Data Protection

Home  >>  Data Protection

Cookie Guidlines & Data Protection Policy

Table of Contents

1       General Information. 2

1.1        Objective and Responsibility. 2

1.2        Legal Bases. 2

1.3        Data Subject Rights. 2

1.4        Data Erasure and Storage Duration.. 3

1.5        Security of Processing.. 3

1.6        Data Transfers to Third Parties, Subcontractors and Third Party Providers. 3

2       Concrete Data Processing. 3

2.1        Collection of Information on the Use of the Online Service. 3

2.2        Contact Form and Contact via Email 4

2.3        Google Analytics. 5

2.4        Google reCAPTCHA. 5

2.5        Consent Management. 5

3       Cookie Policy. 6

3.1        General 6

3.2        Additional information.. 6

3.3        Types of cookies. 6

3.4        Cookie settings. 6

3.5        List of cookies used.. 6

3.6        Possibilities of Objection.. 7

4       Changes to the Data Protection Policy. 7

1        General Information

1.1       Objective and Responsibility

  1. This Data Protection Policy is to inform you about the nature, scope and purpose of the processing of personal data in relation to our online service and the associated websites, features and contents (hereinafter collectively referred to as “online service” or “website”).
  2. The provider of the online service and responsible for the data protection law is Fairmas GmbH (EUREF-Campus 13, 10829 Berlin, Germany) – hereinafter referred to as “provider”, “we”, “our” or “us”.
  3. Our online service is made available by 1 & 1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur.
  4. Our Data Protection Officer can be contacted via the email address: datenschutz@fairmas.com (Data Protection Officer: IT.DS Beratung).
  5. The term “user” or “you” encompasses all customers, interested people, employees and visitors of our online service.

1.2       Legal Bases

We collect and process personal data based on the following legal grounds:

  1. Consent in accordance with Article 6 paragraph 1 (a) General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.
  2. Necessity for the performance of a contract or in order to take steps prior to entering into a contract according to Article 6 paragraph 1 (b) GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.
  3. Processing to fulfil a legal obligation in accordance with Article 6 paragraph 1 (c) GDPR, meaning that e.g. the processing of data is required by law or other provisions.
  4. Processing in order to protect legitimate interests in accordance with Article 6 paragraph 1 (f) GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

1.3       Data Subject Rights

You have the following rights with regards to the processing of your data through us:

  1. The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.
  2. Right of access in accordance with Article 15 GDPR
  3. Right to rectification in accordance with Article 16 GDPR
  4. Right to erasure („right to be forgotten“) in accordance with Article 17 GDPR
  5. Right to restriction of processing in accordance with Article 18 GDPR
  6. Right to data portability in accordance with Article 20 GDPR
  7. Right to objection in accordance with Article 21 GDPR

Note: Users can object to the processing of their personal data in accordance to the legal requirements at any time with effect for the future. The objection can be lodged in particular against processing for direct marketing purposes.

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR.

1.4       Data Erasure and Storage Duration

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is deleted. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

1.5       Security of Processing

  1. We have implemented appropriate and state-of-the-art technical and organizational security measures (TOMs). Thus, the data processed by us are protected against accidental or intentional manipulation, loss, destruction and unauthorized access.
  2. The security measures include in particular the encrypted transfer of data between your browser and our server.

1.6       Data Transfers to Third Parties, Subcontractors and Third Party Providers

  1. A transfer of personal data to third parties only takes place within the scope of legal requirements. We only disclose users’ data to third parties, when necessary, e.g. for billing purposes or other purposes when the transfer is required to fulfill contractual obligations towards the users.
  2. If we use subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.
  3. If we use content, tools or other means from other companies (hereinafter collectively referred to as “third party providers“) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.

2        Concrete Data Processing

2.1       Collection of Information on the Use of the Online Service

  1. When using our online service, information may be transferred automatically from the browser of the user to us; this information includes the name of the accessed website, file, date and time of the access, amount of data transferred, notification about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
  2. The processing of this information takes place based on legitimate interests in accordance with Article 6 paragraph 1 (f) GDPR (e.g. to optimize the online service) as well as to ensure the security of processing in accordance with Article 5 paragraph 1 (f) GDPR (e.g. for the defense and clarification purposes of cyberattacks).
  3. The information is automatically deleted 4 weeks after the end of the connection – i. e. use of the online service – provided there are no other retention periods.
  4. The collection of the data and the storage of the data in log files is absolutely necessary for the provision of the online service. Therefore, the user has no possibility of erasure, objection or correction.

2.2       Contact Form and Contact via Email

  1. When contacting us (via online form or email), the data provided by the user will be processed exclusively for processing the inquiry and its handling.
  2. Any other use of the data is only based on the consent of the user.
  3. User data are stored in our Customer Relationship Management System (“CRM System”) or a comparable software / database. The legal storage periods for business letters apply.
  4. Newsletter – MailChimp
    The newsletter is sent by the mail delivery service provider “MailChimp”, a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection policy of the mail delivery service provider can be viewed here: https://mailchimp.com/legal/privacy/. The mail delivery service provider is used on the basis of our legitimate interests in accordance with Article 6 paragraph 1 (f) GDPR and an order processing contract in accordance to Article 28 paragraph 3 (1) GDPR.

The mail delivery service provider can use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of delivery and the presentation of newsletters or for statistical purposes. However, the mail delivery service provider does not use the data of our newsletter recipients to write them themselves or to pass the data on to third parties.

2.3   Google Analytics

  1. We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House Barclays Dublin Ireland – hereinafter “Google”), on the basis of your consent for the analysis, optimization and economic operation of our online offer pursuant to Art. 6 para. 1 lit. a. DSGVO Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – hereinafter “Google”). Google uses cookies and other technologies. The information generated by the service about the use of the online offer by the users is transmitted to a Google server in the USA and processed there.
  2. Google will act for us within the scope of a commissioned processing pursuant to Article 28 DSGVO. We have concluded a data protection agreement with Google, which contains the EU standard data protection clauses.
  3. In addition, we have concluded a shared responsibility agreement pursuant to Article 26 GDPR with Google for the use of Google’s measurement services (cf. https://support.google.com/analytics/answer/9012600). Within this framework, we have agreed with Google to be responsible for the fulfillment of information obligations and for ensuring data subject rights in accordance with Chapter 3 of the GDPR, as well as for the security of processing and reporting/notification obligations. (Articles 32 to 34 of the GDPR). Google will use the information to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and internet use. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
  4. We use Google Analytics with IP anonymization enabled.
  5. Google Analytics uses so-called “cookies“, which are text files placed on your computer, to help the website analyze how you use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will shorten your IP address within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en.
  6. For more information about Google’s use of your data, your choices and your ability to opt-out, please visit Google’s websites at https://policies.google.com/technologies/partner-sites?hl=en (“How Google uses data when you use our partners’ websites or apps”), https://policies.google.com/-technologies/ads(“How Google uses data for advertising purposes”) and https://adssettings.google.com/authenticated (“How Google manages the information it uses to serve ads to you”).

2.4       Google reCAPTCHA

1. We use the reCAPTCHA service from Google, which protects our website from spam and abuse. The service       prevents automated software (so-called bots) from carrying out abusive activities on our websites, i.e. it checks whether the entries made actually originate from a human being. Google collects the following data:
o referrer (address of the page on which the captcha is used)
o IP address of the user
o Google account (if the user is logged in to Google, this is recognised and assigned)
o The user’s input behaviour (e.g. speed of input into the form fields, order in which the user selects the input fields) is used to improve pattern recognition at Google.
o Browser, browser size and resolution, browser plug-ins, date, language setting
o Display instructions (CSS) and scripts (Javascript) of the website
o Mouse and touch events within the page.
2. Furthermore, Google reads the cookies from other Google services such as Gmail, Search and Analytics. All of the above data is sent to Google in encrypted form. No personal data is read or stored from the input fields of the respective form.

2.5       Consent Management

  1. Our website uses the cookie consent technology “CookieYes” / “Cookie Law Info” from WebToffee to obtain your  consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. The provider of this technology is WebToffee (Mozilor Limited 3 Warren Yard, Wolverton Mill, England).
  2. When you enter our website, a cookie from WebToffee is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of WebToffee.
  3. the collected data will be stored until you request us to delete it or until you delete the cookies from WebToffee yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
  4. details regarding data processing by WebToffee can be found at https://www.webtoffee.com/privacy-policy/.
  5. Consent technology is used to obtain the legally required consent for the use of cookies (Art. 6 Para. 1 lit. c DSGVO). 

3        Cookie Policy

3.1       General

We use cookies to continuously improve our online offer for you. Below you will learn more about the cookies we use and how you can change your settings.

3.2       Additional information

Further information on cookies can be found at the following addresses

http://www.allaboutcookies.org and http://www.youronlinechoices.com

3.3       Types of cookies

We divide cookies into the following four categories depending on their function and purpose:

(1) Mandatory required cookies

(2) Performance Cookies

(3) Functional cookies and

(4) Marketing Cookies

3.4       Cookie settings

When opening our site for the first time, you can decide whether to accept or reject the use of cookies by simply clicking on the corresponding button. With the exception of the cookies that are mandatory for technical reasons for the smooth use of our site, the cookies are disabled. By clicking “Accept”, you consent to the use of ALL cookies.

3.5       List of cookies used

  • Mandatory required cookies
Name Supplier Purpose Duration
mc_session_ids[default] Mandatory required cookies Math Captcha by dFactory Captcha Plugin for the protection of contact forms After the end of the session
mc_session_ids[multi][0] Mandatory required cookies Math Captcha by dFactory Captcha Plugin for the protection of contact forms After the end of the session
mc_session_ids[multi][1] Mandatory required cookies Math Captcha by dFactory Captcha Plugin for the protection of contact forms After the end of the session
mc_session_ids[multi][2] Mandatory required cookies Math Captcha by dFactory Captcha Plugin for the protection of contact forms After the end of the session
mc_session_ids[multi][3] Mandatory required cookies Math Captcha by dFactory Captcha Plugin for the protection of contact forms After the end of the session
mc_session_ids[multi][4] Mandatory required cookies Math Captcha by dFactory Captcha Plugin for the protection of contact forms After the end of the session
viewed_cookie_policy The viewed_cookie_policy cookie is set to “yes” when the Cookie law info bar has been viewed and accepted. 1 year

(2) Performance Cookies

Name Supplier Purpose Duration
_gid Performance Cookie by Google Analytics Register a unique ID that is used to generate statistical information about how the visitor uses the site. 1 day
_ga Performance Cookie by Google Analytics Register a unique ID that is used to generate statistical information about how the visitor uses the site. 2 years
_gat Performance Cookie by Google Analytics Used to throttle the polling rate. 10 minutes

3.6       Possibilities of Objection

You can object to the use of cookies, which are used for measuring the range of coverage and advertising purposes, via

  1. Deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/
  2. The US-American website: http://www.aboutads.info/choices
  3. The European website http://www.youronlinechoices.com/uk/your-ad-choices/

4        Changes to the Data Protection Policy

  1. We reserve the right to change this data protection policy in relation to data processing, in order to adapt it to changed legal situations, to changes in the online service or to data processing.
  2. If user consents are required or components of the data protection policy contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent.
  3. Users are requested to inform themselves regularly about the content of this privacy policy

 

Version: January 2022