Felina GmbH carries out careful research, and does everything in its power to ensure the information published on its websites is correct and complete. However, we accept no guarantee or liability for ensuring this information is complete, up to date, correct, or of good quality. The user is solely responsible for their use of this information. If you notice incomplete, outdated or incorrect content, you are welcome to contact our Data Protection Officer (Datenschutzbeauftragter@Felina.de).
All content, including all texts, images, graphics, designs, icons and videos, etc. on the websites of Felina GmbH are copyright protected. Any commercial use, in particular storing such information in databases, publishing it and any kind of commercial use without the approval of the copyright holder is prohibited.
Felina GmbH owns all trademarks and logos published on its own website. This does not apply to trademarks and logos of other companies displayed for informational purposes in conjunction with an external company. The respective companies hold these trademarks and logos. The use of trademarks and logos belonging to Felina GmbH and its companies by third parties – in any manner – is prohibited.
The Felina GmbH website includes links to other websites. The external pages have been checked for illegal content before these links were published. However, Felina GmbH cannot control the materials published on such sites, and is not responsible for the content or data protection strategies of external sites.
Felina GmbH shall accept no liability for the content of linked sites. Felina GmbH will review tips regarding illegal content, and links will be removed if necessary.
External visual materials
Information on online dispute resolution
The EU Commission has established a web platform for online dispute resolution (called the “ODR platform”). The ODR platform serves as a point of contact for settling disputes arising from online service contracts outside of court. The ODR platform is available at the following link:http://ec.europa.eu/consumers/odr/
Extra-judicial dispute settlement
We are not prepared and not obligated to take part in any dispute resolution proceedings before a consumer arbitration board under the “Law on alternative dispute resolution in consumer affairs (VSBG)”.
Data protection declaration
Thank you very much for your interest in our company. Data protection is highly important to the management and employees of Felina GmbH. In general, you can use the Felina GmbH website without providing any personal data. If a data subject would like to use certain services of our company provided through our website, however, it may be necessary to process personal data. If it is necessary to process personal data, and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.
Personal data, such as the name, address, e-mail address or telephone number of data subjects, is always carried out in accordance with the General Data Protection Regulation and according to the country-specific data protection provisions which apply to Felina GmbH. With this data protection declaration, our company intends to inform the public regarding the type, scope and purpose of the personal data we collect, use and process. In addition, this data protection declaration will also explain the rights available to data subjects.
As a data controller, Felina GmbH has implemented a number of technical and organisational measures to ensure the most seamless protection possible for personal data processed via the website. However, in general web-based data transmissions may be subject to gaps in security, and we are not able to ensure absolute protection. Because of this, all data subjects are free to transmit personal data to us through alternative means as well, such as by telephone
The Felina GmbH data protection declaration is based on the terms used by European issuing bodies and regulators when they enacted the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand, both for the general public and for our customers and business partners. To ensure that it is, we would like to explain some of the terms used in this document in advance.
These are some of the terms used in this data protection declaration:
a) personal data
Personal data is all information that refers to an identifiable or identified natural person (hereinafter referred to as a “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by assigning a designation to them such as a name, an ID number, location data, an online ID or one or more specific features that are considered an expression of the physical, physiological, genetic, intellectual, economic, cultural or social identify of this natural person.
b) data subject
A data subject is any identified or identifiable natural person whose personal information is processed by the data controller.
Processing is any procedure or sequence of procedures carried out in conjunction with personal data such as collecting, recording, organising, ordering, storing, adapting or modifying, reading out, querying, using, disclosing through transmission, distribution or any other form of delivery, reconciling or linking, restricting, deleting or destroying data.
d) restriction of processing
A restriction of processing includes marking stored personal data with the goal of restricting its future processing.
Profiling is any kind of automated processing of personal data consisting of using this personal data to evaluate certain personal aspects of natural persons, in particular to analyse or predict aspects related to work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of domicile or a change in location of such natural persons.
Pseudonymisation is processing personal data in such a manner that the personal data can no longer be associated with a specific data subject without adding further information, if this additional information is stored separately and is subject to technical and organisational measures that ensure the personal data cannot be associated with an identified or identifiable natural person.
g) controller or data controller
The controller or data controller is the natural or legal person, official agency, institution or other entity that makes decisions on the purpose for and means used to process personnel either solely or in conjunction with other entities. If the purposes and means of processing are specified by European Union law or the law of the member states, the controller, or the specific criteria used to name the controller, may be stipulated by European Union law or the law of the member states
The processor is a natural or legal person, official agency, institution, or other entity that processes personal information on behalf of the controller.
A recipient is a natural or legal person, official agency, institution or other entity to which personal data is disclosed, regardless of whether this is a third party or not. Official agencies that may receive personal data within the framework of certain investigation mandates under EU law or under the law of the member states are not considered recipients, however.
j) third party
A third party is a natural or legal person, official agency, institution or other entity besides the data subject, the controller, the processor and the persons under the direct responsibility of the controller or processor to process personal data.
Consent is a declaration of intention freely expressed by the data subject for the specific instance, provided in an informed and unmistakable manner in the form of a declaration or other clearly confirming action by which the data subject indicates that they agree to the processing of their personal data.
2. Name and address of the controller and Data Protection Officer
The controller in the sense of the General Data Protection Regulation, other data protection laws applicable within the member states of the European Union, and other data protection law provisions is:
Lange Rötterstraße 11-17
Telephone: +49 / 621 / 385-0
Data Protection Officer: Datenschutzbeauftragter@Felina.de
Using cookies allows Felina GmbH to provide the users of this website with user-friendly services that would not be possible without saving a cookie.
Data subjects can prevent cookies from being saved by our website at any time by changing the settings of their web browser accordingly, thereby permanently preventing cookie storage. In addition, users can delete cookies that have already been saved at any time using a web browser or other software programs. This is possible in all commonly used web browsers. If the data subject deactivates cookies in their web browser, in some circumstances they may not be able to use all of the functions of our website in full.
4. Google Analytics
This website uses Google Analytics, a web analytics service of Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files stored on your computer that facilitate analysis of your use of the website. The information generated by the cookie regarding your use of the website is typically transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, Google will abbreviate your IP address first within a European Union member state or another contracting state to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. Google will use this information on behalf of the website operator to analyse your use of the website, assemble reports on website activity, and provide further services associated with use of the website and of the internet for the website operator. The IP address determined for your browser through Google Analytics is not combined with other data by Google. You can prevent cookies from being saved by changing the settings of your browser software accordingly; however, please note that if you do so, you may not be able to use all of the functions of this website in full. Furthermore, you can prevent recording of the data generated by the cookie related to your use of the website (incl. your IP address) and processing of such data by Google by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent data from being recorded by Google Analytics by clicking the following link. This will save an opt-out cookie that will prevent your data from being stored when you visit this website in the future. Opt-Out-Cookie.
We also use Google Analytics to analyse data from AdWords and the double click cookie for statistical purposes. If you do not want us to do so, you can deactivate this feature using the Google Ads Preferences Manager.
This website uses the open source software Piwik to provide statistical analyses of user access. Piwik is configured to conform with data protection laws, and user data is stored in an anonymised form. “Session cookies” used for this purpose are text files that are only stored temporarily on the user’s computer. They are deleted once the user closes their web browser. You can deactivate data collection. Your visit will be ignored automatically if your browser supports the “do not track” function and you have activated this function.
Data collected by Piwik will be used in anonymised form to improve our services, and will not be disclosed to third parties or transmitted to other servers. Piwik stores IP addresses without the final tuple. This allows us to determine the network from which an inquiry comes, not the specific computer.
By using this website, you declare your consent to the processing of data collected on you by Piwik in the manner and for the purpose described above.
6. Collection of general data and information
The Felina GmbH website collects a range of general data and information each time our website is accessed by a data subject or an automated system.. This general data and information is stored in server log files. The following information may be collected: (1) the user’s browser type and version, (2) the operating system used by the accessing system, (3) the website from which accessing system accesses our website (called the referrer), (4) the sub-websites accessed on our website through an accessing system, (5) the date and time the website was accessed, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information serving to prevent hazards in case of attacks against our IT systems.
Felina GmbH does not draw any conclusions regarding data subjects through the use of such general data and information. Instead, we require this information to (1) deliver the content of our website correctly, (2) optimise the content of our website and website advertisements, (3) ensure the ongoing function of our IT systems and website technology and (4) provide law enforcement authorities with the information they need for criminal prosecution in case of a cyber attack. Therefore, Felina GmbH uses this anonymously collected data and information first for statistical purposes, and furthermore with the goal of improving data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. Anonymous data from server log files is stored separately from all personal data provided by data subjects.
7. Subscribing to our newsletter
The Felina GmbH website offers users the option of subscribing to our company newsletter. The input screen used for this purpose outlines the personal data transmitted to the controller when the user subscribes to the newsletter.
Felina GmbH informs its customers and business partners regarding the company’s services through its newsletter at regular intervals. In general, data subjects may only receive our company newsletter if (1) the data subject has a valid e-mail address and (2) the data subject registers to have the newsletter sent to them. For legal reasons, we send a confirmation e-mail to the e-mail address the data subject provides for their newsletter subscription, via a double opt-in process. This confirmation e-mail is used to ensure that the owner of the e-mail address as the data subject has authorised delivery of the newsletter.
When a data subject registers for the newsletter, we also save the IP address assigned by the internet service provider (ISP) to the computer system they are using when they log in, as well as the date and time of login. We must collect this data so that we can track any (potential) misuse of the data subject’s e-mail address at a later time. The data is therefore used to provide legal security to the data controller.
Personal data collected in conjunction with a newsletter subscription is used only for the purpose of sending our newsletter. Furthermore, newsletter subscribers may be informed by e-mail if necessary for the purpose of providing the newsletter service or registering for the newsletter, as may be the case if there are changes to the newsletter service or changes to technical conditions. Personal data collected in association with the newsletter service is not transmitted to third parties. The data subject can terminate their subscription to our newsletter at any time. If the data subject has granted their consent for us to store personal data in order to deliver the newsletter, they may revoke this consent at any time. Each newsletter contains a link that may be used to revoke this consent. Furthermore, users can also unsubscribe directly from the newsletter at any time on the controller’s website, or inform the controller that they wish to unsubscribe in another manner.
8. Newsletter tracking
The Felina GmbH newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format, in order to facilitate log file recording and analysis. This allows us to analyse how successful or unsuccessful our online marketing campaigns are. Felina GmbH can use the embedded tracking pixels to determine whether and when a data subject opened an e-mail, and which of the links the data subject accessed.
Such personal data collected via tracking pixels contained in newsletters is stored and analysed by the data controller to optimise newsletter delivery and adapt the content of future newsletters even better to the interests of data subjects. This personal data is not transmitted to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent they have granted through the double opt-in process. After they revoke consent, the controller will delete their personal data. If Felina GmbH receives an unsubscribe request for the newsletter, we will automatically consider this a revocation of consent.
9. Contact over the website
Based on legal regulations, the Felina GmbH website contains information that allows users to quickly contact our company through electronic means, and to communicate directly with us. This information includes a general e-mail address. If a data subject contacts the controller via e-mail or using a contact form, the personal data transmitted by the data subject is stored automatically. Such personal data transmitted voluntarily to the controller will be stored for the purpose of processing the inquiry or contacting the data subject. This personal data will not be transmitted to third parties.
10. Routine deletion and blockage of personal data
The controller processes and stores personal data of data subjects only for the time necessary to achieve the purpose for which it was stored, or if required by European issuing bodies and regulators or another legislature in laws and regulations to which the controller is subject.
If this purpose is no longer applicable, or if an archiving term specified by the European issuing bodies and regulators or another responsible legislature expires, personal information is routinely blocked or deleted in accordance with the law.
11. Rights of data subjects
a) Right to confirmation
Each data subject has the right, granted by the European issuing bodies and regulators, to request confirmation from the controller whether the controller processes their personal data. If a data subject would like to exercise this right to confirmation, they can contact our Data Protection Officer or another employee responsible for processing at any time.
b) Right to information
Every data subject whose personal data is processed has the right, granted by the European issuing bodies and regulators, to receive information free of charge from the controller regarding their stored personal data, as well as a copy of this information. Furthermore, the European issuing bodies and regulators have granted data subjects the right to the following information:
- The purposes of processing
- The categories of personal data that are processed
- The recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, in particular for recipients in third party countries or international organisations
- If possible, the planned term for which personal data will be saved or, if this is not possible, the criteria used to determine this term
- The existence of their right to rectify or delete their personal data or restrict processing by the controller, or to object to this processing
- The existence of their right to submit complaints to a supervisory authority
- If the personal data was not collected from the data subject: All available information on the origin of the data
- The existence of automated decision-making processes, including profiling in accordance with Article 22 para. 1 and 4 GDPR and – at least in these cases – complete information on the logic involved, as well as the range and intended effects of such processing on the data subject
Furthermore, the data subject has the right to receive information on whether personnel have been transmitted to a third party or an international organisation. if this is the case, the data subject also has the right to receive information on suitable guarantees associated with the transmission.
If a data subject would like to exercise this right to information, they can contact our Data Protection Officer or another employee responsible for processing at any time.
c) Right to rectification
Any data subject whose data is processed has the right, granted by the European issuing bodies and regulators, to request the prompt correction of their personal data if it is incorrect. Furthermore, the data subject has the right to request the completion of incomplete personnel, including via a supplementary declaration, in consideration of the purposes of processing.
If a data subject would like to exercise this right to rectification, they can contact our Data Protection Officer or another employee responsible for processing at any time.
d) Right to deletion (right to be forgotten)
Any data subject whose data is processed has the right, granted by the European issuing bodies and regulators, to request that the controller promptly delete their personal data if one of the following reasons applies, and insofar as the processing is not required:
- Personal information was recorded for purposes or processed in some manner such that is no longer required.
- The data subject revokes their consent to processing according to Article 6 para. 1 letter a GDPR or Article 9 para. 2 letter a GDPR, and there are no other legal grounds for processing.
- The data subject must submit an objection to processing in accordance with Art. 21 para 1 GDPR, and there may be no overriding, legitimate reasons for the processing, or the data subject must submit an objection to processing in accordance with Art. 21 para. 2 GDPR.
- The personal information was processed illegally.
- The deletion of personal information is necessary to fulfil a legal obligation under the law of the EU or one of its member states to which the controller is subject.
- The personal information was collected in relation to a service offered by an information society in accordance with Article 8 para. 1 GDPR.
If one of the above reasons applies, and a data subject would like to request deletion of personal data stored by Felina GmbH, they can contact our Data Protection Officer or another employee of the controller for this purpose at any time. The Felina GmbH Data Protection Officer or another employee will be instructed to promptly fulfil the deletion request.
If Felina GmbH has published the personal data, and if our company is obligated to delete the personal data as the controller in accordance with Art. 17 para. 1 GDPR, then Felina GmbH will take appropriate measures, including technical measures, in consideration of available technologies and implementation costs, to inform other controllers that process the published personal data that the data subject has requested the deletion of all links to this personal data or copies or duplicates of this personal data, insofar as the processing is not required. The Felina GmbH Data Protection Officer or another employee will take the necessary measures in the individual case.
e) Right to restrict processing
Any data subject whose personal data is processed has the right, granted by the European issuing bodies and regulators, to request that the controller restrict processing of their data if one of the following requirements applies:
- The data subject disputes the correctness of the personal data, for a length of time allowing the controller to check the personal data to determine if it is correct.
- Processing is illegal, but the data subject rejects deletion of the personal information and instead requests to have use of this personal data restricted.
- The controller no longer requires the personal data for the purposes of processing, but the data subject still requires it to assert, exercise or defend against legal claims.
- The data subject has submitted an objection to processing according to Art. 21 para. GDPR, and whether the legitimate reasons of the controller outweigh those of the data subject has not yet been determined.
If one of the above requirements applies, and a data subject would like to request deletion of personal data stored by Felina GmbH, they can contact our Data Protection Officer or another employee of the controller for this purpose at any time. The Felina GmbH Data Protection Officer or another employee will take the measures necessary to restrict processing.
f) Right to data portability
All data subjects whose personal data is processed have the right, granted by the European issuing bodies and regulators, to receive personal data provided by the data subject to a controller in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without being prevented from doing so by the controller to which the personal data was provided, insofar as processing is carried out based on a consent in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract in accordance with Art. 6 para. 1 letter b GDPR, and the processing is carried out with the help of automated processes, if the processing is not required to carry out duties that are in the public interest or to exercise public authority awarded to the controller.
Furthermore, the data subject has the right, in exercising its right to data portability according to Art. 20 para. 1 GDPR to ensure that the personal data is transmitted directly from one controller to another, if this is technically feasible and if this does not impact the rights and freedoms of others.
In order to assert their right to data portability, the data subject can contact the Data Protection Officer appointed by Felina GmbH or another employee at any time.
g) Right to object
Any data subject whose personal data is processed has the right, granted by the European issuing bodies and regulators, to object to the processing of their personal data carried out on the basis of Art. 6 para. 1 letter e or f GDPR at any time for reasons related to their particular situation. This also applies to profiling based on these provisions.
Felina GmbH will no longer process personal data if an objection is received, unless we can show that we have mandatory, protected reasons for processing that outweigh the interests, rights and freedoms of the data subject, or if the processing is carried out to assert, exercise or defend against legal claims.
If Felina GmbH processes personal data to carry out direct advertisement, the data subject has the right to object to the processing of personal data at any time for the purpose of such advertisement. This also applies to profiling, if it is associated with such direct advertisements. If the data subject submits an objection to Felina GmbH against processing for the purpose of direct advertisement, Felina GmbH will no longer process their personal data for this purpose.
In addition, the data subject has the right to object to the processing of their personal data by Felina GmbH for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 para. 1 GDPR for reasons related to their personal situation, unless such processing is required to fulfil a duty which is in the public interest.
In order to assert their right to object, the data subject can contact the Data Protection Officer appointed by Felina GmbH directly or another employee. In conjunction with the use of information society services, and regardless of directive 2002/58/EC, the data subject is furthermore free to exercise their right to object through an automated process in which the technical specifications are used.
h) Automated decision-making in individual cases, including profiling
Any data subject whose personal data is processed has the right, granted by European issuing bodies and regulators, to not be subject to decisions based solely on automated processing – including profiling – that would have a legal effect on them or would significantly impact them in a similar manner, if the decision (1) is not necessary to conclude or fulfil a contract between the data subject and the controller or (2) is permitted under legal regulations of the European Union or the member states to which the controller is subject and these legal regulations contain appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject or (3) is carried out with the express consent of the data subject.
If the decision (1) is necessary to conclude or fulfil a contract between the data subject and the controller or (2) carried out with the express consent of the data subject, then Felina GmbH takes appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least ensuring the right for the person to contact the controller, present their own position, and challenge the decision.
If the data subject would like to exercise rights associated to automated decision-making, they can contact our Data Protection Officer or another employee responsible for processing at any time.
i) Right to revoke consent under data protection law
Any data subject whose personal data is processed has the right, granted by European issuing bodies and regulators, to revoke their consent granted to the processing of personal data at any time.
If the data subject would like to exercise their right to revoke consent, they can contact our Data Protection Officer or another employee of the controller responsible for processing at any time.
12. Data protection provisions on the use of Facebook
The controller has integrated components provided by the Facebook company on this website. Facebook is a social network.
A social network is a social meeting point operated online, an online community which typically allows users to communicate with one another and interact in a visual space. A social network can serve as a platform for exchanging opinions and experiences, or can allow the internet community to provide personal or corporate information. Facebook allows social network users to create private profiles, upload photos, and network using friend requests, among other activities.
The company that operates Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside of the USA or Canada, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time an individual page of our website operated by the controller that contains an integrated Facebook component is accessed (Facebook plug-in), the respective Facebook component automatically causes the web browser on the data subject’s IT system to download a representation of the Facebook component from Facebook to display it. A general overview of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. During this technical process, Facebook receives information on which specific sub-pages of our website the data subject visited.
If the data subject is logged into Facebook at the same time, each time our website is accessed by the data subject and during the entire time they spend on our website, Facebook receives information on which specific sub-pages of our website the data subject visits. This information is collected by the Facebook components and associated with the data subject’s Facebook account by Facebook. If the data subject presses one of the Facebook buttons integrated on our website, such as the “Like” button, or if the data subject leaves a comment, Facebook associates this information with the data subject’s personal user account and stores this personal data.
Facebook is always informed through the Facebook component that the data subject visited our website if the data subject was also logged into Facebook when they accessed our website; Facebook receives this information regardless of whether the data subject clicks the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook in this manner, they may prevent transmission by logging out of their Facebook account before accessing our website.
The Facebook data privacy guidelines available at https://de-de.facebook.com/about/privacy/ provide information on how Facebook collects, processes and uses personal data. Furthermore, they explain the settings Facebook offers to protect the privacy of data subjects. In addition, there are different applications available which allow users to suppress data transmission to Facebook, such as the Facebook blocker offered by Webgraph available at http://webgraph.com/resources/facebookblocker/. Data subjects can use such applications to suppress data transmission to Facebook.
13. Data protection provisions on the use of Instagram
The controller has integrated components of the web service Instagram on this website. Instagram is a service considered an audio-visual platform which allows users to share photos and videos and to distribute such data in other social networks.
The company that operates Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time an individual page of our website operated by the controller that contains an integrated Instagram component is accessed (Insta-button), the respective Instagram component automatically causes the web browser on the data subject’s IT system to download a representation of the Instagram component from Instagram to display it. During this technical process, Instagram receives information on which specific sub-pages of our website the data subject visited.
If the data subject is logged into Instagram at the same time, each time our website is accessed by the data subject and during the entire time they spend on our website, Instagram receives information on which specific sub-pages of our website the data subject visits. This information is collected by the Instagram components and associated with the data subject’s Instagram account by Instagram. If the data subject presses one of the Instagram buttons integrated on our website, the data and information transmitted by the button is associated with the data subject’s personal Instagram user account and is saved and processed by Instagram.
Instagram is always informed through the Instagram component that the data subject visited our website if the data subject was also logged into Instagram when they accessed our website; Instagram receives this information regardless of whether the data subject clicks the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram in this manner, they may prevent transmission by logging out of their Instagram account before accessing our website.
14. Data protection provisions on the use of YouTube
The controller has integrated components of the web service YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and allows other users to view, rate and comment on these video clips free of charge as well. YouTube allows the publication of all kinds of videos, and both complete movies and TV episodes as well as music videos, trailers, or videos made by users themselves are available through the internet portal.
The company that operates YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time an individual page of our website operated by the controller that contains an integrated YouTube component is accessed (YouTube video), the respective Instagram component automatically causes the web browser on the data subject’s IT system to download a representation of the YouTube component from YouTube to display it. Further information on YouTube is available at https://www.youtube.com/yt/about/de/. During this technical process, YouTube receives information on which specific sub-pages of our website the data subject visited.
If the data subject is logged into YouTube at the same time, YouTube receives information on which specific sub-pages of our website the data subject visited when they access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and associated with the data subject’s YouTube account.
YouTube and Google are always informed through the YouTube component that the data subject visited our website if the data subject was also logged into YouTube when they accessed our website; YouTube receives this information regardless of whether the data subject clicks a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google in this manner, they may prevent transmission by logging out of their YouTube account before accessing our website.
The YouTube data protection provisions published at https://www.google.de/intl/de/policies/privacy/ provide further information on how YouTube and Google collect, process and uses personal data.
15. Legal basis for processing
Art. 6 I lit. a GDPR serves as the legal basis for processing carried out by our company when we obtain consent for a certain purpose of processing. If personal data must be processed to fulfil a contract to which the data subject is a contractual party, which is the case, for instance, for processing carried out to deliver goods or perform other services or return services, then processing is based on Art. 6 I lit. b GDPR. The same applies to processing necessary to carry out pre-contractual measures, for instance related to inquiries regarding our products or services. If our company is subject to a legal obligation that requires the processing of personal data, for instance to fulfil tax-related obligations, then processing is carried out based on Art. 6 I lit. c GDPR. In rare cases, it may be necessary to process personal data to protect the vital interests of the data subject or other natural persons. This would be the case, for instance, if a visitor to our company was injured and then had to provide their name, age, health insurance information or other vital information to a doctor, a hospital or another third party. Then processing would be based on Art. 6 I lit. d GDPR. Finally, processing may be carried out based on Art. 6 I lit. f GDPR. Processing that is not included under any of the above legal bases is carried out on this legal basis, if the processing is required to safeguard a legitimate interest of our company or a third party, if the interests, basic rights and basic freedoms of the data subject do not outweigh this interest. We are allowed to carry out such processing, in particular, because it has been mentioned specifically by the European legislature. The legislature has indicated that a legitimate interest can be assumed to exist if the data subject is a customer of the controller (recital 47 clause 2 GDPR).
16. Legitimate interest in processing pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is in carrying out our business activities for the good of all of our employees and shareholders.
17. Legal or contractual regulations on providing personal data; necessity to conclude a contract; obligations of the data subject providing personal data; possible consequences of not providing the data
Please note that, in some cases, personal data must be provided by law (such as tax regulations) or under contractual regulations (such as information on the contractual partner). In some cases, in order to conclude a contract it may be necessary for a data subject to provide personal data to us, which we must then process. The data subject is obligated, for instance, to provide us with personal data if our company concludes a contract with them. Failure to provide such personal data would result in us being unable to conclude the contract with the data subject. The data subject must contact our Data Protection Officer before providing personal data. Our Data Protection Officer can clarify for the data subject in the individual case whether the personal data must be provided by law or contract, or whether it is necessary to conclude a contract, whether there is an obligation to provide the personal data, and what the consequences would be if they did not provide the personal data.