I. Name and address of the data controller
Responsible within the meaning of the GDPR, other applicable data protection and privacy laws in member states of the European Union and other regulations regarding data protection is:
2Finder GmbH
Michael Schekorr, Philipp Heß
Wiesmannstr. 9
58511 Lüdenscheid
Germany
II. Data protection officer
If you have any questions about this privacy statement, please send us an email or refer directly to our data protection officer:
Philipp Heß
Wiesmannstr. 9
58511 Lüdenscheid
Germany
Phone: +49 2351 663180
Email: mail[at]2finder.com
III. General information on data processing
1. Extent of personal data processing
As a matter of principle, we only process our users’ personal data as far as it is necessary in order to provide a functional website and to present our contents and services. We process our users’ personal data regularly only if the respective users have given their consent. The only exception to this is where it is actually impossible for us to obtain prior consent and processing of the data is lawful.
2. Legal basis for processing personal data
Where we obtain the corresponding data subject’s consent for processing personal data, Art. 6(1) lit. a of the EU General Data Protection Regulation (hereinafter referred to as “GDPR“) serves as the legal basis.
Where we need to process personal data for the purposes of fulfilling a contract, and the data subject is party to that contract, Art. 6(1) lit. b of the GDPR serves as the legal basis. The same applies to such processing operations, which are necessary for carrying out pre-contractual measures.
Where processing of personal data is necessary for our company to fulfill a legal obligation, Art. 6(1) lit. c of the GDPR serves as the legal basis.
Where processing of personal data is necessary for protecting the vital interests of the data subject, or those of another natural person, Art. 6(1) lit. d of the GDPR serves as the legal basis.
Where processing is necessary to protect our company’s legitimate interests, or those of a third party, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6(1) lit. f of the GDPR serves as the legal basis.
3. Deletion of data and data storage period
The data subject’s personal data will be deleted or blocked as soon as the purpose for which it has been collected has been fulfilled. Data may remain on record beyond this period if specified in European or national legislation from European Union Regulations, laws or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period specified in the above standards expires, unless conclusion or fulfillment of a contract requires the data remain on record further.
IV. Provision of website and creation of log files
1. Description and extent of data processing
Every time our website is accessed, our system automatically records data and information concerning the accessing computer.
The following data are recorded:
(1) Information on the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system reaches our website
(7) Websites the user’s system accesses from our website
The data is also recorded in our system’s log files. This data is not stored together with any of the user’s other personal data.
2. Legal basis for data processing
The legal basis for temporary recording of data in our log files is Art. 6(1) lit. f of the GDPR.
3. Purpose of data processing
Recording the data in log files is necessary to ensure that the website operates correctly. The data further helps us optimize the website and ensure that our computer systems remain secure. No data is processed for marketing purposes in this context.
The abovementioned purposes also constitute our legitimate interests in data processing within the meaning of Art. 6(1) lit. f of the GDPR.
4. Data storage period
With respect to data being recorded in log files, the data is no longer required after seven days at the latest. Data may remain on record for longer. In those cases, the users’ IP addresses are deleted or rendered untraceable to make identification of the accessing client impossible.
5. Right to object and options for deletion
The website cannot be provided without recording the data and the operation of the site in the Internet is impossible without storing the data in log files. Correspondingly, there is no option for the user to object.
V. Cookies
a) Description and extent of data processing
Our website uses cookies. Cookies are text files, which are saved in the user’s Internet browser or on the user’s computer by the Internet browser. When a user accesses a website, a cookie may be stored in the user’s operating system. This cookie contains a unique character string allowing the website to identify the browser when it accesses the website again.
We use cookies to improve the user experience when accessing our website. Some of our website’s elements need to be able to identify the accessing browser even after a page change.
Our website further employs cookies that facilitate the analysis of the users’ web-surfing behavior.
The following data may be transferred in this way:
(1) Search terms entered
(2) Frequency of site visits
(3) Use of website features
Upon visiting our website, a notice referring to this privacy statement will pop up informing users about the use of cookies for analysis purposes. In this context, there will also be reference on how to prevent the storage of cookies in the browser settings.
b) Legal basis for data processing
The legal basis for using technically necessary cookies to process personal data is Art. 6(1) lit. f of the GDPR.
If consent concerning this matter has been obtained, the legal basis for the processing of personal data by using cookies for analysis purposes is Art. 6(1) lit. a of the GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to make using our website easier for users. Several of our website’s functions cannot be offered without using cookies. These functions require the browser be recognized after a page change.
The following functions require cookies:
(1) Application of language preferences
(2) Remembering search terms
The user data recorded in technically necessary cookies is not used to create user profiles.
We use analysis cookies to improve the quality of our website and its contents. The analysis cookies enable us to gain knowledge of how the website is being used and this way allow us to keep optimizing our offer. The abovementioned purposes also constitute our legitimate interests in processing personal data within the meaning of Art. 6(1) lit. f of the GDPR.
e) Data storage period, right to object and options for deletion
Cookies are stored on the user’s computer and transferred to us by that computer. As the user, you are in complete control of the use of cookies. You can restrict or prevent your computer from sending cookies by adjusting the settings of your Internet browser. Already set cookies can be deleted at any time. You can also automate deletion. Please note that certain functions of our website may not be entirely usable if you have deactivated the installation of cookies.
VI. YouTube
Our website uses services of YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of videos. Usually, your IP address will be sent to YouTube and cookies will be installed on your device as soon as you call up a site with an embedded video. We have, however, embedded our YouTube videos with an extended data protection mode (in this case, YouTube will still contact the Google DoubleClick service, but according to Google’s privacy statement no personal data will be analyzed). Hence, YouTube will not store any information about the visitors unless they watch the video. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged into your YouTube account, this information will also be associated with your user account (you can prevent this by logging out of YouTube before opening the video).
We have no knowledge of or influence on the collection and use of your data by YouTube. For further information, please refer to YouTube’s privacy statement at www.google.de/intl/de/policies/privacy/. In addition, we refer you to the cookies section of this privacy statement for the general use and deactivation of cookies.
VII. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will usually be transmitted to, and stored by, Google on servers in the United States. IP anonymization is activated on this website. Thus, on this website, your IP address will previously be abridged by Google within the member states of the European Union or in other contracting states that were party to the agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will make use this information on behalf of the provider of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. In the context of Google Analytics, Google does not combine the IP address transmitted by your browser with other personal data. You can prevent the saving of the cookies through an appropriate setting in your browser software. However, we must point out that, in such cases, you may not be able to use the full scope of all the functions of this website.
In addition, you can prevent the recording of the data (including your IP address), generated by the cookie and related to your use of the website, by Google and the processing of this data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de
VIII. Google-Maps
This website uses the services of Google Maps, a service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”) in order to conveniently present our location and give directions.
Google is certified under the EU-US Privacy Shield framework which offers a guarantee of compliance with European data protection legislation, even if the data are processed in the USA (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When calling up our website, a connection to the Google server in the USA will be established in order to enable the correct display of certain fonts used on our website.
Provided that you use the component Google Maps featured on our website, Google will save a cookie on your device via your Internet browser. Your user settings and data are processed in order to display our location and create directions. In this context, we cannot exclude that Google uses servers in the USA.
Art. 6(1) lit. f of the GDPR serves as the legal basis for this. Our legitimate interest is justified by the optimization of the functionality our website.
Such a connection to Google enables Google to identify the website from which the request has been sent and to which IP address the directions are to be transmitted.
In case you do not agree to such processing, you have the possibility to prevent the installation of cookies by changing the corresponding settings in your Internet browser. Please refer to the “cookies“ section for further details.
Moreover, the use of Google Maps as well as the information retrieved from Google Maps is subject to the terms and conditions of Google https://policies.google.com/terms?gl=DE&hl=de and Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.
Please refer to https://adssettings.google.com/authenticated and https://policies.google.com/privacy for additional information.
IX. Google Fonts
This website uses the services of Google Fonts, a service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”) in order to display external fonts. Google is certified under the EU-US Privacy Shield framework, which offers a guarantee of compliance with European data protection legislation even if the data are processed in the USA (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
When calling up our website, a connection to the Google server in the USA will be established in order to enable the correct display of certain fonts used on our website.
Art. 6(1) lit. f of the GDPR serves as the legal basis for this. Our legitimate interest is justified by the optimization and economic operation of our website.
When calling up our website, a connection to Google will be established. Such a connection enables Google to identify the website from which the request has been sent and to which IP address the display of the font is to be transmitted.
Please visit https://adssettings.google.com/authenticated and https://policies.google.com/privacy for further information, especially on how to prevent the use of data.
X. Contact form and email contact
1. Description and extent of data processing
Our website includes a contact form that allows getting in touch with us electronically. When a user uses this option, we receive and store the data entered in the input screen. The data comprises:
(1) Name
(2) Email
(3) Subject
(4) Your message (text message addressed to us)
In addition, the following data are stored when the message is sent:
(5) The user’s IP address
(6) Date and time of registration
During the sending process, we will ask you to give your consent to processing the data and will refer you to this privacy statement.
You also have the option to contact us at the email address provided. In this case, we will store the personal user data transmitted in the email. The data will not be disclosed to third parties. The data will solely be used for handling our conversation.
2. Legal basis for data processing
The legal basis for processing data with the user’s consent is Art. 6(1) lit. a of the GDPR.
The legal basis for processing data received as part of email communication is Art. 6(1) lit. f of the GDPR. If email communication pursues the conclusion of a contract, Art. 6(1) lit. b of the GDPR also serves as the legal basis.
3. Purpose of data processing
We process the personal data obtained from the input screen solely for the purposes of handling communication. Where users contact us via email, this also constitutes the legitimate interest in processing the data.
Other personal data processed during transmission serve to prevent abuse of the contact form and to ensure that our IT systems remain secure.
4. Data storage period
The data are deleted as soon as they are no longer required for achieving the purpose for which it was recorded. In terms of the personal data from the contact form’s input screen and the data received by email, this applies when the respective conversation with the user has concluded. The conversation has concluded when the circumstances indicate that the respective subject has been fully resolved.
Additional personal data collected during transmission will be deleted after seven days at the latest.
5. Right to object and options for deletion
All users can withdraw their consent to the processing of their personal data at any time. If users contact us by email, they can object to our storing of their personal data at any time. If they do so, the conversation cannot be pursued further and all personal data recorded as part of our contact will thus be deleted.
XI. Google reCAPTCHA
In certain cases, we use reCAPTCHA, a service provided by Google Inc., in order to provide sufficient data security when transmitting forms. This service is mainly used to verify whether the data input on our website is carried out by a natural person or whether there has been a case of improper automated machine processing. As part of the service, your IP address and, if necessary, other data required by Google for the reCAPTCHA service are sent to Google. These data are governed by the diverging data protection regulations of Google Inc.
Further information on the data protection regulations of Google Inc. can be found here: http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/
XII. Rights of the data subject
If your personal data are processed, you are a data subject as defined in the GDPR and consequently have the following rights in relation to the data controller:
1. Right of access
You are entitled to request information from the data protection officer on whether we are processing any personal data relating to yourself.
If we do, you can further request information from the data protection officer on the following:
(1) The purposes for which the personal data are processed;
(2) The categories of personal data processed;
(3) The recipients or categories of recipients to whom your personal data were or will be disclosed;
(4) The period for which your personal data are intended to remain on record or, if this cannot be specified, the criteria used to determine the respective storage period;
(5) The existence of the right to request rectification or deletion of your personal data, to demand restriction of processing of personal data concerning the data subject or to object such processing;
(6) The right to lodge a complaint with a supervisory authority;
(7) Any available information as to the source of the data if the personal data were not collected from the data subject
(8) The existence of automated decision-making and profiling as per Art. 22(1) and (4) of the GDPR and – at least where such is the case – useful information on the underlying logic and the consequences and pursued effects of this processing on the data subject.
You are entitled to request information on whether the personal data relating to yourself will be transmitted to a non-EU Member State or international organization. In this context, you are entitled to request information relating to the transmission on suitable safeguards pursuant to Art. 46 of the GDPR.
2. Right to rectification
You are entitled to request that the controller correct and/or complete your personal data if this data is incorrect or incomplete. The controller is obliged to do so without delay.
3. Right to restriction of processing
You can request restriction of processing of your personal data if the following applies:
(1) You contest the accuracy of your personal data for a period that allows the data controller to verify the accuracy of your personal data;
(2) The processing of the data is unlawful and you object to deletion of the data in favor of restricting the use of your personal data;
(3) The data controller no longer needs the personal data for the purposes of processing, but you need them to legitimize, exercise or defend a legal claim;
(4) You have objected to processing in accordance with Art. 21(1) of the GDPR pending the verification whether the data controller’s legitimate interests override your own.
If the processing of your personal data has been restricted, this personal data shall (with the exception of storage) only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing is restricted under the above conditions, you will be notified by the data controller before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
You can request that the data controller immediately delete your personal data; the data controller is then obliged to delete the data without undue delay, provided one of the following conditions applies:
(1) Your personal data are no longer required to achieve the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent, under which processing became legitimate as per Art. 6(1) lit. a or Art. 9(2) lit. a of the GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21(1) of the GDPR and your objection is not overridden by legitimate reasons for processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of your personal data is necessary for the data controller to fulfill a legal obligation in European Union or Member State law to which the data controller is subject.
(6) Your personal data have been collected in relation with the offer of information society services as per Art. 8(1) of the GDPR.
b) Notification of third parties
Where the data controller has made your personal data public and is obliged to delete it as per Art. 17(1) of the GDPR, the data controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform data controllers which are processing your personal data, that you have requested the deletion of any links to your personal data or of copies or replications thereof.
c) Exceptions
There is no right to erasure of the personal data if the processing is necessary
(1) For exercising the right of freedom of expression and information;
(2) For compliance with legal obligations requiring the data controller to process the data according to European Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or for the performance of executive duties appointed to the data controller;
(3) In the interests of public health and safety according to Art. 9(2) lit. h and i and Art. 9(3) of the GDPR;
(4) For archiving purposes in the public interest, for scientific or historical research or for statistical purposes pursuant to Art. 89(1) of the GDPR, provided that the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) The establishment, exercise or defense of legal claims.
5. Notification obligation
If you have asserted your right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to notify all recipients to whom your personal data have been disclosed of the corresponding rectification or erasure of data or of the restriction of their processing, unless it proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the data controller.
6. Right to data portability
You have the right to receive the personal data that you have provided to a data controller in a structured, commonly used and machine-readable format. You are also entitled to transmit this data to another data controller without hindrance by the data controller to which the personal data have been provided, where:
(1) The processing is based on consent pursuant to Art. 6(1) lit. a or Art. 9(2) lit. a of the GDPR or on a contract pursuant to Article 6(1) lit. b and
(2) The processing occurs using automated methods.
When exercising this right, you can further request your personal data be transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other people must not be affected.
The right to data portability does not extend to the processing of personal data where such processing is necessary for fulfilling a duty in the public interest or for exercising executive duties appointed to the data controller.
7. Right to object
You have the right to object for reasons arising from your own personal situation at any time to the processing of your personal data where processing is legitimized by Art. 6(1) lit. e or f of the GDPR, including profiling based on those provisions.
The data controller will cease to process your personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your personal data are processed for the purpose of direct advertising, you are entitled to object at any time to the processing of your personal data for this purpose; which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct advertising, your personal data will no longer be processed for this purpose.
You may, in connection with the use of information society services – Directive 2002/58/EC notwithstanding – exercise your right to object by means of automated methods that are subject to technical specifications.
8. Right to withdraw your consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Your withdrawing consent does not affect legitimacy of any processing that has occurred with your consent prior to withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) Is necessary for entering into, or performance of, a contract between you and the data controller;
(2) Is legitimate under the legal provisions of the European Union or its Member States to which the data controller is subject and these legal provisions include appropriate measures safeguarding your rights, liberties and legitimate personal interests or
(3) Is made with your express consent.
However, such decisions shall not be based on special categories of personal data as referred to in Art. 9(1) of the GDPR, unless Art. 9(2) lit. a or g applies and suitable measures to protect your rights and liberties and legitimate personal interests have been taken.
With respect to cases (1) and (3), the data controller shall take appropriate precautions to protect your rights, liberties and legitimate personal interests; such precautions will include at least the right to enforce intervention by a human individual at the controller’s, to put forward your own opinion and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work or the place of the alleged infringement. This does not affect your recourse to other administrative or judicial remedies.
The supervisory authority receiving the complaint will keep the appellant up-to-date on status and results of the complaint, including on recourse to judicial remedies pursuant to Art. 78 of the GDPR.
XIII. Changes to our privacy statement
We reserve the right to change this privacy statement in order to ensure its compliance with the current legal requirements or to reflect changes with regard to our services or to data processing. However, this only applies to statements concerning data processing. Where the users’ consent is required or if the privacy statement contains provisions for the contractual relationship with the users, the changes shall only be made with the consent of the users.
We kindly ask the users to check the privacy statement on a regular basis to keep up-to-date with its content.