Close ×
Close ×

CONTACT

Privacy Policy

Thank you for visiting our website and for your interest in our company. We are committed to protecting your privacy and any personal data you may provide to us in accordance with the provisions of the relevant legal regulations, in particular Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

The following Privacy Statement applies to the use of

  • our website,
  • our company profiles and fanpages on Facebook and Instagram,
  • our company profile on XING, and
  • our company profile on LinkedIn.

1. Controller

The Controller concerning the collection, processing and use of your personal data within the meaning of Article 4(7) of the GDPR is

Trierer Hafengesellschaft mbH
Ostkai 4
54293 Trier

Phone: +49 (0)651 96804-30

Fax: +49 (0)651 96804-40

E-Mail: info@hafen-trier.de

If you wish to object to the processing of your data by us in accordance with these data protection provisions, either in whole or in respect of individual measures, you may address your objection to the Controller or the Data Protection Officer.

2. Data Protection Officer

IPlease direct any inquiries regarding data protection to the contact options listed under section 1.

3. Storage / retention period

Unless specifically stated, we will only store personal data for as long as is necessary to fulfil the purposes for which it was collected. In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will only be further stored by us for these legal purposes but will not be processed in any other way and will be deleted after the legal retention period has expired.

4. Communication by e-mail

.When you contact us via e-mail, we process your details for processing your enquiry and for responding to any subsequent questions that may arise.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out on your request, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is point b of Article 6(1) of the GDPR.

We only process further personal data if you consent to this (point a of Article 6(1) of the GDPR) or if we have a legitimate interest in processing your data (point f of Article 6(1) of the GDPR). A legitimate interest is, for example, to respond to your e-mail.


5. Website

5.1 Hosting

This website is hosted by an external service provider (hosting provider). The personal data collected on this website are stored on the hosting provider’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses, and other data generated via a website.

The services of the hosting provider are used for the purpose of fulfilling contracts with our potential and existing customers (point b of Article 6(1) of the GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (point f of Article 6(1) of the GDPR).

Our hosting provider will only process your data to the extent that this is necessary for the fulfilment of their service obligations and will follow our instructions with regard to this data.

We use the services of the following hosting provider:

propeller GmbH
Karthäuserstraße 18
54290 Trier

In order to ensure data protection-compliant processing, we have concluded a contract processing agreement pursuant to Article 28 of the GDPR with our hosting provider.

5.2 Logging

Our hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address (masked), and
  • browser type and version.

The legal basis for this data processing is our legitimate interest pursuant to point f of Article 6(1) in conjunction with Article 28 of the GDPR.

5.3 Cookies

We use so-called “cookies” on our website. Cookies are small text files that contain certain data about your visit (e.g., to our website). These text files are automatically created by your browser and stored on your terminal device for a limited period of time when you visit our site. If our website is called up again from this terminal device, your browser sends back the content of the cookies and thus enables us to recognise you.

Of course, you can also view our website without cookies. You can deactivate the acceptance of cookies by your browser via your browser settings and delete already stored cookies in your browser at any time. Please use the help functions of your internet browser to learn how to change these settings. However, we cannot rule out the possibility that individual functions of our website may not work if you have deactivated the use of cookies.

If you would like to learn more about using your browser settings to control cookies, please visit the following website: https://www.allaboutcookies.org.

5.3.1 Cookies not requiring consent

The following cookies are set and stored until their automatic deletion without your intervention:

Name of cookiePurposeStorage periodType of cookie or provider
pll_languageSet by WordPress to save the language setting of the website user.1 yearPermanent cookie or protocol cookie

The cookies used serve the purpose and our legitimate interest to automatically recognize when you visit our site again that you have already been with us and what entries and settings you have made, so that you do not have to enter them again and to make the use of our website more convenient for you.

The legal basis for this data processing is point f of Article 6(1) of the GDPR. Recipients of the data are limited to the Controller and the operator of the host server of our website, rendering their services for us within the scope of a contract processing contract pursuant to Article 28 of the GDPR.

However, we do not use your data to draw conclusions about your identity. The data is not stored together with other personal data.

5.3.2 Cookies requiring consent

If cookies are used by third parties or for analysis purposes, we will inform you separately in the context of this Privacy Statement and, if necessary, request your consent.


5.4 Analysis and tracking tools

5.4.1 Matomo

We use Matomo, an open-source tool that we operate on our own server, to analyse the use of our website and also of individual functions and offers in order to continuously improve user experience. Through the statistical evaluation of user behaviour, we improve our offer and make it more interesting for visitors.

If necessary, a cookie is set on the user’s terminal device, which can be used to track activities and, for example, identify recurring visits. The IP address of the user is automatically shortened, so that it is no longer possible to draw conclusions about individual persons. Among other things, the approximate geographical location, terminal device, screen resolution, browser as well as visited pages including the duration of stay are evaluated.

Name of cookiePurposeStorage periodType of cookie or provider
_pk_id.x.xxxxThe cookie identifies users and checks if a session is already active and calculates cross-session metrics such as number of visits to target completion, number of visits or days since last visit.13 monthsPersistent cookie
_pk_ref.x.xxxxThe cookie is responsible for the conversion attribution in the target reports in Matomo.6 monthsPersistent cookie
_pk_ses.x.xxxxIf the cookie is not available and the last recorded visit to the website was more than 30 days ago, the visitor counter in the pk_id cookie is incremented.30 minutesSession cookie

If we obtain the consent of the user for the setting of cookies, the processing of data is carried out on the legal basis provided in point a of Article 6(1) of the GDPR. This consent can be revoked at any time.

Furthermore, it is based on point f of Article 6(1) of the GDPR. Our legitimate interest is the optimization of our website, the improvement of our offers, and the support of our online marketing activities.

Matomo is an open-source project of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

For more information on privacy, please see their privacy statement at: matomo.org/privacy-policy/

Recipients of the data are limited to the Controller and the operator of the host server of our website, rendering their services for us within the scope of a contract processing contract pursuant to Article 28 of the GDPR.


6. Extensions and tools

6.1 Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server located in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our online offers and allows to easily locate the places indicated by us on the website. This constitutes a legitimate interest within the meaning of point f of Article 6(1) of the GDPR. If a corresponding consent was requested, the processing is carried out exclusively on the basis of point a of Article 6(1) of the GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the adequacy decision of the EU Commission of 10 July 2023 (so-called Data Privacy Framework).

See here for details:

https://privacy.google.com/businesses/gdprcontrollerterms and

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information about the handling of user data can be found in Google’s privacy policy:

https://policies.google.com/privacy?hl=de.

6.2 YouTube

This website embeds videos from YouTube. The operator of the corresponding pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. This mode, according to YouTube, has the effect that YouTube does not store information about visitors to this site before they view the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. So, regardless of whether you watch a video, YouTube connects to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. When this happens, the YouTube server is given information on which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your terminal device after starting a video or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online content. This constitutes a legitimate interest within the meaning of point f of Article 6(1) of the GDPR. If a corresponding consent was requested, the processing is carried out exclusively on the basis of point a of Article 6(1) of the GDPR; consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.


7. Social Media

7.1. Facebook / Instagram

The following applies to any content on our company pages on the social networks Facebook and Instagram.

As the operator of our Facebook and Instagram pages, we,

Trierer Hafengesellschaft mbH
Ostkai 4
54293 Trier,

together with the operator of the social networks Facebook and Instagram,

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland,

(hereinafter referred to as “Meta”) are – due to the current case law (ECJ, 05/06/2018, Ref. C-210/16) – joint controllers within the meaning of Art. 4 (7) of the General Data Processing Regulation (GDPR).

7.1.1 Shared responsibility and allocation of responsibility

If you transmit personal data to us via our company pages on the social networks Facebook and Instagram and we alone decide on the purposes and means of processing, we are the sole controller of the processing.

Insofar as personal data are processed in connection with our company pages on the social networks Facebook and Instagram and Meta alone decide on the purposes and means of processing, Meta is the sole controller of the processing.

Furthermore, joint responsibility for the company pages results from an agreement with Meta according to Art. 26 GDPR.

Decisive within this agreement are the Terms of Use, the Platform Policy and the Community Guidelines of Instagram and with regard to Facebook the Facebook Terms & Policies. Additional Facebook tools and information can be found in your Facebook settings.

7.1.2 Processing of personal data, purpose limitation and legal basis

We collect all users and their posts or comments and messages on our company pages. Systematic collection enables us to respond promptly to user contributions and to continuously improve our offerings and customer service. In the course of this collection, we process, for example, name, IP address, date and time.

We will only use your personal data for the purposes for which either you provide your data to us or for which we are legally entitled to do so. We would also like to use your data to inform you occasionally about new products or services or other offers of Trierer Hafengesellschaft mbH and its cooperation partners that may be of interest to you and to generally present our company.

The legal basis for the processing is Art. 6 (1) subpara. 1 point (f) of the GDPR. Our legitimate interest is to provide you with useful information and to be able to present our company through the company pages.

If you contact us via the aforementioned company pages on Facebook or Instagram, we will also use your personal data to process your request. The legal basis for this is also Art. 6 (1) subpara. 1 point (f) of the GDPR.

We assure you that we will only pass on your data to third parties within the scope of our legal obligations or rights or based on your consent.

7.1.3 Data transfer and use by Meta

The recipient of the personal data collected on Facebook or Instagram is Meta itself as the operator of the social media platforms. We have no knowledge of the content and use of your personal data by Facebook or Instagram. Thus, we cannot exclude that Facebook or Instagram will also process collected data outside the European Union.

Tot the extent that data is transmitted by Facebook or Instagram to the US, Facebook or Instagram and also government authorities have access to this data.

For further information on data processing by Meta, please refer to the respective privacy policies issued by Facebook and Instagram.

7.1.4 Right to object

You can object to the use of your data at any time, provided that there are grounds relating to your particular situation. Processing will nevertheless take place if there are compelling legitimate grounds to further process the data that override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If you wish to object to the use of your data by us, please contact us using the contact details provided above.

If you wish to object to the use of your data by Facebook or Instagram, you can exercise your right here.

Changing the collection of user data on Facebook is possible in Facebook’s Your Profile and Settings section.

Changing the collection of user data on Instagram is possible directly on Instagram in the Privacy and Security section.

If the use of cookies is to be prevented, the acceptance of third-party cookies can be denied your own browser settings. You can read more about this in the section 5.3.

7.1.5 Requests for information and assertion of data subject rights

We ask you to address requests for information and enquiries regarding the assertion of data subject rights directly to Meta.  Only Meta has unrestricted access to the relevant content and can take any necessary measures.

If there is a need for action on our part concerning your request, you can contact us directly or our data protection officer at any time using our contact details provided above. 

You also have the option of submitting a complaint to a data protection supervisory authority.

7.1.6 Liability and access blocks

Any liability of Trierer Hafengesellschaft mbH for damage or consequential damage resulting from access to or use of the company pages (or from the impossibility of access or use) or from links to other websites is excluded.

In the event that security risks are identified, Trierer Hafengesellschaft mbH expressly reserves the right to interrupt access to their company pages until such risks have been rectified or, in serious cases, to block access. Any liability of Trierer Hafengesellschaft mbH for any damage or consequential damage resulting from the interruption or blockage is excluded.


7.2 LinkedIn

As the operator of the Port of Trier (Hafen Trier) company page on LinkedIn, we have access to statistical analyses of the visits to our company page. This data is available in aggregated and anonymous form and does not allow us to draw any conclusions about individual visitors to the company page. We use the statistical evaluations in order to make and keep information provided attractive for visitors of the company page and align it with the user interests.

If users are logged in to LinkedIn via a user account while accessing the company page, selected profile master data, such as the industry of the user’s employer, can also be included in the statistical analyses. This information is not available if you log out of LinkedIn beforehand via your user account.

Visitors to the company’s page also have the opportunity to use interactive functionalities, such as the “Like” symbol or sharing and commenting on posts. Using these features usually requires the visitor to log in to LinkedIn. When using these features, personal data and information are visible to us and also to other visitors to the company page, and direct reference to a person may be possible. We have no influence on the interactive functionalities and the visibility of the user activities on our company page on LinkedIn.

At this point, we would like to expressly point out that our company page on LinkedIn can, of course, also be visited without using these interactive functionalities.

Our company page also offers the possibility to contact us by sending a message via the indicated contact channels. We process the information transmitted in this way in accordance with point f of Article 6(1) of the GDPR (legitimate interest). We use this information only for the purpose of responding to your requests in a targeted manner.

Information about the processing of personal data by LinkedIn can be found in LinkedIn’s privacy policy, which can be accessed via the following link:

https://www.linkedin.com/legal/privacy-policy

7.3 Xing

As the operator of the Port of Trier (Hafen Trier) company page on XING, we have access to statistical analyses of the visits to our company page. This data is available in aggregated and anonymous form and does not allow us to draw any conclusions about individual visitors to our company page. We use the statistical evaluations in order to make and keep information provided attractive for visitors of the company page and align it with the user interests.

If users are logged in to XING via a user account while accessing the company page, information about the access to the service can be assigned to the respective user account. This information is also available to us as the operator of the company page. The provision of this information can be avoided by logging out of XING via the user account before accessing the company page.

Visitors to our company page also have the opportunity to use interactive functionalities, such as the “Like” symbol or sharing and commenting on posts. Using these features usually requires the visitor to log in XING. When using these features, personal data and information are visible to us and also to other visitors to the company page, and direct reference to a person may be possible. We have no influence on the interactive functionalities and the visibility of the user activities on our company page on XING.

At this point, we would like to expressly point out that our company page on XING can, of course, also be visited without using these interactive functionalities.

Our company page also offers the possibility to contact us by sending a message via the indicated contact channels. We process the information transmitted in this way in accordance with point f of Article 6(1) of the GDPR (legitimate interest). We use this information only for the purpose of responding to your requests in a targeted manner.

3. Information about the processing of personal data by XING

Information about the processing of personal data by XING can be found in XING’s privacy policy, which can be accessed via the following link:

https://privacy.xing.com/de/datenschutzerklaerung


8. Data protection regarding job applications and the application process

For unsolicited applications or applications for posted jobs, we collect and process the personal data of applicants for the purpose of establishing contact and carrying out the application process.

Processing can also be carried out electronically. Specifically, this is the case if an applicant submits the relevant application documents to us electronically, for example by e-mail.

If we conclude an employment contract with an applicant, the data transmitted will be processed and stored in compliance with the statutory provisions for the purpose of establishing and implementing the employment relationship.

The legal basis for the aforementioned processing operations is Article 6(1)(b) of the GDPR.

If we do not conclude an employment contract with the applicant, the application documents will be deleted two months after our negative reply, provided that there are no other legitimate interests of the Controller that would prevent deletion. Other legitimate interest in this context is, for example, a burden of proof in proceedings under the General Equal Treatment Act [Allgemeines Gleichbehandlungsgesetz, AGG].


9. Data protection regarding our webcam

We operate a webcam to provide you with an impression of the port premises.

If persons can be identified or personal data is transferred in any other way, we will only process such data for the above-mentioned purpose.

The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR on the basis of a balancing of interests. We have an interest in image transmission to show images of the port to interested parties. We do not see any conflicting interests worthy of protection, as people are only accessories to the location. The images will not be stored by us; they will be exclusively used for live transmission.

 The data will not be passed on to third parties. We cannot prevent the storage of images by third parties who visit our website.


10. Data protection regarding the photo campaign and photo wall

As part of marketing campaigns such as “Become a port fan”, we offer a voluntary photo campaign at various events where you can have your picture taken in front of our photo wall and become a “Port Fan”. You will receive a link from us which you can use to download your photos.

We will use your photos for advertising and marketing purposes for the Port of Trier. Your photos will therefore be published on our websitewww.hafen-fan.de, in advertising materials and on our profile pages on Facebook, Instagram, Xing and LinkedIn.

You can participate voluntarily in the photo campaign under the above conditions. By voluntarily participating in the campaign, you not only give your consent for a photo to be taken of you, but also for this photo to be published for marketing purposes on the above-mentioned channels. If you do not wish to do so, please do not participate in the campaign.

The legal basis for processing the photos as part of the marketing campaign is Article 6(1)(f) of the GDPR as part of our legitimate interests in carrying out advertising and marketing campaigns. The legal basis for the publication of a photo of the persons depicted is the consent of these persons pursuant to Article 6(1)(a) of the GDPR in conjunction with Article 22 of the German Copyright Act [Kunsturhebergesetz, KUG].

The photos will only be passed on to our respective marketing service providers (e.g. advertising agency or print shop). However, we cannot prevent third parties from accessing the photos on our public profiles and websites on the Internet.

Right to object

If you no longer wish your photos to be published, you can object to their future use. Please contact us directly using the contact details provided in section 1. The use of the photos remains lawful until such time we receive your objection.


11. Data protection regarding competitions

We regularly organize competitions where personal data is collected.

When you participate in a competition, we process your data for the following purposes:

  • implementation of the competition;
  • notification of any prize(s) won;
  • provision of contractually guaranteed services, such as answering any claim to the delivery of the prize offered as part of the competition;
  • communication between us and external service providers (e.g. photographer, advertising agency, print shop, persons involved in the prize (e.g., Meet & Greet)).

If, when registering for the competition, you have also given us your consent to contact you for advertising purposes after the competition has ended, we will process your data for the following purposes:

  • promotion of the #HafenFan campaign in printed media (e.g. Hafennews magazine), on hafen-trier.de, on hafen-fan.de and the respective subpages as well as on our social media channels;
  • delivery of advertising material and news about the port by telephone, e-mail and/or regular mail at irregular intervals;
  • communication between us and external service providers (e.g. photographer, advertising agency, print shop).

The winners’ details will not be published; if necessary, we will ask the winners whether they agree to a subsequent publication.

As part of the competition, we only process the data necessary for participation in the competition and the delivery of prizes, e.g. master and contact data (full name, address, e-mail address, date of birth if necessary), as well as log data that is generated when using our website and IT systems.

If you have also given us your consent to contact you for advertising purposes, we will also process your master and contact data (full name, address, e-mail address, telephone number), as well as log data that is generated when you use our website and IT systems.

This data comes directly from you, as it is collected as part of your participation in one of our competitions.

The legal basis for the processing of your data in the context of the competition follows from Article 6(1)(b) of the GDPR, namely for the execution of contract initiation and performance of the competition contract concluded between you and us.

Provided you have given us your consent to process your data for advertising purposes, the legal basis follows from Article 6(1)(a) of the GDPR. You can revoke your consent at any time by contacting us for the purpose of revocation under our contact details provided in Section 1 (“Controller”). Data processing remains lawful until revocation.

The legal basis for the processing of your data for communication with external third parties follows from Article 6(1)(f) of the GDPR, namely from the protection of our legitimate interests or those of third parties.

Your data will only be passed on to third parties for the fulfillment of contractual or legal obligations. In addition, the service providers we use may also receive data from us for these purposes.

We process and store your personal data for the duration of the existing contract. If the data is no longer required for the fulfillment of contractual or legal obligations, we regularly delete the data, although we must comply with the statutory retention obligations (in particular Article 257 of the German Commercial Code [Handelsgesetzbuch, HGB] and Article 147 (1) of the German Fiscal Code [Abgabenordnung, AO]). Retention periods under these regulations can be up to 7 years. To the extent that data is to be stored to secure the enforcement of legal claims, the limitation periods can be up to 30 years, the regular limitation period being three years.

If your data is used for advertising purposes, we will only process the data until you object to its use or revoke your consent or until its use is no longer permitted by law.

You can find your rights as a data subject in section 12 of our Data Protection & Privacy Statement.

Objection to processing for advertising purposes

You have the right to object to the processing of personal data for advertising purposes at any time. We will then no longer process your personal data for the purposes of direct marketing or related profiling.

We will also not process your personal data for other purposes following an objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (see Article 21 (1), (6) of the GDPR, so-called “limited right to object”). In this case, you must provide reasons for the objection that arise from your particular situation.


12. Data protection regarding advertising and marketing

We only distribute advertising material, information about the Port of Trier, competitions or other advertising and marketing information to existing customers of the Port of Trier or to persons who have given us their consent to do so.

As part of our advertising and marketing communication, we process your data for the following purposes:

  • promotion of the #HafenFan campaign in printed media (e.g. Hafennews magazine), on hafen-trier.de, on hafen-fan.de and the respective subpages as well as on our social media channels;
  • delivery of advertising material and news about the port by telephone, e-mail and/or regular mail at irregular intervals;
  • communication between us and external service providers (e.g. photographer, advertising agency, print shop).

As part of our advertising and marketing communication, we process your master and contact data (full name, address, e-mail address, telephone number), as well as log data that is generated when you use our website and IT systems.

The data comes directly from you, as we collect it from forms that persons fill out themselves. In the case of existing customers, we collect the data from the customers themselves or from the contractual documents.

Provided you have given us your consent to process your data for advertising purposes, the legal basis follows from Article 6(1)(a) of the GDPR. You can revoke your consent at any time by contacting us for the purpose of revocation under our contact details provided in Section 1 (“Controller”). Data processing remains lawful until revocation.

The legal basis for processing the data of existing customers follows from Article 6(1)(f) of the GDPR, Section 7(3) of the German Act Against Unfair Competition [Bundesgesetz über den unlauteren Wettbewerb, UWG], namely the protection of our legitimate interests or those of third parties.

Your data will only be passed on to external service providers (e.g. print shop, advertising agency, mailing services, etc.) for the aforementioned purposes.

If your data is used for advertising purposes based on your consent, we will only process the data until you object to its use or revoke your consent or until its use is no longer permitted by law. In the case of existing customers, we process the data until the contractual relationship ends or the customer objects to the future use of the data for advertising purposes.

You can find your rights as a data subject in section 13 of our Data Protection & Privacy Statement.

Objection to processing for advertising purposes

You have the right to object to the processing of personal data for advertising purposes at any time. We will then no longer process your personal data for the purposes of direct marketing or related profiling.

We will also not process your personal data for other purposes following an objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (see Article 21 (1), (6) of the GDPR, so-called “limited right to object”). In this case, you must provide reasons for the objection that arise from your particular situation.


13. Your rights as data subject

Under the applicable laws, you have various rights with respect to your personal data. If you wish to exercise these rights, please send your enquiry by e-mail or postal service to the address stated in paragraph 1, clearly identifying yourself.

In the following, you will find an overview of your rights.

13.1 Right to confirmation and information

You have the right to receive clear information about the processing of your personal data.

This specifically includes the following:

You have the right at any time to request from us confirmation as to whether personal data concerning you are being processed. If this is the case, you have the right to request information about the personal data stored about you including a copy of these data free of charge. Furthermore, you have a right to the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.

13.2 Right to rectification

You have the right to demand that we correct and, if necessary, complete your personal data.

This specifically includes the following:

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

13.3 Right to erasure (“right to be forgotten”)

In a number of cases, we are obliged to delete personal data relating to you.

This specifically includes the following:

Pursuant to Article 17(1) of the GDPR you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw consent on which the processing is based according to point (a), sentence 1 of Article 6 (1) of the GDPR or point (a) of Article 9(2) of the GDPR and there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
  4. The personal data have been unlawfully processed.
  5. The personal data have to be erased for compliance with a legal obligation under Union or Member State law to which we (as the Controller) are subject.
  6. The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

Where we have made the personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

13.4 Right to restriction of processing

In a number of cases, you are entitled to request that we restrict the processing of your personal data.

This specifically includes the following:

You have the right to obtain from us restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. we no longer need the personal data for the purposes of processing, but they are required by you to establish, exercise or defend legal claims; or
  4. you have objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of our company override yours.

13.5 Right to data portability

You have the right to obtain the personal data concerning you in machine-readable form, to transmit the data or to have the data transmitted by us.

This specifically includes the following:

You have the right to receive the personal data concerning you, which you have provided to a us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:

  1. the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of  (2) of the GDPR or on a contract pursuant to point (b) Article 6 (1) of the GDPR and Article 9
  2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

13.6 Right to object

You have the right to object to lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing are not overriding.

This specifically includes the following:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

13.7 Right to withdraw consent under data protection law

You have the right to withdraw a consent to the processing of personal data at any time.

13.8 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.

The competent data protection supervisory authority for us is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate), Prof. Dr. Dieter Kugelmann
Hintere Bleiche 34, 55116 Mainz, website: https://www.datenschutz.rlp.de/, e-mail: poststelle@datenschutz.rlp.de.


12. Data security

We make every effort to ensure the security of your data under consideration of the applicable data protection laws and technical possibilities.

We will transmit your personal data encrypted. This applies to your orders and also to the customer login. We use SSL (Secure Socket Layer) coding but would like to point out that data transmission over the Internet (e.g., communication by e-mail) can be subject to security gaps. Complete protection of the data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Article 32 of the GDPR, which we constantly adapt to the state of the art.

Furthermore, we do not guarantee that our services will be available at specific times; disruptions, interruptions or failures cannot be ruled out. We use servers that are regularly and carefully backed up.


13. Automated decision-making / profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. There is no automated decision-making or profiling on the basis of the personal data collected


14. Transfer of data to third parties, data transfer to non-EU countries

We generally use your personal data only within our company.

If and to the extent that we involve third parties in the performance of contracts, these parties will only receive personal data to the extent necessary for the provision of the corresponding service.

In the event that we outsource certain parts of our data processing (contract processing by “Processors”), we contractually require Processors to use personal data only in accordance with the requirements of the applicable data protection laws and to protect the rights of the Data Subject.

Among other things, tools from companies based in the USA are integrated on our website. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you, as the data subject, being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services or law enforcement agencies) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no control over these processing activities


15. Other

We reserve the right to change this statement at any time. It does not create any contractual or other formal right with respect to or on behalf of any party.

This Data Protection & Privacy Statement was last amended on: 6 May 2024