de|en

Privacy Statement

This privacy statement clarifies the type, the extend and the purpose of the processing of personal data (hereinafter referred to as “data”) within our online offerings and the associated websites, features and contents as well as online presence, such as our social media profile (hereinafter collectively referred to as “online offer”). With regard to terms as “procession” or “person responsible” we refer to the definition in Article 4 of the General Data Protection Regulation (GDPR).

Person Responsible

F. W. Daum GmbH & Co. KG
Fischerstraße 30
42859 Remscheid
Germany

Contact
Phone +49 (0) 2191 46 300 8 - 0
Fax +49 (0) 2191 46 300 8 - 80
Mail info@daum-kg.de
Web www.daum-kg.com

Legal Disclosures
General Manager: Frank Hemsath

Limited Partnership (Kommanditgesellschaft), based in Remscheid, Registry Court Wuppertal HRA 17 558

VAT Identification Number ref. article 27a VAT Act: DE120813832

Tax Number: 126/5835/0134

Represented by the personally liable shareholder Urbach, Hemsath & Co. Bet. GmbH, based in Remscheid. Registry Court Wuppertal HRB 11 021

Type of Data Processed:

  • Inventory data (e.g. names, address)
  • Contact data (e.g. e-mail, telephone number)
  • Content data (e.g. text entries, photographs, videos)
  • Usage data (e.g. visited websites, interest in content, access time)
  • Meta- / Communication data (e.g. device information, IP addresses)

  • Categories of Data Subjects

    Visitors and users of the online offering (hereafter the persons concerned are also summed up as “users”).

    Purpose of Processing

  • Provision of online offer, its features and contents
  • Responding to contact request and communication with users
  • Security measures
  • Reach measurement/Marketing
  • Terminology

    “Personal Data” are all information referring to an identified or identifiable natural person (hereinafter called “person concerned”). A natural person in considered as identifiable if it can be identified, directly or indirectly, in particular by reference to an identifier like the name, an identification number, location data, online-identification data (e.g. cookies) or to one or more attributes expressing the physical, physiological, genetic, mental, economical, cultural, or the social identity of the natural person.

    "Processing”: any operation or set of operations that is performed upon personal data, whether or not by automated means. The term has a broad meaning and includes practically any kind of data handling.

    “Pseudonymization”: The processing of personal data in such a way that the personal data, without enlistment of additional information, cannot be associated with a specific person concerned, provided that these additional information are kept separately and are subject to technical and organizational measures, which guarantee that the personal data cannot be assigned to an identified or identifiable natural person.

    “Profiling”: Any kinds of automated processing of personal data that consists of the usage of personal data for reason of rating personal aspects referring to a natural person, but above all analyzing or forecasting aspects regarding job performance, economic situation, health, personal preferences, interests, reliability, attitude, abode or change of location of the natural person.

    “Person responsible”: A natural or legal person, agency, institution or other authority that decides upon purpose and instruments of processing of personal data, alone or jointly with others.

    “Processor”: A natural or legal person, agency, institution or other authority that processes personal data by order of the person responsible.

    Relevant Legal Basis

    According to article 13 GDPR we announce the legal basis of our data handling. Provided that the legal basis is not mentioned in the GDPR, following applies: The legal basis for acquisition of permission is article 6 (1) lit. a and article 7 GDPR, the legal basis for the processing of fulfillment of our performances and the implementation of contractual measures, as well as the response to enquiries is article 6 (1) lit. b GDPR, the legal basis for the processing for the implementation of legal obligations is article 6 (1) lit. c GDPR, and the legal basis for the processing to safeguard of our legitimate interests is article 6 (1) lit. f GDPR. For the case of processing of personal data becoming necessary, for example due to vital interest of the person concerned or another natural person, article 6 (1) lit. d GDPR serves as legal basis.

    Safety Measures

    We take any appropriate technical and organizational measure to ensure a level of protection, appropriate to the risks involved, in accordance with article 32 GDPR and in consideration of the state of the art, implementation costs and nature, the extent, the circumstances and the purpose of processing as well as the differing probability of occurrence and seriousness of the risk for rights and freedom of the natural person.

    ZThose measures include in particular the safeguarding of the confidentiality, integrity and availability of data by means of monitoring of the physical access to data, as well as safeguarding the access to respective data, the entry, the transfer and availability and the disconnection. Furthermore we have established processes that ensure perception of rights of the persons affected, deletion of data and reactions to the endangerment of data. Beyond that we respect the protection of personal data already during the development / choosing of hardware and software as well as processing, corresponding to the principle of data protection due to technology development and privacy-friendly default setting (article 25, GDPR).

    Cooperation with External Processors and Third Parties

    SIf we disclose, transmit or allow access to data to other persons or companies (external processors or third parties) in the course of our processing, this is done on the basis of legal permission (e.g. when a transmission of data to third parties (e.g. payment service providers, under article 6 (1) lit. b GDPR) is necessary due to performance of a contract), on the basis of your agreement, legal obligation or our legitimate interests (e.g. when we work with agents, web hosts etc.).

    Provided that we commission third parties to process data on the basis of a so-called “order-processing contract”, this is only done on the basis of article 28 GDPR.

    Transfer to Third Countries

    Insofar as we are processing data in a third country (that means countries outside the European Union (EU) or European Economic Area (EEA)) or if this is happening by means of the use of services of third parties or transfer of data to a third party, this shall only happen in the course of fulfillment of our contractual obligations, on the basis of your agreement or legal obligation or on our legitimate interests. Subject to legal or contractually permissions, we only process (or instruct other third countries to process) data under presence of special requirements of article 44 ff. of the data-protection in accordance to EU standards (e.g. the USA “Privacy Shield”) or consideration of official recognized contractual obligations (called standard contractual clauses).

    Rights of the Person conerned

    You have the right to obtain a confirmation about the processing of respective data and access rights as well as rights to further information and copies of the data in accordance with article 15 GDPR.

    Referring to article 16 GDPR you have the right to demand that the respective data either has to be completed or corrected, if they are incorrect.

    According to article 17 GDPR you have the right to require the immediate deletion of respective data or alternatively according to article 18 GDPR the restriction of processing of respective data.

    You have the right to demand, that the respective data you have provided for us will be transmitted to you and to demand the transmission of the data to other responsible parties.

    Furthermore you have the right to lodge a complaint with the competent supervisory authority pursuant to article 77 GDPR.

    Right of Revocation

    You have the right to revoke given approval with effect for the future pursuant to article 7 paragraph 3 GDPR.

    Right of Objection

    You may object to future processing of your personal data at any time according to article 21 GDPR. This opposition may include particularly the processing for the purpose of direct marketing.

    Cookies and the Right of Objection for the Purpos of Direct Marketing

    The term “Cookies” refers to small data files, stored on computers of the user. Within the cookies different entries may be stored. A cookie is primarily used for the storage of information of the user, or rather the device the cookie is stored on, during or after his visit within the online offer. Temporary cookies, “session cookies” or “transient cookies” are cookies that are deleted after the user exits the online offer and closes the browser window. In such a cookie the cart content of an online shop or the login status can be stored. Cookies are termed as “permanent” or “persistent”, when they are stored even after closing of the browser. So it’s possible to store the login status when the user is searching for it after several days. Cookies may also store the interest of a user, which can be used for reach measurement or marketing purposes. Cookies are designated as “third-party-cookies” if they are provided by other suppliers than the responsible one that is operating the online offer. (Or else, if this is referred to only its cookies, then it is termed as “first-party-cookie).

    We can use temporary or permanent cookies and we inform you about this in the course of our GDPR.

    If the users do not agree with the storage of concerning data on the data processor, they are requested to deactivate the relevant option in their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of the online offer.

    A general contradiction can be declared against the usage of the cookies that concern online marketing by the majority of services, especially in case of tracking, on the US-American website http://www.aboutads.info/choices/ or the EU-website http://www.youronlinechoices.com/Furthermore the deletion of cookies due to their deactivation can be achieved in the setting of the browser. Please note that the usage of some applications of the online offer can potentially be restricted.

    Deletion of Data

    The personal data processed by us will be deleted or restricted in processing in according to article 17 and 18 GDPR. Unless specifically stated in the course of GDPR, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and only if there are no restrictions regarding to legal retention requirements. Provided that the data is not deleted, because of necessity for others or lawful purposes, the processing of the data is restricted. That means that the data access is disabled and the data is not processed for other purposes. This may be the case, for example, for data that has to be stored due to fiscal reasons or those referring to commercial law.

    Due to legal requirement in Germany, the data is stored for 10 years in accordance with §§ 147(1) AO, 257(1) No. 1 and 4, (4) HGB (commercial registers, records, booking documents, trading books, and other documents relevant for taxation) and 6 years in accordance to § 257 (1) No. 2 and 3, (4) HGB (commercial papers).

    According to legal requirements in Austria, the storage of data is set for 7 years due to § 132 (1) BAO (accounting documents, receipts/invoices, accounts, records, business papers, tables of income and expenditure, etc.), for 22 years in connection with property and for 10 years with regard to records connected to electronically supplied services, telecommunication services, service of public broadcasters and television, that are rendered to non-entrepreneurs in EU country and for which the ‘mini-one-stop-shop’ MOSS is claimed.

    Business Related Processing

    Additionally we process:

  • Contract Data (e.g. contractual object, term, customer category)
  • Payment Details (e.g. bank details, payment history)

  • of our customers, interested parties and business partners for the purpose of provision of contractual services, customer service, marketing, commercial and market research.

    Contractual Services

    We process the data of our contractual partners and interested parties as well as other contracting authorities, customers or clients ((hereinafter jointly referred to as “contracting party”) due to article 6 (1) lit. b. GDPR, for providing the contractual and precontractual service for you. The data processed, the type, the scope, the purpose and the necessity of processing is determined by the underlying contractual relationship.

    In the course of the utilization of our online services we can store the IP address and the time of the respective user intervention. The storage takes place on the basis of our legitimate interests and on the interest of the user due to protection against abuse or other unauthorized use. We will not transfer the respective data to third parties, unless it is necessary for pursuance of our claims due to article 6 (1) lit. f. GDPR or legal obligations due to article 6 (1) lit. c. GDPR.

    We do not process special categories of personal data, unless they are part of commissioned or contractual processing.

    We process data, that are necessary to justification or fulfillment of contractual services, and point out to the necessity of your information if not evident to the contracting party. Disclosure to external persons or companies only takes place due to necessity within the contract. With regard to the processing of the data surrendered to us in the course of a contract, we act in accordance with the respective instructions of the client as well as with the legal requirements.

    The deletion of the data occurs after it is no longer necessary for fulfilling of contractual or legal duty of care as well as for the handling with warranty and comparable obligations. The necessity of the storage of data is examined every 3 years; Apart from that the legal provisions for record retention are applicable.

    Administration, Accounting, Office, Organization, Contact Management

    We process data in the course of administrative tasks as well as organization of our business, accounting and compliance with our legal obligations, such as archiving. Here we process the same data as we process in the scope of contractual performances. The processing basics are article 6 (1) c. GDPR, article 6 (1) lit. f. GDPR. Affected by the processing are clients, interested parties, business partner and website visitors. The purpose and our interest in processing data focuses on administration, accounting, office organization and archiving of data, accordingly on tasks that serve for maintenance of business activities and performance of our duties and services. The deletion of data with regard to contractual services and contractual communication corresponds to the declared specifications.

    We reveal or transmit data to the financial management, consultants, such as tax consultants or auditors, as well as other billing centers and payment service providers.

    Moreover do we store information due to our business interests concerning suppliers, organizers and other business partner (e.g. future contacting). In general, we store these predominantly business-related data permanently.

    Business Analysis and Market Research

    To operate our business economically and to determine market trends, wishes of the contractual partner and use, we analyze respective data concerning business transactions, contracts, requests, etc. Thereby we process inventory data, communications data, contract data, payment information, usage data and metadata on the basis of article 6 (1) lit. f. GDPR. The affected persons include contractual partner, interested parties, clients, visitors and user of our online offer.

    The analysis happens for the purpose of business assessment, marketing and market research. In doing so, we can take into account the profiles of the registered users with information, e.g. concerning their services received. The analyses serve us to increase the user-friendliness, optimization of our offer and business economics. The analyses serve solely us and are not revealed externally, anonymous analyzes with joint figures are excluded.

    As long as these analyses or profiles are personal, the deletion or anonymization will happen after the termination of the user or otherwise after 2 years from conclusion of the contract. Apart from that, the overall business analyses and general tendency determination are created, as far as possible, anonymously.

    Data Protection Notice in Application Procedure

    We process applicant details only for the purpose and in the scope of application procedure and under and in accordance with legal requirements. The processing of applicant details follows the compliance of our (pre-)contractual obligations in the context of application procedure in line with article 6 (1) lit. b. GDPR, as far as the data processing e.g. as part of legal procedures become necessary for us (in Germany § 26 BDSG applies additionally).

    The application procedure presupposes, that applicants inform us about their details. The necessary applicant details are, provided that we offer an online form, labeled. Otherwise they arise out of the job descriptions, which involve information about the person, contact address and documents related to the application, such as covering letter, curriculum vitae and certificates. In addition to this, applicants are welcome to submit additional and optional information to us.

    With the transmission of the application, applicants agree to the processing of their data for purposes according to the application procedure and the type and extend as stated in the privacy statement.

    As far as special categories of personal data is voluntarily offered in the course of application procedure for the purposes of article 9 (1) GDPR, the processing is carried out additionally according to article 9 (2) lit. b. GDPR (e.g. health data, such as severe disabilities or ethnic origin). As far as special categories of personal data of the applicant is requested in the course of application procedure and with the purpose of article 9 (1) GDPR, the processing is carried out additionally according to article 9 (1) lit. a GDPR (e.g. health data, of necessary for the vocational training).

    Provided they have been made available, applicants can transmit their applications via online form on our website. The data will be transmitted to us encrypted and with the current state of the art. Furthermore applicants can transmit their application to us via email. Please note that these emails can in principle not be transmitted encrypted and applicants are responsible for the encryption. Therefore we assume no responsibility for the transmission path of the application between the sender and the receipt on our server, which is why we recommend the online or postal form. Instead of sending the application via online form or email, there is also the possibility to send it to us via mail.

    In the case of successful application, we can process the provided data for the purpose of employment. Otherwise, is case of unsuccessful application, the data of the applicant will be deleted. The data of the applicant will also be deleted, if the application is withdrawn, as the applicant is entitled to do.

    The deletion takes place, subject to a justifiable objection of the applicant, after a period of 6 month, so that we can reply to follow-up questions and determine the compliance of the Act of Equal Treatment. Invoices regarding possible compensation for travelling will be archived according to the current tax laws.

    Contacting

    When getting in contact with us (e.g. via contact form, e-mail, phone or social media) the data of the user are processed for the purpose of contact request and its processing in accordance with article 6 (1) lit. b) GDPR. The personal data can be stored in a Customer-Relationship-Management system (“CMR-system”) or comparable system.

    We delete requests, if they are not needed anymore. We review the necessity every two years; apart from that the legal archiving obligations apply.

    Hosting and E-Mail-Communication

    The hosting-service used by us serves for provision of following services: infrastructure- and platform-services, computing capacity, disk space and database services, e-mail communication, security services as well as technical maintenance services we use for the operation of online offer.

    In this process, we, or our hosting company, process inventory data, contact information, content data, contract data, usage data, metadata and communications data of our customers, interested parties and visitors of the online offer on the basis of our legitimate interests for efficient and safe provision of the online offer due to article 6 (1) lit. f GDPR in connection with article 28 GDPR (conclusion of a job processing contract).

    Collection of Access Data and Logfiles

    We, or our hosting company, collect data due to our legitimate interests for the purpose of article 6 (1) lit. f. GDPR, for every access on the server that is working with this service (so-called server log files). The access data include the name of the clicked page, file, date and time of retrieval, transferred data volume, report on successful retrieval, type of browser and version, the operating system of the user, referrer URL (website you were referred from), IP address and the requesting provider.

    Log file information is stored for safety reasons (e.g. clarification of defraudation) for a maximal term of seven years and will be deleted afterwards. Data whose storage is necessary for purposes of proof is excluded from deletion until the respective incident is finally resolved.

    Google Analytics

    Due to our legitimate interests (meaning interest in analyzing, organizing and in the economic operation of our online offer in accordance with article 6 (1) lit. f GDPR) we use Google Analytics, an advertising analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie due to the usage of the online offer is transferred and stored at a server of Google in the USA.

    Google is certified according to the Privacy-Shield agreement and therefore guarantees to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    Google will use this information on our account to evaluate the usage of our online offer through customers, to compile reports on the activities within the online offer and to render further services related to the usage of the online offer and internet usage. Thereby pseudonymous user profiles of the user can be generated based on the processed data.

    We use Google Analytics only with activated IP anonymization. That means, that the IP address of the user is reduced by Google within the member states of the European Union or other Contracting States to the Agreement on the European Economic Area. The entire IP address is transferred to Google in the USA only in exceptional cases and will be reduced there.

    The transmitted IP address, put out by the browser of the user, is not merged with other data of Google. The user is able to prevent the storage of cookies by a corresponding setting of the browser-software; beyond that, the user is able to prevent the collection of data, that is generated by the cookie and referring to the use of the online offer, to Google as well as the processing of the data by Google, by downloading and installing the browser plugin available trough the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

    You will find further information about the use of data by Google, configuration options and the possibilities to appeal in the privacy statement of Google (https://policies.google.com/technologies/ads) as well as the settings for the presentation of advertisement by Google (https://adssettings.google.com/authenticated).

    The personal data of the user is deleted or anonymized after a period of 14 months.

    Google AdWords and Conversion-Tracking

    On the basis of our legitimate interest (i.e. interest in the analysis, optimization and economic operation of our online offer for the purpose of article 6 (1) lit. f. GDPR) we use the service of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

    Google is certified by the Privacy Shield agreement and therefore guarantees the compliance of the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

    We use the online marketing practice Google “AdWords” to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites etc.) so that they are shown to users that are probably interested in them. This allows us to display more targeted advertising content for and within our online offer, to provide users only with ads for products that potentially meet their interests. In the event of any user being displayed with ads for products he was interested before on other online offers, one can speak of “remarketing”. For these purposes Google executes a code when a participant opens our or another website on which the Google advertising network is active and so-called “(re-) marketing-tags” (hidden graphics or code, also referred to as “web beacons”) are incorporated in the website. With their help an individualized cookie is stored on the device of the user (instead of cookies other similar technologies can be used). In this file following information is recorded: which websites the user visits, in which content the user is interested in, on which offers the user clicked, technical information concerning browser and operating system, referring websites, visiting time as well as further details about the use of the online services.

    Further we receive an individual “conversion-cookie”. The information received with the help of the cookies serves Google to generate conversion statistics for us. However, we solely learn the anonymous total number of users that clicked on our advertisement and were forwarded to a site provided with a conversion tracking tag. We do not obtain any information about the personal identification of the user.

    The data of the user is processed pseudonymously with regard to Google-Advertising-Network. That means, that Google is not storing and processing the names or email addresses of the user, but processes the relevant data based on respective cookies within pseudonymous user-profiles. Therefore, from Google’s point of view, the advertisements are not administered and displayed for a specific person, but for the holder of the cookie, irrespective of who the holder is. This does not apply if the user expressly allows Google to use to process the data without pseudonymization. The information concerning the user are transmitted to Google and stored at the Google server in the USA.

    You will find further information about the use of data by Google, configuration options and the possibilities to appeal in the privacy statement of Google (https://policies.google.com/technologies/ads) as well as the settings for the presentation of advertisement by Google (https://adssettings.google.com/authenticated).

    Online Presence of Service and Third Party Contents

    We maintain online presence within social networks and platforms for communication with active costumers, interested parties and users and to inform them about our service. The request of the respective website is subject to general terms and conditions and to the data processing guidelines of the respective operator.

    Unless otherwise stated with regard to our privacy statement, we process the data of our users as far as we communicate within social networks and platforms, that means for example writing articles for our online presence or sending messages to each other.

    Integration of Service and Third Party Content

    On the basis of our legitimate interest (that means interest in the analysis, optimization and economic operation of our online offer for the purpose of article 6 (1) lit. f. GDPR), we use content and service offer of third parties within our online offer, to incorporate their content and services (for example videos, fonts, hereinafter jointly referred to as “content”).

    That always assumes that third-party providers of these contents detect the IP address of the user, due to the fact that the IP address is crucial for sending content to the respective browser. Therefore the IP address is essential for the display of these contents. We try to use only content of providers that use the IP address solely for delivery of contents. Moreover, third-party providers can use so-called “pixel tags” (invisible graphics, also called “web beacons”) for statistical or advertising purposes. With the help of the pixel tags information, like the visitor traffic on certain parts of the website, can be evaluated. The pseudonymous data can be stored within cookies on the device of the user. It can also contain technical information about the browser and the operating system, referring web sites, visiting time as well as further details about the use of the online offer; moreover it can be connected with such information from other sources.

    Google Maps

    We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed can include IP addresses and location data of the user, which will not be surveyed without the agreement of the customer (ordinarily implemented within the framework of the setting of their mobile devices). The data can be processed in the USA. Privacy Statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

    Typekit-Fonts by Adobe

    We use, on the basis of our legitimate interest (that means, interest in the analysis, optimization and economic operation of our online offer for the purpose of article 6 (1) lit. f. GDPR), external “typekit”-fonts of the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy-Shield-Agreement and therefore guarantees the compliance of the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

    Cookie Declaration

    Please note: The following declaration will be shown in the standard language of your internet browser. Otherwise it is available in German and English language.