Naturarena Bergisches Land GmbH / Das Bergische
51429 Bergisch Gladbach
Telephone 0049 (0)2204 84-3000
Managing Director: Tobias Kelter
Contact Data Protection Officer: datenschutz[a]dasbergische.de
In the case that confidentiality is desired, please contact our Data Protection Officer by post marked “Personal/Confidential”.
Kinds of data processing:
- User data (e.g. names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in contents, access times).
- Meta/Communications data (e.g., device information, IP addresses).
Categories of data subjects
Visitors to and users of the online offering (we jointly refer to the data subjects hereinafter as “users”).
Purpose of the processing
- To make the online offering, its functions and contents available.
- Responding to contact requests and communication with the users.
- Security measures.
- Range measurement/Marketing.
'Personal data' means any information relating to an identified or identifiable individual (hereinafter 'data subject'); an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
“Processing” is any or all operations performed with the aid of automated processes or any such set of operations in connection with personal data. The term is broad in scope and covers almost all handling of data.
The term “controller” refers to the individual or legal entity, authority, institution or other body that decides on the purpose and means of processing personal data either alone or with others.
Relevant legal bases
Cooperation with processors and third parties
Insofar as we disclose data to other persons and companies (processors or third parties) within the context of our processing, transfer such data to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if transmission of the data to third parties such as payment service providers is required for the purpose of contract fulfilment according to Art. 6(1) lit. b GDPR), if you have granted your consent, if a legal obligation so provides or on the basis of our justified interests (e.g., when using agents, web hosts, etc.).
Insofar as we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Transmissions to third countries
Insofar as we process data in a third country (i.e., outside of the European Union (EU) or the European Economic Area (EEA)) or in the context of availing of the services of third parties, or if data are disclosed or transmitted to third parties, this only happens if it is to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our justified interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements under Art. 44 et seqq. GDPR apply. This means that the processing is carried out, for example, on the basis of special guarantees such as the officially recognised determination of a level of data protection corresponding to the EU (e.g., for the US through the “Privacy Shield”) or observance of officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of the data subject
You are entitled to request confirmation as to whether the respective data are processed and information on such data as well as further information and a copy of the data according to Art. 15 GDPR.
According to Art. 16 GDPR, you are entitled to request the completion of the data concerning you or correction of incorrect data concerning you.
According to Art. 17 GDPR, you are entitled to request that the relevant data are deleted immediately, or alternatively, according to Art. 18 GDPR, to request that the processing of the data be restricted.
You are entitled to request the data concerning you that you provided to us and to ask for it to be transmitted to other controllers according to Art. 20 GDPR.
According to Art. 77 GDPR, you are also entitled to submit a complaint to the relevant supervisory authorities.
Right of revocation
You are entitled to revoke any consents with effect for the future according to Art. 7(3) GDPR.
Right of objection
According to Art. 21 GDPR, you are entitled to object to the future processing of the data concerning you at any time. In particular, you can object to the processing for direct marketing purposes.
Cookies and right of objection in the case of direct Advertising
“Cookies” are small files that are stored on the user’s computer. Various information can be stored within the cookie. A cookie is primarily used to store information on the user (e.g., the device on which the cookie is stored) during or even after his visit within an online offering. Temporary cookies, session cookies or transient cookies are cookies that are deleted after a user has left the online offering and closed his browser. Such cookies can, for example, store the content of the shopping basket in an online shop or a login queue. Permanent or persistent cookies are cookies that continue to be stored after the browser has been closed. Thus, for example, the login status can be stored if the user searches for this after several days. Such cookies can also be used to store the interests of the user, which is used for range measurement or marketing purposes. Third party cookies are cookies that are offered by providers other than the controller who operates the online offering (otherwise, if they are only the controller’s cookies, these are referred to as “first-party cookies”).
If the user does not want cookies to be stored on his computer, he is asked to deactivate the relevant option in the system settings of his browser. Stored cookies can be deleted in the browser’s system settings. Blocking cookies may result in functional restrictions to this online offering.
Deletion of data
According to legal requirements in Germany, in particular data are retained for 6 years according to Sec. 257 para. 1 HGB [German Commercial Code] (trading books, inventories, opening balances, annual financial statements, commercial papers, accounting receipts, etc.) and for 10 years according to Sec. 147 para. 1 AO [German Fiscal Code] (books, records, management reports, commercial and business papers, tax-relevant documents, etc.).
Order processing for brochure orders, in the online shop and customer account
We process our customers’ data in the context of brochure orders and in the context of orders placed in our online shop in order to facilitate the selection and ordering of the selected products and services, as well as their payment and delivery.
The data processed includes user data, communication data and contract data as well as data regarding the data subjects, our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services within the context of the operation of an online shop, invoicing, delivery and customer service. To this end, we set session cookies to store the contents of the shopping basket and permanent cookies to store the login status.
The processing is carried out on the basis of Art. 6(1) lit. b (implementation of order processes) and c (legally required archiving) GDPR. In doing so, the information marked as necessary must be required for the establishment and fulfilment of the contract. We disclose the data to third parties only within the context of delivery and payment or in the context of the legal permissions and obligations toward legal advisers and authorities. The data are only processed in third countries if this is necessary to fulfil the contract (e.g. at the request of the customer upon delivery or payment).
Users can optionally set up a user account, where in particular they can view their orders. In the context of registering, the users are informed of the required mandatory information. The user accounts are not public and cannot be indexed by search engines. If a user has cancelled their user account, their data regarding the user account are deleted, unless these must be retained on commercial or taxation grounds according to Art. 6(1) lit. c GDPR. Information in the customer account is retained until it is deleted and subsequently archived in the case of a legal obligation. The user is responsible for securing their data in the case of a successful cancellation before the contract ends.
Within the context of registering and new subscriptions as well as availing of our online services, we store the IP address and time of the respective user action. These are stored on the basis of our justified interests and those of the user in being protected against abuse and other unauthorised use. These data are in principle not forwarded to third parties unless this is required to pursue our claims or a legal obligation to do so exists according to Art. 6(1) lit. c GDPR.
The data are deleted after the statutory retention obligation and other comparable obligations have expired, the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, the data are deleted once they have expired (end of the retention obligation period under commercial law (6 years) and tax law (10 years)).
Orders via our online shop are processed by Buchhandlung Bücken, Proprietor Alexander Bücken, Hauptstraße 57a, 51491 Overath, www.buchhandlung-buecken.de.
In order to process the brochure orders, we use Callcenter Global Call Communication Center GmbH, An den Loddenbüschen 95, 48155 Münster, www.global-call.de and the shipping provider RAPS – Gemeinnützige Werkstätten GmbH, Lockenfeld 3, 51709 Marienheide, www.wfbm-raps.de.
Provision of contractual Services
We process user data (e.g., names and addresses as well as user contact data), contract data (e.g., services availed of, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing our services according to Art. 6(1) lit b GDPR. The entries marked as mandatory in the online forms are required in order to conclude the contract.
Within the context of availing of our online services, we store the IP address and time of the respective user action. These are stored on the basis of our justified interests and those of the user in being protected against abuse and other unauthorised use. These data are in principle not forwarded to third parties unless this is required to pursue our claims or a legal obligation to do so exists according to Art. 6(1) lit. c GDPR.
The data are deleted after the statutory retention obligation and other comparable obligations have expired, the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, the data are deleted once they have expired. Information in the respective user account remains until it is deleted.
Administration, financial accounting, office organisation, contact management
We process data within the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal obligations, e.g. archiving. In doing so, we process the same data as we process within the context of providing our contractual services. The legal basis for the processing is Art. 6(1) lit. c GDPR and Art. 6(1) lit. f GDPR. The processing concerns customers, interested parties, business partners and website visitors. The purpose and our interest in such processing is administration, financial accounting, office organisation and archiving of data, tasks that serve to maintain our business operations, perform our tasks and provide our services. The deletion of data in regard to contractual services and contractual communication corresponds to the stated information for these processing activities.
In doing so, we disclose or transmit data to the financial administration, consultants, e.g., tax consultants or auditors, as well as other charging offices and payment service providers.
Furthermore, on the basis of our business interests, we store information on suppliers, event organisers and other business partners, e.g., for the purpose of later contact. We always store these predominantly company-related data on a permanent basis.
Commercial analyses and market research
In order to operate our business economically and to be able to identify market tendencies and customer and user wishes, we analyse the data available to us on business transactions, contracts, requests etc. In doing so we process user data, communication data, contract data, payment data, usage data and meta data on the basis of Art. 6(1) lit. f GDPR, whereby the data subjects include customers, interested parties, business partners and visitors to and users of the online offering.
The analyses are performed for the purpose of business assessments, marketing and market research. In doing so, we can, for example, take the profile of the registered user with information on his purchases into consideration. The analyses serve to increase user-friendliness, optimise our offering and improve economic efficiency. The analyses serve only us and are not disclosed externally, insofar as they do not concern anonymous analyses with summarised values.
Insofar as these analyses or profiles relate to individual persons, they are deleted or anonymised once cancelled by the user or otherwise two years after the conclusion of the contract. Moreover, whole-company economic analyses and the identification of general tendencies are prepared as anonymised where possible.
We additionally process contract data (e.g., subject of the contract, term, category of customer) from our customers, interested parties and business partners for the purpose of providing contractual services, customer service and care, marketing, advertising and market research.
The hosting services availed of by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use to operate this online offering.
Here, either we or our hosting provider process user data, contact data, content data, contract data, usage data, meta and communication data from the customers, interested parties and visitors to this online offering on the basis of our justified interests in the efficient and secure provision of this online offering according to Art. 6(1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).
Collection of access data and logfiles
We or our hosting provider collect data on every access to the server on which this service is found (so-called server logfiles) on the basis of our justified interests within the meaning of Art. 6(1) lit. f GDPR. The access data include the name of the retrieved website, the file, date and time of retrieval, the amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, the referrer URL (the page visited beforehand), the IP address and the requesting provider.
For security reasons (e.g., to clarify abuses or fraud), logfile information is stored for a maximum period of 30 days and then deleted. Data that have to be retained for evidentiary purposes are excluded from deletion until the relevant incident has finally been clarified.
Users have the option of setting up a user account. In the context of registering, the users are informed of the required mandatory information. The data entered within the context of registration are only used for the purposes of using the website. The user may receive information pertaining to the website or registration per e-mail, such as changes to the scope of the website or technical circumstances. If a user has cancelled their user account, their data regarding the user account are deleted, unless these must be retained on commercial or taxation grounds according to Art. 6(1) lit. c GDPR. The user is responsible for securing their data in the case of a successful cancellation before the contract ends. We are entitled to irretrievably delete all of the user’s data stored during the term of contract.
Within the context of the availing of our registration and subscription functions as well as using the user account, we store the IP address and time of the respective user action. These are stored on the basis of our justified interests and those of the user in being protected against abuse and other unauthorised use. These data are essentially not forwarded to third parties unless this is required to pursue our claims or a legal obligation to do so exists according to Art. 6(1) lit. c GDPR. The IP addresses are anonymised or deleted after seven days at the latest.
Upon contacting us (e.g., per contact form, e-mail, telephone or via social media) the user’s information is processed in order to handle and process the contact request according to Art. 6(1) lit. b GDPR. The user’s information may be stored in a Customer Relationship Management System ("CRM System") or a comparable requests organisation.
We delete the request if it is no longer required. We review the necessity every two years; the statutory archiving obligations also apply.
In the following notes, we explain the content of our newsletter as well as the subscription, shipping and statistical analysis procedures and your rights of objection. By subscribing to our newsletter, you consent to receiving it and to the stated procedures.
Content of the newsletter: We only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) with the consent of the recipient or a legal permission. If within the context of a subscription to the newsletter its content is set out in concrete terms, this is decisive for the consent of the user. Our newsletter also contains information on our services, offers in the “Das Bergische” region and us.
Double opt-in and logging: To subscribe to our newsletter, we use the so-called double-opt-in procedure. This means that after subscribing you receive an e-mail in which you are asked to confirm your subscription. This confirmation is necessary in order to ensure that nobody can subscribe using third party e-mail addresses. The subscriptions to the newsletter are logged in order to be able to provide evidence of the subscription process in accordance with the legal requirements. This includes storing the subscription and confirmation times as well as the IP address. Changes to your data stored by the shipping provider are also logged.
Subscription data: In order to subscribe to the newsletter, it is sufficient for you to provide us with your e-mail address. We also ask for the optional provision of a name, so you can be addressed personally in the newsletter.
Sending of the newsletter and the associated performance measurement are carried out on the basis of the consent of the recipient according to Art. 6(1) lit. a, Art. 7 GDPR in conjunction with Sec. 7 para. 2 No. 3 UWG [German Fair Trade Practices Act] or on the basis of the legal permission according to Sec. 7 para. 3 UWG.
Logging of the registration procedure is on the basis of our legitimate interests according to Article 6(1) lit. f GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the user, as well as providing us with evidence of consents.
Cancellation/Revocation - You can unsubscribe from our newsletter at any time, i.e. revoke your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. We can store the removed e-mail addresses for up to three years on the basis of our justified interests before we delete them for the purpose of sending the newsletter, in order to be able to provide evidence of a former consent. The processing of such data is limited to the purpose of defending against claims. An individual application for deletion is possible at any time, insofar as the existence of a former consent is confirmed at the same time.
The sender of the newsletter is side by site GmbH & Co. KG, Barbarastraße 3-9 (Block 6), 50735 Cologne, www.sidebysite.de.
Newsletter - performance measurement
The newsletter contains a so-called “web beacon”, i.e., a pixel-sized file that is called up by our server or, insofar as we use a shipping provider, from their server when the newsletter is opened. Within the context of this access, technical information such as information on the browser and your system as well as your IP address and the time of access are initially collected.
This information is used for the technical improvement of the service based on the technical data or the target groups and their reading behaviour based on the access locations (this can be determined based on the IP address) or the access times. The statistical data collected also includes determining whether the newsletters are opened, when they are opened and which links are clicked on. This information can be attributed to individual recipients of the newsletter on technical grounds. However, it is not our intention nor, if applicable, that of the shipping provider to observe individual users. Instead, the analyses serve to identify the reading habits of our users and to adapt our content to them or to send different content in accordance with the interests of our users.
Range measurement with Matomo (formerly Piwik)
In the context of range measurement by Matomo, on the basis of our justified interests (i.e., interests in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1) lit. f GDPR) the following data are processed: the browser type and version used by you, the operating system used by you, your country of origin, the date and time the server is accessed, the number of visits, the duration of your visit to the website and the external links you clicked on. The IP address of the user is anonymised before it is stored.
Users can object to the anonymised collection of data by the Matomo programme at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is saved to your browser, which means that Matomo does not collect any more session data. If the user deletes their cookies, this means that the opt-out cookie is deleted and therefore has to be re-activated by the user.
Google is certified according to the Privacy Shield agreement and on the basis of this guarantees compliance with European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf to evaluate the use of the online offering by the user, to compile reports on activities within this online offering and to provide further services relating to the use of this online offering and Internet usage to us. In doing so, pseudonym usage profiles for the users may be created from the processed data.
We only use Google Analytics with active IP anonymisation. This means that the IP address of the user is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US, before being abbreviated there.
The IP address of the user transmitted by the browser will not be combined with other data by Google. Users can prevent the storage of cookies using the relevant setting for their browser software; users can also prevent the collection of data generated by the cookie relating to their use of the online offering and the processing of such data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on data usage by Google, setting and objection options can be found on the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Data usage for advertising purposes”), http://www.google.de/settings/ads („Managing information that Google uses to show you advertising“).
Online presence on social media
We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who actively use these sites, and inform them about our services. When you call up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Integration of third party services and contents
Within our online offering, on the basis of our justified interests (i.e., interests in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1) lit. f GDPR), we use content and service offerings from third party providers in order to incorporate their content and services, e.g. such as videos or fonts (hereinafter uniformly referred to as “contents”).
This is always subject to the third party provider of such contents recognising the IP address, as it cannot send the contents to the browser without the IP address. The IP address is therefore required to display these contents. We strive only to use such contents for which the respective provider only uses the IP address to deliver the contents. Third party providers can also use so-called pixel tags (invisible graphics also known as web beacons) for statistical or marketing purposes. Using the pixel tags, information such as visitor traffic to the pages of this website can be evaluated. The pseudonymous information can also be stored as cookies on the user’s device and, among other things, contains technical information about the browser and operating system, referring websites, visit duration and other information on the use of our online offering, and can be combined with such information from other sources.
Use of Facebook social plugins
On the basis of our justified interests (i.e., interests in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1) lit. f GDPR), we use social plugins ("plugins") from the facebook.com social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or contents (e.g., videos, graphics or text contributions) and are recognisable from one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” symbol) or are labelled as a “Facebook Social Plugin”. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified according to the Privacy Shield agreement and on the basis of this guarantees compliance with European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offering that contains such a social plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering from there. In doing so, usage profiles for the users may be created from the processed data. We therefore have no influence on the scope of the data Facebook collects using these plugins and therefore inform the users according to our state of knowledge.
By integrating the plugin, Facebook is informed that a user has called up the relevant page of the online offering. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugin, for example by pressing the like button or submitting a comment, the corresponding information is transmitted directly to Facebook by the device and stored there. If a user is not a member of Facebook, there is nevertheless the possibility that Facebook will find out and store his IP address. According to Facebook, only an anonymised IP address is stored in Germany.
The purpose and scope of data collection and further processing and use of the data by Facebook as well as the respective rights and setting options for the protection of the user’s private sphere are available from Facebook's privacy policies: https://www.facebook.com/about/privacy/.
If a user is a member of Facebook and does not want Facebook to collect data pertaining to him via this online offering and link this to his membership data with Facebook, he must log out of Facebook and delete his cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are implemented independent of the platform, i.e. they are applied for all devices, such as desktop computers or mobile devices.
(Created using Datenschutz-Generator.de by RA Dr. Thomas Schwenke)