookies as well as third-party cookies; you can find more information on this in this data protection declaration.

Plugins and Content Delivery Networks
We partly use plugins and content delivery networks, known examples for such services would be the video service Youtube or the map service Google Maps. If such services are integrated via a website, access data is transmitted to the services. As a rule, this is your IP address and other metadata, such as time and date of access. As a rule, this is provided by setting cookies.

Analysis Tools
In addition to the pure server log files, which also provide us with information about page views, we use analysis tools or tracking tools. These tools provide us with detailed insights into the content visited on our site, the flow of behavior and, for example, the country from which access took place. In order for such services to work, cookies must be set on the site visitor.

Other data recipients

a) Data processors
In accordance with the requirements of Art. 28 GDPR, we use contract
processors, for example in the area of ​​IT services, web hosting, email hosting or printing services. They process personal data for us in accordance with instructions.

b) Use of third-party services
If it is necessary (for example for the execution of a contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax advisor or lawyer, for example.

c) Legal obligations
In addition, we are obliged in certain cases to report to the competent authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we have to pass on certain data to tax authorities, for example.

d) Investigation of criminal offenses
Insofar as it is necessary to investigate a criminal offense, we pass on data to the law enforcement authorities.

General information on deletion periods for personal data
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; in addition, we are obliged to comply with statutory retention requirements. If the data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country
We try to have all service providers and services provided by providers within the European Union as far as possible. A transfer to a third country is possible if you have given us your consent and / or we have concluded an order processing contract in accordance with Art. 28 GDPR and the use of suitable guarantees. In individual cases we can use plugins or tools that are hosted in third countries, but we use them based on our legitimate interests. In these cases, we may point out the circumstance in this privacy policy.

Obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

4. Legal basis for the processing of personal data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR.  

The legal bases according to which we process personal data are described in the individual processing operations in this data protection declaration.

  • Given consent is one of those legal bases. This requires that the person gives its consent for one more data processing activities in an informed manner and on a voluntary basis. Consent on the basis of Article 6 (1) (a) GDPR can generally be revoked at any time without giving reasons.  
  • The processing of personal data for the initiation or implementation of contracts is also a legal basis and is defined in Art. 6 Paragraph 1 lit. b GDPR.  
  • The exception of data processing due to a legal obligation can be found in Art. 6 Paragraph 1 lit. c GDPR, for example we are obliged to comply with certain retention periods under commercial law and tax law.  
  • The processing of personal data on our legitimate interests allows processing after carefully weighing financial or legal interests against the interests of the data subject that are worthy of protection. This legal basis is stated in Article 6 (1) (f) GDPR.

5. Your rights under the General Data Protection Regulation


Every natural person has certain rights, these are defined in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim from us.

  1. Right to revoke a given consent according to Art. 7 GDPR
    You can revoke a given consent to us at any time without giving reasons with effect for the future.


  2. Right to information (cf. Art. 15 GDPR)
    You have the right to request information about the data processed by you and the purposes of the processing at any time.
  3. Right to correction (cf. Art. 16 GDPR)
    If you discover that we are processing incorrect or incomplete personal data, you have the right to correction.
  4. Right to deletion (cf. Art. 17 GDPR)
    You have the right at any time to request the deletion of your personal data that we are processing about you. If complete deletion is not possible, for example because we have to meet statutory retention requirements or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.
  5. Right to restriction of processing / blocking (cf. Art. 18 GDPR)
    You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
  • If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
  • If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data – apart from its storage – may only be allowed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.
  1. Right to data portability (cf. Art. 20 GDPR)
    You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if it is technically feasible.
  2. Right to object to certain processing operations and direct mail (cf. Art. 21 GDPR)
    If the data processing takes place on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time for reasons that arise from your particular Situation arise to object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).

    If your personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct marketing purposes (objection according to Art. 21 Paragraph 2 GDPR).
  3. Right to file a complaint at the data protection authorities (cf. Art. 77 DGVO)
    In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

6. Automatic server log files

Our web server automatically logs all access e and thus IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records additional metadata about the session; you can find this data below .

  • Date and time of the call
  • Information about the browser type and the browser version used
  • Information on the operating system used
  • Device (client)
  • Referring URL (from which page you landed with us)
  • Clicked hyperlinks

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

7. Use of cookies

<Please insert the Cookiebot code here>

8. Use of the Cookiebot Consent Management System

Our website uses Cookiebot’s cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document them in compliance with data protection regulations. The provider of this technology is Cybot A / S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then saves a cookie in your browser in order to be able to assign the consent given to you or the revocation thereof. The data collected in this way will be stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR. In addition, we have a legitimate interest in using a user-friendly and secure service for cookie consent, the legal basis is Art. 6 (1) (f) GDPR.

Data processing agreement
We have concluded an order processing contract with Cookiebot. This is a contract prescribed by data protection law, which ensures that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Third country transfer
The collected data of Cybot A/S is stored on servers within the EU. There is no third country transfer through the use of Cookiebot. Cookiebot uses trusted subcontractors within the EU to provide its cloud-based services. For more details, please see Cookiebot’s privacy policy: www.cookiebot.com/de/privacy-policy/

9. Processing of personal data in the context of establishing contact and communication

Message via contact form
You have the possibility to send us messages via contact form. In doing so, we process the data that you have entered in the data entry mask. As a rule, this is your name, your company if applicable, telecommunication data and the text entered. Mandatory fields are marked and must be filled in.

The purpose of the data processing is to handle your request and, if necessary, to contact you afterwards. As a rule, we process your data in this context for the initiation or execution of contracts on the basis of Art. 6 (1) lit. b DSGVO. If we ask for your consent in the respective form, the processing is also based on Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time without giving reasons.

We store the transmitted data until the purpose of the data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we restrict your data for further processing until they expire.

Communication by email
If you send us an email, we will process your data according to the content and purpose of the message. As a rule, processing takes place on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR. It is in a legitimate interest to process your request quickly and efficiently.

Please note that we store all incoming e-mails according to generally accepted accounting principles for a period of ten years, beginning with the first day of the following year, in which the message was received. If you ask us to delete the data, we will from now on restrict your data for processing and only save it for the purpose of complying with retention periods in our legitimate interest.

Communication by phone or fax
Even if you contact us by phone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and / or in our legitimate interest, analogous to contacting us by e-mail. Mail.

We do not record the content of the conversation, but we may make notes to process your request. This will be saved until the purpose of data processing has been achieved and we no longer have any legitimate interests in processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. You can of course request deletion at any time.

10. Analysis tools, tracking and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

IP anonymization
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Data processing agreement
We have concluded an order processing contract
with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage period
Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are saved after 14 months anonymized or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/76610096?hl=de

11. Our social media appearances

Data processing through social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is recorded, for example, using cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-related advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot retrace all processing processes on the social media portals. Depending on the provider, further processing operations can therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media appearances are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (fa GDPR).

Responsible and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we and the operator of the social media platform are responsible for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as claim against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage no longer applies, you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries.

We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your Twitter data protection settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.

Details can be found in Twitter’s data protection declaration: https://twitter.com/de/privacy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

12. Additional information for business contacts

Type of data that we process from our business contacts and purposes of the processing of personal data

We process personal data of our customers that we receive directly as part of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it.

As a rule, we process the following categories of data from you:

  • Name first Name
  • Gender / title
  • company
  • Company address
  • Telecommunication data
  • E-mail address
  • professional function and / or position
  • Company bank details / other payment details
  • Data on the history of the business relationship

Customer and supplier history
As part of the business initiation phase and
during the business relationship, in particular through personal, telephone or written contacts, initiated by you or one of our employees, additional personal data is generated, e.g. B. Information about the contact channel, date, occasion and result; (Electronic) copies of the correspondence and any information about participation in direct marketing measures.

Customer loyalty measures Within the scope of the legal permissions, we reserve the right to carry out customer loyalty measures in accordance with Art. 6 (1) (f) GDPR and Section 7 Paragraph 3 UWG. You have the right to object at any time, please address this to the above-mentioned responsible body.

Changes in purpose
Data processing for other purposes can only be considered if the necessary legal requirements in accordance with Art. 6 (4) GDPR are available. In this case, we will of course observe any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR.

Legal basis according to which we process personal data

On the basis of your consent (Art. 6 (1) (a) GDPR)
We process personal data for one or more specific purposes if you have given us your consent. If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future.

Data processing for the fulfillment of contracts (Art. 6 (1) (b) GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that are required to carry out pre-contractual measures, for example to initiate a contract, and which are made upon your request.

Data processing based on a legal obligation (Art. 6 (1) (c) GDPR)
Like every company, we have to meet retention requirements and other documentation requirements; this can also affect documents with personal information. Insofar as we process data for these purposes, the processing takes place based on a legal obligation.

Data processing based on a balancing of interests (Art. 6 (1) (f) GDPR)
If we process data based on a balancing of interests, you as the data subject have the right to process personal data, taking into account the requirements of Art. 21 GDPR contradict. As far as the specific purpose allows, we process your data pseudonymized or anonymized.

Further legal bases result from the commercial and tax law requirements.

Other recipients of your data

Disclosure to processors within the scope of Art. 28 GDPR Processors employed
by us (Art. 28 GDPR), in particular in the area of ​​IT services and, for example, printing services, who process your data for us in accordance with our instructions. If we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contract processing has been concluded.

For the implementation of a contractual relationship
If it is necessary for the implementation of the contract with you, we will pass on your data to banks, for example.

Disclosure due to a legal obligation
If there is a legal or official obligation, we pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other bodies, insofar as you have
given us your consent. If you have given us explicit consent, we will also pass on your data to other bodies. However, this is done within the limits if you have proven your consent.

General information on deletion periods for personal data

Principle of earmarking and observance of the statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention requirement. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 ff. Of the German Civil Code (BGB) can usually be three years, but in certain cases also up to thirty years. After the retention period has expired, a check is carried out to determine whether there is any further requirement for processing. If it is no longer necessary, the data will be deleted.  

Specific example
If you enter into a legal transaction with us (Art. 6 (1) (b) GDPR), we will store your data for ten years until the commercial and tax law requirements have expired. After this period, we check whether we can delete the data and, if necessary, delete them.  

E-mails and business letters
We archive all of our e-mail traffic for ten years. If you write us an e-mail, your data and the entire e-mail content will be stored for 10 years. Most e-mails count as business letters, and e-mails can also contain information relevant to tax law. In our opinion, the effort to check every single email is not in proportion to the benefit and the legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out a case-by-case check and we will inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.  

Revocation of your consent
If we process your data on the basis of your consent (Art. 6 (1) (a) GDPR), we will delete it after your revocation. Unless there is a legitimate interest against a complete deletion. For example, we keep the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 (1) (a) GDPR). We only keep the consent with the restriction of processing in order to be able to defend ourselves in the event of a dispute.  

Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transmission to a third party country
We generally process your personal data in data centers in the Federal Republic of Germany, the European Union or secure third countries such as Switzerland.

A transfer to a third country with an inadequate level of data protection is only possible if you have given us your consent or if we have concluded an order processing contract in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.

Imprint Privacy