Data protection
This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it as well as external online presences, such as our social media profile. (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible
Medical practice for psychotherapy and hypnosisSabine RitzBredelarer Str. 16
34519 Diemelsee-Adorf
Deutschlandsabineritz(at)t-online.de
Tel. 05633 - 89 39 999Owner: Sabine Ritzhttp://www.praxis-fuer-psychotherapie-und-hypnose.de
Types of data processed:
- Inventory data (e.g. names, addresses).- Contact data (e.g. e-mail, telephone numbers).- Content data (e.g. text input, photographs, videos).- Usage data (e.g. websites visited, interest in content, access times).- Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (in the following we refer to the persons concerned collectively as "users").
purpose of processing
- Provision of the online offer, its functions and content. - Answering contact requests and communication with users. - Security measures. - Range measurement/marketing
Terms used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Processing" is any process or series of processes carried out with or without the aid of automated processes in connection with personal data. The term is broad and encompasses practically every handling of data. The "responsible person" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
Relevant legal bases
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art Answering inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(c) GDPR 6 Paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.
Cooperation with processors and third parties
If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, pursuant to Art. 6 Para. 1 lit. b GDPR is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR. You have accordingly. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you. In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data. You have the right to request that you receive the data that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties. You also have the right, in accordance with Article 77 GDPR, to lodge a complaint with the competent supervisory authority.
The address of the supervisory authority responsible for us is:
Postal address:
The Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Alexander Rossnagel
P.O. Box 316365021 Wiesbaden
Phone: 49 611 1408-121
right of withdrawal
You have the right to revoke your consent in accordance with Article 7 (3) GDPR with effect for the future
Right to object
You can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct advertising purposes.
Cookies and the right to object to direct advertising
"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a log-in status can be saved. "Permanent" or "persistent" refers to cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which are used for range measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, we speak of "first-party cookies"). We can use temporary and permanent cookies and explain this in our data protection declaration. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer. A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.
deletion of data
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. According to legal requirements in Germany, storage takes place in particular for 6 years in accordance with Section 257 (1) HGB (books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records , management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.). According to legal requirements in Austria, storage takes place in particular for 7 years in accordance with § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, list of income and expenses, etc.), for 22 years in connection with properties and for 10 years for documents related to electronically supplied services, telecommunications, radio and television services supplied to non-businesses in EU Member States and for which the Mini One Stop Shop (MOSS) is used.
Business-related processing
In addition, we process - contract data (e.g. subject matter of contract, term, customer category). - Payment data (e.g. bank details, payment history) - from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer on the basis of our legitimate interests in making this online offer available efficiently and securely in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).
Collection of access data and log files
We, or our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Article 6 Paragraph 1 lit. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider . Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
Provision of contractual services
We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. When using our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (c) GDPR. We process usage data (e.g. the websites of our online offer visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile, for example to show the user product information based on the services they have previously used.
Therapeutic services, advice and coaching
We process the data of our clients and prospects and other clients or contractual partners (uniformly referred to as "clients") in accordance with Article 6 Paragraph 1 Letter b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processed data basically includes inventory and master data of the client (e.g. name, address, etc.), as well as contact data (e.g. e-mail address, telephone number, etc.), contract data (e.g. services used, fees, names of contact persons, etc.) and payment data (eg, bank details, payment history, etc.).
As part of our services, we can also collect special categories of data in accordance with Art. 9 (1) GDPR, in particular information on the health of the client, illnesses, biographical, somatic, psychological anamnesis, course of illness, type of therapy, in addition, if necessary, with reference to their sex life or sexual orientation, ethnic origin or religious or philosophical beliefs. To this end, if necessary, we will obtain, in accordance with Article 6 Paragraph 1 Letter a., Article 7, Article 9 Paragraph 2 Letter a. DSGVO an explicit consent of the client and otherwise process the special categories of data for health care purposes, treatment of diseases on the basis of Art. 9 Para. 2 lit h. GDPR, Section 22 Paragraph 1 No. 1 b. BDSG.
If necessary for the fulfillment of the contract or by law, we disclose or transmit the data of the clients in the context of communication with other specialists, third parties who are required or typically involved in the fulfillment of the contract, such as billing offices, tax consultants, private health insurers, health insurance companies or comparable service providers, provided that the Provision of our services in accordance with Article 6 Paragraph 1 lit b. DSGVO serves, according to Art. 6 Para. 1 lit c. GDPR is prescribed, serves our interests or those of our clients in efficient and cost-effective healthcare as a legitimate interest pursuant to Article 6 Paragraph 1 lit f. GDPR or pursuant to Article 6 Paragraph 1 lit d. GDPR is necessary. to protect the vital interests of the client or another natural person or within the scope of consent in accordance with Article 6 Paragraph 1 Letter a., Article 7 GDPR.
The data will be deleted if the data is no longer required to fulfill contractual or legal duties of care or to deal with any warranty and comparable obligations, with the necessity of storing the data being checked every three years; Otherwise, the statutory retention requirements apply.
contact
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information provided by the user is processed in order to process the contact request and its processing in accordance with Article 6 (1) b) GDPR. User information can be stored in a customer relationship management system ("CRM system"), patient software or a comparable inquiry organization. We delete the requests if they are no longer necessary. We review necessity every two years; Furthermore, the statutory archiving obligations apply.
Comments and Posts
If users leave comments or other contributions, their IP addresses are stored for 7 days on the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.
Google Analytics through Google Business use
On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO) we use Google Analytics, a web analysis service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data. We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; In addition, users can prevent the data generated by the cookie and related to their use of the online offer from being collected and processed by Google by downloading and installing the browser plug-in available under the following link: http://tools .google.com/dlpage/gaoptout?hl=en. You can find more information on data use by Google, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using websites or apps our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses, to show you advertising”).
Google-Re/Marketing-Services
We use the marketing and remarketing services (“Google Marketing Services” for short) on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. DSGVO). ”) of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to only present users with advertisements that potentially match their interests. If, for example, a user is shown ads for products that he was interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, Google executes a code directly and so-called (re)marketing tags (invisible graphics or code, also known as "web referred to as "beacons") integrated into the website. With their help, an individual cookie, ie a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which websites the user visits, what content he is interested in and which offers he clicked on, as well as technical information on the browser and operating system, referring websites, visiting times and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases completely to a transferred to the Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. The above information can also be combined by Google with such information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed to him. User data is processed pseudonymously as part of Google Marketing Services. This means that Google does not store and process, for example, the name or e-mail address of the user, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA. The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". This means that cookies cannot be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. We can include third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner websites to serve ads based on users' visits to this website and other websites on the Internet. We can also use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website. For more information on how Google uses data for marketing purposes, see the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is at https://www.google.com/policies/privacy available. If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.
Integration of third-party services and content
We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit Integrate services such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our online offer, as well as being linked to such information from other sources.
Mentavio:
We integrate the online consultation button from Mentavio.
https://www.mentavio.com/datenschutz
Google Maps
We integrate the maps of the "Google Maps" service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Fonts
We integrate the fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google ReCaptcha
We integrate the function for detecting bots, e.g. when making entries in online forms ("ReCaptcha") from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Functions and content of the Xing service, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated within our online offer. This can include, for example, content such as images, videos or text and buttons with which users can express their liking for the content, the authors of the content or subscribe to our posts. If the users are members of the Xing platform, Xing can assign the above-mentioned content and functions to the user profiles there. Xing data protection declaration: https://www.xing.com/app/share?op=data_protection..
Within our online offer, functions and content of the LinkedIn service can be integrated, offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This can include, for example, content such as images, videos or text and buttons with which users can express their liking for the content, the authors of the content or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the above-mentioned content and functions to the user profiles there. LinkedIn data protection declaration: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield. gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection declaration: https://twitter.com/de/privacy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data protection notice 1&1 Internet SE
For 1&1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter 1&1), the protection of your personal information has top priority. Of course, we comply with the relevant data protection laws and would like to explain to you in detail how your data is handled with the following data protection notices.
Your data to fulfill your order
When you order a product from us, we only ask for as much information as we absolutely need to fulfill your order or for billing purposes. In most cases, this information is limited to name, address, contact details and bank details.
1. Contract and billing data
Before your order On the 1&1 websites, we offer our customers and interested parties a number of practical services, for example to check whether your website or company can be found on the Internet. The check is carried out exclusively on the basis of a few address data - without direct reference to the name. 1&1 logs your input on an anonymous basis to ensure that the design is as needs-based as possible and for service improvements.
Contract data When ordering one of our products, we ask you to provide the data that we need to fulfill your order. This contract data is stored by us. You can make changes to this data yourself at any time via our control center. After your order has been checked, you will receive information on how to create your personal access data, usually by e-mail and in exceptional cases by post.
Billing data In order for us to be able to present you with transparent and comprehensible billing at all times, it is necessary for some products and services to temporarily store billing-relevant data. This includes, for example, configuration settings of our cloud server products or performance data of our web hosting products if these are required for billing. You can find out whether billing-relevant data is recorded for your product in the relevant product section further down on this page.
2. Usage and Content Data
Usage DataWe attach great importance to quality and reliability. Nevertheless, it can happen that something does not work the way you and we would like it to. In order to be able to help competently and quickly in such an error, it can be helpful to record some usage and traffic data for a short time during operation and make them available to our service employees. We do this to fulfill the contract and to design our products and services to meet the needs of the statutory provisions.
Content dataFor some products we offer so-called cloud services, such as e-mail accounts or online storage, in which you can store personal files. The files stored there are automatically encrypted and can only be viewed by people to whom you have previously granted access authorization. We create encrypted backup files for the purpose of data backups and maintenance work. Your saved file contents cannot be decrypted and read by us.
3. Use of Your Information
The use of your personal data We need some of your personal data for order processing and for a customer-oriented service.
Data processing after receipt of order. Convincing products and top services with the best possible price-performance ratio are our claim. To ensure that the processing processes run smoothly, we carry out an order check and fraud prevention checks before confirming your contract.
Contract and customer information You will receive an order confirmation and information on setting up your selected product from us by email. For this we use the e-mail address you have stored in the contract data. You will also receive your monthly/annual invoices and helpful information from us in this way.
Product information So that you can take full advantage of all the product advantages, we will send you tips and tricks as well as useful and supplementary product solutions to your email address and as information in the user interface of our Control Center. In addition, we will occasionally inform you by telephone about interesting new products. You give us permission to contact you by ticking the box when ordering online. You can give us the legally required consent to contact you when you place your order online or in the Control Center. If you no longer wish to receive such information, you can revoke your consent at any time in the control center.
Usage data within our services and productsSome usage data is collected while using our services and products. With this data, we are able to quickly identify and correct errors that occur and to constantly develop our services for you. In addition, we also use usage data to improve our products. To ensure the security of your data, we pseudonymize or anonymize it prior to analysis.
Opinion polls In order to be able to offer you the best possible products and great services in the future, we need your help. For this reason, we send out opinion polls to our customers from time to time, usually by email or as a form on our website. Participation in these surveys is of course voluntary. Of course, you can object to the sending of opinion polls to your address at any time after they have been sent for the first time.
4. Disclosure of data to third parties
1&1 Internet SE is a United Internet AG company. Along with other subsidiaries and sister companies, we belong to the United Internet AG group, Montabaur. In order to avoid duplicates in address data and to comply with any negative data, such as that from e-mail blacklists, it has proven useful in individual cases to make customer data available to United Internet AG companies for a specific purpose and taking into account your legitimate interests.
Partner companiesBecause we depend on partner companies for some of our products or sometimes only act as an intermediary, it is necessary to pass on some of your data to third parties. This is the case, for example, when registering a domain or issuing an SSL certificate.
Criminal prosecutionIn a few cases, the legislator obliges us to provide information to law enforcement authorities and courts for the purpose of criminal prosecution.
Service and sales partners Our products are also marketed via various sales channels such as 1&1 ProfiSeller or customer advertises customer. Working with an intermediary sometimes requires passing on some data to intermediaries in order to provide excellent customer service. This is necessary, for example, for the transmission of the commission status, the allocation of commissions and the comparison of incoming orders. We need your data to initiate and execute the contract (Art. 6 Para. 1 lit. b DSGVO).
Reports of bad debts or misuse In the event of bad debts or discrepancies between the contractual partners, we always endeavor to reach an amicable agreement. If this fails, we carefully consider when and to whom payment defaults or improper use are reported.
5. Cookies and their use - my choice
Like almost all websites and apps, our applications also use small text files called cookies, which are stored on your computer's hard drive or in the app cache of your mobile device. These cookies do not enable us to identify you personally, but are essential for the user-friendly operation of our website.
Types of cookies used on the 1&1 website: Cookies are classified by origin, purpose or expiry time. The cookies used by 1&1 serve different purposes; their period of validity is variable.
1. Origin
- First-party cookies: are placed and managed directly by 1&1.Third-party cookies: placed and managed by partners to perform statistical analysis of navigation on the 1&1 site. Of course, these analyzes are only carried out pseudonymously.
2. purpose
- Technical cookies: These ensure, among other things, smooth navigation on the website. In addition, access to tools with limited access is also enabled.Cookies for analysis and advertising purposes: They enable the realization of statistics on website visitors - these include, for example, the number of visits to different areas of the website, frequency of visits or behavior and habits the user. In this way, the navigation, services and offers of 1&1 as well as the interest-based use of advertising space can be improved. If you click on one of these advertising spaces, cookies can be placed. This enables us to create pseudonymous user profiles in order to provide interest-based advertising.
3. Validity
- Session cookies: These cookies collect and store data for the duration that the user is on the 1&1 website. Persistent cookies: These cookies collect and store data in the browser for a variable period of time, depending on the purpose. Special browser settings allow you to accept, block or disable all or some cookies on your device.
Even if your browser settings have been changed to block certain cookies, you can still access the information on the entire 1&1 website. However, the operation or use of certain services offered by 1&1 could be restricted.
If you have consented to the use of cookies, you can withdraw this consent at any time. Existing cookies will then be deleted.
1&1 reserves the right to change this cookie policy if changes are made to the configuration and/or use of cookies. An updated version will be published on this website.
You can change your cookie settings at https://hosting.1und1.de/cookies.
6. Product-Specific Privacy Information
Overview of the currently used subcontractors
For some of our products, we rely on the expertise of specialized partner companies. In this way, we ensure that you can always expect the best performance and services from 1&1. If you no longer use a product, we will delete your personal data immediately in most cases.
6.1 Web Hosting
Content Delivery Network CDN
Purpose of processing When using the CDN, content data is stored in Cloudflare data centers. Categories of personal data Content data, usage data, traffic data Legal basis Contract implementation, Article 6 Paragraph 1 lit. b GDPR Participating subcontractors Cloudflare, San Francisco, USA
WebSite Creator
Purpose of processingProcessing and publication of the websiteCategories of personal dataUsage data, content dataLegal basisContract implementation, Article 6(1)(b) GDPRParticipating subcontractorscm4all AG, Cologne, Germany
Mobile Website Builder
Purpose of processing Creation, editing and publication of the website
Categories of Personal DataUsage Data, Content Data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedAfilias plc, Dublin, Ireland
Google Sitemaps
Purpose of processingWhen using Google Sitemaps, Google is provided with information to make the content of the web space accessible via Google search.
Categories of Personal DataContent Data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedGoogle, Mountain View CA, USA
SiteLock
Purpose of processing When using SiteLock, malware is automatically detected and deleted in the web space.
Categories of Personal DataContent Data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage periodSiteLock stores the customer's web space for 7 days (grace period). Deletion of all personal data within 30 days after cleaning.
Subcontractors involvedSiteLock, Scottsdale, USA
6.2 MyWebsite (current product generation)
Website Editor
Purpose of processingThe processing and publication of the website
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedDuda Inc., Tel Aviv, IsraelAmazon Web Services, Inc., Seattle WA, USA
web space
Purpose of processingHosting of the website
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedAmazon Web Services, Inc., Seattle WA, United States
Online Business Card
Purpose of processingFast publishing of an online business card website. As a customer, you have the opportunity to choose which information is displayed on this website. User data is sent to Google and Facebook to retrieve publicly available information. This data serves as a starting point for the user's online business card.
Categories of personal data Inventory data, usage data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involved
Google, Mountain View CA, USAFacebook, Menlo Park CA, USA
Shop
Purpose of processing Seamless integration of an online shop into the website editor using inventory data to pre-populate the shop. For example, the customer's email address is used as the default email address for the store.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedEcwid, Encinitas CA, USA
image editing
Purpose of processingA web service is used to edit images in the website editor, for example to add effects, adjust colors and brightness or change the size of an image.
Categories of Personal DataContent Data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedAdobe Systems Inc. (formerly: Aviary), San José CA, USA
Directions
Purpose of processingMyWebsite uses the address data to be able to show the location of the company/customer on a map (directions). To do this, the product transmits the data to the map provider Mapbox. This happens automatically when you first create a project.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedMapbox, Washington DC, USA
Website Translator
Purpose of processingMyWebsite sends the text content of the website to Google Translate in order to translate the content into one or more other languages. This happens when the customer creates a multilingual text.
Categories of Personal DataContent Data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedGoogle, Mountain View CA, USA
Multi Location
Purpose of processing MyWebsite uses the address data to place one or more markers on a map so that the locations of the company / customers are shown (directions). To do this, the product transmits the data to the map provider Mapbox. This happens automatically when adding the widget and with additional locations when they are added to the widget.
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedMapbox, Washington DC, USA
6.3 MyWebsite (Previous product generation, version 8)
Google Maps
Purpose of processing MyWebsite 8 transmits the customer's address data to Google in order to pre-populate the Google Maps module with the correct address or sends another specified address to Google.
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedGoogle, Mountain View, USA
Google Sitemaps
Purpose of processingWhen the domain is connected to the website project, MyWebsite provides this information to the Google Sitemap service in order to improve SEO results for the customer.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedGoogle, Mountain View, USA
My Data
Purpose of processingBy publishing the MyWebsite home page, customer and other custom data in schema.org format is added to the website to help search engines and improve SEO results.
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Participating subcontractors public
MyShop
Please refer to the paragraph on the 1&1 eShop for information on the MyShop integration.
image editing
The data protection information for the integrated image processing corresponds to the version of the current product generation.
6.4 Domain & SSL Certificates
Domain
Purpose of processingRegistration, transfer, configuration, maintenance and deletion of the domain name for the customer
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period This period varies for the various Top Level Domains (TLDs) and depends on the Registrar Accreditation Agreement (RAA) of the registry.
Participating subcontractors A dedicated overview for registry and escrow providers can be found here: https://hosting.1und1.de/terms-gtc/terms-registration/
SSL Certificate
Purpose of processingRegistration, configuration, maintenance and deletion of SSL certificates for customers. Automated processing in MyWebsite products when connecting the domain to the website project.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involvedDigiCert, Lehi UT, USA
NoteWhen procuring and/or maintaining SSL certificates, 1&1 only acts as an intermediary in the relationship between the customer and the respective certificate issuer. 1&1 has no influence on the issuing of certificates. 1&1 does not guarantee that the certificates requested for the customer will be allocated at all or will remain in existence in the long term
6.5 1&1 eShop, E-Mail & Office & other products
1&1 eShop
Purpose of processingProcessing, maintenance and operation of the customer online shop
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period Shop data will be deleted 31 days after cancellation.
Subcontractors involvedePages, Hamburg, Germany
1&1 Mail
Purpose of processingProvision of email services, including creating, configuring and deleting email addresses
Categories of personal data Inventory data, content data, traffic data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period 7 days after deletion/termination
Participating subcontractorsOpen-Xchange, Nuremberg, Germany
Hosted Exchange
Purpose of processingProvision of email services, including creating, configuring and deleting email addresses
Categories of personal data Inventory data, content data, traffic data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period end of the contract period
Microsoft Office 365
Purpose of processingUse of Microsoft Office 365, including creating, configuring and deleting accounts and users.
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period User data is stored for up to 1 year after the last license is removed.
Subcontractors involvedMicrosoft, Redmond WA, USAT-Systems International, Frankfurt am Main, Germany
List Local
Purpose of processingPublication and synchronization of company data in online directories to improve local search engine rankings
Categories of personal data Inventory data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period 30 days after termination
Subcontractors involved overall, San Francisco CA, USA
rankingCoach
Purpose of processing Optimization of the customer website on Google. When using the Pro version, you can also set up Google Ad Words campaigns.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Involved subcontractor ranking coach, Cologne, Germany
Search Engine Marketing
Purpose of processingSetting up and managing Google AdWords campaigns for the customer's website.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period 30 days
Subcontractors involvedLatitude, Warrington, UK
Hosting Mobile App
Purpose of processingMobile access to the 1&1 Control Center.
Categories of personal data inventory data, usage data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Storage period 12 months for usage data
Subcontractors involvedAdobe Analytics, San José CA, USAGoogle, Mountain View CA, USA
1&1 WebAnalytics
Purpose of processing Statistical evaluation and technical optimization of the website. The data is processed completely anonymously.
Categories of personal data Inventory data, usage data, content data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Server
The following information applies equally to Cloud Server, Dedicated Server, Virtual Server Cloud, vServer & Bare Metal Server:
With the products mentioned above, the customer alone and exclusively decides which personal data is processed and in what way.
Categories of personal data Defined by the customer
Retention periodDefined by the customer
Legal basis Determined by the customer
Involved subcontractors Determined by the customer
ipayment
Purpose of processing Depending on the payment method, additional data is collected in order to communicate with payment service providers. The selected payment method is up to the customer to decide. Appropriate contracts are required, which he has previously concluded with other providers.
Categories of personal data inventory data
Legal basis Contract execution, Art. 6 Para. 1 lit. b GDPR
Subcontractors involved
- Evo Payments International GmbH, Cologne, GermanyAmerican Express, Frankfurt am Main, GermanyB S CardService GmbH, Frankfurt am Main, GermanyBZA AG / UPAY, Raperswilen, GermanyConCardis GmbH, Eschborn, GermanyDataCash limited, London, UKDZ Bank AG, Frankfurt am Main, GermanyElavon Financial Services, Frankfurt am Main, GermanyInterCard AG, Taufkirchen near Munich, GermanyPaypal, LuxembourgSage Pay, Newcastle-upon-Tyne, UKSIX Payment Services, Zurich, SwitzerlandVolksbank Offenburg eG, Offenburg, GermanyWGZ Bank AG, Düsseldorf, Germany
7. Transparency is our maxim
We use all data that we receive from you during the contractual relationship primarily for the service that you expect. Internal evaluations and analyzes to improve our products and services are only carried out anonymously and pseudonymously within the legally defined framework.
Your rights
In addition to the right to information, you also have a right to correction of the personal data stored about you, a right to deletion, a right to blocking and a right to transfer your data. You can also object to this processing at any time. If you wish to exercise any of these rights, please write to our Data Protection Officer and we will do it for you. To do this, please contact the following address:
1&1 Internet SE The data protection officer Elgendorfer Straße 5756410 Montabaur or by email to datenschutz@1und1.de
regulators
If, contrary to expectations, our data protection team cannot clarify your data protection concerns to your satisfaction, you have the right to lodge a complaint with the relevant supervisory authority:
Data protection questions about our products and our website
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI RLP) PO Box 30 4055020 Mainz Germany
Privacy issues related to telecommunications
The Federal Commissioner for Data Protection and Freedom of Information (BfDI)Husarenstrasse 3053117 BonnGermany
Your data protection team 1&1 Internet SE