Privacy policy

1. Data Protection at a Glance

General Information

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data comprises all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our Privacy Policy set out below.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section “Responsible Entity” in this Privacy Policy.

How do we collect your data?

Your data are collected, on the one hand, by you providing them to us. This may, for example, concern data which you enter into a contact form.

Other data are collected automatically or following your consent when visiting the website by our IT systems. These are primarily technical data (e.g. internet browser, operating system or time of the page view). The collection of these data takes place automatically as soon as you enter this website.

For what purposes do we use your data?

Part of the data is collected to ensure the fault-free provision of the website. Other data may be used for the analysis of your user behaviour.

What rights do you have in relation to your data?

You have the right at any time, free of charge, to receive information about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification or erasure of these data. If you have granted consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

In this regard, as well as for other questions on the subject of data protection, you may contact us at any time.

Analytics Tools and Tools of Third Parties

When visiting this website your browsing behaviour may be statistically evaluated. This is carried out primarily by means of so-called analytics programmes.

Detailed information on these analytics programmes can be found in the following Privacy Policy.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website are stored on the servers of the host(s). This may in particular include IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website access data and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, rapid and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR). Where corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Our host(s) will process your data only to the extent necessary to fulfil its performance obligations and in accordance with our instructions regarding such data.

We use the following host:
Neue Medien Muennich GmbH

Processing under Contract

We have concluded a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law to ensure that personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Notices

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This Privacy Policy explains which data we collect, the purposes for which we use them, and the manner and purposes of such processing.

Please note that data transmission over the Internet (for example, by e-mail) may be subject to security vulnerabilities. Complete protection of data from access by third parties is not possible.

Responsible Entity

The responsible entity for data processing on this website is:

Stadtmarketing Holzminden GmbH
Obere Straße 45
37603 Holzminden

Phone: 05531/990 5320
EMail: kontakt@sensoria-holzminden.de


The responsible entity is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, names, email addresses, etc.).


Storage Period

Unless a specific storage period is stated within this Privacy Policy, your personal data will be retained by us until the purpose of data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for retaining your personal data (for example, tax or commercial retention periods). In such cases, deletion will occur once those reasons no longer apply.

Legal Bases for Data Processing

If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, if special categories of data according to Article 9(1) GDPR are processed. In cases of explicit consent to transfer personal data to third countries, processing also occurs on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (for example, via device fingerprinting), processing also occurs on the basis of §25(1) TDDDG. Consent may be revoked at any time. If your data are necessary to fulfil a contract or for pre-contractual measures, we process your data under Article 6(1)(b) GDPR. We also process data where necessary to comply with a legal obligation under Article 6(1)(c) GDPR. Processing may additionally be based on our legitimate interests under Article 6(1)(f) GDPR. The applicable legal bases are further explained in the relevant sections of this Privacy Policy.

Data Protection Officer

We have appointed a data protection officer:

Mr Andreas Sorge
DatCon GmbH | Engineering Office for Data Protection and Consulting
Am Osterfeuer 26
37176 Nörten-Hardenberg

Phone: 0170-8162619
EMail: sorge@datcon.de

Recipients of Personal Data

In the course of our business, we cooperate with various external entities. The transfer of personal data to these entities is occasionally necessary. Personal data are only shared with external parties if necessary for contract fulfilment, if legally required (for example, with tax authorities), if there is a legitimate interest under Article 6(1)(f) GDPR, or if another legal basis allows it. When using processors, personal data of our clients are only shared under a valid contract for order processing. In cases of joint processing, a contract on joint processing is concluded.

Withdrawal of Consent to Data Processing

Many data processing operations require your explicit consent. You may withdraw previously given consent at any time. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Article 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

Right to Lodge a Complaint

You may lodge a complaint with a supervisory authority in the event of violations of the GDPR, particularly in the Member State of your habitual residence, place of work, or the location of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the personal data that we process automatically on the basis of your consent or a contract in a commonly used, machine-readable format and to transmit it to yourself or another controller. Direct transfer to another controller will only occur if technically feasible.

Access, Rectification, and Deletion

You have the right, at any time and within the framework of applicable statutory provisions, to obtain free information regarding your stored personal data, including its origin, recipients, and the purpose of processing, as well as, where applicable, the right to rectification or deletion of such data. For this purpose, as well as for any further questions concerning personal data, you may contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of the personal data we hold about you, we generally require time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data has been or is unlawful, you may request restriction of processing instead of deletion.
  • If we no longer need your personal data, but you require it for the establishment, exercise, or defence of legal claims, you have the right to request restriction of processing instead of deletion.
  • If you have lodged an objection pursuant to Article 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data may, apart from their storage, only be processed with your consent, for the establishment, exercise, or defence of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL/TLS Encryption

For security and to protect confidential data (such as orders or enquiries), this website uses SSL/TLS encryption. Encrypted connections are indicated by “https://” in the browser address bar and a lock icon. Data transmitted during such sessions cannot be read by third parties.

Encrypted Payment Transactions

If, following the conclusion of a paid contract, you are obliged to provide us with your payment data (for example, account number for direct debit), these data are required for payment processing.

Payment transactions via the commonly used payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. An encrypted connection can be recognised by the browser’s address line changing from “http://” to “https://” and by the padlock symbol in your browser’s address bar.

During encrypted communication, your payment data transmitted to us cannot be read by third parties.

Objection to Unsolicited Emails

Use of contact details published under the imprint obligation for sending unsolicited advertising and information is hereby objected to. The operators reserve the right to take legal action in cases of unsolicited sending of advertising information, such as spam emails.

4. Data Collection on this Website

Cookies

Our website uses so-called “cookies”. Cookies are small data packages and do not cause any harm to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (for example, cookies for processing payment services).

Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (for example, the shopping cart function or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes.

Cookies required for the execution of the electronic communication process, for providing certain functions requested by you (for example, for the shopping cart function), or for the optimisation of the website (for example, cookies for measuring web traffic) (necessary cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been obtained, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and §25(1) TDDDG); consent may be revoked at any time.

You can configure your browser so that you are informed about the setting of cookies and only allow them in individual cases, exclude acceptance of cookies for certain cases or generally, and enable automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this Privacy Policy.

Consent via Complianz

Our website uses the consent technology provided by Complianz to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in a manner compliant with data protection law. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands (hereinafter “Complianz”).

Complianz is hosted on our servers, so no connection to the Complianz provider’s servers is established. Complianz stores a cookie in your browser to associate the consents you have given or revoked. The data collected in this way are stored until you request deletion, delete the Complianz cookie yourself, or the purpose for data storage ceases. Mandatory statutory retention obligations remain unaffected.

The use of Complianz serves to obtain legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Server Log Files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

No merging of these data with other data sources takes place.

The collection of these data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free representation and optimisation of the website, for which server log files must be collected.

Contact Form

If you submit inquiries to us via the contact form, your details from the inquiry form, including the contact information you provide, will be stored with us for the purpose of processing the inquiry and in the event of follow-up questions. These data will not be passed on without your consent.

The processing of these data is based on Article 6(1)(b) GDPR if your inquiry is related to the fulfilment of a contract or required for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if such consent has been requested; consent may be revoked at any time.

The data you enter in the contact form remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (for example, after your inquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Inquiry via E-Mail, Telephone, or Fax

If you contact us via e-mail, telephone, or fax, your inquiry, including all personal data arising from it (name, inquiry), will be stored and processed for the purpose of handling your request. These data will not be passed on without your consent.

Processing of these data is based on Article 6(1)(b) GDPR if your inquiry is related to the fulfilment of a contract or required for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if such consent has been requested; consent may be revoked at any time.

The data you transmit to us via contact inquiries remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (for example, after your request has been processed). Mandatory statutory provisions – in particular legal retention periods – remain unaffected.

5. Plugins and Tools

Google Fonts (Local Hosting)

This website uses so-called Google Fonts, provided by Google, to ensure a uniform display of fonts. The Google Fonts are installed locally. No connection to Google servers is established.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

OpenStreetMap

We use the map service provided by OpenStreetMap (OSM).

We integrate map material from OpenStreetMap on the servers of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a data-protection-compliant third country, meaning it provides a level of data protection equivalent to that in the European Union. When using OpenStreetMap maps, a connection to the servers of the OpenStreetMap Foundation is established. Among other things, your IP address and further information regarding your behaviour on this website may be transmitted to OSMF. OpenStreetMap may store cookies in your browser or use comparable recognition technologies.

The use of OpenStreetMap serves the purpose of presenting our online offerings attractively and making the locations indicated on the website easily findable. This constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR. If corresponding consent has been obtained, processing is carried out solely on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG, insofar as consent includes the storage of cookies or access to information on the user’s device (for example, device fingerprinting). Consent may be revoked at any time.

6. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content-related structuring, and modification of our contractual relationships. Personal data concerning the use of this website (usage data) are collected, processed, and used only to the extent necessary to enable the user to use the service or to invoice for it. The legal basis for this is Article 6(1)(b) GDPR.

Collected customer data are deleted after completion of the order or termination of the business relationship and expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Data Transmission for Online Shops, Merchants, and Goods Shipping

If you order goods from us, we transmit your personal data to the delivery company commissioned for delivery and to the payment service provider responsible for payment processing. Only data required by the respective service provider to fulfil its task are transmitted. The legal basis for this is Article 6(1)(b) GDPR, which permits the processing of data for contract fulfilment or pre-contractual measures. If you have given corresponding consent under Article 6(1)(a) GDPR, we will provide your email address to the delivery company so that it can inform you of the shipping status of your order via email; consent may be revoked at any time.

Data Transmission for Services and Digital Content

We transmit personal data to third parties only when necessary for contract execution, for example to the credit institution responsible for payment processing.

Further transmission of data does not occur, or only occurs if you have expressly consented. We do not share your data with third parties without your explicit consent, for example for advertising purposes.

The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for contract fulfilment or pre-contractual measures.

Payment Services

We integrate payment services from third-party providers on our website. When you make a purchase with us, your payment data (for example, name, payment amount, account details, credit card number) are processed by the payment provider for the purpose of payment processing. For these transactions, the contractual and privacy terms of the respective provider apply. The use of payment providers is based on Article 6(1)(b) GDPR (contract execution) and, additionally, on the interest in ensuring a smooth, comfortable, and secure payment process (Article 6(1)(f) GDPR). Where your consent is obtained for specific actions, Article 6(1)(a) GDPR constitutes the legal basis for data processing; consent may be revoked at any time for the future.

The following payment services/providers are used on this website:

American Express
Provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transmit data to its parent company in the USA. Data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.
Further information can be found in the American Express Privacy Policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard
Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transmit data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA
Provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a data-protection-compliant third country, providing a level of data protection equivalent to the European Union.

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Further information can be found in the VISA Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

7. Own Services

Handling of Applicant Data

We offer you the opportunity to submit applications to us (for example, via e-mail, post, or online application form). The following informs you of the scope, purpose, and use of the personal data collected as part of the application process. We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions, and that your data are treated with strict confidentiality.

Scope and Purpose of Data Collection

If you submit an application, we process the associated personal data (for example, contact and communication data, application documents, notes made during interviews, etc.) to the extent necessary to make a decision regarding the establishment of an employment relationship. The legal basis for this is §26 BDSG under German law (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation), and – if you have given consent – Article 6(1)(a) GDPR. Consent may be revoked at any time. Your personal data will only be shared within our company with persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of §26 BDSG and Article 6(1)(b) GDPR for the purpose of executing the employment relationship.

Retention Period of Data

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Article 6(1)(f) GDPR) for up to six months from the conclusion of the application process (rejection or withdrawal of the application). After this period, the data will be deleted and any physical application documents destroyed. Retention serves in particular to provide evidence in the event of a legal dispute. If it is apparent that the data will be required after the six-month period (for example, due to a threatened or pending legal dispute), deletion will only occur once the purpose for extended retention ceases.

Longer retention may also occur if you have given corresponding consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we are unable to make you a job offer, it may be possible to include you in our applicant pool. If included, all documents and information from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool occurs solely on the basis of your explicit consent (Article 6(1)(a) GDPR). Giving consent is voluntary and unrelated to the ongoing application process. You may revoke your consent at any time. In that case, the data in the applicant pool will be irrevocably deleted, unless statutory retention requirements apply.

Data from the applicant pool will be irrevocably deleted no later than two years after consent was given.

8. Further Servicesere Dienste

jsDelivr CDN

We use a so-called Content Delivery Network (CDN) from jsDelivr. The purpose of this service is to enable faster delivery of website content via servers connected over the internet. Data processing occurs exclusively for the purposes described above. To this end, your browser must connect to the CDN servers, allowing the servers to identify that our website was accessed via your IP address. Use occurs in accordance with Article 6(1)(f) GDPR (legitimate interest). Further information can be found in the jsDelivr privacy policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

Carto Basemaps

Our website uses map services from Carto Basemaps, provided by CARTO (CartoDB Inc.), to display interactive maps. When using these maps, information regarding your interaction with the map (for example, displayed areas and zoom levels), as well as technical data such as your IP address, is transmitted to and processed on CARTO servers. This data processing is carried out on the basis of Article 6(1)(a) GDPR (consent).

Further information can be found at: https://carto.com/privacy

Last updated: 25/01/20

Log in