As of: 03/06/2020
- Who is responsible for the processing of my data?
- Which data is collected?
- Which cookies are used?
- What data is collected and for what purposes?
- Who receives my data?
- What privacy rights do I have?
- Final/version information
1. Who is responsible for the processing of my data?
81929 München (Munich)
E-mail: info (at) coloyal.de
D-81929 München (Munich)
is responsible for the processing of your data on this website (hereinafter referred to as “company”). The company processes personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (hereafter referred to as “BDSG”).
Contact for data protection is the following place.
D-81929 München (Munich)
E-mail address: email@example.com
2. Which data is collected?
When you visit the website, the calling computer automatically collects information (hereinafter referred to as “access data”). This access data includes server log files, which usually include information about the browser type and version, the operating system, the internet service provider, the date and time of use of the website, the previously visited websites and websites subsequently accessed via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned to a person when using the Internet connection.
If you continue to use the services of the website, pseudonymous usage profiles and/or the data you enter on the website (e.g., search words, form input, click data) will be processed.
Some services of the website require you to provide personal information to the company. In these cases, the information you provided is going to be used to provide you with the service you required or to handle your request. The following personal data is processed on the website: User data such as salutation, first and last name, e-mail address, company, position, telephone number, and information in the free text field.
3. Which cookies are used?
Basically, cookies are only an online identifier without personal reference. Personal cookies are then, if in addition to the information generated by the cookies with other data, merged. A distinction can be made between the cookies required to support the functionality of the website and the cookies required for other purposes, such as user behavior analysis or advertising.
The cookies required to support the functionality of the website include, but are not limited to:
- Cookies temporarily storing certain user input (e.g. content of an on-line form);
- Cookies that store certain user preferences (such as search or language settings);
- Cookies that store data to ensure trouble-free playback of video or audio content.
The cookies that are required for further purposes include in particular the following:
- Analytics cookies in order to be able to record the usage behavior (e.g. clicked advertising banners, visited subpages, asked search queries) of our users and to evaluate them in statistical form.
4. What data is collected and for what purposes?
The purposes of the data processing may result from technical, contractual or legal requirements as well as from consent.
We use the data mentioned in paragraph 2 for the following purposes:
- To support the functionality of the website and to provide technical security, in particular to remedy technical errors and to ensure that unauthorized persons do not gain access to the systems of the website;
- For range measurements and web analytics to make the website more efficient, interesting and to undertake market research for you;
- For communication, contract initiation and customer care.
4.1 Technical provision of the website
4.1.1 Description and scope of data processing
For the functionality of the website, the performance of security analyzes and the defense against attacks, the server log files are automatically recorded as part of the accruing access data according to section 2 from the computer system of the calling computer when entering and using the website and stored at short notice. Storage of the server log files together with other data does not take place. The company uses the server log files for statistical analysis to analyze and correct technical incidents, to ward off attacks and fraud attempts and to optimize the functionality of the website.
4.1.2 Purposes and legal basis of data processing
The legal basis for the collection of the server log files is Art. 6 para. 1 lit. f GDPR. The functionality of the website, the performance of security analyses and the prevention of danger are the legitimate interests of the company.
4.1.3 Duration of storage or criteria for determining this duration
After accessing the web pages, the server log files are stored on the web server and the IP address contained therein is deleted after 7 days at the latest. An evaluation during this storage period takes place exclusively in the case of a cyberattack.
4.1.4 Opposition and removal option
You have the right to object to the processing of your data in the context of server log files, if there are reasons for this which arise from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1.
4.2 Contact form, e-mail and telephone contact
4.2.1 Description and scope of data processing
On the website, there is the possibility to contact the company via a contact form, an e-mail address or a telephone number. If this option was available, data entered in the contact form, your e-mail address and/or your telephone number and your concerns will be transmitted to the company. Depending on the request (for example, questions about the company’s products and services, assertion of your rights, such as information) your contact details will be processed further (with the help of service providers). To the extent necessary to process your request, your contact information may be shared with third parties (such as affiliates).
4.2.2 Purposes and legal basis of data processing
The legal basis for the processing of your contact data is based on Art. 6 para. 1 lit. f GDPR. Your legitimate interests lie in the processing of your request and further communication. If your contact is aimed at concluding a contract with the company, the legal basis for the processing of your contact data is Art. 6 para. 1 lit. b GDPR.
4.2.3 Duration of storage or criteria for determining this duration
After processing your request and terminating further communication, the contact details will be deleted. Otherwise, if your contact is aimed at concluding a contract with the company or you assert your rights such as information. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and statutory retention periods do not preclude deletion.
4.2.4 Opposition and removal options
You have the right to object to the processing of your contact details, provided that there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1. If you object, the communication cannot be continued if the storage of your contact data for the contract initiation or fulfillment of a contract or assertion of your data subject rights is required.
4.3 Web tracking
On the website there are built-in services that optimize the user-friendliness and measure the reach of the website. Your access data (see section 2) will be recorded and the usage behavior will be evaluated using analysis cookies (see section 3). For web tracking, a personal identification is basically not required, so that when you enter your access data, the stored IP address is either not used or only shortened and pseudonymous usage profiles are created. These are not merged with other data and you have the option of revocation at any time. The creation of personal usage profiles is carried out only in exceptional cases and if you have given your consent.
The web tracking services are usually provided by service providers who process the data only as directed by the person responsible and not for their own purposes as a so-called processor. This is ensured by contract processing contracts. If the service providers outside the European Union or the European Economic Area (hereinafter referred to as “EU or EEA”) process their data, a so-called third-country transfer takes place. This is permissible, provided that they have consented, the company has provided guarantees for a data protection level that is appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respective service is indicated below. Further information on the recipients of your data can be found in section 7.
The web tracking services of the website are described in more detail below.
4.3.1 Google Analytics
The website uses the service Google Analytics. Provider of Google Analytics is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics creates a pseudonymous usage profile to optimize the user-friendliness of the website. The pseudonymity is ensured by the fact that before you submit your data to Google, the IP address is shortened and so a conclusion to your person cannot be drawn. The pseudonymous usage profile is evaluated after delivery for the purpose of optimizing usability. A merge with other data from Google does not take place. Through a contract processing contract, the company ensures that Google processes the data only as instructed.
Through the use of Google Analytics, third-country transfers take place (see section 4.3). However, with certification under the EU-US Privacy Shield, Google ensures that the third-country transfer guarantees the European level of data protection.
4.3.2 Purposes and legal basis of data processing
The legal basis for recording and evaluating pseudonymous usage profiles is Art. 6 para. 1 lit. f GDPR. Optimizing the user-friendliness of the website and measuring the range are the legitimate interests of the company. Insofar as personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
4.3.3 Duration of storage or criteria for determining this duration
The data collected and evaluated when using the web tracking services are usually stored until you object to their use. If the data processing is based on your consent, your data will be stored until you revoke your consent.
4.3.4 Opposition and removal options:
You may opt-out of using the web tracking services at any time by modifying your browser settings and/or by using the following link(s) to download and install the available browser plug-ins: http://tools.google.com/dlpage/gaoptout?hl=en
If the data processing is based on your consent, you can revoke your consent at any time by clicking on the following link: Deactivate Google Analytics.
5. Who receives my data?
Within the company, those entities gain access to your data, which need to fulfill the purposes described in section 4 above. Also, service providers employed by the company may gain access to your data (so-called “processors”, e.g., data centers, customer service centers). Order processing contracts ensure the adherence to instructions, data security and the confidential handling of your data by these service providers.
A data transfer to other recipients, for example advertising partners, providers of social media services or credit institutions (so-called “third parties”), will take place if required by law or if you have consented.
The following third parties are included in the data transfer:
- Providers of social media services that for their own purposes merge their data from the website with the data already stored there.
- Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.
- Public bodies and institutions, such as law enforcement agencies, who receive access to your data due to compliance with legal or regulatory obligations.
Further information on the transfer of data to the respective third party can be found in the individual purposes according to Section 4.
6. Will my data be processed outside the EU or EEA (third country transfer)?
If the service providers listed in section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in paragraph 4, this may result in your data being transmitted to a country where none of the EU or the EEA reasonable level of data protection can be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. For example, standard contractual clauses provided by the EU Commission may qualify as a suitable guarantee. You may request a copy of these warranties from the contact details in section 1, if requested. Exceptionally, any warranty may be waived if you agree to it or if the third country transfer is required to fulfill your contract with the Company. The EU Commission has also recognized certain third countries as safe third countries, so that it is not possible at this point to provide any suitable guarantees from the company.
The following service providers process their data outside the EU or EEA:
- The use of web-tracking services involves service providers whose rights centers are located in a third country or who have access to data centers within the European Union or the EEA from a branch in a third country. The services, which are certified according to the EU-US Privacy Shield, ensure that the third-country transfer guarantees the European level of data protection.
7. What privacy rights do I have?
You have the right to get information about the personal data stored with us about you at any time. If any personal information about you is false or out of date, you have the right to ask for its correction. You also have the right to request the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may continue to have the right to have the data you provided returned to you in a common and machine-readable format (right to data portability).
If you have given consent to the processing of personal data for specific purposes, you may revoke your consent at any time with future effect. The revocation must be send to the company at the contact address specified in section 1. Consents that you have given on the website can also be withdrawn at info (at) coloyal.de.
In accordance to Art. 21 GDPR, you have the right, at any time, for reasons arising from your particular situation, to object to the processing of your data, according to the legal basis of Art. 6 para. 1 lit. f GDPR. You also have the right to object to the processing of your personal data for the purpose of direct mail at any time. The same applies to the automated procedures when using individual cookies, as long as they are not absolutely necessary for the provision of the website.
In addition, you have the option to contact a data protection authority and file a complaint. The authority responsible for the company is the Bavarian State Office for Data Protection Supervision.
PO Box 606
Promenade 27 (castle)
E-mail Address: poststelle (at) lda.bayern.de
You can also contact the relevant data protection authority for your place of residence.
Final note/version information