1 Responsible company, subject
1.1 This information on the collection and further processing of personal data applies to the business activities of the person responsible (hereinafter also: “we” / “us”):
- New York Webdesign / GeoNat Corp.
- 377 Ocean Pkwy 11C, Brooklyn NY 11218
- Telefon: +1 (845)-706-5328
- Email: hello@webdesign4ny.com
- Webseite: www.webdesign4ny.com
1.2 With the following information we would like to give our customers, suppliers, service providers and those interested in our products and services as well as other data subjects an overview of the processing of their personal data by us and their rights under data protection law. Which data is collected and processed, i.e. used, depends largely on the services or contracts agreed between us or requested or used by the person concerned or on the business transactions associated with our business activities. Therefore, not all parts of this information will apply to the individual concerned.
1.3 The aforementioned business activity includes data collection and further data processing when using the website www.webdesign4ny.com. The information on data protection provided there applies to the content of other providers to which links are provided on the websites at www.webdesign4ny.com. In particular, these providers are responsible for their own content and for the data processing there.
1.4 For area-specific surveys and processing of personal data that are not included in this data protection information, we will inform you separately at the appropriate point.
2 Contact details of the data protection officer
The contact details of the data protection officer appointed by us are:
- Levan Chrelashvili
- 377 Ocean Pkwy 11C, Brooklyn NY 11218
3 Definitions
In the legal formulation, the expression denotes:
3.1 “Responsible person or person responsible for processing”: the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data.
3.2 “Processor”: a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
3.3 “Personal data”: all information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.
3.4 “Processing”: any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, the use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
3.5 “Restriction of processing”: the marking of stored personal data with the aim of restricting their future processing (to block them for normal processing).
3.6 “Consent” of the person concerned: any voluntary expression of will given in an informed manner and unambiguously in the form of a declaration or other unambiguous affirmative act with which the person concerned indicates that they are processing their personal data Data agrees.
3.7 “Collect”: the acquisition of personal data, either with the cooperation of the data subject or with the cooperation of a third party.
3.8 “Profiling”: any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, to analyze or predict personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.
4 Purposes for which the personal data should be processed
We process personal data in accordance with the provisions of the local data protection regulation for the fulfillment of contractual obligations or pre-contractual measures (4.1 below), based on the consent given by the person concerned (4.2 below), based on statutory Specifications (4.3 below) or in the context of a weighing of interests (4.4 below).
4.1 Data processing to fulfill contractual obligations or pre-contractual measures
4.1.1 The processing of personal data takes place in order to provide our web hosting services (provision of storage space, e.g. for websites, as well as databases and E-Mail inboxes) including the brokerage of domains as part of the implementation of our contracts with our customers or for the implementation of pre-contractual measures which take place at their request. The purposes of data processing are primarily based on the specific product (e.g. web hosting tariff, server tariff) and include advice (support) and technical user support.
The contract is usually concluded online via the website www.webdesign4ny.com. The user of our website, as a consumer or as an entrepreneur, has the option of registering on the aforementioned website by providing personal data on the contractual product selected by him. Which personal data are to be provided to us and transmitted to us via buttons results from the respective input mask that is used for the order. The personal data entered by the future customer is collected and processed exclusively for internal use for our own purposes, in the case of brokerage services also for third-party purposes. We arrange for the transfer to be made to one or more processors who also process the personal data exclusively for internal use that is attributable to us.
Further details on the data processing purposes can also be found in the relevant contract documents and our general terms and conditions published on the website.
4.1.2 In addition, we process personal data for all ancillary activities that are conducive to the main purpose of our business activity or necessary to provide the services. These are e.g. the legal relationships with suppliers, utilities, consultants, authorities and offices.
4.1.3 We inform you about the storage period / deletion under section 9.
4.2 Data processing
4.2.1 Use of our contact form
4.2.1.1 If you have any questions, we offer you the opportunity to contact us using a form provided on the website.
4.2.1.2 Our data processing for the purpose of electronic contact with us takes place on the basis of a voluntarily given consent.
4.2.1.3 To contact us using the form provided, it is necessary and sufficient to provide a valid E-Mail-Address. Further information that is specified in the form fields can be provided voluntarily.
4.2.1.4 The personal data collected by us for the use of the contact form will be deleted after the reason for the establishment of contact has been dealt with, unless they are for the purposes of a contract or for pre-contractual measures may continue to be used by us.
4.2.1.5 We inform you about the storage period / deletion under section 9.
4.2.2 Telephone contact, contact by E-Mail.
4.2.2.1 You can contact us by telephone using the telephone number given on our website and the E-Mail-Addresses given there.
4.2.2.2 The data collection and further processing takes place on the basis of a voluntarily given consent or, as far as a pre-contractual or contractual relationship exists.
4.2.2.3 If you contact us by telephone, we may also collect personal data for other purposes that are only communicated to us during the telephone call. If we collect personal data from the call participant as a result of the phone call, about the processing of which he has not yet been informed, we will inform you separately if necessary.
4.2.2.4 The duration of storage of personal data collected on the basis of telephone calls is determined by the purpose of the call.
4.2.2.6 We inform you about the storage duration / deletion under section 9.
4.3 Data processing based on legal obligations
4.3.1 As a web hosting provider and telemedia service, we are subject to various legal obligations, i.e. legal requirements. These oblige us to provide information in the event of criminal investigations by the authorities or to (reserve) data storage of personal data of our customers. We may be obliged to participate in telecommunications law surveillance measures.
4.3.2 Due to obligations under telemedia law, we as a provider are obliged to act immediately in the event of certain illegal content on our customers’ websites to remove illegal information or to block access to it as soon as we gain knowledge of it.
4.3.3 We inform you about the storage period / deletion under section 9.
4.4 Data processing in the context of balancing interests
4.4.1 Log files when you visit our website
4.4.1.0 All computers and devices connected to the Internet are assigned an Internet Protocol (IP) address, usually in country-specific blocks. This can often be used to determine the country, state and location where the Internet connection is made. IP addresses must be used so that websites can be accessed on the Internet. This means that website owners have access to the IP addresses of the users of their website.
4.4.1.1 If our website is used for information purposes only, i.e. if users do not register or otherwise provide us with information or do not enter into a contract with us, we may collect data relating to a person with the IP address. For technical reasons, users have to use an IP address assigned to them by an access service when our website is accessed. Basically, the following applies: The IP address is an individual “address” of a terminal device (computer, smartphone, tablet) in a computer network. As an exception, an IP address could allow conclusions to be drawn about the person and make them identifiable for us.
4.4.1.2 When our website is simply called up by the program used by the visitor (user) to display Internet pages (the so-called “web browser” or just “browser”), which the user has installed on the device he is using, the following information is automatically transferred to the transmit the web server used by us:
- the IP address of the requesting device,
- date and time of access to our website,
- specification of the time difference between the requesting host and the web server,
- content for the request or specification of the retrieved file that was transmitted to the user
- the access status (successful transmission, errors, etc.),
- the amount of data transferred in each case in bytes,
- the website from which the user was accessed,
- the browser used by the user, the operating system, the interface, the language of the browser and the version of the browser software.
This information is stored by us on our web server in a so-called log file (in a “log file”). This would at least indirectly enable us to establish a personal reference, i.e. by determining the owner or company owner of the IP address via information from the access service providing the IP addresses. But only if this access service is legally entitled to provide the information.
The mentioned log files are processed by us for the following purposes:
- ensuring a smooth connection to our website,
- ensuring comfortable use of our website,
- evaluation of the system security and stability of our website.
4.4.1.3 Our legitimate interest results from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about the person of the user; Exceptions are cases of deliberate disruptions to the functionality of our website or cases of misuse of our services. Apart from these exceptions, no personal user profiles are created and the data is generally not passed on to third parties.
4.4.1.4 To protect against attacks and to ensure proper operation, all access to our website with the full IP address is temporarily and automatically analyzed for possible risks on a security system (firewall).
4.4.1.5 We will only try to find out who is behind an IP address in the event of illegal attacks or if our services are misused. Otherwise this information remains hidden from us and we do not try to get to the data of the owner of an IP address.
4.4.1.6 The log files are stored for a maximum of seven days. This short storage period does not apply to log files on accesses that are required for the further pursuit of attacks and faults.
4.4.2 Own cookies when you visit our website
4.4.2.1 We use our own cookies when you visit our website. Cookies are small text files that our web server sends to the end device of the user of our website and which are usually stored on the hard drive in the end device of the user. These are not programs that can penetrate the user’s system and cause damage there. Although cookies can identify the user’s device, cookies themselves do not store any personal data. Cookies do not cause any damage to the end device of the user and do not contain any viruses, Trojans or other malware. However, information is stored in a cookie that results in connection with the specific device used.
4.4.2.2 Cookies basically have the purpose of evaluating the content of the cookie when the website is called up again, i.e. to recognize the user or his previous usage actions. If the cookie is deleted, for example because the user has deleted it or because it has deleted itself, then such recognition or the tracing of an act of use is not possible, nor is it possible to “read” the cookie.
4.4.2.3 So-called HTTP cookies (also known as “browser cookies”) have a name and a corresponding value (content). These cookies are either automatically deleted when the browser is closed (so-called “transient” cookies) or have a programmed expiry date (so-called “persistent cookies”). We regularly use a session cookie, which receives a sequence of numbers as a value, the so-called session ID. A session ID makes it possible to assign several related requests from a user to this, ie his current “session”, in order to make it easier for him to use the various areas of the website. Our session cookies therefore support browser navigation. Session cookies are automatically deleted when the browser is closed. The session cookie is deleted when the browser is closed, and the “persistent” cookie is deleted when the expiry date expires.
4.4.2.4 No personal identification: With our own cookies, we do not use any technology that links information through cookies with the personal data of the user. Neither the identity of the user nor e.g. the E-Mail address can be determined.
4.4.2.5 Our legitimate interest follows from the purpose of the cookies set out above.
4.4.2.6 The browser that is used by the user allows the management of cookies and website data by means of self-data protection via the setting “data protection” or “data protection & security” or within the framework of the otherwise named security settings before a website is called up . The user can thus prevent the setting of cookies and the tracking of user activities (i.e. the “surfing behavior”) via website data or via what is known as “tracking”, which may be used across websites. For example, cookies and website data from the accessed website can be accepted and kept until they are no longer valid or until they have expired. Cookies and website data from third-party providers whose codes or scripts are integrated on the website visited may or may not be accepted. Or cookies and website data can always be rejected. Most web browsers automatically accept cookies by default. It is up to the user whether and how he adjusts this behavior of his browser for his purposes. If cookies and website data are not accepted by the browser setting, the activity tracking (website tracking) is switched off or the “Java script” is not allowed, it may happen that the accessed websites do not work in whole or in part.
4.4.2.7 Users can also delete cookies in whole or in part at any time in the security settings of their browser, for example after their Internet session has ended. Then when a session is restarted, no cookies or only those that have not been deleted will remain on the user’s device. This means that the user’s device cannot be “recognized” when a website is called up again.
4.4.2.8 We provide information on third-party cookies (third-party cookies) under Section 4.4.3. These third-party providers can be companies that are behind displayed advertising or social networks, for example if a Like or Share button is available on the website.
4.4.3 Analysis of our users when visiting the website – third-party cookies
The analysis measures listed below and used by us are carried out on the basis local data protection laws.
4.4.3.1 Google Analytics
a) We use Google Analytics, a web analytics service provided by Google LLC. (1600 Amphitheater Parkway Mountain View, CA 94043, United States; “Google”) for our website to analyze and statistically evaluate the use of our website (web analysis). Web analysis is the gathering, collection and evaluation of data on the behavior of visitors to websites. Among other things, Google Analytics collects data on the website from which a person concerned came to a website (so-called referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. The web analysis is used by us to optimize our website and, if necessary, for the cost-benefit analysis of internet advertising. This enables us to tailor our website to your needs.
The use does not include the “Universal Analytics” operating mode (and thus tracking of user activities across all devices).
b) Google Analytics uses so-called “cookies”, text files that are stored on the user’s terminal device and that enable an analysis of the user’s use of the website. The information generated by the cookie about the use of our website by the user such as browser type / version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on our website, the IP address of the user will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the United States and shortened there in exceptional cases.
c) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
d) Under no circumstances will the IP address of the analyzed user be associated with other data relating to the user. Our website uses Google Analytics with the extension “_anonymizeIp ()”. This guarantees the masking of the user’s IP address so that all data is collected anonymously. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. If there is any personal reference to the data collected about the user, this is immediately excluded and the personal data is deleted immediately.
e) Further information on data protection for the Google Analytics web analysis service can be found at support.google.com/analytics/answer/6004245 from the third party provider.
f) We store user and event data in the Google Analytics application for 26 months. This data is then deleted.
g) The legal basis for the collection of this analysis data is local data protection laws. Our overriding legitimate interest is to be able to use the usage analysis to determine the range of our website in order to optimize it.
h) Opposition options
The user can prevent Google from collecting the data generated by the cookie and relating to his use of our website (including his IP address) and from processing this data by Google by using the browser plug-in available under the following link (browser -Ad-on) downloads and installs: https://tools.google.com/dlpage/gaoptout?hl=en.
Then their visit data will not be recorded via Google Analytics JavaScript and Google Analytics is deactivated. This add-on prevents visitor data from being forwarded to Google Analytics via Google Analytics JavaScript (ga.js, analytics.js and dc.js). The browser add-on can be used with most modern browsers.
4.4.3.2 Facebook Pixel
This website uses the visitor action pixel from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) to measure conversion.
In this way, the behavior of the site visitors can be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected are anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage guidelines. This enables Facebook to place advertisements on Facebook pages as well as outside of Facebook. As the website operator, we cannot influence this use of the data.
The website operator has a legitimate interest in effective advertising measures, including social media. A corresponding consent can be requested (e.g. consent to the storage of cookies) and can be revoked at any time.
You will find further information on protecting your privacy in Facebook’s data protection information: https://www.facebook.com/about/privacy/.
You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
4.4.4 Social media plugins
This website does not use any social media plugins.
4.5 Online Advertising
We do not use any tools for online advertising with which personal data is transmitted to third parties.
4.6 Further processing
As far as necessary, i.e. situation-related and by no means regularly, we process data from data subjects beyond the actual fulfillment of the contract to safeguard the legitimate interests of us or third parties. These legitimate interests can be:
- 4.6.1 the assertion of legal claims and defense in legal disputes,
- 4.6.2 the prevention and investigation of criminal offenses,
- 4.6.3 video surveillance to maintain house rules or for building and system security (e.g. access controls).
5 Recipients or categories of recipients of the personal data
5.1 The data subject’s personal data will only be passed on or transferred to third parties for cases other than those described in this information if:
- the person concerned has given their express consent,
- the transfer is necessary to assert, exercise or defend legal claims and there is no reason to assume that the person concerned has an overriding legitimate interest in not disclosing his data,
- there is a legal obligation for the transfer and
- the transfer is legally permissible and required for the processing of contractual relationships with the person concerned.
5.2 Within our company, those persons have access to the data subject’s data who need it to fulfill our contractual and legal obligations. Processors, service providers and vicarious agents employed by us can also receive data for these purposes if they comply with our data protection instructions.
5.3 We use contract processors in particular for our web hosting services (e.g. contract management, support services, data center services).
5.4 In order to use the web analysis service Google Analytics, we have a contract with the Contract Administration Department of Google LLC., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States, on order data processing in addition to the general Google Analytics conditions to be observed by us (“Analytics-Conditions”) completed. This agreement has been supplemented by an addition for the scope of the General Data Protection Regulation.
5.5 Categories of recipients of personal data outside of our company and the processors can e.g. be: bodies that register domains or participate in the registration, bodies that issue certificates for secure data traffic or participate in this, domain trustees (so-called “escrow services”), payment service providers, data destruction services, debt collectors, tax and legal advisory service providers, bodies that request information from us in the context of criminal prosecution activities or to prosecute administrative offenses within the framework of their legal powers (e.g. police, public prosecutors, courts), rights holders who are entitled to receive information about certain personal data on the basis of legal regulations (e.g. in case of copyright infringement on customer websites).
6 Categories of personal data that are processed
Which personal data is processed in detail and how it is used depends largely on the services used or agreed. Therefore, not all parts of this information below will apply to the data subject. The data categories to be processed are or can be:
- Personal identification data, e.g. name, title, (private and corporate) address, previous addresses, (private, corporate) telephone number, fax number, (private, corporate) E-Mail addresses, (private, corporate) SMS or messenger services – addresses.
- Identification data issued by the public services, e.g.: national identification numbers, identity card data, passport data.
- Personal details: age, gender, date of birth, place of birth, marital status and nationality.
- Electronic identification data, e.g. IP addresses, cookies, connection times, electronic signature, mail headers, log files.
- Security data, e.g. User IDs, passwords, activation codes.
- Financial identification data: PayPal E-Mail or bank identification and bank account number.
- Employment data.
- Inventory data (contract data): personal data that are required for the establishment, content or modification of a contractual relationship between us and our customers.
- Usage data: log files about the usage activities of the customers on the provided electronic administration interfaces of their customer and system accesses.
7 Data sources
7.1 We generally collect personal data directly from the data subjects who provide them to us for our purposes, i.e. who make them available to us with their cooperation.
7.2 In exceptional cases, we may receive personal data from a third party without the involvement of the person concerned (so-called “third party collection”). Then we will send the person concerned a separate notification at the times stipulated by law. This applies to the categories of personal data that we have collected from the third party about the data subject as well as the indication of the source from which this data originates and, if applicable, whether it originates from publicly accessible sources.
8 Intended third country transfer
8.1 Our data processing is carried out on servers located in the locality of the project.
8.2 There is basically no intention to transfer personal data to a third party country.
8.3 In the event that we exceptionally transfer personal data to the European Union through the use of various analysis tools, such tools should have been submitted to the EU-US Privacy Shield. More about this at https://www.privacyshield.gov/EU-US-Framework.
8.4. In the event that we arrange for the customer to purchase a top-level domain at the customer’s request and do not use the regular local service provider for this purpose, we will transmit the customer’s personal data directly to the registration office in the USA, if only this registry assigns and manages this domain.
8.5 We are permitted to transfer data to a third party country if the statutory exceptional conditions are present, in particular if the data subject has given their express consent or if the transfer is necessary for the performance of a contract between the data subject and us or for the implementation of pre-contractual measures at the request of the data subject or the transmission is necessary to conclude or fulfill a contract we have concluded with another natural or legal person in the interests of the person concerned.
9 Storage period
9.1 We store the personal data collected by us for as long as it is necessary for our purposes or the person concerned has consented to further storage in accordance with the provisions of the data protection regulation.
9.2 In the regulations of this data protection information, we have already provided information about the storage period or the criteria for determining this period-specific at various points.
9.3 The personal data collected for the purpose of a contract will also be stored until the statutory retention requirements for our activities have expired. They will then be deleted, unless the processing is still necessary to fulfill a legal obligation to which we are subject.
9.4 The tax and commercial law retention and documentation obligations to be considered for a retention obligation for the commercial documents for six or ten years.
9.5 When the retention period expires, an obligation to delete does not automatically arise, as there may still be a legitimate interest in archiving, e.g. to be able to provide information in legal disputes. This also applies to cases of preservation of evidence within the framework of the statute of limitations. These limitation periods can be up to 30 years, whereby the regular limitation period is three years.
9.6 In the area of providing telecommunications services, we may be obliged to store storage obligations in accordance with the local law.
9.7. Personal data that the customer stores in the storage space provided by us can be deleted at any time during the contract and until its end.
10 Affected Rights
Those affected by data processing have the right
- to request information about the processing of personal data
- to request the correction of incorrect personal data relating to you
- to demand that personal data relating to you be deleted immediately
- to request restricted processing if one of the reasons stated in the provision applies
- to object to the processing of your personal data at any time, for reasons that arise from your particular situation, if the processing is based on our legitimate interests . We will then no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims
- to receive the personal data concerning you that the data subjects have provided to us in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance, provided that the processing is based on consent or on is based on the basis of a contract and the processing is carried out using automated procedures
11. Individual right to object when weighing interests
11.1 Data subjects have the right to object to the processing of their personal data for reasons that arise from their particular situation. The prerequisite for this is that the data processing takes place on the basis of our balancing of interests.
11.2 These cases have been described in this data protection information.
In the event of an objection, we will no longer process the personal data. Unless we can demonstrate compelling legitimate reasons for processing this data that outweigh the interests, rights and freedoms of the person concerned. This is also the case if the personal data are used to assert, exercise or defend legal claims.
11.3 The objection can be made informally with the subject “Objection” stating the name, address and date of birth of the person concerned and should be addressed to:
- New York Webdesign, represented by GeoNat Corp.
- 377 Ocean Pkwy 11C, Brooklyn NY 11218
11.4 As far as technically possible, we give the person concerned the opportunity to exercise the objection by means of an automated process in which technical specifications are used. This can e.g. happen through our website. These cases are also described in this data protection information.
12 Revocability of consent
12.1 If the person concerned has given us consent to the processing of personal data for certain purposes, the processing of this data is lawful. The person concerned can revoke their consent to us at any time. The revocation of the consent does not affect the legality of the data processed up to the revocation.
12.2 The revocation of the consent can be done informally with the subject “Revocation” stating the name, address and date of birth and should be addressed to:
- New York Webdesign, represented by GeoNat Corp.
- 377 Ocean Pkwy 11C, Brooklyn NY 11218
12.3 As far as technically possible, we give the person concerned an opportunity to explain the revocation as simply as the consent was given by them.
13 Right of appeal
Affected parties have the right to complain to a supervisory authority about us with regard to our handling of their personal data.
14 Provision obligation
As part of our business relationship users, interested parties or future customers must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the execution of the order or we will no longer be able to carry out an existing contract and may have to terminate it. An anonymous contract conclusion is not provided, nor is there any anonymous brokerage of contracts with third parties.
15 Order processing contract
If users of our websites order a web hosting tariff that is subject to a fee, these users can conclude a civil law contract with us online and become customers via our websites according to the tariffs and services shown there. This contract is based on our general terms and conditions as well as a pre-formulated data protection contract on order processing. Depending on the services that the customer uses, it cannot be ruled out that we will then process personal data for the customer on his behalf and according to their instructions and are therefore contract processors. We use subcontractors for this order processing.
16 Automated decision making
In principle, we do not use fully automated decision-making to establish and implement the business relationship. If we use this procedure in individual cases, we will inform the person concerned about this separately, provided this is required by law.
17 Data security
17.1 When you visit our website, we use the popular SSL (Secure Socket Layer)/Transport Layer Security (TLS) method in conjunction with the highest level of encryption supported by the user’s browser to protect communication with us. Usually this is a 256-bit encryption. If the user’s browser does not support 256-bit encryption, we use 128-bit v3 technology instead. The user can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or the lock symbol in the status bar of his browser.
17.2 If users of our services want to be sure that their E-Mail remains unread on the way to us, they can encrypt their E-Mail message. For this purpose, those affected can use our public GnuPG key, which we will provide if necessary. Common programs for encryption are PGP and GnuPG, which can be downloaded free of charge from www.openpgp.org or gnupg.org/index.html.
17.3 Regardless of E-Mail encryption by PGP / GnuPG, the following applies: If the user’s E-Mail provider supports Transport Layer Security (TLS), E-Mail communication is encrypted because the E-Mail server we use consistently support TLS.
17.4 We also use suitable technical and organizational security measures to protect the personal data of the person concerned that we have collected against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
18 Change of this data protection information
This general data protection information does not require the consent of those concerned and is subject to regular reviews with regard to any need for changes. The previous version will be archived by us if it is replaced by a new version.