This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the related websites, functionalities, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Peter Prinzing GmbH
Siechenlach 2
89173 Lonsee-Urspring
Email address: info@prinzing.eu
Managing Director: Oliver Prinzing
Link to imprint: https://prinzing.eu/de/unternehmen/s/impressum/id/16
Contact data protection officer:
dsg Datenschutz GmbH
Tobias Marx
Zeppelinstraße 9
89231 Neu-Ulm
Email: datenschutz@dsg-ulm.de
– Inventory data (e.g., names, addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Visitors and users of the online offering (we collectively refer to the affected persons as “users”).
– Provision of the online offering, its functionalities, and content.
– Responding to contact requests and communication with users.
– Security measures.
– Audience measurement/Marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” is any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.
“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data that consists of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
The term “controller” refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
In accordance with Article 13 GDPR, we inform you of the legal grounds for our data processing. Unless the legal basis is mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1) lit. a and Article 7 GDPR; the legal basis for processing for the performance of our services and carrying out contractual measures and responding to inquiries is Article 6(1) lit. b GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1) lit. c GDPR; and the legal basis for processing to protect our legitimate interests is Article 6(1) lit. f GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1) lit. d GDPR serves as the legal basis.
In accordance with Article 32 GDPR, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, nature, scope, circumstances, and purposes of the processing as well as the different probabilities of occurrence and severity of risk to the rights and freedoms of natural persons.
The measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access to, input, transfer, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data vulnerability. We also consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default (Article 25 GDPR).
If we disclose data to other persons and companies (contract processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this only takes place on the basis of a legal permission (e.g., if transferring the data to third parties, such as payment service providers, is necessary for contract fulfillment according to Article 6(1) lit. b GDPR), if you have consented, if a legal obligation is in place or based on our legitimate interests (e.g., in the use of agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “data processing agreement,” this is done on the basis of Article 28 GDPR.
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the course of using third-party services or disclosing or transmitting data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we process or let the data in a third country only if the special conditions of Articles 44 ff. GDPR apply. This means the processing is carried out, for example, on the basis of specific guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
You have the right to request confirmation as to whether data concerning you are being processed and to information about these data as well as to further information and a copy of the data in line with Article 15 GDPR.
According to Article 16 GDPR, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.
You have the right according to Article 17 GDPR to request the immediate deletion of data concerning you, or alternatively, according to Article 18 GDPR, to request a restriction of the processing of the data.
You have the right to request that the data concerning you that you have provided to us be received and transmitted to other controllers according to Article 20 GDPR.
Furthermore, according to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
You have the right to withdraw your given consents with effect for the future according to Article 7(3) GDPR.
You can object to the future processing of the data concerning you at any time according to Article 21 GDPR. The objection can particularly be made against processing for direct marketing purposes.
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie might store the contents of a shopping cart in an online store or a login status. Cookies that remain stored after closing the browser are referred to as “permanent” or “persistent.” For example, the login status can be stored if users visit the site after several days. A user’s interests can also be stored in such a cookie, which can be used for audience measurement or marketing purposes. Cookies that are offered by providers other than the controller that operates the online offering are referred to as “third-party cookies” (otherwise, if it is only its cookies, they are called “first-party cookies”).
We may use temporary and permanent cookies and inform you about this in our privacy policy.
If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of this online offering.
A general objection to the use of cookies used for online marketing purposes can be declared on a variety of services, primarily in the case of tracking, via the United States site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser’s settings. Please note that not all functions of this online offering may be available if cookies are disabled.
The data processed by us is deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, stored data is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations opposing deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data is locked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
According to legal requirements in Germany, storage takes place particularly for 10 years according to §§ 147(1) AO, 257(1) nos. 1 and 4, paragraph 4 HGB (books, records, management reports, booking receipts, commercial books, relevant documents for taxation, etc.) and for 6 years according to § 257(1) nos. 2 and 3, paragraph 4 HGB (commercial letters).
According to legal requirements in Austria, storage takes place particularly for 7 years according to § 132(1) BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, statement of revenues and expenses, etc.), for 22 years in connection with properties, and for 10 years for documents related to electronically supplied services, telecommunications, broadcast and television services provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is claimed.
We process the data of our contract partners and interested parties as well as other clients, customers, clients, or contract partners (collectively referred to as “contract partners”) according to Article 6(1) lit. b. GDPR to provide our contractual or pre-contractual services to them. The data processed, the type, scope, and purpose and necessity of their processing are determined by the underlying contractual relationship.
The processed data includes the master data of our contract partners (e.g., names and addresses), contact data (e.g., email addresses and phone numbers) as well as contractual data (e.g., services used, contract content, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
We generally do not process special categories of personal data unless they are components of commissioned or contractual processing.
We process data necessary for establishing and fulfilling the contractual services and point out the necessity of their disclosure if this is not evident for the contract partners. Disclosure to external persons or companies only happens if it is required in the context of a contract. When processing data provided to us as part of an order, we act according to the instructions of the clients and statutory requirements.
In the context of using our online services, we may store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the users’ interest in protection against misuse and other unauthorized use. There is no disclosure of this data to third parties unless it is necessary to pursue our claims according to Article 6(1) lit. f. GDPR or there exists a legal obligation according to Article 6(1) lit. c. GDPR.
The deletion of data takes place when the data is no longer necessary for the fulfillment of contractual or legal duties of care and dealing with any warranty and comparable obligations, with the necessity of storing the data being reviewed every three years; otherwise, the statutory retention obligations apply.
We process data in the course of administrative tasks, organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of our contractual services. The processing bases are Article 6(1) lit. c. GDPR, Article 6(1) lit. f. GDPR. Customers, interested parties, business partners, and website visitors are affected by this processing. The purpose and our interest in processing lie in the administration, financial accounting, office organization, archiving of data, thus tasks that serve the maintenance of our business activities, performance of our tasks, and provision of our services. The deletion of data in terms of contractual services and communication equates to the information disclosed in these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax accountants or auditors, as well as other charges offices and payment service providers.
We also store information based on our business interests, for example, for later contact with suppliers, organizers, and other business partners. We generally store mostly company-related data permanently.
In order to operate our business economically, to recognize market trends, and to identify the wishes of the contract partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process stock data, communication data, contract data, payment data, usage data, metadata based on Article 6(1) lit. f. GDPR, whereas the affected persons are contract partners, interested parties, customers, visitors, and users of our online offering.
The analyses are carried out for business evaluations, marketing, and market research purposes. We can also include the profiles of registered users with details, e.g., on the services they have used. The analyses serve to increase user-friendliness, optimize our offering, and business efficiency. The analyses are solely for us and are not disclosed externally unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal in nature, they are deleted or anonymized upon termination of the users, otherwise after two years from the conclusion of the contract. In other respects, the overall business analyses and general trend determinations are created anonymously as much as possible.
We process applicant data only for the purpose and within the scope of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the framework of the application process in the sense of Article 6(1) lit. b. GDPR, Article 6(1) lit. f. GDPR, if the data processing becomes necessary for us, for example, in the context of legal procedures (in Germany, Section 26 BDSG applies additionally).
The application process requires that applicants provide us with applicant data. The necessary applicant data are marked if we offer an online form; otherwise, they result from the job descriptions and generally include personal information, postal and contact addresses, and the application documents (cover letter, CV, and references). In addition, applicants can voluntarily provide us with additional information.
By submitting the application to us, the applicants declare their agreement to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.
If voluntarily provided during the application process, special categories of personal data in the context of Article 9(1) GDPR will be additionally processed according to Article 9(2) lit. b GDPR (e.g., health data, such as disability status or ethnic origin). If special categories of personal data are asked from applicants during the application process, their processing takes place based on Article 9(2) lit. a GDPR (e.g., health data if required for the profession).
If provided, applicants can submit their applications to us via an online form on our website. The data will be transmitted to us encrypted in accordance with the state of the art.
Applicants can also send us their applications via email. However, please note that emails are generally not sent in an encrypted form and applicants themselves must provide encryption. We, therefore, cannot accept any responsibility for the transmission path of the application between the sender and receipt on our server, and therefore recommend using an online form or postal dispatch instead. As an alternative to the online form and email, applicants still have the option of sending us the application by post.
The applicant data provided to us can be further processed by us if the application is successful for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant data will be deleted. Applicant data will also be deleted if an application is withdrawn, which the applicants have the right to do at any time.
Data will be deleted, subject to a justified revocation of the applicants, after a period of six months, to answer any follow-up questions about the application and to meet our proof obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the tax regulations.
As part of the application process, we offer applicants the opportunity to be included in our “Talent Pool” for a period of two years based on consent in the sense of Article 6(1) lit. b. and Article 7 GDPR.
The application documents in the Talent Pool are processed solely for future job advertisements and for the search for employees and will be destroyed at the latest after the period has expired. Applicants are informed that their consent to inclusion in the Talent Pool is voluntary, does not affect the current application process, and they can revoke this consent at any time for the future, as well as object in accordance with Article 21 GDPR.
When contacting us (e.g., via contact form, email, telephone, or social media), the user’s information for processing the contact request and its handling is processed according to Article 6(1) lit. b) GDPR. Users’ information may be stored in a Customer Relationship Management System (“CRM System”) or comparable inquiry management.
We delete the inquiries if they are no longer necessary. We check the necessity every two years; additionally, the statutory archiving obligations apply.
With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedures, and your rights of objection. By subscribing to our newsletter, you agree to receive it and the procedures described.
Content of the newsletter: We only send newsletters, emails, and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described within the framework of a registration, they are decisive for the user’s consent. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means you will receive an email after registration, asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. The registrations for the newsletter are logged to be able to prove the registration process according to legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.
Registration data: To register for the newsletter, it is sufficient to provide your email address. We also ask you for a name for personal address in the newsletter.
The dispatch of the newsletter and the associated performance measurement take place based on the recipients’ consent according to Article 6(1) lit. a, Article 7 GDPR in conjunction with § 7(2) no. 3 UWG or, if consent is not required, based on our legitimate interests in direct marketing according to Article 6(1) lit. f. GDPR in conjunction with § 7(3) UWG.
Logging of the registration process is based on our legitimate interests according to Article 6(1) lit. f GDPR. Our interest is in using a user-friendly and secure newsletter system that serves both our business interests and meets users’ expectations and also allows us to prove consent.
Cancellation/Withdrawal – You can cancel the receipt of our newsletter at any time, which means you revoke your consents. A link to cancel the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before we delete them to provide evidence of previously given consent. The processing of this data is only limited to the defense of any claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.
The newsletters are sent by the dispatch service provider Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany. You can view the dispatch service provider’s privacy policy here: https://www.newsletter2go.de/datenschutz/. The dispatch service provider is used on the basis of our legitimate interests according to Article 6(1) lit. f GDPR and a data processing agreement according to Article 28(3) sentence 1 GDPR.
The dispatch service provider may use the data of the recipients in pseudonymous form, i.e., without allocation to a user, to optimize or improve its services, e.g., for the technical optimization of dispatch and the presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.
The hosting services we use are for providing infrastructure and platform services, computing capacity, storage space, and database services, email dispatch, security services, and technical maintenance services, which we use for the purpose of operating this online offering.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta, and communication data of customers, interested parties, and visitors of this online offering based on our legitimate interests in an efficient and secure provision of this online offering according to Article 6(1) lit. f GDPR in conjunction with Article 28 GDPR (conclusion of data processing agreement).
We, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Article 6(1) lit. f. GDPR. Access data includes the name of the accessed website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Logfile information is stored for security reasons (e.g., to investigate misuse or fraudulent activities) for a duration of maximum 7 days and then deleted. Data whose further retention is required for evidence purposes is excluded from deletion until the respective incident is finally clarified.
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Article 6(1) lit. f. GDPR). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transmitted to and stored by Google on servers in the USA.
Google will use this information on our behalf to evaluate users’ use of our online offering, to compile reports on activity within our online offering, and to provide us with other services related to the use of our online offering and internet usage. In the process, pseudonymous usage profiles of users can be created based on the processed data.
We use Google Analytics only with IP anonymization enabled. This means that the IP address of users is truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
The IP address transmitted by users’ browsers will not be merged with other data from Google. Users can prevent the storage of cookies by selecting the appropriate setting in their browser software; users can also prevent the collection by Google of the data generated by the cookie and related to their use of the online offering as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information on data usage by Google, settings, and objection options, can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
The personal data of users is deleted or anonymized after 14 months.
Within the framework of range analysis by Matomo, the following data is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the sense of Article 6(1) lit. f. GDPR): the browser type used by you and the browser version, the operating system used by you, your origin country, date and time of the server request, the number of visits, your duration of visits on the website, and the external links you clicked. The IP address of users is anonymized before storage.
Matomo uses cookies that are stored on users’ computers and that enable an analysis of the use of our online offering by users. Pseudonymous usage profiles of users can be created based on the processed data. The cookies have a storage duration of one week. The information generated by the cookie about your use of this website will only be stored on our server and will not be passed on to third parties.
Users can object to the anonymous data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, an opt-out cookie will be placed in your browser, resulting in Matomo no longer collecting any session data. If users delete their cookies, this means, however, that the opt-out cookie will also be deleted and must be reactivated by the users.
The logs with user data are deleted at the latest after 6 months.
We set on our online offering, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Article 6(1) lit. f. GDPR), content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “contents”).
This always presupposes that the third-party providers of these contents perceive the IP address of users, because without the IP address, they would not be able to send the contents to their browser. The IP address is, therefore, required for the presentation of these contents. We endeavor to use only those contents where their respective providers use the IP address solely for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate visitor traffic on the pages of this website. The pseudonymous information can further be stored in cookies on the user’s device and may, among other things, contain technical information on the browser and operating system, referring webpages, visit time, and further details on the use of our online offering as well as can be connected with such information from other sources.
We integrate the videos of the platform “YouTube” from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
We integrate the function for detecting bots, e.g., when entering online forms (“ReCaptcha”) by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include IP addresses and users’ location data, but these are not collected without their consent (usually implemented within the settings of their mobile devices). The data can be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.