Privacy Policy - IPROTEC

Data protection

Data protection is of particular importance to our company. The use of the website is generally possible without providing any personal data. However, if a data subject wishes to use specific services of our company online, processing personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, for example, the name, address, email address, or telephone number of a data subject, always takes place in accordance with the Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) effective from May 25, 2018, and applicable laws. With this privacy policy, our company aims to inform about the type, scope, and purpose of the personal data we process and to educate data subjects about their rights.

Our company has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed. However, internet-based data transmissions can generally have security vulnerabilities, so an absolute protection cannot be guaranteed.

1 Definitions

The privacy policy of our company is based on the GDPR. Our privacy policy should be easy to read and understand. To ensure this, we explain the terms used beforehand:

1.1 Personal Data

Personal data is "any information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person" (GDPR Art. 4 (1)).

1.2 Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

1.3 Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.4 Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

1.5 Profiling

Profiling is any form of automated processing of personal data that uses personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

1.6 Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. This additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not attributed to an identified or identifiable natural person.

1.7 Controller of Controller responsible for processing

The controller or the controller responsible for processing is the natural or legal person, authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.8 Processor

The processor is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

1.9 Recipient

The recipient is a natural or legal person, authority, agency, or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the course of a particular inquiry under Union law or the law of the Member States are not considered recipients.

1.10 Third Party

A third party is a natural or legal person, authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct responsibility of the controller or the processor, are authorized to process personal data.

1.11 Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2 Name and Address of the Controller responsible for processing

The controller within the meaning of the GDPR is:

IPROTEC GmbH
Dr.-Schott-Straße 35
D-94227 Zwiesel

Tel.: +49 (0) 9922 98 676
E-Mail: info@iprotec-gmbh.com
www.iprotec-gmbh.com

3 Contact Details of our external Data protection officer

Herr Michael Gruber
BSP-SECURITY
Franz-Mayer-Str. 1
D-93053 Regensburg

Tel. +49 (0) 941 46 29 09 29
info[at]bsp-security.de
www.bsp-security.de

Any data subject can contact our data protection officer directly for any questions or suggestions regarding data protection.

4 Cookies

Our company's websites use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that allows websites and servers to assign the specific internet browser in which the cookie is stored. This enables the visited websites and servers to differentiate the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified via the unique cookie ID. By using cookies, IPROTEC GmbH can provide users of this website with user-friendly services that would not be possible without the setting of cookies.

Cookies can optimize the information and offerings on our website in the sense of the user. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. A user of a website that uses cookies does not, for example, have to re-enter their login data every time they visit the website, as this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thereby permanently object to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject disables the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

5 Collection of general data and information

The web servers of IPROTEC GmbH collect a series of general data and information with each call of the website by a data subject or an automated system. This general data and information is stored in the server log files. The following data can be collected: the types and versions of the browsers used, the operating system used by the accessing system, the website from which an accessing system reaches our website, the sub-websites that are accessed via an accessing system on our website, the date and time of access to the website, an internet protocol address (IP address), the internet service provider of the accessing system, and other similar data and information that serve to avert danger in the event of attacks on our IT systems.

When using this general data and information, IPROTEC GmbH does not draw any conclusions about the data subject. This information is rather needed to deliver the contents of our website correctly, to optimize the contents of our website and the advertising for it, to ensure the long-term functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. These anonymized data and information are therefore evaluated by IPROTEC GmbH, on the one hand, statistically and further with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymized data of the server log files are stored separately from all personal data provided by a data subject.

6 Contact possibility via the website

The website of our company contains information that enables a quick electronic contact to our company and direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. There will be no transfer of this personal data to third parties.

7 Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of processing or if this is provided for by the legislator in laws or regulations to which the controller is subject. If the purpose of storage no longer applies or if a storage period prescribed by the legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

8 Rights of the data subject

8.1 Right to confirmation

Every data subject has the right to request from the controller confirmation as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact our data protection officer or another employee of the controller at any time..

8.2 Right to Access

Every data subject affected by the processing of personal data has the right to obtain from the controller free information about their stored personal data and a copy of this information along with the information listed here:

the purposes of processing
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, in particular recipients in third countries or international organizations
fif possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining that duration
das Bestehen eines Rechts auf Berichtigung oder Löschung der sie betreffenden personenbezogenen Daten oder auf Einschränkung der Verarbeitung durch den Verantwortlichen oder eines Widerspruchsrechts gegen diese Verarbeitung
the existence of the right to rectification or erasure of personal data concerning them or to the restriction of processing by the controller or a right to object to such processing
the existence of the right to lodge a complaint with a supervisory authority; if the personal data are not collected from the data subject: All available information about the source of the data
the existence of automated decision-making, including profiling, according to Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to access, they can contact our data protection officer at any time.

8.3 Right to rectification

Every data subject affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectification, they can contact our data protection officer at any time.

8.4 Right to erasure (right to be forgotten)

Every data subject affected by the processing of personal data has the right to request the controller to erase personal data concerning them without delay, provided that one of the following grounds applies and the processing is not necessary:

The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
The data subject withdraws their consent on which the processing is based according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal ground for the processing.
The data subject objects to the processing according to Article 21 (1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing according to Article 21 (2) GDPR.
The personal data have been unlawfully processed.
The erasure of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data have been collected in relation to the offer of information society services according to Article 8 (1) GDPR.

If any of the above-mentioned reasons apply and a data subject wishes to request the erasure of personal data stored with our company, they can contact our data protection officer at any time. Our data protection officer will ensure that the erasure request is fulfilled immediately.

If the personal data has been made public by our company and the company is obliged to erase the personal data as the controller according to Article 17 (1) GDPR, our company will take into account the available technology and implementation costs to take appropriate measures, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the erasure of all links to this personal data or of copies or replications of this personal data, as far as processing is not necessary. The data protection officer will take the necessary measures on a case-by-case basis.

8.5 Right to Restriction of Processing

Every data subject affected by the processing of personal data has the right granted by the European legislator to request from the controller the restriction of processing if one of the following conditions is met:

DThe accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject opposes the erasure of the personal data and requests instead the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
DThe data subject has objected to processing according to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored with our company, they can contact our data protection officer at any time. The data protection officer will initiate the restriction of processing.

8.6 Right to data portability

JEvery data subject affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract according to Article 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability according to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and when it does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, the data subject can contact our appointed data protection officer at any time.

8.7 Right to object

Every data subject affected by the processing of personal data has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, which is based on Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

Our company will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defense of legal claims.

If our company processes personal data for the purpose of direct marketing, the data subject has the right at any time to object to the processing of personal data concerning them for the purpose of such advertising. This applies also to profiling to the extent that it is related to such direct marketing. If the data subject objects to our company processing for the purposes of direct marketing, we will no longer process the personal data for these purposes.

The data subject also has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them which is carried out by our company for scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can directly contact the data protection officer.

8.8 Automated individual decision-making, including profiling

Every data subject affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for entering into or performance of a contract between the data subject and the controller, or is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, or is based on the data subject's explicit consent.

If the decision is necessary for entering into or performance of a contract between the data subject and the controller or is based on the data subject's explicit consent, our company will implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, which at least include the right to obtain the intervention of a person on the part of the controller, to express their point of view and to contest the decision.

If the data subject wishes to assert rights regarding automated decisions, they can contact our data protection officer at any time.

8.9 Right to withdraw consent

Every data subject affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise their right to withdraw consent, they can contact our data protection officer at any time.

9 Data Protection in applications and the application process

The controller processes and stores the personal data of applicants for the purpose of handling the application process. The processing may also occur by electronic means. This is especially the case when an applicant sends corresponding application documents electronically, for example, via email or via a web form available on the website, to our company. If our company enters into an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted six months after the notification of the rejection decision, provided that there are no other legitimate interests of the controller opposing the deletion. A legitimate interest in this sense is, for example, a burden of proof in a procedure under the General Equal Treatment Act(AGG).

10 Data Protection Provisions: Tracking Tools

10.1 Data Protection Provisions for the use and implementation of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network. A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or allows the internet community to provide personal or business-related information. Facebook allows users of the social network, among other things, to create personal profiles, upload photos, and connect through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For the processing of personal data, if a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible.

With each call of one of the web pages operated by the controller on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the data subject's information technology system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be retrieved at developers.facebook.com/docs/plugins/. As part of this technical procedure, Facebook becomes aware of which specific subpage of our website is being visited by the data subject.

If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit of our website by the data subject and during the entire duration of their stay on our website, which specific subpage of our website the data subject is visiting. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, for example, the "Like" button, or gives a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information about the fact that the data subject has visited our website through the Facebook component whenever the data subject is logged into Facebook at the time of accessing our website, regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want such information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at de-de.facebook.com/about/privacy/, provides information on the collection, processing, and use of personal data by Facebook. It also explains what settings Facebook offers to protect the data subject's privacy. Additionally, various applications are available that allow users to suppress data transmission to Facebook, such as the Facebook blocker provided by Webgraph, which can be obtained at webgraph.com/resources/facebookblocker/. Such applications can be used by the data subject to prevent data transmission to Facebook.

10.2 Data Protection provisions for the use and implementation of google+

The controller has integrated the Google+ button as a component on this website. Google+ is a so-called social network. A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or allows the internet community to provide personal or business-related information. Google+ allows users of the social network, among other things, to create personal profiles, upload photos, and connect through friend requests.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each call of one of the individual pages of this website, operated by the controller and on which a Google+ button is integrated, the internet browser on the data subject's information technology system is automatically prompted by the respective Google+ button to download a representation of the corresponding Google+ button from Google. More detailed information about Google+ can be retrieved at developers.google.com/+/.

If the data subject is simultaneously logged into Google+, Google recognizes with each visit of our website by the data subject and during the entire duration of their stay on our website, which specific subpage of our website the data subject is visiting. This information is collected by the Google+ button and assigned by Google to the respective Google+ account of the data subject.

If the data subject clicks on one of the Google+ buttons integrated into our website and thereby submits a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly accessible in accordance with the terms accepted by the data subject in this regard. A Google+1 recommendation given by the data subject on this website will subsequently be stored and processed along with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored therein in other Google services, such as the search results of the Google search engine, the Google account of the data subject, or elsewhere, such as on websites or in connection with advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored by Google. Google records these personal information for the purpose of improving or optimizing the various services of Google.

Google receives information that the data subject has visited our website via the Google+ button whenever the data subject is logged into Google+ at the time of accessing our website, regardless of whether the data subject clicks on the Google+ button or not.

If the data subject does not wish to transmit personal data to Google, they can prevent such transmission by logging out of their Google+ account before accessing our website.

Further information and the applicable data protection provisions of Google can be retrieved at www.google.de/intl/de/policies/privacy/. Additional notes from Google regarding the Google+1 button can be found at developers.google.com/+/web/buttons-policy.

10.3 Data Protection provisions for the use and implementaton of linkedin

The controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts as well as to establish new business contacts. More than 400 million registered individuals use LinkedIn in over 200 countries, making LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible.

With each individual retrieval of our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to automatically download a representation of the component from LinkedIn. More information about the LinkedIn plug-ins can be retrieved at developer.linkedin.com/plugins. In the course of this technical procedure, LinkedIn becomes aware of which specific subpage of our website is being visited by the data subject.

SIf the data subject is simultaneously logged into LinkedIn, LinkedIn recognizes with each visit of our website by the data subject and during the entire duration of their stay on our website, which specific subpage of our website the data subject is visiting. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated into our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn receives information that the data subject has visited our website via the LinkedIn component whenever the data subject is logged into LinkedIn at the time of accessing our website, regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not wish to transmit this information to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.

LinkedIn offers the possibility to unsubscribe from email messages, SMS messages, and targeted ads and to manage ad settings at www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, who may set cookies. Such cookies can be rejected at www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn can be retrieved at www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn can be retrieved at www.linkedin.com/legal/cookie-policy.

10.4 Data Protection Provisions for the use and implementation of xing

The controller has integrated components of Xing on this website. Xing is an internet-based social network that enables users to connect with existing business contacts as well as to establish new business contacts. Individual users can create a personal profile on Xing. Companies can create company profiles or post job offers on Xing.

The operating company of Xing is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.

With each call of one of the individual pages of this website, which is operated by the controller and on which a Xing component (Xing plug-in) has been integrated, the internet browser on the data subject's information technology system is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. More information about the Xing plug-ins can be retrieved at dev.xing.com/plugins. In the course of this technical procedure, Xing becomes aware of which specific subpage of our website is being visited by the data subject.

SIf the data subject is simultaneously logged into Xing, Xing recognizes with each visit of our website by the data subject and during the entire duration of their stay on our website, which specific subpage of our website the data subject is visiting. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject clicks on one of the Xing buttons integrated into our website, for example, the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing receives information that the data subject has visited our website via the Xing component whenever the data subject is logged into Xing at the time of accessing our website, regardless of whether the data subject clicks on the Xing component or not. If the data subject does not wish for such information to be transmitted to Xing, they can prevent the transmission by logging out of their Xing account before accessing our website.

The data protection provisions published by Xing, which can be accessed at www.xing.com/privacy, provide information about the collection, processing, and use of personal data by Xing. Furthermore, Xing has published information for the XING Share button at www.xing.com/app/share/datenschutzhinweise.

10.5 Data Protection provisions for the use and implementation of youtube

The controller has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips for free and other users to view, rate, and comment on them for free. YouTube allows the publication of all types of videos, which is why both complete films and television programs as well as music videos, trailers, or videos created by users are accessible via the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each call of one of the individual pages of this website, operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the data subject's information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be retrieved at www.youtube.com/yt/about/de/. As part of this technical procedure, YouTube and Google become aware of which specific subpage of our website is being visited by the data subject.

If the data subject is simultaneously logged into YouTube, YouTube recognizes with each visit of our website by the data subject which specific subpage of our website the data subject is visiting when they access a page containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google receive information about the fact that the data subject has visited our website through the YouTube component whenever the data subject is logged into YouTube at the time of accessing our website, regardless of whether the data subject clicks on the YouTube video or not. If the data subject does not wish for personal data to be transmitted to YouTube, they can prevent such transmission by logging out of their YouTube account before accessing our website.

The data protection provisions published by YouTube, which can be accessed at www.google.de/intl/de/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.

11 Responsible Data Protection Authority

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
D-91522 Ansbach
Germany

Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

12 Changes to data Protection provisions

WWe reserve the right to change our security and data protection provisions as far as this becomes necessary due to technical developments. In these cases, we will also adapt our data protection notices accordingly. Please note the current version of our privacy policy.

(04/2018)