Data protection
From: Schleswig-Holstein Law on the Protection of Personal Data
(State Data Protection Act - LDSG) From 2 May 2018
§ 33 Right to information
(1) The controller (Astrid Franke) shall, upon request, provide data subjects with information as to whether data concerning them are processed. Data subjects also have the right to receive information about
1. the personal data being processed and the category to which they belong,
2. the available information on the origin of the data,
3. the purposes of the processing and its legal basis,
4. the recipients or categories of recipients to whom the data have been disclosed, in particular recipients in third countries or international organisations,
5. the storage period applicable to the data, or, if not possible, the criteria used to determine that period,
6. the existence of a right to rectification, erasure or restriction of processing of data by the controller,
7. the right under Section 36 to appeal to the State Commissioner, and
8. Information on how to contact the State Commissioner.
Contact:
Marit Hansen, ULD – Independent State Center for Data Protection Schleswig Holstein
Email: mail@datenschutzzentrum.de
Visitors:
Holstenstrasse 98
24103 Kiel
Postal address:
PO Box 71 16
24171 Kiel
Telephone: 0431 988-1200
Fax: 0431 988-1223
(2) Paragraph 1 shall not apply to personal data which are processed solely because they may not be erased due to statutory retention periods or which are used exclusively for the purposes of data backup or data protection control, if the provision of information would require disproportionate expenditure and processing for other purposes is excluded by appropriate technical and organisational measures.
(3) The data subject shall specify the type of personal data about which information is requested. The provision of information may be waived if the data subject does not provide any information that would enable the data to be located and the effort required to provide the information is therefore disproportionate to the interest in information asserted by the data subject.
(4) The controller may, under the conditions of Section 32(2), refrain from providing information pursuant to paragraph 1 sentence 1 or partially or completely restrict the provision of information pursuant to paragraph 1 sentence 2.
(5) The controller shall inform the data subject in writing without delay of the decision not to provide information or to restrict the provision of information. This shall not apply if the provision of this information alone would entail a risk within the meaning of Section 32 (2). The notification pursuant to sentence 1 shall be justified unless the communication of the reasons would jeopardise the purpose pursued by the decision not to provide information or to restrict the provision of information.
(6) If the data subject is informed pursuant to paragraph 5 that information will not be provided or that it will be restricted, he or she may also exercise his or her right to information through the State Commissioner. The controller must inform the data subject of this possibility and that he or she may appeal to the State Commissioner or seek legal protection in accordance with Section 36. If the data subject exercises his or her right pursuant to sentence 1, the information must be provided to the State Commissioner at his or her request. If the highest state authority determines in an individual case that the security of the Federation or a state would be endangered as a result, the rights pursuant to paragraph 5 may only be exercised by the State Commissioner for Data Protection personally or by persons specifically appointed by him or her in writing. The State Commissioner must at least inform the data subject that all necessary checks have been carried out or that an inspection has been carried out by him or her. This notification may contain information as to whether any violations of data protection law have been identified. The communication from the State Commissioner to the data subject must not allow any conclusions to be drawn about the level of knowledge of the controller unless the controller consents to further information. The controller may only refuse consent to the extent and for as long as he or she could refrain from providing information or restrict it in accordance with paragraph 4. The State Commissioner must also inform the data subject of his or her right to judicial protection.
(7) The controller shall document the factual or legal reasons for the decision.
§ 36
Appeal to the State Commissioner
(1) Without prejudice to other legal remedies, any person concerned may lodge a complaint with the State Commissioner if he or she considers that his or her rights have been violated by the processing of his or her personal data by public bodies for the purposes set out in Section 20. This does not apply to the processing of personal data by courts insofar as they have processed the data in the context of their judicial activities. The State Commissioner must inform the person concerned of the status and outcome of the complaint and draw his or her attention to the possibility of judicial protection under Section 37.
(2) The State Commissioner shall forward any complaint lodged with him or her concerning processing which falls within the competence of a supervisory authority in another Member State of the European Union to the competent supervisory authority in that other State without delay. In such a case, he or she shall inform the data subject of the forwarding and provide him or her with further assistance at his or her request.
Automatic data storage
When you visit websites these days, certain information is automatically created and stored, including on this website.
When you visit our website like you are doing now, our web server (the computer on which this website is stored) automatically saves data such as
- the address (URL) of the website accessed
- Browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the hostname and IP address of the device from which access is made
- Date and Time
- in files (web server log files).
As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass this data on, but cannot rule out that this data will be viewed if illegal behavior occurs.
The legal basis according to Article 6 paragraph 1 f GDPR (lawfulness of processing) is that there is a legitimate interest in enabling the error-free operation of this website by recording web server log files.
Cookies
Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.
What exactly are cookies?
Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you your usual default settings. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.
For example, cookie data can look like this:
- Name: _ga
- Expiry time: 2 years
- Use: Differentiation of website visitors
- Example value: GA1.2.1326744211.152311109691
A browser should support the following minimum sizes:
- A cookie should be able to contain at least 4096 bytes
- At least 50 cookies should be able to be stored per domain
- A total of at least 3000 cookies should be able to be stored
What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is explained in the following sections of the privacy policy. At this point we would like to briefly explain the different types of HTTP cookies.
There are 4 types of cookies:
Strictly necessary cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages and only later proceeds to the checkout. These cookies do not delete the shopping cart, even if the user closes their browser window.
Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers.
Targeted cookies
These cookies improve user experience. For example, entered locations, font sizes or form data are stored.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.
Usually, when you first visit a website, you will be asked which of these types of cookies you would like to accept. And of course, this decision will also be saved in a cookie.
How can I delete cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting cookies, only partially allowing them or deactivating them. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing cookies and website data with Safari
Firefox: Clear cookies to remove data that websites have stored on your computer
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Delete and manage cookies
If you do not want cookies at all, you can set your browser so that it always informs you when a cookie is to be placed. This way you can decide for each individual cookie whether you want to accept the cookie or not. The procedure varies depending on the browser. The best thing to do is to search for the instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser, or replace the word “Chrome” with the name of your browser, e.g. Edge, Firefox, Safari.
What about my data protection?
The so-called "cookie guidelines" have been in place since 2009. They state that the storage of cookies requires the consent of the website visitor (i.e. you). However, there are still very different reactions to these guidelines within the EU countries. In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in Section 15 Paragraph 3 of the Telemedia Act (TMG).
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Storage of personal data
Personal data that you send to us electronically on this website, such as name, email address, address or other personal information when submitting a form or comments in the blog, will be used by us together with the time and IP address only for the specified purpose, stored securely and not passed on to third parties.
We therefore only use your personal data to communicate with those visitors who expressly request contact and to process the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior.
If you send us personal data by email - outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by email.
The legal basis according to Article 6 paragraph 1 a GDPR (lawfulness of processing) is that you give us your consent to process the data you have entered. You can revoke this consent at any time - an informal email is sufficient, you can find our contact details in the imprint.
Rights under the General Data Protection Regulation
According to the provisions of the GDPR, you are generally entitled to the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subjected to a decision based solely on automated processing, including profiling (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
Source: Created with the data protection generator from AdSimple in cooperation with raumdirekt.com
