Introduction and terms
1. Introduction
By operating our web site www.reep.de (hereinafter called “web site”), we process personal data. We handle these confidentially and process them in accordance with the laws currently in force – in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG new). Our data protection regulations are intended to inform you regarding which of your personal data we collect from you, for what purposes and on which legal basis we use it, and if necessary to whom we disclose it. Furthermore, we will explain to you the rights to which you are entitled to safeguard and enforce your data protection.
2. Terms
Our data protection regulations contain technical terms used in the GDPR and BDSG new. So you can better understand them, we will begin by explaining these terms in simple words:
2.1. Personal data
“Personal data” is all the information relating to an identified or identifiable person (Article 4, No. 1 of the GDPR). For example, details about an identified person can be their name or E-mail address. However, personal data also includes data with which their identity is not immediately apparent but can be determined by combining with own or third-party information and thus learning who it involves. For example, a person is identifiable via the statement of their address or bank reference, their date of birth or user name, their IP addresses and/or location data. All the information that allows an inference about a person in any way whatsoever are relevant here.
2.2. Processing
Article 4, No. 2 of the GDPR understands “Processing” to mean any procedure connected with personal data. In particular, this includes collecting, recording, organising, arranging, storing, adapting or changing, reading out, querying, using, disclosing, transmitting, distributing or another form of providing, adjusting or linking, restricting, erasing or destroying personal data.
Responsible company and data protection officer
3. Responsible entities
The following is/are responsible for data processing:
| Company: | Schmidt Tivoli Cultural and Catering Establishments (“We”) |
| Legal representatives: | Tessa Aust, Corny Littmann, Hannes Vater (Managing Directors) |
| Address: | Spielbudenplatz 27-28, 20359 Hamburg, Germany |
| Tel.: | +49 (0) 40 / 31 77 88-0 |
| Fax: | +49 (0) 40 / 31 77 88-74 |
| E-Mail: | info@tivoli.de |
4. Data protection officer
We have appointed an external data protection officer for our company. You can contact him at:
| Name: | Arne Platzbecker |
| Address: | HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg, Germany |
| Telefon: | +49 (0) 40 / 18189800 |
| Fax: | +49 (0) 40 / 181898099 |
| E-Mail: | datenschutz@habewi.de |
Processing context
5. Processing context: Web site/page
In the context of the web site/page with URL www.reep.de, we process your personal data listed in detail under Numbers 6 – 19 below. We process only your data that you actively state on our web site/page (e.g. by filling in forms) or which you automatically make available when using our offering.
Your data are processed exclusively by ourselves, and as a fundamental principle it is not sold, lent or passed on to third parties. Insofar as we use assistance from external service providers when processing your personal data, this takes place within the framework of what is known as contract processing, in which we as the client have the power to issue instructions to our contractor. To operate our web site/pages, we use external service providers for hosting and for maintenance, care and further development. If additional external service providers are used in individual processing steps listed in Clauses 6 - 19, they are named there.
As a fundamental principle, no data transmission takes place (in)to third countries, nor is it planned. We will give information about exceptions to this basic principle in the processing described below.
Processing in detail
6. Provision of the web site/page and server logfiles
6.1. Description of processing
At each access to the web site/page, we automatically collect information that your browser transmits to our servers (known as logfiles). This involves the following data:
- your IP address
- the browser software you use, together with its version and language
- the operating system you use
- the web site/page from which you reached our web site/page (called the Referrer)
- the subpages you accessed on our web site
- the date and time of day of your access to our web site/page
- your Internet service provider
- the country and place from which you visited our web site/page
- the duration of your visit to our web site/page
Our system stores these in what are called logfiles. Temporary storage of your IP address by the system is necessary to enable us to deliver our web page to a user’s terminal device. For this purpose, the user’s IP address must remain stored for the duration of the session. However, your IP address is not recorded in our logfiles.
6.2. Purpose
Processing takes place to enable access to the web page, and to guarantee the latter’s stability and security. Moreover, this processing is used for statistical evaluation and to improve our online offer.
6.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 6.2.
6.4. Duration of storage
Data are deleted as soon as they are no longer required for the purpose for which they were collected. In the case of the data collection to provide the web site, this is the case when the respective session is ended. Logfiles are deleted after 30 days.
7. Reservation
7.1. Description of processing
We have provided a reservation form on our web site/page to reserve a table. In this form, you are asked to give us your E-mail address, your surname, first name and telephone number. When you operate the “Send” button, these data are transmitted to us using SSL (Secure Sockets Layer) encryption (see Clause 20). The reservation form can be transmitted only if you accept our data protection provisions by clicking on the corresponding checkbox.
7.2. Purpose
By providing a reservation form on our web site/page, we want to offer you a convenient option to make a reservation with us. The data transmitted with and in the reservation form are used exclusively to process and reply to your request.
7.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 7.2.
7.4. Duration of storage
We will delete the data as soon as they are no longer required for the purpose for which they were collected. This is usually the case when the date/time of the respective reservation has elapsed. Insofar as statutory retention periods prevent deletion, deletion will take place without delay after the statutory preservation period has expired.
7.5. Recipient(s)
No personal data are forwarded to third parties to process your reservation.
8. Cookies
8.1. Description of processing
Our web site/page uses cookies. Cookies are small text files that are saved on the user’s terminal device during a visit to a web site/page. Cookies contain information that enables a terminal device to be recognised again, and if necessary certain functions of a web site/page. In most cases, we use only what are called “session cookies”. These are automatically deleted when you end your Internet session and close the browser. Other cookies stay stored on your terminal device for a longer period of time, and enable partner companies to recognise your browser and/or computer (persistent cookies). Depending on the cookie, persistent cookies are automatically deleted after a predetermined storage period.
8.2. Purpose
We use cookies to make our web site/page design more user-friendly and to offer the functions described in Subclause 8.1. Among other things, we cooperate with advertising partners who help us to make our web site/page as interesting as possible for you. Cookies on our web site/page from third party providers, our partner companies, may also be stored on your hard disk for this purpose. If we allow third parties to use cookies of this kind, we will inform you in the following paragraphs about the information collected in this way.
8.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 8.2. Insofar as we ask you for consent in the context of a cookie banner and/or cookie consent tool, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Such consent is voluntary.
8.4. Storage duration, revocation of consent
Cookies are automatically deleted when a session ends and/or when the stated storage duration expires. Since cookies are stored on your terminal device, you as the user also have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings in your Internet browser. Insofar as we obtain consents to the use of cookies via a cookie banner or cookie consent tool, you can revoke these consents at any time within the settings of the cookie banner and/or cookie consent tool with effect for the future.
The following is a collection of links that take you to instructions as to how you can change the settings in commonly-used browsers. You can obtain more information in your browser’s support menu:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Cookies that have already been saved can be deleted at any time. This can also take place automatically. If cookies for our web site/page are deactivated, individual functions of our web site/page may be useable to only a limited extent or not at all.
8.5 Consent with Cookiebot
Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").
When you enter our website, a connection is established to the servers of Cookiebot in order to obtain your consents and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.
9. Social networks
9.1. Description of processing
Certain subpages of our web site/page contain what are called social plugins offered by the external social networks Facebook, Twitter and Instagram. When a site/page containing such a plugin is accessed, your browser builds a direct connection to the social network’s servers. The content of the respective social plugin is transmitted from the social network directly to your browser and displayed on our web page. We use what is called a two-click solution to prevent this. For this purpose, we have integrated the social plugins on our web site/page in such a way that the connection of the social plugins to the social networks’ servers is interrupted as standard. On our web site/page, if you communicate with a social network via the social plugin and want to enable data exchange, you must click on the respective required social plugin and thereby activate it.
After activating a social plugin, we no longer have any influence over the extent of the data that the respective social network collects. We therefore inform you according to our state of knowledge.
By activating a social plugin, your IP address in conjunction with the address of our web site/page is transmitted to the respective social network. If you are logged onto the social network when you visit our web site/page, this information will be assigned to your user account there. If you interact with an activated social plugin, e.g. use the social plugin to “share”, “like” or “retweet” a post, this information will also be transmitted directly to the respective social network and again stored in your user account there.
Our profiles within social networks also represent data processing. Insofar as you are logged onto the respective social network when visiting such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. “share”, “like” or “retweet” a post, this information will also be stored in your user account. You have the opportunity to obtain statistical data via the so-called “Insights” of our Facebook page. Facebook provides these statistics. The “Insights function” is non-negotiable. We cannot decide to switch this function on or off. It is available to all Facebook fan-page operators regardless of whether or not they use Insights. We are provided with data for a selectable time period and for the following circle of affected groups of persons: fans, subscribers, persons reached and interacting persons. It involves the following categories of personal data: total number of page accesses, “Like” statements including origin, page activities, contribution interactions, coverage, contribution range (subdivided into organic, viral and paid interactions), comments, shared contents, replies and demographic evaluations, i.e. country of origin, gender and age. Due to the Facebook terms & conditions of use – to which every user must have agreed in order to be able to use Facebook – it is possible for us to identify subscribers and fans of our site/page and to inspect their profiles.
Using pseudonyms, the social networks with which you communicate store your data as usage profiles and use them for advertising purposes and for market research. Thus, for example, it is possible for advertisements to be displayed to you inside the social network and on other third-party web sites/pages, corresponding to your presumed interests. As a rule, for this purpose, cookies are used which the social network sets on your terminal device. You can find more information about cookies in Clause No. 8. You have the right to object to the creation of this user profile, and you must contact the social networks directly to exercise this right.
9.2. Purpose
We maintain profiles with the above-mentioned social networks for purposes of contemporary, supportive public relations work and corporate communications with customers and interested parties.
We use the “Facebook Insights” function to make our posts on our Facebook fan page more attractive for our visitors. This enables us, for example, to use visitors’ preferred visiting times to plan optimised timings for our posts.
9.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 9.2. Insofar as we ask you for consent in the context of a cookie banner and/or cookie consent tool, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Such consent is voluntary. Insofar as you are asked for consent by the respective operator of a social network, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Otherwise, with regard to our Facebook fan page, data processing takes place pursuant to Article 26 of the GDPR based on an agreement concerning shared responsibility between us and Facebook, which you can inspect here: https://www.facebook.com/legal/terms/page_controller_addendum.
9.4. Recipients and transmission in(to) third countries
By activating a social plugin, your data will be transmitted to one of the following social networks.
- Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. Weitere Informationen zum Datenschutz bei Facebook finden Sie unter www.facebook.com/policy.php; www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other sowie www.facebook.com/about/privacy/your-info.
- Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; Weitere Informationen zum Datenschutz bei Twitter finden Sie unter twitter.com/privacy.
- Instagram: Instagram LLC, 1601 Willow Rd, Menlo Park, California 94025, USA; Weitere Informationen zum Datenschutz bei Instagram finden Sie unter help.instagram.com/155833707900388/.
Social networks also process your personal data in the USA, and has submitted to the EU-US Privacy Shield. You can find more information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.
10. Google Webfonts
10.1. Description of the processing
Our web site/page uses “Google Webfonts”, a typeface translation service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter called “Google”). When using Google Webfonts, the standard typefaces of your terminal device are exchanged for typefaces from Google’s catalogue when displaying our web site/page. If your browser prevents the inclusion of Google Webfonts, the text of our web site/page will be displayed in your terminal device’s standard fonts. Google fonts are (down)loaded directly from a Google server. Your browser sends a request to a Google server to allow this to happen. As a result, your IP address in conjunction with the address of our web site/page may possibly also be transmitted to Google. However, Google Webfonts does not set any cookies on your terminal device. According to Google, data processed in the context of the Google Webfonts service are transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not combined with data that may be connected with the use of other Google services, e.g. the search engine of the same name or Gmail. You can find more information about data protection in relation to Google Webfonts at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information about data protection in Google is stored at https://policies.google.com/privacy?hl=de-DE hinterlegt.
10.2. Purpose
Processing takes place to enable the text of our web site/page to be displayed to you in a more readable and aesthetically more attractive way.
10.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 10.2.
Recipients and transmission in(to) third countries
As a result of the use of Google Webfonts, personal data may possibly be transmitted to Google. Google also processes your personal data in the USA, and has submitted to the EU-US Privacy Shield. You can find more information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.
11. Font Awesome
Our web site/page used “Font Awesome”, a service to display and integrate icons, and developed by the Fonticons, Inc. company. We operate Font Awesome exclusively as an installation on our own servers. Therefore, the use and display of icons is not associated with any transmission of data to Fonticons, Inc.
12. Google Maps
12.1. Description of the processing
Our web site/page uses “Google Maps”, a land maps display service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter called “Google”). We use Google Maps by integrating a land map with our business address on our web site/page. The land map is downloaded directly from a Google server. To allow this to happen, your browser sends a request to a Google server. As a result, your IP address in conjunction with the address of our web site/page may, if necessary, also be transmitted to Google. However, Google Maps does not store any cookies on your terminal device. If you are logged on to Google during your visit to our site/page, Google Maps assigns this information to your Google user account. Google stores your data as use profiles and uses it for advertising purposes, for market research and/or for the needs-based design of Google web sites/pages. You have the right to object to the creation of these user profiles, and must contact Google directly to exercise this right. You can find more information about data protection in relation to Google at https://policies.google.com/privacy?hl=de-DE.
12.2. Purpose
Processing takes place to enable an interactive land map to be displayed to you on our web site/page.
12.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 12.2.
12.4. Recipient(s) and transmission in(to) third countries
Google also processes your personal data in the USA, and has submitted to the EU-US Privacy Shield. You can find more information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.
13. Google Tag Manager
Our web site/page uses “Google Tag Manager”, a service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter called “Google”). No personal data are recorded and no cookies are set via Google Tag Manager. This service merely enables us to integrate and manage tags on our web site/page. Tags are small code elements on our web site/page that are helpful, by using tools based on them, to use other tools to measure traffic and visitor behaviour, to record the effect of online advertising and social channels, to use remarketing and its orientation to target groups, and to test and optimise the web site/page. You can find more information about Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html
14. Google Adword Conversion and Google Remarketing
14.1. Description of the processing
Our web site/page uses the “Google Adword Conversion” advertising service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter called “Google”). With the help of Google Adwords Conversions, we are able to place advertising on external web sites/pages to make you aware of our offers there. Moreover, the service enables us to determine the coverage and success of individual advertising measures. This involves our advertisements being delivered by Google through what are called “Ad Servers”. For this purpose, Google uses what are called “Ad Server” cookies via which certain success measurement parameters are measured, e.g. the display of the advertisements or clicks by users. If you reach our web site/page through a Google advertisement, Google Adwords will save a cookie on your terminal device (see Clause 8). According to Google, these cookies are not designed to identify you personally. As a rule, the analysis values stored in relation to this cookie are the unique cookie ID, number of ad impressions per placing (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user wishes not to be addressed any more). The cookies allow Google to recognise your Internet browser again. If you visit the web sites/pages of an Adwords customer, and the cookie stored on your terminal device has not yet expired, Google and the customer can recognise that the user clicked on the advertisement and was redirected to our web site/page. Each Adwords customer is allocated a different cookie. Thus cookies cannot be tracked and traced through the web sites/pages of Adwords customers. We ourselves do not use our Google Adwords to process any personal data. Google merely makes statistical evaluations available to us. By using these evaluations, we can recognise which of the advertising measures being used are especially effective. We do not receive any more extensive data arising from the use of the advertising measures, and in particular we cannot identify users based on this information. Therefore, if you visit our web site/page, a connection to the Google servers is established. We have no further influence over the extent and further use of the data collected by Google through the use of Google Adwords Conversion, and we therefore inform you according to our state of knowledge: through the integration of Google Adwords Conversion, Google obtains information about which subpage of our web site/page you accessed or clicked on one of our advertisements. Insofar as you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google, and/or have not logged on, it is possible for Google to find out your IP address and save it.
Furthermore, our web site/page uses the “Google Remarketing” advertising service, also operated by Google. After you have visited our web site/page, we can use Google Remarketing to address you again with advertising for our offers on other web sites/pages that have joined the Google advertising network. Google also uses cookies for this purpose, which are stored in your browser and through which Google records and evaluates your usage behaviour when you visit various web sites/pages. In this way, Google can determine your previous visit to our web site/page, and can display advertising for our offers to you on other web sites/pages. According to Google’s own statement, data collected in the context of remarketing is not collated with your personal data that Google may possibly have stored. In particular, according to Google, pseudonymising is used in the remarketing.
You can find more information about Google’s data protection here: https://policies.google.com/privacy?hl=de und https://services.google.com/sitestats/de.html.
14.2. Purpose
The processing takes place in order to carry out accurately targeted online advertising for our own offers, and to enable their effectiveness and coverage to be evaluated.
14.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 14.2. Insofar as we ask you for consent in the context of a cookie banner and/or cookie consent tool, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Such consent is voluntary.
14.4. Duration of storage and right to object, revocation of the consent
In Clause 8 we explained the duration and storage of cookies, together with your cookie control and setting options. Moreover, you can object to data processing by Google Adwords Conversion and Google Remarketing at any time via the following web site/page: http://www.google.com/ads/preferences. If we obtain consents to the use of Google Adwords Conversion and Google Remarketing through a cookie banner or a cookie consent tool, you can revoke these consents at any time within the settings of the cookie banner or cookie consent tool with effect for the future.
14.5. Recipient(s) and transmission in(to) third countries
As a result of integrating Google Adwords Conversion and Google Remarketing, personal data may be transmitted to Google if necessary. Google also processes your personal data in the USA, and has submitted to the EU-US Privacy Shield. You can find more information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.
15. DoubleClick by Google
15.1. Description of the processing
Doubleclick by Google is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies to present to you advertisements that are relevant to you. In this process, your browser is allocated a pseudonymous identification number (ID) to verify which advertisements were displayed in your browser, and which advertisements were called up. The cookies do not contain any personal information.
15.1. Purpose
The use of DoubleClick cookies simply enables Google and its partner web sites to insert advertisements based on previous visits to our or other Internet web sites/pages.
15.2. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 15.2. Insofar as we ask you for consent in the context of a cookie banner and/or cookie consent tool, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Such consent is voluntary.
15.4. Duration of storage and right to object, revocation of the consent
In Clause 8 we explained the duration and storage of cookies, together with your cookie control and setting options. You can prevent cookies being saved by a corresponding setting of your browser software; however, we draw your attention to the fact that in this case you may not be able to use the full extent of all the functions of our web sites/pages. Moreover, you can prevent the collection to Google of data generated by the cookies and relating to your use of the web site/pages, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link under the point DoubleClick-Deaktivierungserweiterung (DoubleClick-Deactivation Extension). Alternatively, you can deactivate Doubleclick cookies on the Digital Advertising Alliance page under the following link. If we obtain consents to the use of Doubleclick through a cookie banner or a cookie consent tool, you can revoke these consents at any time within the settings of the cookie banner or cookie consent tool with effect for the future.
15.5. Recipient(s) and transmission in(to) third countries
The information generated by the cookies is transmitted by Google to a server in the USA for evaluation, and is stored there. Google observes the data protection provisions of the “Privacy Shield” agreement and is registered in the “Privacy Shield” program of the US Ministry of Commerce. Transmission of data by Google to third parties takes place only based on statutory provisions or in the context of contract data processing. Under no circumstances will Google collate your date together with other data collected by Google. You can find more information about the EU-US-Privacy-Shield at https://www.privacyshield.gov/EU-US-Framework. Google’s Data Protection Declaration can be inspected at https://policies.google.com/privacy?hl=de&gl=de
16. Google reCAPTCHA
16.1. Description of the processing
Our web site uses “reCAPTCHA”, a service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereafter called “Google”). reCAPTCHA enables us to check, in the context of forms, whether the entry is made by a human or by automated software – especially so-called Bots. As a result, we are able to protect our web site/page from spam and abuse. In this context, your IP address, the length of your visit to the web site, the mouse movements you make, and if necessary additional data needed for the reCAPTCHA service are transmitted to Google. You can find more information about Google’s data protection at https://policies.google.com/privacy?hl=de-DE.
16.2. Purpose
Processing takes place to safeguard forms on our web site from abuse and spam.
16.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 16.2. Insofar as we ask you for consent in the context of a cookie banner and/or cookie consent tool, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Such consent is voluntary.
16.4. Recipient(s) and transmission in(to) third countries
Google also processes your personal data in the USA, and has submitted to the EU-US Privacy Shield. You can find more information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.
17. Etracker
17.1. Description of the processing
Our web site uses “etracker”, a web analysis service of etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany (hereafter called “etracker”). etracker uses cookies (see Clause 8) that enable an analysis of your use of our offering. As a rule, the information generated by the cookie is transmitted to a server in Germany and processed there. However, we use etracker exclusively with IP anonymising. As a result, etracker truncates your IP address inside Germany. The statistics prepared by etracker record in particular how many users visit our web site, from which country and/or place the access occurs, which subpages are accessed and via which links or search terms visitors reach our web site. You will find etracker’s user conditions at www.etracker.com/avb/. etracker’s data protection declaration can be inspected at https://www.etracker.com/datenschutz/.
17.2. Purpose
Processing takes place to enable an evaluation of the use of our web site. The information obtained as a result serves the improvement and needs-based design of our online presence.
17.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 17.2. Insofar as we ask you for consent in the context of a cookie banner and/or cookie consent tool, the legal basis lies in Article 6, Para. 1, Letter a of the GDPR. Such consent is voluntary.
17.4. Duration of storage and right to object, revocation of the consent
In Clause 8 we explained the duration and storage of cookies, together with your cookie control and setting options. You can object at any time to processing by etracker by objecting to it. We automatically delete the analysis data processed and stored by etracker after 14 months. If we obtain consents to the use of etracker through a cookie banner or a cookie consent tool, you can revoke these consents at any time within the settings of the cookie banner or cookie consent tool with effect for the future.
17.5. Recipient(s) and transmission in(to) third countries
No transmission takes place.
18. SIGNALIZE
18.1. Description of the processing
Our web site uses “Signalize” service operated by etracker GmbH (limited liability), Erste Brunnenstrasse 1, 20459 Hamburg, Germany (hereafter called “Signalize”). Via Signalize, we are able to display to you, on our web site, push notifications with information about products, offers, discounts and campaigns by Schmidts Tivoli GmbH. You receive push notifications only if you previously registered to receive push notifications. If you activate push notifications via the “Signalize” service for this web site, a function of your Internet browser or mobile operating system is used to provide you with these notifications. By subscribing to our push notifications, you declare that you agree to receive them. In the context of the registration, you must confirm your browser’s request to receive notifications. etracker documents and stores this process. This includes saving the registration time/date together with your browser and/or device ID. To enable push notifications to be displayed to you, etracker collects and processes, on our behalf, your browser’s ID and, in the case of mobile access, your device ID. You can find more information about etracker’s data protection at https://www.signalize.com.
18.2. Purpose
Processing takes place to enable the issue of push notifications on our web site/page with information about products, offers, discounts and campaigns by Schmidts Tivoli GmbH. The purpose of collecting and storing the registration time/date, browser and/or device ID is to document the consent you granted, and to protect against the misuse of personal data.
18.3. Legal basis
Processing of your data by etracker in connection with push notifications takes place based on consent pursuant to Article 6, Para. 1, Letter a of the GDPR. Your consent is voluntary. The collection and storage of the registration time/date, browser and/or device ID during registration is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 18.2.
18.4. Duration of storage and right to object
Your data will be deleted as soon as it is no longer required to achieve the purpose named in Subclause 18.2. Accordingly, your data will be stored for as long as the subscription to our push notifications is active. You can terminate the receipt of push notifications at any time by revoking your consent by carrying out the discharge process explained in detail on the following linked page: Google Chrome, Mozilla Firefox, Opera & Microsoft Edge. Deregistration on your mobile terminal devices takes place directly in your device settings for the app or wallet card.
19. Google AMP Cache
19.1. Description of the processing
Our web site uses “Google AMP Cache”, a service of the company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter called “Google”) to speed up web site/page retrievals on mobile terminal devices.
AMP stands for “Accelerated Mobile Pages”, and we use it to achieve shorter web site/page download times on mobile terminal devices. For this purpose, our web site/page is held in intermediate storage (cached) by Google. If/when you use your smartphone or tablet to click on our web site/page, e.g. after a Google search, it will not be downloaded from our servers, but directly from the Google intermediate storage. As a result, your IP address may, if necessary, also be transmitted to Google. You can find more information about Google’s data protection at https://policies.google.com/privacy?hl=de-DE.
19.2. Purpose
Processing takes place to shorten the loading time of our web site/pages when retrieving them from mobile terminal devices.
19.3. Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the responsible entity (Article 6, Para. 1, Letter f of the GDPR). Our legitimate interest lies in the purpose named in Subclause 19.2.
19.4. Recipient(s) and transmission in(to) third countries
Google also processes your personal data in the USA, and has submitted to the EU-US Privacy Shield. You can find more information about the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework.
Safety precautions
20. Safety precautions
To protect your personal data from unauthorised access, we have provided our web site with an SSL and a TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security”, and encrypts the communication of data between a web site/page and the user’s terminal device. You can recognise active SSL or TLS encryption by a small padlock logo displayed at the far left in the browser’s address line.
Your rights
21. Data subjects’ rights
You are entitled to the following data subject’s rights with regard to data processing by our company as described above:
21.1. Information (Article 15 of the GDPR)
You have the right to request from us confirmation as to whether or not we process personal data that affects you. If this is the case, and subject to the conditions stated in Article 15 of the GDPR, you are entitled to information about this personal data and to the additional information stated in Article 15 of the GDPR.
21.2. Correction (Article 16 of the GDPR)
You have the right to request from us correction, without delay, of incorrect personal data concerning you, and if necessary to request the completion of incomplete personal data.
21.3. Deletion (Article 17 of the GDPR)
You have the right to request from us that personal data affecting you is deleted without delay, insofar as one of the grounds stated in detail in Article 17 of the GDPR is applicable, e.g. if your data are no longer needed for the purposes we are pursuing.
21.4. Restriction of data processing (Article 18 of the GDPR)
You have the right to request from us a restriction of processing if one of the conditions stated in Article 18 of the GDPR exists, e.g. if you dispute the correctness of your personal data, data processing will be restricted for a period of time that allows us to verify the accuracy of your data.
21.5. Data portability (Article 20 of the GDPR)
You have the right, subject to the conditions stated in Article 20 of the GDPR, to request the release of data concerning you in a structured, commonly-used, machine-readable format.
21.6. Revocation of consents (Article 7, Para. 3 of the GDPR)
You have the right to revoke at any time your consent in relation to processing that depends on your consent. The revocation applies from the date/time when it is asserted. In other words, it takes effect for the future. I.e., processing does not become retroactively unlawful as a result of revoking the consent.
21.7. Complaint (Article 77 of the GDPR)
If you take the view that processing personal data affecting you violates the GDPR, you have the right to complain to a supervisory authority. You can assert this right with a supervisory authority in the EU member state of your place of residence, of your workplace, or of the location of the alleged infringement.
21.8. Prohibition of automated decisions / profiling (Article 22 of the GDPR)
It is not permissible for decisions that entail legal consequences for you or that significantly affect you to be based exclusively on the automated processing of personal data – including profiling. We inform you that we do not use any automated decision-making, including profiling, with regard to your personal data.
21.9. Objection (Article 21 of the GDPR)
If we process your personal data based on Article 6, Para. 1, Letter f of the GDPR (to safeguard overriding legitimate interests), you have the right, under the conditions stated in Article 21 of the GDPR, to object to it. However, this applies only insofar as grounds exist arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling, protection-worthy grounds for the processing that outweigh your interests, rights and freedoms. Likewise, we are not compelled to cease the processing if its purpose is to assert, exercise or defend legal claims. In any case – including independently of a special situation – you have the right to object at any time against the processing of your personal data for direct advertising.
Status: March 2020