Responsibility for data processing
Purpose of data processing
Untermargarethenhof processes data
- for the fulfillment of legal obligations
- to fulfill obligations arising from contracts
- to provide you with the information and services you have requested
- to review the efficiency of the system
- to carry out marketing activities such as sending trade information, promotional material and market research
- to protect liabilities (e.g., payments)
- to determine customer satisfaction in terms of quality of products and services
Type of data processing
Your personal data is processed manually, telematically, but mainly with automated means and processes, which are adapted to the respective purposes. Mainly databases and electronic platforms managed by us or by third parties are used. Any type of data processing ensures the security and confidentiality of the data.
When the website is connected, the computer systems and software procedures automatically and indirectly manage and/or acquire a series of general data and information. The following data may be acquired:
- browser types and versions used
- the operating system used
- the website from which an accessing system arrives at our website (so-called referrer)
- the sub-websites that are accessed via an accessing system on our website
- The date and time of an access
- an Internet protocol address (IP address)
- other similar data and information
This general data and information is stored in the server’s databases and log files in order to provide you with a stable and secure experience. The legal basis is the Art. 6 in the DSGVO.
Therefore, this anonymously collected data and information is, on the one hand, statistically and further evaluated with the aim of increasing data protection and data security, and ultimately ensuring an optimal level of protection for the personal data we process.
In order to comply with the law, the holder has established different retention periods of personal data depending on the individual purposes:
- For the management and response to your requests related to products and initiatives, your personal data will be kept for as long as it is necessary to process your request.
- For the management of activities related to your use of the Website, your personal data will be kept for as long as it is necessary for the provision of the service you have requested
- For the management and exercise of the service provision activities provided for by law (relating to accounting, administration, taxation, etc.), your personal data will be kept for as long as it is necessary for this purpose
- For the management of disputes and any litigation, your personal data will be kept for as long as is strictly necessary for the pursuit of these purposes and, in any case, no longer than the applicable statute of limitations.
Partnership with third parties
When we work with our third party providers, they are contractually obligated to use the same data protection/security standards and we ensure that they are complied with. Such third parties, acting as processors of a processing, guarantee that they do not store the data received from us and do not use it for other purposes.
Under such agreements, users’ email addresses are transmitted to the third-party provider using cryptographic mechanisms (e.g., hashing). Tracking of the e-mail address is thus denied.
We may need to transfer your data to service providers in non-European countries (EEA). The EEA consists of countries in the European Union and Switzerland, Iceland, Liechtenstein and Norway, which are considered to have equivalent data protection and privacy laws. This type of data transfer may occur when our servers (i.e., where we store data) or our suppliers and service providers are located outside the EEA. In the event that we transfer your information to a country outside the European Economic Area (EEA), we will ensure that the information is properly protected.
The personal data processed by us are in principle not subject to dissemination. In certain cases, data are transmitted to the following recipients.
- Subcontractors for technical audits, payments, identity and delivery services, analysis providers or credit insurance agencies
- The public administration and public authorities, if provided for by law
- Lending institutions with which we have business relationships for the management of receivables/payables as well as financing intermediation
- any natural or legal, public and/or private persons (legal, administrative and tax consultancy offices, courts, chambers of commerce, etc.) if the communication of the data proves necessary or useful for the exercise of our activity
The rights under discussion may be asserted by the party concerned or by a person appointed by him or her by means of a request sent by registered mail or e-mail and directed to the person responsible for the processing Ilse Höfler, headquarters Untermargarethenhof and Kirchweg 34, 39011 Lana. The user has the right to obtain a copy of the personal data in our possession. The answer will be given within the period prescribed by law. In certain cases, we may store some information for legal purposes (suspicion of fraud, violation of the general conditions). If you believe that your rights have been violated, you also have the right to file a complaint with the competent data protection authority or to take legal action.
We summarize the rights of the affected user again as follows:
- Right to confirmation
Every data subject has the right to obtain confirmation from the controller that personal data in question are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact us.
- Right of access
Every data subject has the right to obtain free information about the personal data stored about him or her at any time. The information includes the following information:
- the purposes of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations. Moreover, if the data are transferred to a third country, the data subject shall have the right to obtain information about the guarantees of the data processing.
- the planned duration for which the personal data will be stored
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected in the company concerned: Any available information on the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
- Right of rectification
Any person concerned by the processing of personal data has the right to obtain the rectification without undue delay of inaccurate personal data relating to him or her.
- Right to erasure
Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed and are now no longer necessary.
- The data subject revokes his or her consent on which the processing is based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO or the processing is contrary to any other legal basis.
- The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for the processing.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data has not been collected in relation to services offered pursuant to Article 8(1) of the GDPR – Protection of Minors.
- Right to restriction of the processing.
Any person concerned by the processing of personal data has the right to obtain from the controller the restriction of processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject. The restriction shall apply for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
- Right to data portability.
Every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided. Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
- Right to object
Any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her. This also applies to profiling based on these provisions. We shall no longer process the personal data in the event of the objection unless we can demonstrate compelling grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims. If we process personal data for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data for such marketing. This also applies to profiling, insofar as it is related to such direct marketing.
- Automated decisions in individual cases including profiling.
Any person concerned by the processing of personal data has the right to object to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her and significantly affects him or her, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller. If the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or if it is made with the data subject’s explicit consent, we shall take reasonable steps to safeguard the data subject’s rights and freedoms.
- Right to withdraw the consent granted under data protection law.
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
Place of processing of your personal data
The site uses Google Analytics via IP masking to ensure anonymized collection of IP addresses.
It should be noted that we use Google Analytics to analyze data from AdWords and the Double Click cookie for statistical purposes. If you do not wish this, please deactivate this under https://adssettings.google.com/?hl=en.
Use of Google AdWords, Google Tag Manager and Remarketing
The visitor is informed that the remarketing tag of Facebook has been inserted on this website. Via this tag, the direct connection to the Facebook server is established when visiting this website. This transmits to the Facebook server that you have surfed on this website. Facebook assigns this information to your Facebook account.
For more information on the collection and processing of data by Facebook, see https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the “Custom Audiences” remarketing function directly in Facebook: https://www.facebook.com/settings/.