In the following section you will find information on the handling of your personal data, which is collected during your navigation on the website and when using the services we offer. In order to provide you with all the features and services of our website, it is necessary that we collect and process personal data about you. The processing of your personal data may include any type of action, including, but not limited to, collecting, organizing, storing, querying, evaluating, modifying, selecting, reading, comparing, using, linking, blocking, notifying, deleting and destroying. The processing of your personal data is always carried out in accordance with the principles of lawfulness and fairness, taking into account all applicable regulations and in accordance with EU Regulation 679/2016 of the European Parliament and of the Council. We will explain what data we collect, why this is necessary and what rights you have in relation to your data.
Responsibility for data processing
The responsibility for the processing of personal data on this website is borne by
VAT No. IT 02611550217.
If you have any questions, you can also contact us at any time
Purpose of data processing
Untermargarethenhof processes data
- for the fulfillment of legal obligations
- to fulfill obligations arising from contracts
- to provide you with the information and services you have requested
- to review the efficiency of the system
- to carry out marketing activities such as sending trade information, promotional material and market research
- to protect liabilities (e.g., payments)
- to determine customer satisfaction in terms of quality of products and services
Type of data processing
Your personal data is processed manually, telematically, but mainly with automated means and processes, which are adapted to the respective purposes. Mainly databases and electronic platforms managed by us or by third parties are used. Any type of data processing ensures the security and confidentiality of the data.
When the website is connected, the computer systems and software procedures automatically and indirectly manage and/or acquire a series of general data and information. The following data may be acquired:
- browser types and versions used
- the operating system used
- the website from which an accessing system arrives at our website (so-called referrer)
- the sub-websites that are accessed via an accessing system on our website
- The date and time of an access
- an Internet protocol address (IP address)
- other similar data and information
This general data and information is stored in the server’s databases and log files in order to provide you with a stable and secure experience. The legal basis is the Art. 6 in the DSGVO.
Therefore, this anonymously collected data and information is, on the one hand, statistically and further evaluated with the aim of increasing data protection and data security, and ultimately ensuring an optimal level of protection for the personal data we process.
In order to comply with the law, the holder has established different retention periods of personal data depending on the individual purposes:
- For the management and response to your requests related to products and initiatives, your personal data will be kept for as long as it is necessary to process your request.
- For the management of activities related to your use of the Website, your personal data will be kept for as long as it is necessary for the provision of the service you have requested
- For the management and exercise of the service provision activities provided for by law (relating to accounting, administration, taxation, etc.), your personal data will be kept for as long as it is necessary for this purpose
- For the management of disputes and any litigation, your personal data will be kept for as long as is strictly necessary for the pursuit of these purposes and, in any case, no longer than the applicable statute of limitations.
Should you decide to send an inquiry via the contact form, the provision of certain personal data is necessary in order to meet your requirements. This is also the reason why the respective fields of the form are marked with an asterisk or otherwise as mandatory data. The provision of further personal and sensitive data is entirely up to you. Failure to provide or incomplete provision of the personal data marked with an asterisk or otherwise as mandatory data will result in the inability to perform the service you have requested. By sending the form you agree to the data processing. Your data will be processed for the administration and answering of your questions and will not be stored longer than necessary for the respective processing purposes.
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate, analyze and predict certain aspects relating to a natural person. We have entered into agreements with third party providers for this type of marketing.
Partnership with third parties
When we work with our third party providers, they are contractually obligated to use the same data protection/security standards and we ensure that they are complied with. Such third parties, acting as processors of a processing, guarantee that they do not store the data received from us and do not use it for other purposes.
Under such agreements, users’ email addresses are transmitted to the third-party provider using cryptographic mechanisms (e.g., hashing). Tracking of the e-mail address is thus denied.
We may need to transfer your data to service providers in non-European countries (EEA). The EEA consists of countries in the European Union and Switzerland, Iceland, Liechtenstein and Norway, which are considered to have equivalent data protection and privacy laws. This type of data transfer may occur when our servers (i.e., where we store data) or our suppliers and service providers are located outside the EEA. In the event that we transfer your information to a country outside the European Economic Area (EEA), we will ensure that the information is properly protected.
The personal data processed by us are in principle not subject to dissemination. In certain cases, data are transmitted to the following recipients.
- Subcontractors for technical audits, payments, identity and delivery services, analysis providers or credit insurance agencies
- The public administration and public authorities, if provided for by law
- Lending institutions with which we have business relationships for the management of receivables/payables as well as financing intermediation
- any natural or legal, public and/or private persons (legal, administrative and tax consultancy offices, courts, chambers of commerce, etc.) if the communication of the data proves necessary or useful for the exercise of our activity
The rights under discussion may be asserted by the party concerned or by a person appointed by him or her by means of a request sent by registered mail or e-mail and directed to the person responsible for the processing Ilse Höfler, headquarters Untermargarethenhof and Kirchweg 34, 39011 Lana. The user has the right to obtain a copy of the personal data in our possession. The answer will be given within the period prescribed by law. In certain cases, we may store some information for legal purposes (suspicion of fraud, violation of the general conditions). If you believe that your rights have been violated, you also have the right to file a complaint with the competent data protection authority or to take legal action.
We summarize the rights of the affected user again as follows:
- Right to confirmation
Every data subject has the right to obtain confirmation from the controller that personal data in question are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact us.
- Right of access
Every data subject has the right to obtain free information about the personal data stored about him or her at any time. The information includes the following information:
- the purposes of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations. Moreover, if the data are transferred to a third country, the data subject shall have the right to obtain information about the guarantees of the data processing.
- the planned duration for which the personal data will be stored
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected in the company concerned: Any available information on the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
- Right of rectification
Any person concerned by the processing of personal data has the right to obtain the rectification without undue delay of inaccurate personal data relating to him or her.
- Right to erasure
Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed and are now no longer necessary.
- The data subject revokes his or her consent on which the processing is based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO or the processing is contrary to any other legal basis.
- The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for the processing.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data has not been collected in relation to services offered pursuant to Article 8(1) of the GDPR – Protection of Minors.
- Right to restriction of the processing.
Any person concerned by the processing of personal data has the right to obtain from the controller the restriction of processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject. The restriction shall apply for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
- Right to data portability.
Every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided. Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
- Right to object
Any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her. This also applies to profiling based on these provisions. We shall no longer process the personal data in the event of the objection unless we can demonstrate compelling grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims. If we process personal data for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data for such marketing. This also applies to profiling, insofar as it is related to such direct marketing.
- Automated decisions in individual cases including profiling.
Any person concerned by the processing of personal data has the right to object to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her and significantly affects him or her, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller. If the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or if it is made with the data subject’s explicit consent, we shall take reasonable steps to safeguard the data subject’s rights and freedoms.
- Right to withdraw the consent granted under data protection law.
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
Place of processing of your personal data
Your personal data will be processed mainly on our premises and in those departments where the data processing managers are located. The contracted service will be provided exclusively in a member state of the European Union or in a contracting state of the Agreement on the European Economic Area. Any relocation of the service or of partial work on it to a third country requires the prior consent of the Client and may only take place if the special requirements of Art. 44 et seq. DS-GVO are met (e.g. adequacy decision of the Commission, EU standard data protection clauses, approved codes of conduct).
Please contact us for further information at the addresses given in the “Imprint” section.
The site uses Google Analytics via IP masking to ensure anonymized collection of IP addresses.
It should be noted that we use Google Analytics to analyze data from AdWords and the Double Click cookie for statistical purposes. If you do not wish this, please deactivate this under https://adssettings.google.com/?hl=en.
Use of Google AdWords, Google Tag Manager and Remarketing
The visitor is informed that the remarketing tag of Facebook has been inserted on this website. Via this tag, the direct connection to the Facebook server is established when visiting this website. This transmits to the Facebook server that you have surfed on this website. Facebook assigns this information to your Facebook account.
For more information on the collection and processing of data by Facebook, see https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the “Custom Audiences” remarketing function directly in Facebook: https://www.facebook.com/settings/.
This page uses web fonts provided by Google for a uniform display of fonts. When you call up the page, your browser loads the required web fonts into its browser cache in order to display the fonts and texts correctly.
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us, there is SSL / TLS encryption. You can recognize such an encrypted connection by the fact that the address line of the browser begins with “https://”. You can also recognize the encryption by the lock symbol in your browser line. If SSL/TLS encryption is active, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions
If, after the conclusion of a contract with costs, there is an obligation to provide us with your payment data, for example your account number, this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made via an encrypted SSL/TLS connection.
On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data collected when you visit our website is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.