Data protection
The protection of the data of our customers, employees and business partners and respect for the basic right to informational self-determination are important to us. Data protection and data security are therefore of particular importance to us. We also want to know who is processing our data and for what reason. Therefore, the use of our Internet pages is basically possible without providing personal data; if you wish to take advantage of special offers or services, such as contacting us, it may be necessary to process personal data. The processing of personal data, such as the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to our company. With this data protection declaration we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, you will be informed about the rights to which you are entitled. We have implemented numerous technical and organisational measures in our company to ensure that the personal data processed is protected as completely as possible (data security). However, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed by us.
Definitions
Our data protection declaration is based on the following terms
– the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC) Basic Data Protection Regulation (DS-GVO) and
– the Act on the Adaptation of Data Protection Law to Regulation (EU) 2016/679 and on the Implementation of Directive (EU) 2016/680 (Data Protection Adaptation and Implementation Act EU – DSAnpUG-EU) Federal Law Gazette Volume 2017 Part I No. 44, issued on 05.07.2017, page 2097, as amended (Federal Data Protection Act).
Name and address of the data controller
The person responsible within the meaning of the basic data protection regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is the:
Severin_touristik GmbH
Rathausplatz 2
D-59846 Sundern
Phone +49 (0)2933 909 9629 |
Fax +49(0)29 33 987 155
info@severintouristik.com
Managing Director:
Severin Schulte, Sebastian Severin Schulte
Commercial register HRB 613
VAT ID, No. DE 123880507
Name and address of the Data Protection Officer
The Data Protection Officer of the controller is
Vossenkuhl Services
Otto-Beyer-Straße 8
45356 Essen
datenschutz@vossenkuhl-gruppe.de
www.vossenkuhl-gruppe.de
Every person concerned can contact our data protection officer at any time with all questions and suggestions concerning data protection, either directly, orally, in writing or by e-mail.
Collection of general data and information
Our website collects a number of general data and information with every visit to the website by you or by an automated system. This general data and information is stored in the log files of the server. The following can be recorded
This data is not merged with other data sources. The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
When using this general data and information, we do not draw any conclusions about the person concerned. Rather, this information is required to
This anonymously collected data and information is therefore evaluated by us on the one hand statistically and also with the aim of increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by you. It is therefore not possible to draw conclusions about you.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
Contact options via the website
Our website also contains information that enables you to contact our company. This also includes e-mail addresses. If you contact us by e-mail or via a contact form on the website, the personal data you provide will be stored automatically. Such personal data is stored for processing or for contacting you. This personal data is not passed on to third parties. The processing of the data entered in the contact form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to its storage or until there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected.
Routine deletion and blocking of personal data
We process personal data only for the period of time required to achieve the purpose of storage or if this has been provided for by the European Directives and Regulations or any other legislator in laws or regulations to which we are subject. If the purpose of storage ceases to apply or if a storage period prescribed by the European Directives and Regulations or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.
Your rights
Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If you wish to exercise this right, you can contact our data protection officer or us at any time.
Right to information
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain at any time and free of charge from the data controller information on personal data relating to him/her and a copy thereof. The European Data Protection Supervisor has also granted the data subject access to the following information:
– the purposes of the processing,
– the categories of personal data processed,
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organisations,
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
– the existence of a right of rectification or erasure of personal data relating to him or her or of a right to have the processing restricted by the controller or to object to such processing,
– the existence of a right of appeal to a supervisory authority
– if the personal data are not collected from the data subject: All available information on the origin of the data,
– the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
You also have a right of information as to whether personal data has been transferred to a third country – a country outside the European Union or the European Economic Area – or to an international organisation. If this is the case, you have the right to be informed about the appropriate guarantees in connection with the transfer. If you wish to exercise this right, you may contact our data protection officer or us at any time.
Right of rectification
Any person affected by the processing of personal data has the right, granted by the European legislator, to request the rectification without delay of inaccurate personal data concerning him. The data subject shall also have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration, having regard to the purposes of the processing.
If you wish to exercise this right, you can contact our data protection officer or us at any time.
Right to cancellation (“right to be forgotten”)
You have the right to demand that we delete the personal data concerning you immediately, if one of the following reasons applies and if the processing is not necessary:
– The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
– you withdraw the consent on which the processing was based under Article 6(1)(a) of the DPA or Article 9(2)(a) of the DPA and there is no other legal basis for the processing.
– You object to the processing pursuant to Article 21 (1) DS-BER and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 (2) DS-BER.
– The personal data were processed unlawfully.
– The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
– The personal data was collected in relation to information society services offered in accordance with Article 8 (1) of the DS-GVO.
If one of the above reasons applies and you wish to request the deletion of personal data stored by us, you can contact our data protection officer or another employee of the data controller at any time. Our data protection officer will ensure that the request for deletion is complied with immediately. If the personal data have been made public by us and if our company, as the data controller, is obliged to delete the personal data in accordance with Art. 17 Para. 1 DS-GVO, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that you have requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, insofar as the processing is not necessary.
Right to limit processing
You have the right to demand that we restrict processing if one of the following conditions is met:
– You contest the accuracy of the personal data, for a period of time which allows us to verify the accuracy of the personal data.
– The processing is unlawful, you object to the deletion of the personal data and instead demand the restriction of the use of the personal data.
– We no longer need the personal data for the purposes of the processing, but you need the data to assert, exercise or defend legal claims.
– You have lodged an objection to the processing in accordance with Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh yours.
If one of the above-mentioned conditions is met and you wish to request the restriction of personal data stored with us, you can contact our data protection officer or us at any time.
Right to data transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance from us, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO or on a contract pursuant to Art. 6 para. 1 letter b DS-GVO and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data transfer in accordance with Art. 20 Paragraph 1 DS-GVO, you have the right to request that personal data be transferred directly from us to another responsible party, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons. To assert the right to data transfer, you can contact our data protection officer or another employee at any time.
Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the DPA. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. If we process your data for the purpose of direct marketing, you have the right to object at any time to the processing of your data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. To exercise your right of objection, you can contact our data protection officer directly or contact us. You are also free to exercise your right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Automated case-by-case decisions including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way, provided that the decision
– is not necessary for the conclusion or performance of any contract between you and us, or
– is authorised by Union law or by the law of the Member States to which we are subject and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests, or
– with your express consent.
You also have the right to have us review or intervene in the automated decision, to present your own point of view and to challenge the decision. To assert this right, you can contact our data protection officer or us at any time.
Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time. To assert the right to revoke a consent under data protection law, you can contact our data protection officer or another employee at any time.
Right to complain to the responsible supervisory authority
In the event of a breach of data protection law, they have a right of appeal to the competent supervisory authority. The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company is based. The following link provides a list of the state data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Data protection for applications and the application process
We collect and process the personal data of applicants for the purpose of processing the application procedure. The processing can also take place electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests stand in the way of deletion. Other legitimate interests in this sense are, for example, our duty of proof in proceedings under the General Equal Treatment Act (AGG).
Cookies
Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies help us to make our offer more user-friendly, more effective and safer. Some cookies are “session cookies.” Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website. With a modern web browser you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when you close the program. Disabling cookies may result in limited functionality of our website. The setting of cookies, which are necessary for electronic communication processes or the provision of certain functions requested by you (e.g. shopping basket), is based on Art. 6 Para. 1 lit. f DSGVO. As operators of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these will be treated separately in this data protection declaration.
Legal basis of the processing
Art. 6 I lit. a DS-GVO serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or provision of other services or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations which are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were to be injured and his or her name, age, health insurance details or other vital information had to be disclosed to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, unless the interests, fundamental rights and freedoms of the data subject prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 DS-GVO).
Legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.
Duration for which personal data are stored
The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
Legal or contractual provisions on the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, he or she must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
Existence of automated decision making
As a responsible company, we avoid automatic decision making or profiling.
Mandatory information according to Regulation (EU) No. 524/2013 of the European Parliament and Council:
The EU Commission provides a user-friendly platform for the online settlement of consumer disputes arising from the online sale of goods or the online provision of services (OS platform). The OS platform can be accessed via the following link: https://ec.europa.eu/consumers/odr
We are required by law to inform you about the storage of data, the nature of the data, its purpose and our identity. We also notify you about the initial transfer and the type of data transferred. The data processing takes place on our servers in Europe. For this reason, we are committed to meeting the strict requirements of the European General Data Protection Regulation (EU-DSGVO).
The various functions of the mtalii application require certain personal data in order to provide you with the services. Primarily, the processing of personal data therefore serves to provide the services in the application. The legal basis for this is Art. 6 para. 1 b) EU-DSGVO for contractual purposes.
Subject of data protection
The subject of the data protection provisions is personal data. This is individual information about personal or factual circumstances of a specific or identifiable natural person. For example, name, postal address, e-mail address, but also usage data such as the IP address.
Automatic anonymous data collection, processing and use
We, Severin Touristik GmbH, email address info@severintouristik.com, store data as follows:
– The app allows you to create a username, which can also be a pseudonym. We store this username on our server for personalization of the services. Furthermore, an individual DeviceID is also generated, which is required for API access to our server. This ensures that only valid requests from the app can be processed. The app allows the creation of an avatar image. This feature is optional and is used to personalize your user experience. When using the app, a timestamp is recorded when server requests are made, such as a login.
– The app allows you to access RSS feeds. In order to provide you with the respective subscribed RSS feeds even after a restart of the app, the subscribed feeds for your account are stored on the server.
– After registration, the DeviceID is replaced by the e-mail address. You must confirm the storage of your e-mail address in the app. In addition, a user password chosen by you will be stored in encrypted form (cryptographic hash) on our server.
– If you want to receive a certificate of a completed master test, we need the following additional data, which you must store in your user account: First name, last name, address, phone number. This data is required in order to issue a certificate that can be used in legal transactions. Therefore, this data can be deposited only once and then can not be changed, in order to prevent misuse.
Communication with the server takes place via HTTPS protocol with 256-bit SSL encryption. The data transmitted by the app is stored in a database. The server is located in Berlin.
With deletion of the own account, all stored data will be deleted immediately.
Responsible according to Art. 4 para. 7 EU-DSGVO is the operator of the app.
Access rights on the device
The application requires the following access rights on the terminal device:
– Access to images: This access is for optional selection and assignment of an avatar image.
– Access to camera: This access is used for optional creation of an avatar image.
– File access (read and write): This access is used to create, load and save acquired certificates on the terminal device.
– Internet access: This access is mandatory to communicate with our servers and to use our services.
Right to information and information obligations (Art. 13 EU-DSGVO)
We process your personal data in compliance with the EU-DSGVO and all other relevant laws.
Further information:
Retention
The data storage mentioned in §2 takes place for the duration of the use of our application. After deletion of your own account, the transmitted data will be deleted automatically.
Data subject rights
You can request information about the data stored about you at the above address. In addition, under certain conditions, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to have the data you have provided us to be returned to you in a structured, common and machine-readable format.
Right of objection
You have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to this processing if reasons arise from your particular situation that speak against the data processing. To do so, please contact the data protection officer:
Vossenkuhl Services UG (haftungsbeschränkt).
datenschutz@vossenkuhl-gruppe.de
Otto-Beyer-Strasse 8
DE-45356 Essen
Right of complaint
You have the possibility to address a complaint to the above-mentioned data protection officer or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia, Germany
P.O. Box 20 04 44
DE-40102 Düsseldorf
Tel.: 0049 211 38424-0
Fax: 0049 211 38424-10
E-mail: poststelle@ldi.nrw.de
This privacy policy applies only to content on our servers and does not cover websites linked to our site.
This application (mtalii) is only available for use by persons over 18 years of age. Whilst the application owner has taken due steps to ensure that age limits are complied with, such monitoring cannot be guaranteed. By agreeing to use this mobile application you confirm that you are at least 18 years of age. The owner provides the application, services, information, content and/or data (collectively, “information”) contained herein for informational purposes only. The owner does not purport to provide any medical advice on the application. Medical advice should be sought from your doctor. Using, accessing and/or providing personal or medical information to the owner does not create a physician-patient relationship between you and the owner. You hereby agree that you shall not make any health or medical related decision based in whole or part on anything contained in this application. The owners of mTalii application shall not be liable for any eventualities suffered whatsoever by the user of the application.