Privacy policy

This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Responsible

ZD Luchsweg GmbH
Kurfürstendamm 38/39
10719 Berlin

Phone: +49 30 80933460
Fax: +49 30 809334610
E-mail: info@zauner-berlin.com

Managing Director
Heike Zauner

Register entry
Registered office of the company: Berlin
Commercial register Berlin: HRB 244215 B

Tax number
27/603/50037

Competent supervisory authority
Charlottenburg District Office

Types of data processed

  • Contact data (e.g., e-mail).
  • Content data (e.g., photographs, videos).
  • Meta/communication data (e.g., device information, IP addresses).

Processing of special categories of data (Art. 9 para. 1 GDPR)

  • No special categories of data are processed.

Categories of data subjects affected by the processing

  • Visitors and users of the online offer.

In the following, we also refer to the data subjects collectively as “users”.

Purpose of the processing

  • Responding to contact requests and communicating with users.
  • Marketing, advertising and market research.
  • Security measures.

Status of the document: 21.06.2021

1. Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

2. Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

3. Security measures

3.1. In accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of security appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and their separation. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

3.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

4. Cooperation with processors and third parties

4.1. If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

4.2. If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

5. Transfers to third countries

Sofern wir Daten in einem Drittland (d.h. außerhalb der Europäischen Union (EU) oder des Europäischen Wirtschaftsraums (EWR)) verarbeiten oder dies im Rahmen der Inanspruchnahme von Diensten Dritter oder Offenlegung, bzw. Übermittlung von Daten an Dritte geschieht, erfolgt dies nur, wenn es zur Erfüllung unserer (vor)vertraglichen Pflichten, auf Grundlage Ihrer Einwilligung, aufgrund einer rechtlichen Verpflichtung oder auf Grundlage unserer berechtigten Interessen geschieht. Vorbehaltlich gesetzlicher oder vertraglicher Erlaubnisse, verarbeiten oder lassen wir die Daten in einem Drittland nur beim Vorliegen der besonderen Voraussetzungen der Art. 44 ff. DSGVO verarbeiten. D.h. die Verarbeitung erfolgt z.B. auf Grundlage besonderer Garantien, wie der offiziell anerkannten Feststellung eines der EU entsprechenden Datenschutzniveaus (z.B. für die USA durch das „Privacy Shield“) oder Beachtung offiziell anerkannter spezieller vertraglicher Verpflichtungen (so genannte „Standardvertragsklauseln“).

6. Rights of the data subjects

6.1. You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

6.2. You have in accordance with. Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

6.3. In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with Art. 18 GDPR.

6.4. You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.

6.5. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

7. Right of revocation

You have the right to withdraw your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.

8. Right to object

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.

9. Deletion of data

9.1. The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

9.2. In accordance with legal requirements, data is stored in particular for 6 years in accordance with Section 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

10. Provision of contractual services

10.1. As part of the use of our online service, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the user in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.

10.2. The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); information in the customer account remains until its deletion.

11. Contacting us

11.1. When contacting us (via contact form or e-mail), the user’s details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b) GDPR.

11.2. The user’s details may be stored in our customer relationship management system (“CRM system”) or comparable inquiry organization.

11.3. We delete the inquiries if they are no longer required. We review the necessity every two years; we store inquiries from customers who have a customer account permanently and refer to the details of the customer account for deletion. In the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

12. Collection of access data and log files

12.1. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

12.2. Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum period of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

13. Online presence in social media

13.1. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

13.2. Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

14. Web analysis, tracking and targeting

The tracking and targeting measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. a GDPR.

With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

Through the targeting measures used, we want to ensure that only advertising based on your actual or perceived interests is displayed on your end devices.

These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

Use of the Google Marketing Platform

We use the Google Marketing Platform on our website, a web analysis and advertising service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). The service combines the Google products DoubleClick Digital Marketing and the Google Analytics 360 Suite. In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • time of the server request,

are transmitted to a Google server in the USA and stored there. We have concluded an order processing agreement with Google for the use of Google products and, in the event that personal data is transferred to the USA or other third countries, standard contractual clauses.

The information may be transferred to third parties if this is required by law or if third parties process this data on our behalf. The IP addresses are anonymized so that they cannot be assigned (IP masking).

The user data collected via cookies is automatically deleted after 14 months.

Further information on data protection in connection with the Google Marketing Platform can be found here.

Analytics 360 Suite

As part of the Analytics 360 Suite, information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website.

DoubleClick Digital Marketing

As part of DoubleClick Digital Marketing, information is collected and evaluated in order to optimize advertising. The technologies used enable us to target you with individually interest-based advertising. For example, we record which of our content you have shown an interest in. Based on this information, we can also show you offers on third-party websites that are specifically geared to your interests, as determined by your previous user behavior. The recording and evaluation of your user behavior is exclusively pseudonymous and does not enable us to identify you.

You can also make settings for the display of interest-based advertising by DoubleClick Digital Marketing via Google’s ad settings manager.

Google Marketing Platform Objection

In addition to deactivating all cookies in the browser, you can prevent the collection of data generated by Analytics 360 and related to your use of the website and the processing of this data by Google by downloading and installing a browser add-on.

Use of Google Ads

We use Google Conversion Tracking from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”) on our website. The service enables us to design, statistically record, optimize and display advertising content in line with requirements. We rely on such advertising content to ensure the visibility of our website.

Google Ads places a cookie on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page.

The information generated by the cookie about your use of this website, such as the click behavior on texts and products or interactions with videos, is transferred to a Google server in the USA and stored there. We have concluded an order processing agreement with Google for the use of Google Analytics as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. As a Google Ads customer, we learn the total number of users who clicked on an ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which we can identify you personally.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”.

You can find Google’s data protection information here.

Matomo

We use Matomo (formerly Piwik) for web analysis, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”). The protection of your data is important to us, which is why we have also configured Matomo so that your IP address is only recorded in abbreviated form. We therefore process your personal usage data anonymously. It is not possible for us to draw any conclusions about your person.

You can find further information on Matomo’s terms of use and data protection regulations at:

https://matomo.org/privacy/

As Matomo is hosted on our server, this data never leaves our area of responsibility. This is therefore a much better alternative than tools such as Google Analytics, where the visit statistics are processed externally. IP addresses are anonymized by six digits in our configuration and do not allow any conclusions to be drawn about the actual connection.

If you do not want your visits to our websites to be recorded, you can activate the “Do not track” option in your browser and Matomo will not record any of your data. If you generally do not wish to be tracked, activate the “Do not track” function in your browser.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.