The protection of your privacy is very important to us. We therefore proceed according to the statutory regulations of the European and German data protection legislation in all operations of data processing (e.g. collecting, processing and transmission).
1. Who is your contact (controller) for your data protection concerns?
Controller as defined in the data protection regulations for all data processing procedures carried out via our websites is:
Atelier Markgraph GmbH
Mainzer Landstraße 193
60326 Frankfurt am Main
In line with the statutory stipulations we have appointed a data protection officer for our company. You can contact him under firstname.lastname@example.org.
2. Which data do we need from you for the use of our websites? Which data is collected and stored during use?
Personal data is any information that refers to an identified or identifiable natural person (“data subject”), such as e.g. your name, your address, your phone number, your date of birth, your bank details and your IP address.
Basically, we only collect and use personal data of our users when this is necessary in order to provide a functioning website and our contents and services. The collection and use of personal data of our users is only carried out as a rule after obtaining the consent of the user. An exception applies in such cases, where obtaining prior consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.
The following data is recorded during the use of our websites, whereby storage is exclusively for internal system-related and statistical purposes, so-called usage data:
- Information on the type of browser and the version used
- The operating system of the user
- The IP address of the user
- Date and time of access
- Websites, which are called by the system of the user via our website
The data are stored in logfiles of our system. A storage of these data together with other personal data of the user will not take place.
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR (General Data Protection Regulation).
The storage in log files is carried out to ensure the functioning of the website. In addition, the data is used to optimise the website and ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place in this connection. Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of recording data to make the website available, this is the case when the respective session is terminated.
In the case of storage of the data in log files, this is the case after 16 weeks at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or modified so that it is no longer possible to allocate them to the accessing client.
The recording of data to make the website available and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no contesting option.
We provide a contact form for you on our website, with which you can conveniently get in touch with us electronically and send us your request. Via the contact form we merely collect your name and your e-mail address, and, if applicable, personal data contained in the subject line or your message. At the time of when the message is sent the following data are also stored: IP address of the user, date and time when sent, browser string.
Alternatively, it is possible to contact us using the e-mail address provided in the site information. In this case the personal data of the user if applicable transmitted with the e-mail are stored.
We only use your data to process your enquiry and can contact you for this purpose using the contact data given. Use of this data for advertising purposes or forwarding to third parties does not take place.
Legal basis for the processing of the data transmitted to us via the contact form or in the course of transmitting an e-mail is Art. 6 para. 1 lit. f GDPR. If making contact also aims at concluding a contract, additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the entry mask is only used for processing the communication with you. In the case of contact made by e-mail, the required legitimate interest is also in the processing of the data. The other personal data processed during the dispatch process are only used to avoid abuse of the contact form and to ensure the security of our IT systems.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the personal data from the entry mask of the contact form and the personal data transmitted by e-mail, if the respective conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the situation concerned has been conclusively clarified.
The personal data additionally collected during the dispatch process are deleted after a period of sixteen weeks at the latest.
Should the user contact us by e-mail, he can revoke the storage of his personal data at all times. The conversation cannot be continued in such a case.
All personal data that was stored in the course of making contact will be deleted in this case.
3. How is my data used, and possibly forwarded to third parties, and for what purpose is this carried out?
We use the personal data you make available to us to answer your enquiries, to process a contractual relationship if applicable existing to you as well as well as for the technical administration of our websites.
A forwarding, a sale or any other transmission of your personal data to third parties will only be carried out if the forwarding is necessary for the purpose of the contract processing, you have explicitly consented hereto or we are obligated to forwarding by law at the order of a responsible authority for the purposes of criminal prosecution, to defend against risks or to assert the rights to the intellectual property.
The legal basis for the transmission of the data to third parties for the purpose of the contract processing is Art. 6 para. 1 lit. b GDPR, based on a consent Art. 6 para. 1 lit. a GDPR and for the forwarding in cases ordered by law Art. 6 para. 1 lit. c GDPR.
4. References to external services of social networks
On our websites we link to the social media platforms Facebook and YouTube. This is carried out via a corresponding symbol on our websites that is labelled with the corresponding logo of the respective social media platform and behind which a corresponding link to our corresponding social media page is hidden. Social plugins (such as the Facebook “Like” button) are not integrated here.
No data relating to you is transmitted to these services by our references to the social media services. These are normal hyperlinks, via which no data transmission takes place regularly. If you click on the link, you will be forwarded directly to our social media presence at the respective social media service. A data transmission only takes place in doing so, if you are logged on to your user account of the corresponding social media service. You can then link or distribute contents of our websites directly with the social media service or, in the case of YouTube, watch the videos of our YouTube channel. The respective social media service possibly finds out which contents you have watched on our websites in this way.
- Responsible for the social media services linked by us are exclusively:for Facebook and their web presence Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
- for YouTube and their web presence YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA;
Further information about the purpose and extent of data collection and about the further processing of your data by the respective social media service can be found in the data protection regulations of the respective service. These are available on the internet:
- Facebook: https://www.facebook.com/about/privacy/
- YouTube: https://www.google.de/intl/de/policies/privacy/
Under the named links, you will also find information about settings options to protect your privacy and about your further rights concerning the collection, processing and use of your data by the respective social media service, among other things.
You are yourself responsible for transmitting data to the social network services mentioned above, as you become active by logging on to your respective social network account and following the respective link and therefore initiate the data processing by the respective social network service that takes place subsequently
5. What security measures have we taken to protect your data?
We have taken a variety of security measures to protect personal information appropriately and adequately.
Our databases are protected by physical and technical measures, as well as procedural measures that restrict access to the information to specially authorised persons in compliance with this data protection statement. Our information system is located behind a software firewall to prevent access from other networks that are connected to the internet. Only employees, who require the information to complete a special task, obtain access to personal information. Our staff are trained regarding security and data protection practices.
We use the standardised SSL encryption technology when collecting and transmitting data via our internet pages. Personal details are transmitted via SSL encryption during the ordering procedure, identifiable in the browser by the lock icon and in address line by the addition “https://”.
When communicating by e-mail, we cannot guarantee full data security.
6. Advertising by e-mail (e.g. e-mail newsletter) via MailChimp and Newsletter Tracking via Matomo
Sending of e-mail messages
We use the service provider MailChimp of the Rocket Science Group by US providers, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA for sending e-mail messages in the form of newsletters. The data named below is processed by MailChimp on our behalf and stored on the servers of MailChimp for this purpose. MailChimp uses the data for dispatching the newsletter. The data protection provisions of the MailChimp are available at https://mailchimp.com/legal/privacy/. The provider Rocket Science Group, LLC is also certified according to the principles of Privacy Shield (https://www.privacyshield.gov/), a data protection agreement between the EU Commission and the USA.
When you register for the newsletter, only your e-mail address will be sent to us.
We seek your consent for the processing of the data by MailChimp during the login process and refer to this data protection statement.
If you are our client and have provided us with your e-mail address, it can subsequently be used by us for sending our newsletter, provided we have informed you of this possibility when collecting your e-mail address. In such a case, the newsletter will only be used for direct advertising for our own similar services.
After registering for the newsletter with the user’s consent, Art. 6 para. 1 lit. a GDPR serves as legal basis for the processing of the data by our newsletter service provider. Section 7 Para. 3 UWG (Law Against Unfair Competition) serves as legal basis for dispatching the newsletter as a result of our service offer.
The collection of the user’s e-mail address is used to send the newsletter.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user’s e-mail address is, therefore, stored for as long as the subscription of the newsletter is active.
Right to object / withdrawal after consent
You can cancel the subscription of the newsletter at any time. A corresponding link can be found for this purpose in every newsletter. A revocation of the consent to store personal data collected during the registration process is also made possible here.
Newsletter Tracking via Matomo
After sending the newsletter by e-mail, we can carry out limited tracking. This is done to track
- whether and, should this be the case, when the e-mail newsletter was opened by the recipient, as well as
- which and how many of the embedded newsletter links, e.g. related to specific contributions of our websites, were clicked on by you, as the newsletter recipient.
For this, we use the Matomo web analysis software’s “Campaign tracking” function (see 8. below). The URLs of the links that can be called up in the newsletter get individual attributes that Matomo recognises, and it counts the type and number, and sorts these statistically according to the specifically called up website link and the respective newsletter campaign. We receive information about the opening of the newsletter via a generic URL, which is also included in the newsletter and generates a transparent counting pixel. This URL does not allow us to identify you as a newsletter recipient. Matomo only receives feedback on how often you, as an e-mail recipient, load external content of the newsletter e-mail into your e-mail client.
The web analysis, i.e. the evaluation of your usage behaviour directly on our website by means of cookie technology (see below 7.), begins via Matomo from the time you open the newsletter or call up a contribution on our website via a link included in the newsletter. This statistical evaluation also includes the concretely clicked newsletter link or the information about when the newsletter was opened. Information on the type and scope of this evaluation and on the right of objection, which you are entitled to in this regard, can be found in Section 8 of this data privacy declaration.
Link tracking via the newsletter is performed to improve the quality of our newsletter and its contents. As an extension of the web tracking via Matomo described in section 8, link tracking is performed on the basis of our legitimate interest in finding out how the newsletters are used, thus allowing us to continually optimise our offer (Art. 6 para. 1 lit. f GDPR).
You can unsubscribe from the newsletter tracking at any time by clicking on the link contained in each newsletter (see above).You can prevent the loading of external content in the e-mail newsletter by suppressing the display of HTML content in e-mails in your e-mail client and, instead, having e-mails displayed as text only.
7. Cookies are stored on your computer when you use our websites. What does this mean?
We use so-called cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These are only stored on your hard disk. Cookies can only be read by the server that previously stored them there and provides information about what you have looked at on a website and when. Cookies themselves only identify the IP address of your computer and do not store any personal information, such as your name. The data stored in the cookies is not linked to your personal details (name, address, etc.).
- Language settings
- Session ID
The data of the users collected on this website are pseudonymised by technical means. An allocation of data to the accessing user is therefore no longer possible. The data are not stored together with any other personal data relating to the user.
It is up to you to decide whether you allow cookies. On the one hand, you have the option of accepting all cookies, of being informed when cookies are set or refusing all cookies by changing your browser settings (usually to be found under “Option” or “Settings” in the browser’s menu.
The legal basis for the processing of personal data using the cookies technically needed for this is Art. 6 para. 1 lit. f GDPR.
8. We use the Matomo (formerly Piwik) analysis tool. What does this mean for your data?
We use the Matomo open source web analytics software on our website. Matomo also uses “cookies” (see 7. above), which are text files placed on your computer so as to help the website analyse how users use the site. The information generated by the cookie about your use of this website will be transmitted to and stored on our own server.
We will use this information to evaluate your use of the website and to compile reports on website activity.
The data will therefore only be collected and stored for our own marketing and optimisation purposes. This data can be used to create user profiles under a pseudonym that allow your Internet browser to be recognised. The data will not be used to personally identify you as a user of our website and will not be merged with personal data concerning you as the bearer of the pseudonym.
Additionally, we would like to point out to you that Google Analytics is used on our websites with the extension anonymizeIP, and that IP addresses are therefore only processed further in an abbreviated form, in order to exclude a personal reference.
Right to objection:
This way, a so-called opt-out cookie is filed on your device, which prevents the future collection of your data by Matomo when visiting this website.
Here, please pay attention to the fact that, should you delete cookies in your browser settings, this may result in the opt-out cookie being deleted by Matomo and, if applicable, it will have to be re-activated by you.
For more information on how Matomo works and the privacy practices applicable to this service, please visit https://matomo.org/privacy-policy/.
The legal basis for the use of Matomo is sec. 15 para. 3 Telemedia Act (TMG), Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the collection and evaluation of statistical data collected via Matomo, as this is necessary to keep the services and offers offered on our website available to our customers and so as to constantly improve them.
9. We use Google Analytics. What does this mean for your data?
We use Google Analytics on our websites, which is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies” (see 7.), which are text files placed on your computer so as to help the website analyse how users use the site. Generally speaking, the information generated by the cookie regarding your use of this website is transmitted to a server of Google in the USA and stored there. However, in the event of the activation of the IP anonymisation on this website, your IP address is first abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. The full IP address will only be transmitted to a server of Google in the USA and abbreviated there in exceptional cases. By order of the operator of this website, Google will use this information in order to evaluate your use of the website in order to compile reports concerning the website activities and to provide further services associated with the website use and the internet use towards the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be aggregated with other data of Google. You can prevent the storage of the cookies by a corresponding setting of your browser software; however, we would like to point out that, in this case, you will, if applicable, not be able to use all functions of this website in full. In addition to this, you can prevent the use of the data generated by the cookie and referring to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=en).
Right to objection:
As an alternative to the installation of the browser plug-in, especially in internet browsers of mobile terminal devices, you can prevent use by Google Analytics by clicking as follows:
This way, a so-called opt-out cookie, which prevents the future collection of your data by Google Analytics with the visit to this website, is filed on your device.
Here, please note that, should you delete cookies in your browser settings, this may result in the opt-out cookie being deleted by Google Analytics and, if applicable, it will have to be re-activated by you.
You can find more detailed information relating to the functioning of Google Analytics and the conditions of use and data protection provisions that are relevant for this service at https://policies.google.com/privacy?hl=en. What is more, we would also like to point out to you that Google Analytics is used on our websites with the extension anonymizeIP and therefore IP addresses are only processed further in an abbreviated form in order to exclude a personal reference.
The legal foundation for the use of Google Analytics is sec. 15 para. 3 Telemedia Act (TMG), Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the collection and evaluation of statistical data collected about Google Analytics, as this is necessary to keep the services and offers offered on our website available to our customers and so as to constantly improve them.
10. Google Maps plugin
We use a plugin of the internet service Google Maps on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. By using Google Maps on our website information about the use of this website and your IP address is transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the precise content of the transmitted data, nor about their use by Google. The company negates in this context the connection of the data with information from other Google services and the recording of personal data. However, Google can transmit the information to third parties.
Right to object
You can find out more details relating to the data protection provisions and conditions of use for Google Maps here: https://www.google.com/intl/de_de/help/terms_maps.html.
The data processing is carried out based on legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. The visually optimised presentation of our company via the plugin is under legitimate interest.
11. Rights of data subjects
If personal data relating to you is processed, you are a data subject as defined in the GDPR and you are entitled to the following rights against the controller:
Information, rectification, restriction of processing and erasure
You have the right at any time to obtain information free of charge about any personal data we have stored about you, about the origin and recipient as well as the purpose of data processing via our websites. In addition, you have the right to rectification, erasure and restriction of the processing of your personal data, where the statutory provisions exist.
Right to data portability
You have the right to receive the personal data relating to you that you have made available to us as controller in a structured, commonly used and machine readable format. We can meet this right by providing a csv-export of the customer data processed relating to you.
Right to information
If you have asserted your right to rectification, erasure or restriction of processing to the controller, this is obliged to inform all recipients, to whom the personal data relating to you was disclosed, about this rectification or erasure of the data or the restriction of processing, unless this proves to be impossible or involves an unreasonable expense or effort.
You have the right vis-à-vis the controller to be informed of these recipients.
Right to object
You have the right, for reasons that result from your particular situation, to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR: this shall also apply to a profiling that is supported on these provisions.
The controller no longer processes the personal data relating to you, unless he can prove compelling legitimate grounds for the processing that override your interests, rights and liberties, or the processing serves the assertion, exercise or defence of legal claims.
If the personal data relating to you is processed in order to operate direct advertising, you have the right to object to the processing of the personal data relating to you for the purpose of such advertising at any time, this also includes profiling, where this is associated with such direct advertising.
If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.
You have the possibility, in connection with the use of services of the information society – irrespective of the Directive 2002/58/EC – to exercise your right to object by means of automatic processes with which technical specifications are used.
Revocability of data protection declarations of consent
In addition, you may revoke the consents that you have given us with effect to the future at any time at the contact details stated below.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the member state of your place of residence, your place of work or the place of alleged infringement, if you consider that the processing of the personal data relating to you infringes the EU general data protection regulation.
The supervisory authority, with which the complaint has been lodged, informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
12. Changes to this data protection statement
We reserve the right to change this data protection statement when the occasion arises and without prior notice. Please therefore consult this page regularly to find out about possible changes to this data protection statement.