loader image

Privacy Policy

General

As the oper­ator of this website and as a company, we come into contact with your personal data. This concerns all data that reveals some­thing about you and by which you can be iden­ti­fied. In this privacy policy, we would like to explain how, for what purpose and on which legal basis we process your data.

Respon­sible for the data processing (“data controller”) on this website and in our company is:

Manfred Pitz
Bunsen­straße 4
69115 Heidel­berg
Germany

Phone : +49 (62 21) 3 54 19 57
Mobile: +49 (1 70) 1 51 62 66
E‑mail: mp@afriendinheidelberg.com

General infor­ma­tion

SSL or TLS encryp­tion

When you enter your data on websites, place online orders or send e‑mails via the Internet, you must always be prepared for unau­tho­rized third parties to access your data. There is no complete protec­tion against such access. However, we do our utmost to protect your data as best we can and to close secu­rity gaps as far as we can.

An impor­tant protec­tion mech­a­nism is the SSL or TLS encryp­tion of our website, which ensures that data you transmit to us cannot be read by third parties. You can recog­nize the encryp­tion by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

Encrypted payment trans­ac­tions

Payment data, such as account or credit card numbers, require special protec­tion. For this reason, payment trans­ac­tions made with the most common means of payment are carried out exclu­sively via an encrypted SSL or TLS connec­tion.

How long do we store your data?

In some parts in this privacy policy, we inform you about how long we or the compa­nies that process your data on our behalf will store your data. In the absence of such infor­ma­tion, we store your data until the purpose of the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing.

In the event of an objec­tion or revo­ca­tion, we may however continue to process your data if at least one of the following condi­tions applies:

  • We have compelling legit­i­mate grounds for contin­uing to process the data that over­ride your inter­ests, rights and free­doms (only applies in the case of an objec­tion to data processing; if the objec­tion is to direct marketing, we cannot provide legit­i­mate grounds).
  • The data processing is neces­sary to assert, exer­cise or defend legal claims (does not apply if your objec­tion is directed against direct adver­tising).
  • We are required by law to retain your data.

In this case, we will delete your data as soon as the requirement(s) cease to apply.

Data transfer to the USA

On our website, we use tools from compa­nies that transfer your data to the USA and store it there and, if neces­sary, process it further. The Euro­pean Commis­sion has adopted an adequacy deci­sion for the EU-US data protec­tion frame­work. The deci­sion estab­lishes that the US ensures an adequate level of protec­tion for EU personal data trans­ferred to US compa­nies. This deci­sion is based on new safe­guards and measures put in place by the US to meet data protec­tion require­ments. The adequacy deci­sion includes, among other things, restric­tions and safe­guards on access to data by US intel­li­gence agen­cies. Binding safe­guards were intro­duced to limit US intel­li­gence agen­cies’ access to what is neces­sary and propor­tionate to protect national secu­rity. In addi­tion, enhanced over­sight of US intel­li­gence activ­i­ties was estab­lished to ensure that restric­tions on surveil­lance activ­i­ties are respected. An inde­pen­dent redress mech­a­nism has also been estab­lished to handle and resolve complaints from Euro­pean citi­zens about access to their data. The EU-US data protec­tion frame­work thus allows Euro­pean compa­nies to transfer data to certi­fied US compa­nies without having to intro­duce addi­tional data protec­tion safe­guards. A list of all certi­fied compa­nies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search.

A change in the Euro­pean Commis­sion’s deci­sion cannot be ruled out.

Your rights

Objec­tion to data processing

IF IT’S STATED IN THIS PRIVACY STATE­MENT THAT WE HAVE LEGIT­I­MATE INTER­ESTS FOR THE PROCESSING OF YOUR DATA AND THAT THIS PROCESSING IS THERE­FORE BASED ON ART. 6 PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO OBJECT IN ACCOR­DANCE WITH ART. 21 GDPR. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE AFORE­MEN­TIONED PROVI­SION. THE PREREQ­UI­SITE IS THAT YOU STATE REASONS FOR THE OBJEC­TION THAT ARISE FROM YOUR PARTIC­ULAR SITU­A­TION. NO REASONS ARE REQUIRED IF THE OBJEC­TION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVER­TISING.

THE CONSE­QUENCE OF THE OBJEC­TION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING PREREQ­UI­SITS EXISTS:

  • WE CAN DEMON­STRATE COMPELLING LEGIT­I­MATE GROUNDS FOR THE PROCESSING THAT OVER­RIDE YOUR INTER­ESTS, RIGHTS AND FREE­DOMS.
  • THE PROCESSING IS NECES­SARY FOR ASSERTING, EXER­CISING OR DEFENDING LEGAL CLAIMS.

THESE EXCEP­TIONS DO NOT APPLY IF YOUR OBJEC­TION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVER­TISING OR TO PROFILING RELATED TO IT.

Other rights

With­drawal of your consent to data processing

Many data processing oper­a­tions are based on your consent. You can give this consent, for example, by ticking the appro­priate box on online forms before you send the form, or by allowing the oper­a­tion of certain cookies when you visit our website. You may revoke your consent at any time without giving reasons (Art. 7 (3) GDPR). From the time of revo­ca­tion, we may then no longer process your data. The only excep­tion: we are required by law to retain the data for a certain period of time. Such reten­tion periods exist in partic­ular in tax and commer­cial law.

Right to complain to the compe­tent super­vi­sory authority

If you believe that we are in breach of the General Data Protec­tion Regu­la­tion (GDPR), you have the right to complain to a super­vi­sory authority in accor­dance with Art. 77 GDPR. You may contact a super­vi­sory authority in the Member State of your resi­dence, place of work or the place where the alleged infringe­ment took place. The right to complain exists along­side admin­is­tra­tive or judi­cial reme­dies.

Right to data porta­bility

We must hand over data that we process auto­mat­i­cally on the basis of your consent or in fulfill­ment of a contract to you or a third party in a common machine-read­able format if you request this. We can only transfer the data to another “data controller” if this is tech­ni­cally possible.

Right to infor­ma­tion, dele­tion, and correc­tion of data

According to Art. 15 GDPR, you have the right to receive infor­ma­tion free of charge about which of your personal data we have stored, where the data came from, to whom we transmit the data and for what purpose it is stored. If the data is incor­rect, you have a right to recti­fi­ca­tion (Art. 16 GDPR), and under the condi­tions of Art. 17 GDPR you may demand that we delete the data.

Right to restric­tion of processing

In certain situ­a­tions, according to Art. 18 GDPR, you may demand that we restrict the processing of your data. The data may then — apart from storage — only be processed as follows:

  • with your consent
  • for the asser­tion, exer­cise or defense of legal claims
  • to protect the rights of another natural or legal person
  • for reasons of impor­tant public interest of the Euro­pean Union or a Member State.

The right to restrict processing exists in the following situ­a­tions:

  • You have disputed the accu­racy of your personal data stored by us and we need time to verify this. The right exists for the dura­tion of the review.
  • The processing of your personal data is unlawful or was unlawful in the past. The right exists alter­na­tively to the dele­tion of the data.
  • We no longer need your personal data, but you need it to exer­cise, defend or assert legal claims. The right exists alter­na­tively to the dele­tion of the data.
  • You have filed an objec­tion pursuant to Art. 21 (1) GDPR and now your inter­ests and our inter­ests must be weighed against each other. The right exists as long as the result of the balancing of inter­ests has not yet been deter­mined.

Hosting and Content Delivery Networks (CDN)

External hosting

Our website is hosted on a server of the following Internet service provider (hoster):

RAID­BOXES GmbH
Hafenstr. 32
48151 Münster, Germany

Has a data processing agree­ment been concluded with the hoster or are stan­dard contrac­tual clauses (SCC) in place?

Yes

How do we process your data?

The hoster stores all the data from our website. This includes all personal data that is collected auto­mat­i­cally or through entering. This can be in partic­ular: Your IP address, pages accessed, names, contact details and requests, as well as meta and commu­ni­ca­tion data. When processing data, our hoster adheres to our instruc­tions and always processes the data only insofar as this is neces­sary to fulfill the service oblig­a­tion to us.

On what legal basis do we process your data?

Since we address poten­tial customers via our website and main­tain contacts with existing customers, the data processing by our hoster serves to initiate and fulfill contracts and is there­fore based on Art. 6 (1) lit. b) GDPR. In addi­tion, it is our legit­i­mate interest as a company to provide a profes­sional Internet offering that meets the neces­sary require­ments for secu­rity, speed and effi­ciency. In this respect, we also process your data on the legal basis of Art. 6 (1) lit. f) GDPR.

Data collec­tion on this website

Cookie consent with Borlabs Cookie

What is Borlabs Cookie?

Cookie plugin for compli­ance with the DSGVO and ePri­vacy.

Who processes your data?

Only us, not the provider of Borlabs Cookie.

Where can you find more infor­ma­tion about data protec­tion at Borlabs Cookie?

https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

How do we process your data?

We use Borlabs Cookie to obtain your consent to store cookies on your device. When you visit our website and close the Borlabs Cookie window requesting consent, a Borlabs cookie with the following content is stored in your browser:

  • cookie runtime
  • cookie version
  • domain and path of the website
  • consents
  • a randomly gener­ated ID

This data is not trans­mitted to the provider of Borlabs Cookie.

We store the data until the purpose of the data storage no longer applies, you delete the Borlabs cookie or request us to delete the data. This does not apply only if we are required by law to retain the data.

On what legal basis do we process your data?

We are legally obliged to obtain the consent of our website visi­tors for the use of certain cookies. In order to fulfill this oblig­a­tion, we use Borlabs Cookie. The legal basis for data processing is there­fore Art. 6 (1) lit. c) GDPR.

Server log files

Server log files log all requests and accesses to our website and record error messages. They also include personal data, in partic­ular your IP address. However, this is anonymized by the provider after a short time, so that we cannot assign the data to your person. The data is auto­mat­i­cally trans­mitted to our provider by your browser.

How do we process your data?

Our provider stores the server log files in order to be able to track the activ­i­ties on our website and to locate errors. The files contain the following data:

  • browser type and version
  • oper­ating system used
  • referrer URL
  • host name of the accessing computer
  • Time of the server request
  • IP address (anonymized if neces­sary)

We do not combine this data with other data but use it only for statis­tical analysis and to improve our website.

On what legal basis do we process your data?

We have a legit­i­mate interest in ensuring that our website runs without errors. It is also our legit­i­mate interest to obtain an anonymized overview of the accesses to our website. There­fore, the data processing is lawful according to Art. 6 (1) lit. f) GDPR.

Contact form

You can send us a message via the contact form on this website.

How do we process your data?

We store your message and the infor­ma­tion from the form in order to process your request including follow-up ques­tions. This also applies to the contact details provided. We do not pass on the data to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request has been conclu­sively processed.
  • You request us to delete the data.
  • You revoke your consent to the storage.

This does not apply only if we are required by law to retain the data.

On what legal basis do we process your data?

If your request is related to our contrac­tual rela­tion­ship or serves the imple­men­ta­tion of pre-contrac­tual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legit­i­mate interest to effec­tively process requests directed to us. The legal basis for data processing is there­fore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Inquiry by e‑mail, tele­phone or fax

You can send us a message by e‑mail or fax or call us.

How do we process your data?

We store your message as well as your self-made contact details or the trans­mitted tele­phone number in order to be able to process your inquiry including follow-up ques­tions. We do not pass on the data to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your inquiry has been conclu­sively processed.
  • You request us to delete the data.
  • You revoke your consent to the storage.

This does not apply only if we are required by law to retain the data.

On what legal basis do we process your data?

If your request is related to our contrac­tual rela­tion­ship or serves the imple­men­ta­tion of pre-contrac­tual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legit­i­mate interest to effec­tively process requests directed to us. The legal basis for data processing is there­fore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Commu­ni­ca­tion via What­sApp

What is What­sApp?

Instant messaging service

Who processes your data?

What­sApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Where can you find more infor­ma­tion about data protec­tion at What­sApp?

https://www.whatsapp.com/legal/#privacy-policy

On what legal basis do we transfer your data to the USA?

On the basis of the Euro­pean Commis­sion’s adequacy deci­sion and the compa­ny’s corre­sponding certi­fi­ca­tion.

How do we process your data?

For commu­ni­ca­tion with our customers and other persons outside our company, we use the instant messaging service What­sApp in the variant “What­sApp Busi­ness”.

Commu­ni­ca­tion takes place via end-to-end encryp­tion (peer-to-peer). This prevents What­sApp or other third parties from gaining access to the commu­ni­ca­tion content. We have also set our accounts in such a way that no auto­matic matching with the address book on the smart­phones used takes place. What­sApp does, however, gain access to the meta­data of the commu­ni­ca­tion process (e.g., sender, recip­ient and time of commu­ni­ca­tion) and, according to its own state­ment, shares this data with Meta, its parent company based in the USA.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • The purpose of the data processing has ceased to exist.
  • You request us to delete the data.
  • You revoke your consent to the storage.

The only time this does not apply is when we are legally oblig­ated to retain the data.

On what legal basis do we process your data?

If our exchange via What­sApp is related to our contrac­tual rela­tion­ship or serves the imple­men­ta­tion of pre-contrac­tual measures, we process your data on the legal basis of Art. 6 (1) lit. b) GDPR. In all other cases, it is our legit­i­mate interest to effec­tively process requests directed to us and to main­tain a busi­ness contact with other persons. The legal basis for data processing is there­fore Art. 6 (1) lit. f) GDPR. If you have consented to the storage of your data, Art. 6 (1) lit. a) GDPR is the legal basis. In this case, you can revoke your consent at any time with effect for the future.

Data processing on social media

What is Social Media?

By social media, we mean the social networks on which we have created publicly acces­sible profiles. You can read below which social networks these are specif­i­cally.

Who processes your data?

The respec­tive oper­ating compa­nies of the social networks. You can find the indi­vidual oper­a­tors below under the respec­tive networks.

How is your data processed?

The oper­a­tors of social networks are gener­ally able to collect and eval­uate compre­hen­sive data about the behavior of visi­tors and users of the network. It is not possible for us to track all processing oper­a­tions on the social networks we use, which is why further processing oper­a­tions not listed here may be carried out by the oper­a­tors of the social networks. You can find more infor­ma­tion on this in the terms of use and privacy state­ments of the respec­tive social networks.

The processing of your data can be trig­gered by you visiting the website of the social network or our profile page there. Even if you visit a website that uses certain content of the network, e.g. like or share buttons, data may already be trans­mitted to the oper­a­tors of the social network. If you your­self are a user of the social network and logged into your user account, your visit to our profile page can be assigned to your account by the oper­ator of the social network. Even if you your­self have not regis­tered a user account or are not logged in, the oper­ator of the network may still collect your personal data, e.g. by recording your IP address or setting cookies. With this data, the oper­a­tors can create user profiles adapted to your behavior and inter­ests and show you interest-based adver­tising inside and outside the network. If you are a regis­tered user of the network, the interest-based adver­tising may also be displayed on all devices on which you are or were logged in.

On what legal basis is your data processed?

Our profiles in the social networks are intended to ensure the broadest possible pres­ence of our company on the Internet. As a company, we have a legit­i­mate interest in this. The data processing is there­fore lawful according to Art. 6 (1) lit. f) GDPR.

The data processing oper­a­tions and analyses carried out by the oper­a­tors of the social networks them­selves may be based on other legal grounds. These must be stated by the oper­a­tors of the social networks.

Who is respon­sible for the processing of your data and how can you assert your rights?

If you visit one of our profiles on the social networks, we are jointly respon­sible with the oper­ator of the respec­tive network for the data processing oper­a­tions trig­gered during this visit. In prin­ciple, you can assert your rights both against us and against the oper­ator of the respec­tive network.

Despite the joint respon­si­bility with the oper­a­tors of the social networks, however, our influ­ence on the data processing oper­a­tions of the respec­tive oper­ator is limited and is primarily based on the oper­a­tor’s spec­i­fi­ca­tions.

How long is your data stored?

If we collect data via our profiles in the social networks, these are deleted from our systems as soon as the purpose for storing them no longer applies, you request us to delete them or you revoke your consent to storage. Stored cookies remain on your terminal device until you delete them. Manda­tory legal provi­sions — in partic­ular reten­tion periods — remain unaf­fected.

We have no influ­ence on how long the oper­a­tors of the social networks store your data, which the oper­a­tors collect for their own purposes. You can obtain infor­ma­tion on this directly from the oper­ator of the respec­tive social network, e.g. in the respec­tive privacy policy.

Which social media do we use?

Face­book

What is Face­book?
A social network

Who processes your data?
Meta Plat­forms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Is your data trans­ferred to third coun­tries?
Yes, to the U.S. and also to other third coun­tries.

Where can you find more infor­ma­tion about data protec­tion at Face­book?
https://www.facebook.com/about/privacy/

As a Face­book user, where can you adjust your adver­tising pref­er­ences?
As a regis­tered Face­book user, you can adjust your adver­tising settings in your user account. To do so, click on the following link and log in:

https://www.facebook.com/settings?tab=ads.

Twitter

What is Twitter?
A social network in the form of a micro-blog­ging plat­form.

Who processes your data?
Twitter Inc, 1355 Market Street, Suite 900, San Fran­cisco, CA 94103, USA.

Is your data trans­ferred to third coun­tries?
Yes, to the USA

Where can you find more infor­ma­tion about data protec­tion at Twitter?
https://twitter.com/de/privacy

As a Twitter user, where can you adjust your adver­tising pref­er­ences?

As a regis­tered Twitter user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:

https://twitter.com/personalization.

Insta­gram

What is Insta­gram?
A social network special­izing in photos and videos.

Who processes your data?
Meta Plat­forms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland

Is your data trans­ferred to third coun­tries?
Yes

Where can you find more infor­ma­tion about data protec­tion at Insta­gram?
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen

As a user, where can you adjust your privacy settings?
As a regis­tered Insta­gram user, you can adjust your privacy settings in your user account. To do so, click the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/

LinkedIn

What is LinkedIn?

A social network for busi­ness contacts

Who processes your data?

LinkedIn Ireland Unlim­ited Company, Wilton Place, Dublin 2, Ireland

Is your data trans­ferred to third coun­tries?

Yes

Where can you find more infor­ma­tion about data protec­tion at LinkedIn?

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

As a user, where can you adjust your privacy settings?

As a regis­tered LinkedIn user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:

https://www.linkedin.com/psettings/

Xing

What is Xing?

A social network for profes­sional contacts

Who processes your data?

New Work SE, Damm­torstraße 30, 20354 Hamburg, Germany.

Will your data be trans­ferred to third coun­tries?

Yes, for the perfor­mance of the contract with Xing, if you have given consent, if it is neces­sary for the asser­tion, exer­cise or defense of legal claims, or if there is an adequacy deci­sion pursuant to Article 45 EU GDPR or appro­priate safe­guards pursuant to Article 46 EU GDPR.

Where can you find more infor­ma­tion about data protec­tion at Xing?

https://privacy.xing.com/de/datenschutzerklaerung/druckversion

As a user, where can you adjust your privacy settings?

As a regis­tered Xing user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:

https://www.xing.com/settings/privacy