Privacy policy

Thank you for your interest in our web pages. The protection of your personal data (such as your name, address, e-mail address or telephone number) is very important to us. The collection and processing of data is therefore always in accordance with the data protection regulations, namely the EU Data Protection Basic Regulation (DSGVO) and the country-specific data protection regulations applicable to us.

With the following data protection declaration, we would like to inform you about the type, scope and purpose of processing personal data when you visit our websites, as well as about their functions and contents. Please note that the following declaration only applies to the websites of the PANDION group of companies. This includes the website: pandion-service.de (hereinafter referred to collectively as Internet or websites)

I. Used terms

The terms used in our privacy policy are based on the definitions set out in Article 4 of the DSGVO. For better comprehensibility, we would like to briefly explain the essential terms used in the declaration in advance:

(1) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(2) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(3) Processing

Processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organization, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(4) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

(5) Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person.

(6) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

(7) Controller or data controller

Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.

(8) Processor

Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

(9) Recipient

The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the course of a specific investigation mandate under Union or national law shall not be considered as recipients.

(10) Third parties

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

(11) Consent

Consent is any freely given, informed and unequivocal expression of the data subject’s will in a specific case, in the form of a statement or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

II. Name and address of the data controller

The responsible body for all the above-mentioned Internet pages within the meaning of the DSGVO, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is

PANDION Service GmbH
At Mediapark 8, 50670 Cologne
Phone: 0221 / 71600 – 580
Fax: 0221 / 71600 – 120
e-mail: datenschutz@pandion.de

III. contact details of the data protection officer

PANDION AG, as the responsible party, has appointed a data protection officer for the website.

You can contact him as follows:

PANDION Service GmbH
The data protection officer
At Mediapark 8, 50670 Cologne
e-mail:datenschutz@pandion.de

IV. Rights of the data subject

If your personal data is processed, you are a data subject (“data subject”) within the meaning of the DSGVO and you have the following rights against us as the person responsible:

(1) Right of information

You may request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

If such processing has taken place, you can request information from the data controller about the following:

1) the purposes for which the personal data are processed
2) the categories of personal data which are processed;
3) the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
4) the planned duration of the storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;
5) the existence of a right to rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
6) the existence of a right of appeal to a supervisory authority;
7) any available information as to the origin of the data if the personal data are not collected from the data subject;
8) the existence of automated decision making, including profiling, in accordance with Art. 22, paras. 1 and 4 DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.

(2) Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.

(3) Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

1) if you dispute the accuracy of the personal data concerning you for a period of time which allows the controller to verify the accuracy of the personal data;
2) if the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of the personal data;
3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the purpose of asserting, exercising or defending legal claims; or
4) if you have lodged an objection to the processing in accordance with Art. 21 para. 1 DPA and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data, apart from being stored, may be processed only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

(4) Right of deletion

a) Duty to delete

You may demand that the person responsible for the data concerning you be immediately deleted, and the person responsible is obliged to delete such data immediately if one of the following reasons applies:

1) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
2) you revoke your consent on which the processing was based in accordance with art. 6 par. 1 letter a or art. 9 par. 2 letter a DPA and there is no other legal basis for the processing.
3) You object to the processing in accordance with Art. 21 para. 1 FADP and there are no legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 para. 2 FADP.
4) The personal data concerning you have been processed unlawfully.
5) The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6) The personal data concerning you have been collected in relation to the information society services offered, in accordance with art. 8 paragraph 1 of the DPA.

b) Information to third parties

If the data controller has made public the personal data concerning you and is obliged to delete them in accordance with Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

1) to exercise the right to freedom of expression and information
2) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
3) for reasons of public interest in the field of public health pursuant to Article 9, paragraph 2, letters h and i and Article 9, paragraph 3 of the DPA;
4) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the right referred to in a) is likely to render impossible or seriously prejudice the attainment of the purposes of such processing, or
5) to assert, exercise or defend legal claims.

(5) Right to information

If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.
You have the right, vis-à-vis the data controller, to be informed of these recipients.

(6) Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been provided, provided that:

1) the processing is based on a consent pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO or on a contract pursuant to Art. 6 para. 1 letter b DSGVO and
2) the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be communicated directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(7) Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to art. 6, paragraph 1, letter e or f of the DPA; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.

You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

(8) Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

(9) Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or which significantly affects you in a similar way. This shall not apply if the decision

1) is necessary for the conclusion or fulfillment of a contract between you and the person responsible
2) is authorised by Union law or the law of the Member States to which the person responsible is subject and that law provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
3) with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the data controller, to express his point of view and to challenge the decision.

(10) Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a legal remedy under Art. 78 DSGVO.

V. General information on data processing on our Internet pages

(1) Scope of the processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services.

The processing of personal data of our users therefore regularly only takes place with their consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons, as well as when the processing of the data is permitted by legal regulations.

(2) Legal basis for the processing of personal data

The legal basis on the basis of which we process personal data is usually stated in the following data protection declaration in connection with the respective processing. If this is not the case, we process the data on the basis of the following legal principles:

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

(3) Data deletion and storage period

We delete or block the personal data of the person concerned as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

(4) Security measures

In order to be able to guarantee a level of protection of personal data and other confidential content of our users (e.g. inquiries to the responsible person) that is appropriate to the risk, we take technical and organizational security measures. We continuously adapt these measures to the current state of the art. In addition to (e.g.) means of access and access control, we therefore use an encryption procedure on our website in all relevant areas (in particular customer account and contact form). In this case, the information provided by our users is transmitted in encrypted form, i.e. using the TLS protocol (Secure Socket Layer). Encrypted connections can be recognized by the character string “https://” and the lock symbol in the browser line.

VI. provision of the website and creation of log files

(1) Description and scope of data processing

Whenever our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

Information about the browser type and version used
The user’s operating system
The Internet service provider of the user
The IP address of the user
Date and time of access
Websites from which the user’s system accesses our website
Websites that are called up by the user’s system via our website

The data is also stored in the log files of our system. However, this data is not stored together with other personal data of the user.

(2) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

(3) Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the web pages to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of our web pages. In addition, the data is used to optimize our websites and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.

(4) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the web pages, this is the case when the respective session is ended.

In case of storage of the data in log files, the data will be deleted after seven days at the latest. Storage beyond this period is possible. In this case, however, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

(5) Possibility of objection and removal

The collection of data for the provision of the websites and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VII. Use of cookies

 

[borlabs-cookie type=”btn-cookie-preference” title=”Cookieeinstellungen”/]

 

(1) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s information technology system. If a user calls up a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our websites more user-friendly. Some elements of our Internet pages require the calling browser to be able to be identified even after a page change.

In addition, we use cookies on our web pages which enable an analysis of the surfing behaviour of the users.

The user data collected in this way is pseudonomized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.
The user will be informed about the use of cookies for analysis purposes when calling our website and his consent to the processing of the personal data used in this context will be obtained. In this context, reference is also made to this data protection declaration.

(2) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent to this.

(3) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of our websites for the users. Some functions of our websites cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our websites and their content. The analysis cookies enable us to find out how our web pages are used and thus to continuously optimize our offers.

These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.

(4) Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by the user to our website. Therefore you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Internet pages, it is possible that not all functions of the pages can be used to their full extent.

VIII. Newsletter

(1) Description and scope of data processing

On our website you have the possibility to subscribe to a free newsletter. When registering for our newsletter, it is sufficient for the user to enter his e-mail address. Optionally, we ask our users to provide their first and last names for personal contact. In addition, the IP address of the calling computer as well as the date and time of registration are logged during registration.

The newsletters contain so-called “web beacons”, which are called up when the newsletter is opened. Technical information about the system and the browser of the user as well as the IP address and the time of the retrieval or the opening of the newsletter are collected.

The dispatch and the statistical evaluation of the newsletter is carried out on our behalf (based on an order data processing contract according to Art. 28 para. 3 p. 1 DSGVO) via the service provider “MailChimp”. The e-mail addresses of our newsletter recipients as well as the other data mentioned above are therefore stored on servers of MailChimp in the USA. MailChimp is a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. The certificate can be downloaded here:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

The privacy policy of MailChimp is provided under the following link:

https://mailchimp.com/legal/privacy/.

MailChimp does not use the data of our newsletter recipients to write to them itself. MailChimp does not pass the data to third parties.

For the processing of the data we obtain the user’s consent during the registration process. For legal reasons we use the so-called Double-Opt-In-Procedure for this purpose. In the double opt-in procedure, the user first receives an e-mail after registration in which we ask for confirmation of the registration. The confirmation is necessary so that no one can register with a foreign e-mail address. Newsletter registrations are also logged so that we can prove the registration process in accordance with legal requirements.

(2) Legal basis for data processing

The newsletter is sent out based on the user’s registration for the newsletter on our websites and the consent given here. The legal basis is therefore Art. 6 para. 1 lit. a DSGVO. The use of the dispatch service MailChimp, the statistical evaluations and analyses as well as the logging of the registration procedure are based on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO.

(3) Purpose of data processing

The collection of the user’s e-mail address is used to send the newsletter, the optional entry of the name is intended to enable a personal approach to the user.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

The data collected in the course of retrieving the newsletter is used for technical improvement in the context of newsletter delivery as well as for optimizing the newsletter content. These purposes also include our legitimate interest in the processing of this data in accordance with Art. 6 Par. 1 lit. f DSGVO.

(4) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

(5) Possibility of objection and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter.

By cancelling the subscription, the user also revokes his consent to receive the newsletter via MailChimp and to the statistical analysis.

IX. Registration for the customer area

(1) Description and scope of data processing

On our website we offer users the possibility to register for our customer area by entering personal data. The data required for registration is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process: First and last name, address data, telephone and e-mail address. At the time of registration, the user’s IP address and the date and time of registration are also stored.

(2) Legal basis for data processing

The legal basis for the collection of personal data of users is Art. 6 para. 1 lit. b DSGVO.

(3) Purpose of data processing

The processing of personal data from the input mask for registration is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. The other personal data processed during the registration process serves to prevent misuse of the registration form and to ensure the security of our information technology systems.

(4) Duration of storage

The data will be deleted as soon as they are no longer required for the purpose of their collection. This is the case when the data is no longer required for pre-contractual measures or the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

Any additional personal data collected during registration will be deleted after a period of seven days at the latest.

(5) Possibility of objection and removal

Registered users are free to change or completely delete the personal data provided during registration at any time. Upon request, we will provide the user at any time with information about his or her personal data stored by us. We will correct or delete this data at the request or advice of the user. However, early deletion is only possible if there are no contractual or legal obligations to the contrary. The contact data of the person responsible or the data protection officer provided at the beginning of this declaration can be used to contact us in this context.

X. Contact form and e-mail contact

(1)Description and scope of data processing

On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask (name, address, telephone and e-mail) will be transmitted to us and stored. Alternatively, it is also possible to contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties.

(2) Legal basis for data processing

The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 Par. 1 letter f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

(3) Purpose of data processing

These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration.
The processing of personal data within the scope of contacting us is exclusively for the purpose of answering your request or for contacting you and the related technical administration
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

(4) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case if it can be concluded from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain data.

Any personal data additionally collected during the sending process will be deleted after a period of seven days at the latest.

(5) Possibility of objection and removal

If the user contacts us via the contact form e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

To object to the storage, the contact data of the person responsible or the data protection officer provided at the beginning of this declaration can be used.

All personal data stored in the course of the contact will be deleted in this case.

XI. Web analysis by Google Analytics (with anonymization function)

(1) Description and scope of data processing

On our website we use Google Analytics (including the operating mode “Universal Analytics”), a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and cookies are used (already described in section VII.). The information generated by the cookie about the use of this website such as:

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • Access times and visitor frequency
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the USA and stored there. Google may pass on the collected data to third parties if this is required by law or if third parties process the data on behalf of Google.

Google is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with the European data protection law. The certificate can be downloaded here:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We use Google Analytics only with activated IP anonymization (so-called IP Masking). This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data.

(2) Legal basis

The legal basis for the processing of the personal data of the users is Art. 6 para. 1 p. 1lit. f DSGVO.

(3) Purpose of data processing

Google uses the collected information on our behalf to evaluate the use of our website, to compile online reports on website activities and to provide us with further services related to website and internet use. The processed data can be used to create pseudonymous user profiles of the users. The processing helps us to constantly improve our website and its user-friendliness.

These purposes also include our legitimate interest in the processing of data in accordance with Art. 6 para. 1 lit. f DSGVO. By anonymizing the IP address, the interest of the users in their protection of personal data is sufficiently taken into account.

(4) Duration of storage

The personal data of the users are automatically deleted or anonymized after 14 months.

(5) Possibility of objection and removal

Users can prevent the storage of cookies by adjusting their browser software settings accordingly and thus permanently object to the setting of cookies. In addition, a cookie already set by Google can be deleted at any time via the internet browser or other software programs.

Furthermore, users can prevent the collection of data generated by the cookie and the transmission of data relating to their use of our website to Google and the processing of this data by Google by downloading and installing the browser add-on available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

The browser add-on prevents the future collection of data when visiting this website. To prevent Universal Analytics from collecting data across multiple devices, the browser add-on must be installed on all systems in use.

Further information and the applicable Google privacy policy can be found at

https://www.google.de/intl/de/policies/privacy/

and under

http://www.google.com/analytics/terms/de.html

can be called up. Additional explanations about Google Analytics can be found under the following link

https://www.google.com/intl/de_de/analytics/

XII. Use of Google Adwords Conversion Tracking

(1) Description and scope of data processing

For the promotion of our internet pages we use “Google Adwords” and in this context the “Conversion-Tracking” of the provider Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA). As a result, a so-called “conversion cookie” will be stored on the user’s computer – if a user accesses our website via a Google ad (for the term “cookie” see section VI.). Conversion cookies have a limited validity and do not serve to identify the person concerned.

The conversion cookie records information about the user’s activities on our Internet pages (such as surfing behaviour or visited sub-pages of our Internet offering). All usage data is stored using a pseudonym, so that personal identification is generally excluded.

Google also uses the information collected via the conversion cookie to create visit statistics about our websites. This tells us the total number of users who have been forwarded to us via AdWords ads. The collected information as well as the IP address of the user is transferred to Google in the USA and stored there. Google may pass on this data to third parties.

Further information about Google AdWords Conversion Tracking can be found under the following link:

https://support.google.com/adwords/answer/1722022?hl=de

(2) Legal basis

The processing of personal data in the context of Google AdWords is based on Art. 6 (1) lit. f DSGVO from the legitimate interest in targeted advertising and the analysis of the impact and efficiency of this advertising.

(3) Purpose of data processing

The purpose of Google AdWords is the targeted advertising of our Internet pages. The visit statistics serve to analyze the effect and efficiency and thus to optimize our AdWords ads.

In these purposes is also our legitimate interest in the processing of these data according to Art. 6 paragraph 1 lit. f DSGVO.

(4) Possibility of objection and removal

Users can prevent the storage of cookies by adjusting their browser software settings accordingly and thus permanently object to the setting of cookies. In addition, a cookie already set by Google can be deleted at any time via the internet browser or other software programs.

In addition, users can deactivate their personalized advertising in Google’s advertising settings. Instructions for this can be found under the following link:

https://support.google.com/ads/answer/2662922?hl=de

XIII. Use of Facebook, Instagram, YouTube

(1) Description and scope of data processing

On our websites we have integrated links to the following social media services:

  • Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  • Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
  • YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

The social media services can be recognized by their respective company logo (button). By activating the link, our company presence is called up at the respective social media service.

For better data control of our users, we use the so-called Shariff component for the integration of the social media buttons. This prevents the personal data of our users from being transmitted to the respective social media services not, as is otherwise the case, when a user simply calls up an Internet page on which a social media button is integrated, but only when the user actively presses one of the buttons.

Further information on the Shariff component is available from the computer magazine c\’t at

http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html

made available.

If the user activates the link to a social media service by clicking on one of the buttons, a connection to the servers of the respective operator is established and the information is transmitted that the user has visited our website. In addition, further data is transmitted to the operator of the social media service. These are for example:

  • Address of the website where the activated link is located
  • Date and time when the website was accessed or the link was activated
  • Information about the browser and operating system used
  • IP address

If the user is already logged in to the corresponding social media service at the time the link is activated, the operator of the social media service may be able to determine the user name from the transmitted data and assign this information to the respective personal user account at the social media service.

We would like to point out that we have no influence on the scope, type and purpose of data processing by the providers of the social media services. More detailed information on the use of personal data by the providers of these services can be found in the respective data protection declarations, which:

For Facebook at: https://de-de.facebook.com/policy.php
For Instagramm at: https://help.instagram.com/155833707900388 and at: https://www.instagram.com/about/legal/privacy/
For YouTube at: https://www.google.de/intl/de/policies/privacy/

can be called up.

The servers of social media services are located in the USA and other countries outside the European Union. The data can therefore be processed by the provider of the social media service in countries outside the European Union. We would like to point out that companies in these countries are subject to a data protection law which generally does not protect personal data to the same extent as it is the case in the member states of the European Union.

(2) Removal possibility

Users can exclude the possibility of assignment to your personal user account if they log out of their user accounts with the social media providers before using our websites.

XIV. Integration of third-party services and content

(1)

Description and scope of data processing

We have integrated the following content and services of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA into our web pages:

  • Videos of the platform “YouTube
  • Script and font libraries of the “Google Fonts” service
  • Maps of the “Google Maps API” service

The integration of such content requires that Google has access to the user’s IP address, otherwise the content cannot be transmitted to the user’s browser.

In addition, Google also uses counting pixels (so-called “web beacons”), which enable a statistical evaluation of the number of visitors and surfing behavior, regardless of whether a personal user account exists with the third-party provider or whether the user is logged in there. In addition, the collected data can be stored together with other technical information (such as browser type, operating system and referring website) in cookies (see section VII) on the user’s computer. As a rule, the data is stored using a pseudonym, so that personal identification is not possible.

However, if the user has his own account with the third-party provider and is logged in there during his visit to our websites, information can be assigned to his account and used to create user profiles.

The processing of personal data by Google takes place on servers in the USA. Google has, however, submitted to the EU-US Privacy Shield and guarantees a level of data protection comparable to the European regulations.

Further information on the EU-US Privacy Shield can be found at the following link:

https://www.privacyshield.gov/EU-US-Framework

Further supplementary information on the aforementioned services and Google’s privacy policy is also available at the following links

https://www.google.com/webfonts/
https://www.google.com/policies/privacy/

For better data control, we also use the so-called “extended privacy mode” for the integration of YouTube videos, i.e. no data about the user is transferred to third parties until the video is played. Only when a video is actively clicked does the aforementioned data transfer occur.

(2) Legal basis for the processing of personal data

The legal basis for the inclusion of third-party content is Art. 6 para. 1 lit. f. DSGVO.

(3) Purpose of processing

Third party services are integrated in order to provide our users with a needs-oriented website as well as to correctly display and continuously optimize the content of our pages in the interest of our users.

These purposes also constitute our legitimate interest within the meaning of Art. 6 para. 1 lit. f. DSGVO.

(4) Possibility of disposal

The data processing in connection with the integration of YouTube videos on our pages is deactivated by default. A processing therefore only takes place when a video is actively clicked. The user therefore has control over whether he/she wishes to allow the transmission and processing by the third-party provider.

Furthermore, the assignment of personal data to a personal account can be prevented by logging out beforehand.

The persons concerned also have the right to object to the creation of user profiles. The right of objection must be exercised vis-à-vis the third party provider.

XV. actuality and change of this privacy policy

This privacy policy is currently valid and has the status of May 2018.
Due to the further development of our websites and our offers as well as due to changed legal or official requirements it may become necessary to change this data protection declaration from time to time.

The current data protection declaration can also be accessed and printed out at any time at the address: https://pandion-service.de/en/privacy/

XVI. Questions on data protection

If you have any questions regarding data protection in relation to our Internet pages, you can contact us at any time at the following address:

PANDION Service Company GmbH
e-mail: datenschutz@pandion.de
Phone: +49 (0) 221 / 71600580