1 Purpose and Responsibility
- The provider of the online service and the responsible party for data protection is REMBE® Kersting GmbH (Zur Heide 39, 59929 Brilon, Germany) - hereinafter referred to as "provider", "we", or "us".
- Our online service is provided by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). The server location is in Germany.
- Our data protection officer is: Sven Meyzis – IT.DS Consulting (Phone: 0049 40-21091514 / Email: [email protected]).
- The term "user" encompasses all customers and visitors of the online service.
2 Legal Foundations
We generally collect and process personal data based on the following legal foundations:
- Consent according to Article 6(1)(a) General Data Protection Regulation (GDPR). Consent is any freely given specific, informed, and unambiguous indication of a person's wishes in the form of a statement or another clear affirmative action that signifies agreement to the processing of personal data concerning them.
- Necessity for the performance of a contract or in order to take steps at the request of the person concerned prior to entering into a contract, according to Article 6(1)(b) GDPR, meaning the data is necessary for us to fulfill our contractual obligations towards you or we need the data to prepare to enter into a contract with you.
- Processing to comply with a legal obligation according to Article 6(1)(c) GDPR, i.e., processing of the data is mandated by law or other regulations.
- Processing to safeguard legitimate interests in accordance with Article 6(1)(f) GDPR, meaning the processing is necessary to protect our or a third party's legitimate interests, provided these interests are not overridden by your interests or fundamental rights and freedoms that require protection of personal data.
3 Rights of Data Subjects
You have the following rights with regards to our data processing:
- Right to lodge a complaint with a supervisory authority as per Article 13(2)(d) GDPR and Article 14(2)(e) GDPR.
- Right to access as per Article 15 GDPR.
- Right to rectification as per Article 16 GDPR.
- Right to erasure ("right to be forgotten") as per Article 17 GDPR.
- Right to restriction of processing as per Article 18 GDPR.
- Right to data portability as per Article 20 GDPR.
- Right to object as per Article 21 GDPR.
Note: Users can object to the processing of their personal data in accordance with legal requirements at any time with effect for the future. The objection can, in particular, be against processing for direct marketing purposes.
Regardless of any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your residence, your workplace, or the place of the alleged infringement if you believe that the processing of personal data concerning you infringes the GDPR.
4 Data Deletion and Storage Period
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage becomes obsolete. Storage can also take place if provided for by European or national legislation in EU regulations, laws, or other provisions to which the responsible person is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need to continue storing the data for the conclusion or performance of a contract.
5 Security of Processing
- We have implemented appropriate and state-of-the-art technical and organizational security measures. Thus, the data we process is protected against accidental or intentional manipulation, loss, destruction, or unauthorized access.
- Part of our security measures includes the encrypted transmission of data between your browser and our server.
6 Data Transfer to Third Parties, Subcontractors, and Third-Party Providers
- A transfer of personal data to third parties only takes place within the framework of legal regulations. We only pass on user data to third parties if, for example, it is necessary for billing purposes or for other purposes if the transfer is necessary to fulfill our contractual obligations towards the users.
- If we use subcontractors for our online service, we have taken appropriate contractual precautions with these companies, as well as the appropriate technical and organizational measures.
- If we use content, tools, or other resources from other companies (hereinafter collectively referred to as "third-party providers") and their mentioned headquarters is in a third country, it can be assumed that data transfer will take place to the countries where the third-party providers are based. A third country is a country where the GDPR is not directly applicable law. The transfer to third countries occurs when either there is a level of data protection, consent from the user, or other legal permission.
Specific Data Processing
1 Collection of Online Service Usage Information
- During the use of the online service, data is automatically sent from the user's browser to us. This includes the name of the retrieved website, file, date and time of access, transmitted data volume, report on successful retrieval, browser type and version, the user's operating system, Referrer URL (the previously visited site), IP address, and the requesting provider.
- This data is processed based on legitimate interests according to Article 6 Paragraph (1) lit. f GDPR (e.g., optimizing the online service) and to ensure secure processing according to Article 5 Paragraph (1) lit. f GDPR (e.g., for defense against and clarification of cyber attacks).
- This information is automatically deleted no later than 30 days after the end of the connection, unless there are other retention periods.
- Data collection and storage in log files is essential for the online service. Users do not have the option to delete, object, or correct this.
2 Contact Form and Email Contact
- When contacting us (via online form or email), the provided user data is processed solely to handle and complete the request.
- The data is used for other purposes only if the user gives consent.
3 Links to Other Websites
- When using some of our services (e.g., on the homepage, under "REMBE ALLIANCE"), you'll be automatically redirected to other websites.
- We use the open-source software Matomo for website usage analysis and statistics. No cookies are used in this process. Information about website usage is only transferred to our servers and summarized into pseudonymous user profiles. We use this data to evaluate website usage. Data is not passed on to third parties.
- IP addresses are anonymized (IPMasking), so individual users cannot be identified.
- Data processing is based on Art. 6 Para. 1 S. 1 lit. f GDPR. We aim to optimize our website presentation.
You can prevent Matomo from tracking your visit to our website at any time by clicking on this link. This will set a cookie in your browser, which contains no personal data and is solely intended to deactivate our Matomo tracking for your browser.
You have currently opted out of tracking your visit to our website by Matomo. Click here to reactivate Matomo tracking.
- We host Matomo in the IONOS Cloud. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. We have concluded a data protection agreement with the provider.
- We integrate (videos) from the video portal "YouTube" operated by Google Ireland Limited for seamless video integration and an appealing website design. The legal basis for data processing is user consent as per Art. 6 Para. 1 a GDPR.
- We utilize the "enhanced privacy mode" option provided by Google.
- When you access a page with an embedded video, a connection is made to Google servers. According to Google, in "enhanced privacy mode", your data (including which of our web pages you visited and device-specific information, including the IP address) is sent to the YouTube server in the US only when you view the video. Clicking the video implies consent.
- If you're logged into Google, this information can be linked to your YouTube account. To prevent this, log out of your Google account before visiting our website.
- Some data might be transferred to parent company Google Inc. in the US, other Google companies, and external Google partners possibly outside the European Union. Google uses standard contractual clauses approved by the European Commission and relies on adequacy decisions issued by the European Commission for certain countries.
- For more details on YouTube privacy, refer to Google's privacy policies.
- While using the video portal, domains like googlevideo.com, google.com, and others are called. The legal basis is also your consent. Additionally, Google Webfonts and the "DoubleClick" ad network are loaded.
6 Friendly Captcha
- We use the Friendly Captcha tool by Friendly Captcha GmbH on our website to prevent automated and malicious requests from "bots".
- The tool captures your IP address to send a cryptographic task to your device. Once solved, Friendly Captcha confirms that the interaction is from a human.
- Data processed includes the anonymized IP address, browser and OS info, anonymized counter per IP for task control, and referrer URL.
- We have a data processing agreement as per Art. 28 GDPR with the tool provider.
- The legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is to prevent malicious accesses or spam attacks by bots. If personal data is processed, it's deleted after 30 days.
- For more on Friendly Captcha's privacy, visit their website.
On our website, we use the Content Delivery Network ("CDN") of the technology service provider Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A Content Delivery Network is an online service that delivers particularly large media files (such as graphics, page content, or scripts) through a network of regionally distributed and internet-connected servers. Using the CDN helps us optimize the loading speeds of our website.
The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in secure and efficient provision, as well as improving the stability and functionality of our website.
We have concluded a data processing agreement (Data Processing Addendum, available at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf) with Cloudflare.
1 General Information
- Cookies are data sent from our or third-party web servers to user web browsers for later retrieval. They can be small files or other types of storage.
- Users can deactivate cookies in their browser settings. Stored cookies can be deleted in the browser settings. Disabling cookies may restrict this online service's functionality.
2 Cookie Overview and Opt-out Options
- This website doesn't use consent-requiring cookies without explicit user consent.
- Opt-out options related to Matomo tracking are described in section 2.4 "Matomo".
Date: September 2023