Compliance with data protection legislation is not only a legal obligation for Florenus AG but also crucial to building trust. This privacy statement is intended to provide you with transparent information on what kind of data we collect, process and store, and for what purpose, on our website. It also provides you information on your rights.
Responsible for data processing (controller)
Florenus AG, Kurfürstendamm 136, 10711 Berlin, Germany, (hereinafter referred to as “we”) is the operator of the website www.florenus.com and as such is responsible pursuant to Art. 4 para. 7 of the European General Data Protection Regulation (GDPR). Should you have any questions, please contact us at firstname.lastname@example.org
Your rights as the data subject
As the data subject, you have the following rights when it comes to your personal data. You have
- the right to information about the categories of data processed, the purposes of the processing, the period for which the data will be stored and any recipients to whom the data has been or will be disclosed. (Art. 15 GDPR)
- the right to rectification or deletion of incorrect or incomplete data. (Articles 16 and 17 GDPR)
- the right to restriction of processing insofar as deletion is not possible or is in dispute. (Art. 18 GDPR)
- the right to object to the processing insofar as the data processing was performed on the basis of a legitimate interest. (Art. 21 para. 1 GDPR)
- the right to revoke your consent at any time in the future. (Art. 7 para. 3 GDPR)
- the right to data portability in a commonly use format. (Art. 20 GDPR)
- You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data, in particular in the member state of your habitual residence, place of work or place of the alleged infringement. (Art. 77 GDPR)
We protect our website and other systems – and thus also your data – against loss, destruction, access, alteration or distribution by unauthorized persons through the use of appropriate technical and organizational measures. In particular, your personal data is transmitted in encrypted form over the Internet using the Transport Layer Security (TLS) cryptographic protocol.
The transmission of information over the Internet is, however, never entirely secure. We are therefore unable to provide you with a 100-percent guarantee with regard to the security of the data transmitted from our website.
Data transmission to a third country outside the EU
As a rule, all the information that we obtain from you or about you is processed on servers located within the European Union. Your data will only be transmitted to or processed in a third country outside the EU without your express consent insofar as this is provided for by law and an appropriate level of data protection is ensured by the third country involved.
Transmission of data to third parties, commissioned data processing
We will not pass your personal data on to third parties unless
- you have consented to the transmission of data or
- we are entitled or obligated to pass on this data
- on the basis of legal requirements,
- government directives or court rulings.
This may involve providing information for criminal prosecution, security purposes or the enforcement of intellectual property rights in particular.
Under certain circumstances, we may also transmit your data to external service providers (processors) in order to simplify our own data processing. In this case, the processing of the data by this processor is governed by a contract in accordance with Art. 28 GDPR. This means in particular that the processor must offer sufficient guarantees that appropriate technical and organizational measures will be taken to ensure that processing is performed in accordance with the requirements stipulated in the GDPR and that the protection of your rights as the data subject is guaranteed. Although we commission processors, we nevertheless remain responsible for the processing of your personal data in accordance with data protection legislation.
Types, purpose and storage period of data, legal basis
Server log files
When you visit our website, your browser automatically transmits the following general information to our server, where it is stored in so-called “server log files”: your IP address, the type and version of browser and operating system you are using, the website from which you are visiting us (referrer), the date and time of your request and possibly your Internet service provider. The status and the volume of data transmitted are also saved in the context of this request.
Your IP address will only be stored for the duration of your visit to our website and will then be immediately deleted or parts of it obscured by means of abbreviation. The other data will be is stored for a limited period of time (a maximum of 7 days).
Art. 6 para. 1(f) GDPR provides the legal basis for the use of server log files (legitimate interest in the processing of the data). This legitimate interest arises from the need to process the data in order to operate our website. In particular, it is required to detect and eliminate errors on the website, to monitor usage of the website, to make adjustments or improvements to the website, and to ensure the security of the system.
Our website provides you with a number of opportunities to contact us directly. When you submit a contact form, you agree to the processing and storage of the data you provide (in particular your e-mail address). The data you provide will only be processed for the purpose for which you made it available to us when you contacted us, but no longer than 7 days after this purpose has been fulfilled. You can object to the processing of this data at any time in the future Please use the contact data in the Legal Notice to do this.
Art. 6 para. 1(a) GDPR provides the legal basis for the use of the data that you transmitted to us (consent given by the data subject).
We use so-called “cookies” to make our website more user-friendly. Simply put, a cookie is a small text file that is used to store data about visited websites. Cookies store a kind of “user profile”, i.e. things like the language you prefer and other page settings that our website needs in order to offer you certain services. This file is sent by our website and stored on your computer and helps us to recognize you the next time you visit our website. Cookies also provide us with information about your interaction with our website, which allows us to tailor the website to your particular interests and process your requests faster.
You can use your browser’s security settings to manually delete cookies at any time. You can also prevent cookies from being stored, i.e. disable them, from the start by configuring your browser accordingly. Please note that if cookies are disabled, you may not be able to use the full functionality of our website. If you only want to accept our cookies but not those of our processors, you can prevent these “third-party” cookies from being stored (i.e. disable them) by selecting the appropriate setting in your browser.
We use third-party services such as plug-ins and application programming interfaces (APIs) to enhance the functionality of our website. This may involve the transmission of data to the provider of the respective service. We make use of the following services:
You can prevent the data about your use of the website (including your IP address) generated by the cookie from being conveyed to and processed by Google by downloading and installing the browser plug-in available under the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de.
Art. 6 para. 1(f) GDPR provides the legal basis for the use of Google Analytics (legitimate interest in the processing of the data). This legitimate interest arises from our need for an anonymous evaluation of users’ behavior on our website in order to improve the design of our website in line with users’ needs.
Our website uses Google’s external font service Google Fonts. This service enables us to present our website in a uniform and attractive manner – even on user devices with very different configurations – by loading fonts from an external server instead of the user’s device. The fonts needed are usually requested from a Google server in the USA. This request transmits the following information to the Google server and stores it there: the web pages that you have visited on our website and the IP address of your device/computer. Art. 6 para. 1(f) GDPR provides the legal basis for the use of Google Fonts (legitimate interest in the processing of the data). This legitimate interest arises from our need to present our website in an attractive and uniform manner.
Status of the privacy statement as of: 24.05.2018
Source of the original German text: www.sddsg.de