Privacy Policy
Racers Lodge is aware that protecting your privacy while using our websites is an important concern for you. We take the protection of your personal data very seriously. Therefore, we want you to know when we store which data and how we use it. This privacy policy is intended to inform you about our data protection measures.
Please note that data transmission over the Internet (e.g., communication via email) can have security gaps. Complete protection of data from access by third parties is not possible.
The use of contact data published in the imprint by third parties for sending unsolicited advertising and informational materials is expressly objected to. The operators of the site expressly reserve the right to take legal action in the event of unsolicited delivery of advertising information, such as spam emails.
Name and Address of the Responsible Party
The responsible party in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:
Dirk Brademann
Borner Feld 19
41379 Brüggen
Tel: 0049 173 5324359
1.1. Questions about Data Protection
If you have any questions regarding our data protection, please send an email to: info@racers-lodge.com
General Information on Data Processing
2.1. Scope of Processing Personal Data
We collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users is generally only done with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.
2.2. Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing operations of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
When processing personal data required to fulfill a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
If processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
In cases where processing is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and those interests do not outweigh the interests, rights, and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing.
2.3. Data Deletion and Storage Duration
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by European or national legislations in Union regulations, laws, or other provisions to which the responsible party is subject. Data blocking or deletion also occurs when a storage period required by the aforementioned norms expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
Provision of the Website and Creation of Logfiles
3.1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting device. The following data is collected:
Information about the browser type and version used
The operating system of the user
The Internet Service Provider (ISP) of the user
The IP address of the user
Date and time of access
Websites from which the system of the user accessed our website
Websites accessed by the user’s system through our website
The log files contain IP addresses or other data that allow identification of a user. This could occur, for example, if the link to the website from which the user accessed our site or the link to the website to which the user navigates contains personal data.
The data is also stored in our system’s log files. No storage or linking of this data with other personal data of the user occurs.
3.2. Legal Basis for Data Processing
The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR.
3.3. Purpose of Data Processing
The temporary storage of the session ID by the system is necessary to deliver the website to the user’s computer. To achieve this, the session ID must remain stored for the duration of the session. This is done in the form of a session cookie.
The storage in log files occurs to ensure the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our IT systems. In the event of errors or attacks, this data helps pinpoint the cause of the issue. The data in the log files is automatically deleted by the host after approximately 2 months.
Data is not evaluated for marketing purposes in this context. Our legitimate interest in data processing according to Article 6(1)(f) GDPR also lies in these purposes.
3.4. Duration of Storage
The data is deleted as soon as it is no longer necessary for the purposes for which it was collected. For data collected to provide the website, this occurs when the respective session ends.
For data stored in log files, deletion occurs after a maximum of 60 days. Further storage is possible. In such cases, user IP addresses are deleted or anonymized, making it no longer possible to associate the data with the requesting client.
3.5. Right to Object and Removal
The collection of data to provide the website and storage in log files is essential for the operation of the website. Therefore, users have no right to object.
4. Use of Cookies
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored on the user’s computer system by the internet browser. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a distinctive string of characters that allows for the unique identification of the browser when revisiting the website.
We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser be identified even after a page change. The following data is stored and transmitted in cookies:
1. Language settings
2. Session ID
3. Markers
The term “markers” refers to cookies that only contain values such as 1, 0, true, or false. For example, a marker is used to remember a user’s click on the OK button in the cookie banner for the current visitor only. Otherwise, the cookie banner would not be dismissible. Additionally, we use cookies on our website that allow analysis of user behavior. This provides the following data:
1. Date
2. Country from which the access originates
3. Accessed page
4. Entered search terms
5. Time spent on individual pages
6. Use of website functions
The data collected in this manner is pseudonymized through technical measures. Therefore, it is no longer possible to attribute the data to the requesting user. The data is not stored or linked with other personal data of the users.
When accessing our website, users are informed via an info banner about the use of cookies for analytical purposes and are referred to the privacy policy. The privacy policy also includes information on how to prevent the storage of cookies in browser settings or add-ons.
b) Legal Basis for Data Processing
The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.
c) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without cookies. For these, it is necessary for the browser to be recognized even after a page change.
We use cookies for the following applications:
1. Retaining language settings
2. Remembering disabled dialogs
The data collected by technically necessary cookies is not used to create user profiles.
The use of analytical cookies aims to improve the quality of our website and its content. Through analytical cookies, we learn how the website is used and can continually optimize our offerings.
Our legitimate interest in processing personal data according to Article 6(1)(f) GDPR also lies in these purposes.
Based on various analysis parameters, we can identify pages that, for example, lead to a high bounce rate. The subsequent page analysis can improve individual pages and thus enhance the user experience.
e) Duration of Storage, Right to Object and Removal
Cookies are stored on the user’s computer and transmitted to our site. Therefore, users have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, some functions of the website may no longer be fully usable.
5. Registration or Inquiries via Contact Forms
5.1. Description and Scope of Data Processing
Our website offers users the opportunity to register by providing personal data or to book a stay, request information or offers. The data is entered into an input mask and transmitted and stored by us. The data is not shared with third parties. The following data is collected during the registration process:
At the time of registration or inquiry, the following data is also stored:
Inquiry
1. Salutation
2. Name
3. Email and telephone number
4. Specification of the desired service
5. Message
6. User’s IP address
7. Date and time of the inquiry
Consent from the user for the processing of this data is obtained during the processing process.
Legal Basis for Data Processing
The legal basis for processing the data, provided there is user consent, is Article 6(1)(a) GDPR.
5.2. Purpose of Data Processing
The user’s inquiry is necessary to provide the desired content and services. This includes pre-contractual measures based on the user’s request.
5.3. Duration of Storage
The data is deleted as soon as it is no longer necessary for the purposes for which it was collected.
This applies to the data collected during the inquiry process once the inquiry is submitted and transmitted to us through our website.
5.4. Right to Object and Removal
As a user, you have the option to modify or delete your stored data at any time.
6. Contact Form and Email Contact
6.1. Description and Scope of Data Processing
Our website features a contact form that can be used for electronic communication. If a user utilizes this option, the data entered in the input mask will be transmitted to and stored by us. This data includes:
– Salutation
– Name
– Phone number
– Message
– IP address of the requester
– Date and time of the request
For the processing of the data, your consent is obtained during the submission process, and reference is made to this privacy policy. There is no disclosure of the data to third parties in this context. The data is used solely for processing the conversation. Alternatively, you can contact us via the provided email address. In this case, no user data is stored through the website.
6.2. Legal Basis for Data Processing
The legal basis for processing data with user consent is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted via email is Art. 6 (1) (f) GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
6.3. Purpose of Data Processing
The processing of personal data from the input mask is solely for handling the contact request. In the case of contact via email, there is also a legitimate interest in processing the data. The additional personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
6.4. Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data from the contact form input mask and data sent via email, this will be the case once the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved. The additional personal data collected during the submission process will be deleted no later than seven days after collection.
6.5. Right to Object and Removal
Users have the right to withdraw their consent to the processing of personal data at any time. If users contact us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the contact or email communication will be deleted in this case.
7. External Services, Tools, and Plugins
a) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the USA. The Google tracking codes on this website use the “_anonymizeIp()” function, so IP addresses are truncated within EU member states or other contract states of the Agreement on the European Economic Area to exclude direct personal identification.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide additional services related to website and internet use to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by adjusting the settings on your browser software; however, please note that you may not be able to use all the features of this website to their full extent in such a case.
Furthermore, this site uses Google Analytics reports on demographic characteristics, in which data from Google’s interest-based advertising as well as visitor data from third-party providers (e.g., age, gender, and interests) are used. This data is not attributable to any specific individual and can be disabled at any time through the ad settings.
Data collection and storage can be objected to at any time with effect for the future. By clicking the “Deactivate” button, tracking is completely stopped. To ensure the objection is permanent, your browser must accept cookies.
To disable Google Analytics for future visits to “www.racers-lodge.de,” click here: Deactivate
Alternatively, you can object to data collection by using a Google browser plugin. The storage of Google Analytics cookies is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offerings and its advertising.
More information on Google Ads and Google Conversion Tracking can be found in Google’s privacy policy: www.google.de/policies/privacy/.
You can configure your browser to be informed about cookie placement and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.
b) Google Re-Marketing
This website uses Google Re-Marketing. Google Re-Marketing is an advertising service of Google Inc. (“Google,” Mountain View, USA) that allows us to show you targeted ads based on your previous visits to our website. These ads appear only on Google advertising spaces, either on Google Ads ad spaces or the Google Display Network.
You can object to Google Re-Marketing in the Google Ads Settings Manager or edit your settings. Alternatively, you can prevent Re-Marketing by disabling cookies in your browser settings.
c) Google Web Fonts
This site uses so-called Web Fonts provided by Google for uniform font representation. When you access a page, your browser loads the required Web Fonts into your browser cache to correctly display texts and fonts.
To do this, the browser you are using must connect to Google’s servers. This allows Google to learn that your IP address has accessed our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest under Art. 6 (1) (f) GDPR.
If your browser does not support Web Fonts, a standard font from your computer will be used.
More information about Google Web Fonts can be found at developers.google.com/fonts/faq and in Google’s privacy policy: www.google.com/policies/privacy/.
More information on the handling of user data can be found in Google’s privacy policy: www.google.de/intl/de/policies/privacy/.
d) Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google Ads, we use so-called Conversion Tracking. When you click on an ad served by Google, a cookie for Conversion Tracking is set. Cookies are small text files that the internet browser places on the user’s computer. These cookies expire after 30 days and are not used to identify users personally. If the user visits certain pages of this website and the cookie has not expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google Ads customer receives a different cookie. Cookies cannot be tracked across Ads customers’ websites. The information collected with the Conversion Cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who have clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that would allow for personal identification of users. If you do not wish to participate in tracking, you can object to this use by disabling the Google Conversion Tracking cookie through your internet browser settings. You will then not be included in the conversion tracking statistics.
The storage of “conversion cookies” is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offerings and its advertising.
More information on Google Ads and Google Conversion Tracking can be found in Google’s privacy policy: www.google.de/policies/privacy/.
You can configure your browser to be informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.
e) Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to verify whether the data entry on our websites (e.g., in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various features. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
The data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam.
For more information on Google reCAPTCHA and Google’s privacy policy, visit the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.
f) Google Maps
This site uses Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy findability of the locations we have indicated on the website. This constitutes a legitimate interest under Art. 6 (1) (f) GDPR.
More information on handling user data can be found in Google’s privacy policy: www.google.de/intl/de/policies/privacy/.
Contract Data Processing with Google
We have entered into a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities in the use of Google Analytics.
g) YouTube
Our site uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for embedding videos. Typically, when you access a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with extended privacy mode (in this case, YouTube still contacts Google’s DoubleClick service, but according to Google’s privacy policy, personal data is not evaluated). As a result, YouTube does not store information about visitors unless they view the video. If you click the video, your IP address is transmitted to YouTube, and YouTube learns that you have watched the video. If you are logged into YouTube, this information is also associated with your user account (you can prevent this by logging out of YouTube before viewing the video).
We have no knowledge of and no influence on the collection and use of your data by YouTube. For more information, please refer to YouTube’s privacy policy at www.google.de/intl/de/policies/privacy/. Additionally, for general information on cookies and how to disable them, refer to our general presentation in this privacy policy.
h) Facebook Plugins (Like & Share Button)
Our pages integrate plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the “Like Button” (“Like”) on our page. An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/.
When you visit our pages, a direct connection between your browser and the Facebook server is established via the plugin. This allows Facebook to receive the information that you have visited our page with your IP address. If you click the Facebook “Like Button” while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to assign your visit to our pages to your user account. Please note that as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by Facebook. For more information, please refer to Facebook’s privacy policy at: de-de.facebook.com/policy.php.
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
i) Facebook Pixel, Facebook Custom Audiences, Facebook Conversions
We use the “Facebook Pixel,” Custom Audiences, and Facebook Conversions on our website. “Facebook” is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
We have installed a “tracking pixel” from Facebook (“Facebook Pixel”), which is retrieved from Facebook’s servers each time our website is accessed and registers the access. This allows website visitors to be specifically included in a Custom Audience. The marketing tool is a targeting option that matches website visitors with people on Facebook based on the Facebook Pixel. We can thus specifically target visitor groups with Facebook ads.
According to Facebook, browser information, visited websites, and hashed Facebook IDs of website users are stored for this purpose. It cannot be ruled out that Facebook may also transmit the information to a server in a third country.
Additional Information on Facebook Pixel:
You can find more information about Facebook Pixel at www.facebook.com/business/help/651294705016616.
Further details on Facebook Custom Audiences can be found at:
developers.facebook.com/docs/marketing-api/audiences-api/websites
developers.facebook.com/docs/facebook-pixel/pixel-with-ads/conversion-tracking.
According to the Privacy Shield certification of Facebook, Inc. (available at www.privacyshield.gov/list by searching for “Facebook”), Facebook, Inc. has committed to comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework regarding the collection, use, and storage of personal data from EU member states and Switzerland. Facebook, Inc. has declared through certification that it adheres to the Privacy Shield principles.
For more information, see: de-de.facebook.com/about/privacyshield.
By integrating Facebook Pixel, using Facebook Custom Audiences, and Facebook Conversions, we aim to provide optimized advertising for website visitors. The purpose of processing data using Facebook Custom Audiences is to create statistics for forming user categories to enable interest-based targeting of ads or advertising measures on the internet.
The legal basis for processing personal data described here is Art. 6 (1) (a) GDPR.
Regarding the retention period of the information, Facebook states that data is stored as long as necessary to provide products and services to you or others (https://de-de.facebook.com/about/privacy/ under “Data Storage, Deactivation, and Deletion of Accounts”).
For further questions, Facebook provides the following contact options and information (as of September 29, 2016):
If you live in the USA or Canada:
Please contact Facebook, Inc. online or by mail at:
Facebook, Inc.
1601 Willow Road
Menlo Park, CA 94025
If you live elsewhere:
The data controller regarding your information is Facebook Ireland Ltd. You can contact this company online or by mail at:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland
Providing personal data is neither legally nor contractually required, nor necessary for a contract. You are not obligated to provide personal data. However, failure to provide it may mean you cannot use certain functions of our website or use them fully.
Social Networks & External Links
In addition to this website, we maintain presences on various social media platforms, which you can access via the corresponding buttons on our website. If you visit such a presence, personal data may be transmitted to the social network provider. In addition to storing the data you explicitly provide in this social medium, additional information from the social network provider may also be processed.
Moreover, the social network provider may process key data from the computer system you are using to visit the site—such as your IP address, the type of processor used, and browser version including plug-ins.
If you are logged into your personal account on the respective network during your visit to such a page, the network can associate the visit with your account.
The purpose and scope of data collection by the respective medium, as well as the further processing of your data and your related rights, can be found in the respective regulations of the responsible party, e.g., at:
Facebook: www.facebook.com/privacy/explanation
Google: policies.google.com/privacy
We also want to point out that our website contains links to external third-party websites, over which we have no control regarding data processing.
8. Privacy Notices for Our Facebook Fan Page and Facebook Insights
We operate our Facebook presence to promote our business and products and to interact with you as visitors and users of this Facebook presence. More information about us, our activities, and our company can be found on our website at www.racers-lodge.de.
As operators of the Facebook page, we have no interest in collecting and further processing your individual personal data for analysis or marketing purposes.
Further information on our handling of personal data can be found in this privacy policy.
The operation of this Facebook page, including the processing of personal data of users, is based on our legitimate interests in providing a modern and supportive information and interaction opportunity for and with our users and visitors according to Art. 6 (1) (f) GDPR.
Facebook Ireland Ltd (“Facebook”) provides us as the operator of the Facebook Fan Page with so-called “Facebook Insights.” Insights are various statistics that provide us with information about the usage of our Facebook Fan Page. Detailed information can also be found at www.facebook.com/business/a/page/page-insights.
To generate these statistics, Facebook processes various information (including personal data) provided by you. The personal data is processed by Facebook and us as joint controllers according to Art. 26 GDPR. Below, we provide the essential information from the agreement between Facebook and us (available at https://www.facebook.com/legal/terms/page_controller_addendum) according to Art. 26 GDPR.
8.1. Responsible Parties
Jointly responsible for processing are:
Facebook Ireland Ltd
4, Grand Canal Square
Dublin 2
Ireland
Dirk Brademann
Borner Feld 19
41379 Brüggen
Email: info@racers-lodge.com
8.2. Processing of Personal Data by Facebook
The European Court of Justice (ECJ) ruled on June 5, 2018, that the operator of a Facebook page is jointly responsible with Facebook for the processing of personal data.
We understand that Facebook processes user data for the following purposes:
Advertising (analysis, creation of personalized advertising)
Creation of user profiles
Market research
Facebook uses cookies for storing and further processing this information—small text files saved on users’ devices. If the user has a Facebook profile and is logged in, the storage and analysis also occur across devices.
The exact processing of your data when visiting our Facebook Fan Page depends on whether you have a Facebook account. If you have a Facebook account, Facebook can permanently assign the data to your account to learn more about you. Even if you do not have a Facebook account, Facebook can store your data through cookies. These are usually small text files stored on your device, containing information that can be read later. This allows Facebook to store and process information about you even without a Facebook account.
The Facebook privacy policy contains further information about data processing. Opt-out options can be set here: www.facebook.com/settings. More information about Facebook and other usage-based online advertising can be found at: www.facebook.com/about/privacy/. Facebook Inc., the U.S. parent company of Facebook Ireland Ltd., is certified under the EU-U.S. Privacy Shield and thus commits to adhering to European data protection guidelines. More information about Facebook’s Privacy Shield status can be found here: www.privacyshield.gov.
8.3. Responsibility Regarding Facebook Insights Data Processing
The primary responsibility (taking on all obligations under the GDPR) for data processing is assumed by Facebook. This includes:
Facebook taking on necessary information obligations (e.g., Art. 13 GDPR)
Data subject rights can be asserted against Facebook (e.g., right to access or deletion, objection to data processing, or withdrawal of any consent; see also section “V. Rights of Data Subjects”)
Ensuring technical and organizational measures for data processing
Facebook provides comprehensive information on data processing at www.facebook.com (Art. 13 GDPR). To give you an overview of the essential information, we also refer to the content provided by Facebook.
Through the use of Insights, we receive only anonymized statistics about the use of our Fan Page. We can see only how many users performed specific interactions, but not which user performed a particular action. Insights statistics do not allow us to identify individuals.
Despite the primary responsibility of Facebook, you can also assert your rights under the GDPR directly with us. We will promptly forward such requests to Facebook via the provided form.
8.4. Legal Basis for Processing
The legal bases and purposes for processing by Facebook can be viewed at:
www.facebook.com/about/privacy/legal_bases
de-de.facebook.com/policy.php
Our legal basis for processing Insights data is our legitimate interest according to Art. 6 (1) (f) GDPR. We have a legitimate interest in understanding user behavior on our Facebook Fan Page. This allows us to measure the reach and effectiveness of our campaigns, postings, and other activities through processed statistics. This enables us to continuously optimize our website and our offerings according to demand. This also constitutes the purpose of processing for us.
8.5. Rights of the Data Subject
You generally have the following rights:
Right to Information (Art. 15 GDPR)
Right to Rectification (Art. 16 GDPR)
Right to Object (Art. 21 GDPR)
Right to Erasure (Art. 17 GDPR)
Right to Restriction of Processing (Art. 18 GDPR)
Right to Data Portability (Art. 20 GDPR)
You have the right to withdraw consent previously given at any time with effect for the future, without affecting the lawfulness of the processing based on the consent prior to the withdrawal.
You can exercise these rights directly with Facebook or with us.
Regarding processing by cookies, you have the right to object. You can do this, for example, as follows:
In your browser settings, you can restrict or completely prevent the setting of cookies. You can also arrange for the automatic deletion of cookies when closing the browser window. How to delete cookies and change cookie settings in the most common browsers can be found here:
Google Chrome: [Website]
Mozilla Firefox: [Website]
Apple Safari: [Website]
Microsoft Internet Explorer: [Website]
You can also adjust your cookie settings at de-de.facebook.com/policies/cookies/. Here, under the sections “If you have a Facebook account” (Facebook account available) and “Public” (no Facebook account available), you can find information on how to object to processing by Facebook.
You can determine the storage duration of cookies through your browser by viewing the cookies (usually by clicking on the “i” next to the address bar, e.g., in Firefox or Google Chrome).
9. Rights of the Data Subject
The following list includes all the rights of the data subject under the GDPR. Rights that are not relevant for your own website do not need to be listed. The list can be shortened accordingly.
If personal data about you is processed, you are a data subject under the GDPR, and you have the following rights against the data controller:
9.1. Right to Information
You may request confirmation from the data controller whether personal data concerning you is being processed by us.
If such processing is occurring, you can request information from the data controller about the following:
the purposes for which the personal data is processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
the intended duration of the storage of the personal data concerning you or, if specific information is not possible, the criteria used to determine the retention period;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the source of the data if the personal data was not collected from the data subject;
the existence of automated decision-making, including profiling, according to Art. 22(1) and (4) GDPR and—at least in these cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether the personal data concerning you is being transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards according to Art. 46 GDPR related to the transfer.
9.2. Right to Rectification
You have the right to obtain from the data controller the rectification and/or completion of personal data concerning you if the processed data is inaccurate or incomplete. The data controller must carry out the rectification without delay.
9.3. Right to Restriction of Processing
You may request the restriction of processing of personal data concerning you under the following conditions:
if you contest the accuracy of the personal data concerning you for a period enabling the data controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
the data controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or
if you have objected to the processing according to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the data controller override your grounds.
If the processing of personal data concerning you has been restricted, such data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a Member State.
If the restriction of processing has been imposed under the conditions mentioned above, you will be informed by the data controller before the restriction is lifted.
9.4. Right to Erasure
Obligation to Erase
You may request from the data controller that the personal data concerning you be erased without undue delay, and the data controller is obligated to erase this data without undue delay if one of the following reasons applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
You object to the processing according to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Art. 21(2) GDPR.
The personal data concerning you has been processed unlawfully.
The erasure of personal data concerning you is required for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
The personal data concerning you was collected in relation to the offer of information society services according to Art. 8(1) GDPR.
Information to Third Parties
If the data controller has made the personal data concerning you public and is obliged to erase it according to Art. 17(1) GDPR, the data controller will take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, such personal data.
Exceptions
The right to erasure does not apply insofar as the processing is necessary:
for exercising the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
for reasons of public interest in the area of public health according to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
a) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89(1) GDPR, in so far as the right mentioned in section (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
b) for the establishment, exercise, or defense of legal claims.
9.5. Right to Notification
If you have exercised the right to rectification, erasure, or restriction of processing with the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of the rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by the data controller about these recipients.
9.6. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data has been provided, if:
the processing is based on consent according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract according to Art. 6(1)(b) GDPR, and
the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one data controller to another, where technically feasible. This should not adversely affect the freedoms and rights of other individuals.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
9.7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The data controller shall no longer process the personal data concerning you unless the data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the option, in connection with the use of information society services—regardless of Directive 2002/58/EC—to exercise your right to object using automated procedures that use technical specifications.
9.8. Right to Withdraw Consent
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9.9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
is necessary for entering into, or performance of, a contract between you and the data controller,
is authorized by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
is based on your explicit consent.
However, such decisions must not be based on special categories of personal data under Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the rights, freedoms, and legitimate interests of the data subject have been implemented.
In cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard the rights, freedoms, and legitimate interests of the data subject, which shall include at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.
9.10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace, or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.