We set great store by the protection of your personal data. As the protection of your personal privacy and also your business data is very important to us, we observe the data protection regulations applicable in Germany.
In the following, we would like to inform you in detail about the type of data that is collected when you visit our website and use the services we offer there, and how this data is subsequently processed or used, as well as which accompanying protective measures we have taken with regard to technical and organisational matters.
1.Data controller / service provider
The data controller as defined by the GDPR and, at the same time, the service provider within the meaning of the German Teleservices Act (TMG) is Chamäleon GmbH, legally represented by the CEO Sascha Hagemann, cf. our Legal web page.
Alternatively, you can send an email to: firstname.lastname@example.org
2. Collecting and processing non-personal data
(1) If you simply visit the website, we do not collect any personal data. However, every server stores access to websites automatically. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session. Our web server records temporarily for the purpose of system security the IP address of the accessing computer, the browser you use, the operating system used, the access data and the time, the web sites that you visit, the uniform resource locators (URL) accessed on our websites and the website you have just visited (referrer URL). This information is stored anonymously and is not connected with your personal data. It is not possible to draw conclusions about your person or your individual behaviour.
The legal basis for the temporary storage of data and the log files is point (f) of Article 6(1) GDPR.
(2) We store computer-related data to record trends and produce statistics. This stored data serves also for the purposes of identification and the tracking of unauthorised access attempts on our server. We produce profile information about the use of our own websites, which is exclusively anonymised, and solely for the improvement of the user experience and the optimisation of the offer in the interests of users. No personally-related surfer profile or similar is produced or processed.
In this way, the following data can be transmitted: search terms entered, frequency of website access, use of website functions.
You can determine yourself through the settings in your browser whether cookies should be placed and downloaded. For instance, in your browser you can completely deactivate the storage of cookies, limit it to certain websites or configure your browser so that it notifies you automatically as soon as a cookie is about to be placed and request your feedback with regard to this. For technical reasons, however, it is necessary that you allow session cookies for all the features of our website to be fully functional.
No collection or storage of personal data in cookies takes place in this connection. Neither do we use any technologies to link information from cookies with user data.
The legal basis for the processing of personal data by using cookies is (f) of Article 6(1) GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose of its collection. This happens when the particular session has ended, in the event of data being captured for the provision of the website. IP addresses are, in principle, deleted seven days after collection at the latest. It is possible for data to be stored beyond this point. In this instance, the IP addresses of users are erased or anonymised, so that an association with the accessing client is no longer possible.
The capture of data to provide the website and the storage of data in files is an absolute requirement required for the operation of the website. Consequently, there is no opt-out option for the user.
3. Google Analytics
You can prevent the storage of cookies by selecting the appropriate setting in your browser software; however, we would point out that in this event you may not be able to use all the functions of this website should the occasion arise.
In addition, you can prevent data generated by cookies and data related to the use of the website (including your IP address) being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: (http://tools.google.com/dlpage/gaoptout?hl=de) .
Further information with regard to this can be found at http://tools.google.com/dlpage/gaoptout?hl=de or at http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). We would point out that on this website Google Analytics has been extended to include the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (IP masking).
4. Facebook plugins (Like button)
Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, US are integrated into our website. You can recognise the Facebook plugins from the Facebook logo or the “Like button” on our website. An overview of Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to associate the visit to our website with your Facebook user account, please log out of your Facebook user account.
Features of the Instagram service are integrated into our website. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, US. If you are logged into your Instagram account, by clicking on the Instagram button, you can link the content of our website to your Instagram profile. Through this, Instagram can associate the visit to our web pages with your user account. We would point out that we, as the provider of the website, receive no knowledge of the content of the data transmitted or used by Instagram.
6. YouTube videos
Our website has integrated YouTube videos in privacy-enhanced mode. These are stored on the servers of the provider, YouTube, and can be played back from our website through embedding.
YouTube provides privacy-enhanced mode, thus ensuring that YouTube does not store any cookies with personal data on your computer. As soon as you access the website, connection is made with YouTube and the DoubleClick network. To embed videos, the IP address is transferred. Provided you have not logged in or have been logged in for a long time to YouTube or another Google service before you access the website, no association is made with your account. It is possible that data is transferred to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, US, as the YouTube operator.
Currently, if you play back videos stored on YouTube, at least the following data is transferred to Google Inc., as the YouTube operator and the operator of the DoubleClick network: IP address and cookie, the specific address of the web page accessed on our website, system date and time of access, identification of your browser.
If you click on an embedded YouTube video, this can trigger further processing events over which we, as the operator of this website, have no influence.
Detailed information with regard to the integration of YouTube videos can be found on the
YouTube website: https://support.google.com/youtube/answer/171780?hl=de.
7. Collecting and using personal data
(1) We collect, store and process your actively transmitted personal data (e.g.: your name, your address details or email address), provided this is required to process enquiries or to fulfil our contractual obligations. The collection and use of the personal data of users takes place regularly only with the consent of the user. An exception to this applies in such cases where the obtaining of such consent is not possible for actual reasons and the processing of data is permitted by statutory regulations or is required for the performance of our contracts.
If we ask a data subject for consent to use their personal data for processing operations, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When it is required that we process personal data to perform a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are required to carry out pre-contractual measures.
If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis.
If processing is required to safeguard a legitimate interest of our company or a third-party and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.
(2) Your registered data is always transferred under encryption in our systems. This protects communication between you and our server and prevents the misuse of data. For encryption, we deploy a recognised and widely-used system, which is secure in its current version.
(3) A contact form is available on our website, which can be used for making contact with us electronically. If a user takes this option, the data entered in the input mask is transmitted to us and stored. This data is: name, title, email address, telephone number.
At the time of sending the message, the following data is also stored: IP address of the visitor to the website, date and time when contact was made.
Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data transmitted with the email is stored. Data is not passed on to third parties in this context. Data is used exclusively for the processing of the conversation.
The legal basis for the processing of data is the presence of consent by the user pursuant to point (a) of Article 6(1) GDPR.
The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6(1) GDPR. If the purpose of your contact by email is to terminate a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6(1) GDPR. The processing of personal data that we obtain from the input mask serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data.
The other personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems.
(4) The personal data of the data subject is erased or blocked as soon there is no longer a purpose for storage. This is the case for personal data from the input mask of the contact form and the personal data that was sent with the email, if the conversation concerned is finished with the user. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The additional personal data collected during the sending procedure is deleted after a period of seven days at the latest.
If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such an event, the conversation cannot be continued.
Storage can take place beyond this if it is provided for by Union law directives, laws or other regulations by European or national legislators to which we are subject. Data is also blocked or erased if a retention period prescribed by the standards mentioned expires, unless there exists a requirement for further storage of the data for the conclusion of a contract or the performance of a contract.
8. Right of access
You can request confirmation from us about whether we process personal data that concerns you.
If such processing takes place, you can request the following information from us:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipient to whom the personal data has been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of a right to request from us rectification or erasure of personal data, a right to the restriction of our processing of personal data or to object to such processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information about the origin of the data where the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind.
You have the right to information about whether personal data was transmitted to a third country or to an international organisation. In this connection, you have the right to be informed of suitable guarantees in connection with the transfer pursuant to Article 46 GDPR.
9. Right to rectification
You have a right to rectification and/or completion by us, provided the processed personal data that concerns you is inaccurate or incomplete. We will carry out the rectification without undue delay.
10. Right to restrict processing
Subject to the following prerequisites, you can request the restriction of the processing of the personal data that concerns you, if:
(1) you contest the accuracy of the personal data that concerns you for a period that enables the controller to check the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) we no longer need the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether our legitimate grounds override yours.
If the processing of the personal data that concerns you is restricted, this data may – apart from its storage – be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or on grounds of public interest of the Union or a member state.
If the restriction of the processing is carried out in accordance with the above-mentioned prerequisites, you are notified by us before the restriction takes place.
11. Right to erasure
A) Erasure obligation
You can request that we erase the personal data without undue delay, provided that one of the following reasons applies:
(1) The personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) The personal data has been unlawfully processed.
(5) The personal data has to be erased for compliance with a legal obligation in Union or member state law to which we are subject.
(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
B) Information given to third parties
If we have made the personal data public and are obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not exist, provided the processing is required
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation, which requires the processing in accordance with the law of the Union or member states to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) for reasons of public interest in the area of public health pursuant to point (h) of Article 9(2) and Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, provided that the right mentioned under section a) probably makes the realisation of the goals of this processing impossible or seriously impairs it, or
(5) for the establishment, exercise or defence of legal claims.
12. Right to notification
If you have asserted your right to obtain rectification, erasure or restriction of your personal data from us, we are obliged to notify all the recipients to whom the personal data affected was disclosed of this rectification or erasure of the data or the restriction of the processing, unless this proves impossible or involves disproportionate effort.
You have the right to be notified by us of these recipients.
13. Right to data portability
You have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by us, provided
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR and
(2) the processing is carried out by means of automated processes.
In exercising this right, you have the further right to have the personal data transmitted directly from us to another controller, where technically feasible. The rights and freedoms of others must not be adversely affected by this.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
14. Right to withdrawal and right to object
You have the right for reasons resulting from your special situation to object to the processing of personal data that concerns you, pursuant to point (e) or (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions.
We shall no longer process the personal data that concerns you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerned for the purpose of this sort of advertising; this also applies to profiling, provided it is connected to such direct advertising.
If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
You have the option, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EU – to exercise your right to object by means of automated processes in which technical specifications are used.
Right to withdraw the data protection declaration of consent
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the point of withdrawal;
15. Right to lodge a complaint with a supervisory authority.
If you consider that the processing of personal data relating to you infringes the GDPR, you have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
The supervisory authority where the complaint was lodged, informs the complainant of the status and results of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.
(1) We will maintain silence about all information to be treated confidentially, which has come to our knowledge within the scope of the contractual relationship or will only use this information with the prior agreement of the other contractual partner in relation to third parties - for whatever purpose. Information to be treated confidentially includes information from the party sharing the information that is designated as confidential and such information, the confidentiality of which is obvious from the circumstances of the handover of information. Your personal data, in particular, is to be treated confidentially by us, as well as the used data, should we gain knowledge of it.
(2) The obligations pursuant to para 1 do not apply to such information or parts thereof for which we can prove that it
- was known to us before the date of receipt or is generally accessible;
- was in the public domain before the date of receipt or was generally accessible;
- was in the public domain after the date of receipt or became generally accessible, without us being responsible for this.
(3) public statements by the parties regarding a collaboration are only made by prior mutual consent.
(4) the obligations pursuant to para 1 also go beyond the end of the contract for an indeterminate period, and indeed as long as an exception has not been proved pursuant to para 2.
17. Scope of application