The usage of any webpage owned by CNI - Erben, Scherf GbR is possible without declaring personal data. If a person uses a special service of our company via our web page, the processing of personal data could be required. If the processing of personal data is required and if there is no appropriate statute, we will ask for permission by the data subject. Personal data such as the name, address, mail address or phone number of the data subject will always be processed according to the GDPR and the country-specific data privacy statutes valid for the CNI - Erben, Scherf GbR. With the data privacy statement, our company wants to inform the public about the collection, usage and processing of data.
CNI, Rheinstraße 43-45, 55116 Mainz, Germany
We hereby inform you that the internet-based data transfer holds security flaws, resulting in the impossibility of a flawless protection against third-party access.
The webpage of CNI - Erben, Scherf GbR collects a series of general data and information of any data subject or automated system accessing the page. These general data and information are saved in the logfiles of the server. Information that can be collected is the browser type and versions in use, the operating system, the webpage which brings the accessing system to our webpage, the sub pages that are accessed by the respective system on our webpage, the date and time of access to our page, the IP address, the internet-service-provider of the accessing system and any similar data and information, which is serving the defense against attacks on our IT systems.
With the usage of this general data and information, no conclusions about the data subject are drawn by CNI - Erben, Scherf GbR. The information is needed for the correct display of data on our page, an optimization of our page content and its advertisement, for guaranteeing a continuous operability of our IT systems and technical aspects of our webpage and, in the case of a cyber attack, to provide the necessary information to law enforcement agencies when it comes to a law enforcement operation.
This general data and information is collected anonymously and evaluated statistically by CNI _ Erben, Scherf GbR. The collection of data also aims at increasing the level of data security and data protection for the company, to enforce an optimal security level for the personal data processed by us. The anonymous data of the server-logfiles are stored separately from the personal data declared by the data subject.
Due to legal prescriptions, the webpage of CNI - Erben, Scherf GbR contains information about a fast electronic way of contacting our company as well as direct communication with our company, which contains a general address of the so-called electronic mail (e-mail address).
If a concerned person contacts the person in authority of processing data via e-mail or a contact form, the personal data of the concerned person will be collected automatically. The data, transmitted voluntarily by the concerned person to the person in authority of processing data , are used for the purpose of editing or contacting the concerned person. Personal data will not be transmitted to any third party.
Mr. Fabian Scherf
Any concerned person can contact the data security official at any time if questions or concerns regarding data security arise.
The person in authority of processing data uses and stores the personal data of the concerned person only for the period of time, which is needed for attaining the purpose of the data storage or for any purpose stated by EU guidelines and policy makers or another authority, law or legal prescription the person in authority of processing data is bound to.
Omission of the purpose of data storage or expiration of any appropriate period of storage prescribed by EU guidelines or policy makers leads to a routine deletion or blocking of personal data according to the appropriate statutes.
Any data subject has the right of confirmation about the potential processing of personal data by the controller, the right is given by the European legislature. If data subjects want to claim their right of confirmation, they can contact an employee of the processing controller any time.
Data subjects have the right to information about the collected data, given by European legislature. They can receive information by the controller any time free of charge, as well as a physical copy of the information.
According to European law, the data subject has the right to information about the following data and information:
- purposes for data processing
- the categories of personal data processed by the company
- the respective parties which are or will be receiving personal data, especially international organisations and third party countries
- if possible, the planned period of time which the personal data will be stored for, if that’s not possible, the criteria for the determination of said period
- the existence of the right to correction or deletion of their personal data, as well as limitation or processing by the controller and a right of objection to this processing
- the existence of the right of appeal at an authorized agency
- if the personal data of the data subject is collected elsewhere: information about the derivation of the data
- the existence of an automatized decision-making (profiling included) (according to DS-GVO, act 22, paragraphs 1 and 4) and – in these cases – relevant information about the applied logic and bearing of this processing for the data subject
The data subject has the right to information about the transmission of personal data to a third party country or an international organization. If that is the case, the data subject has the right to information about the appropriate warrants concerning the transmission.
If data subjects want to claim their right to information, they can contact an employee of the processing controller any time.
Any data subject, according to European legislature, has the right to correction of false personal data. The data subject has the right, subject to the purposes of the data processing, to claim the completion of fragmentary personal data. A complementary statement can be used.
If data subjects want to claim their right to correction, they can contact an employee of the processing controller any time.
Any data subject concerned with the processing of data by the controller has the right, according to European legislature, to claim an immediate deletion of personal data, if one of the reasons below applies and the processing is not required:
- The personal data was collected and processed for any purpose, that is no longer valid
- The data subject objects to the agreement, which validated the processing (according to DS-GVO Act 6, paragraph 1 a, or DS-GVO, Act 9, paragraph 2 a) and there is no other statute validating the processing of data
- The data subject objects to the processing (according to DS-GVO, Act 21, paragraph 1), and there are no overriding valid reasons for the processing, or the data subject objects to the processing (according to DS-GVO Act 21, paragraph 2)
- The personal data was processed unlawfully.
- The deletion is required for compliance with the European Union law or the legislature of the member states the processing controller is subject to.
- The personal data was collected in relation to services of the information society (according to DS_GVO, Act 8, paragraph 1)
If one of the reasons listed above is valid and a data subject wants to arrange for the deletion of personal data to be done by Erben, Scherf GbR, the data subject can contact an employee of the processing controller any time. The employee of CNI - Erben, Scherf GbR will implement the process of deletion immediately.
If personal data is revealed to the public by the CNI - Erben Scherf GbR and the company is required to delete personal data (according to DS_GVO Act 17, paragraph 1), CNI - Erben, Scherf GbR will implement the appropriate (including technical) measures to inform third parties dealing with the processing of the data in question, that the data subject has claimed the deletion of any links to personal data as well as copies and replications of the data, as long as it is not necessary to be processed further.
An employee of CNI - Erben, Scherf GbR will implement the appropriate steps of action in this case.
Any data subject has the right, according to European Law, to claim the limitation of the processing of data, if one of the following requirements is met:
- The accuracy of the personal data is disputed by the data subject for a period of time, which enables the controller to review the accuracy of the data in question.
- The processing is unlawful, the data subject objects to the deletion of the data and requests the limitation of the use of data instead.
- The controller no longer needs the personal data for purposes of processing, but the data subject needs the data for enforcement, exertion or defense of any legal claim.
- The data subject has objected to the processing of data (according to DS_GVO Act 21, paragraph 1) and it is not certain if the valid reasons of the controller override those of the data subject.
If one of the reasons listed above is valid and a data subject wants to arrange for the limitation of personal data to be done by CNI - Erben, Scherf GbR, the data subject can contact an employee of the processing controller any time. The employee of CNI - Erben, Scherf GbR will implement the limitation of the processed data immediately.
Any data subject has the right to receive the appropriate personal data, which were provided by the data subject, in a current, machine readable format. The data subject also has the right to transmit the data to another controller, as long as the processing is subject to an agreement (according to DS GVO Act 6, paragraph 1, a or Act 9, paragraph 2, a) or a contract (according to DS-GVO, Act 6, paragraph 1, b) and the processing was done via automatized methods, if the processing is not required for the completion of a public responsibility, which is relevant for the public benefit or is executed by a public authority.
The data subject has the right to claim the transmission of personal data from one controller to another, as long as that is possible on a technical level and does not affect the rights of a third party.
For the enforcement of the right to transferability of data, the data subject can contact an employee of the processing controller any time.
Any data subject has the right, according to European Law, to object to the processing of personal data (according to DS-GVO Act 6, paragraph 1) for any reason resulting from their respective situation. This includes profiling which is subject to these regulations.
CNI - Erben, Scherf GbR will not continue to process any personal data in case of objection, as long as there are no valid reasons for the processing which override the rights of the data subject or are needed for the enforcement, exertion or defense of legal claims.
If the CNI - Erben, Scherf GbR uses personal data for direct marketing, the data subject has the right to object to the processing of personal data for marketing purposes at any time.
This right extends to profiling, as long as it is linked to direct marketing. If the data subject objects to the processing of his data, the Erben Scherf GbR will not use the personal data for those purposes.
The data subject has the right to object to a processing of his data which is used by the CNI - Erben, Scherf GbR for scientific or historical research purposes or for statistical purposes (according to DSGVO, Act 89, paragraph 1), as long as the processing is not relevant for fulfilling a responsibility in public interest.
For the enforcement of a right to objection, the data subject can contact an employee of CNI - Erben, Scherf GbR directly at any time. The data subject is free to exert their right to objection via automatized systems, irrespective of the statutes 2002/58/EG.
According to European law, any data subject has the right to not be subject to a decision made by automatized processing only – including profiling – which has judicial consequences or limits the data subject considerably, as long as the decision (1) is not necessary for the closure or fulfillment of a contract between the processing controller and the data subject, (2) contains measures for the protection of rights and interest of data subject, according to statutes of the EU or member states the controller is subject to, or (3) is made with the explicit agreement of the data subject.
Is the decision (1) relevant for the closure or fulfillment of a contract between the data subject and the controller, (2) resulting from the explicit agreement of the data subject, the CNI - Erben, Scherf GbR will implement appropriate measures to secure the rights and interests of the data subject, which at least contains the right of obtaining an intervention of a person on the side of the controller, the demonstration of the respective viewpoints and the dispute of the decision.
If the data subject wants to enforce any right concerning automatized decisions, he can contact an employee of the controller at any time.
Any data subject has the right, according to European law, to object to the processing of personal data at any time.
If the data subject wants to enforce his right to objection to an agreement, that is possible at any time.
The processing controller has integrated features of Facebook, Inc. Facebook is a Social Network.
Facebook’s operating company is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA
For data subjects living outside of The United States of America or Canada, the processing controller is Facebook Ireland Ltd. ., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Every call up of the pages or sub-pages of this webpage, which are operated by the controller mentioned above and for which the Facebook-Plug-in, a Facebook feature, was integrated, a display of the Facebook feature is automatically downloaded by the Internet browser of the subject.
Via https://developers.facebook.com/docs/plugins/?locale=de_DE, an overview of all Facebook-Plug-ins can be accessed. Through this technical method, Facebook gains knowledge of which explicit subpage of our webpage was visited by the data subject.
If the data subject is signed in to Facebook, Facebook identifies every visit of our page and which subpages were visited throughout the whole visit of our page. This information is gathered by Facebook feature and assigned to the specific Facebook account of the data subject.
If the data subject clicks on any button linked to a Facebook feature on our page, e.g. the “Like” – button, or if the data subject comments on any post, Facebook assigns the information to the respective Facebook user account and stores the personal data.
Through the Facebook feature, Facebook identifies visits to our webpage if the person is logged in to Facebook at the same time, irrespective of the data subject clicking on the feature itself. If this transmission of information is not wanted by the data subject, logging out of the Facebook account before accessing our page will prevent the transmission.
The data privacy regulations made public by Facebook, accessible via https://de-de.facebook.com/about/privacy/, explains the collections, processing and usage of personal data by Facebook. It is also explained which possibilities for modulations concerning the security of privacy of the data subject are available. Different applications are available which suppress a transmission of data to Facebook and can be used by the data subject.
The processing controller has integrated the feature Google Analytics on this webpage. Google Analytics is a web analysis service. Web analysis is the collection, storage and evaluation of data about the behaviour of visitors on webpages. A web analysis service collects, among other data, information about the referrer, i.e. which page has lead the data subject to the page in question, which subpages of the webpage are accessed and how often and for how long a subpage was viewed. Web analysis is mostly used for the optimization of the page and a cost-benefit calculation of online advertisement.
Operating company of the Google Analytics feature is Google, Inc. ., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The processing controller uses the appendix "_gat._anonymizeIp" for the web analysis via Google Analytics. With this appendix, the IP address of the internet connection of the data subject is shortened and anonymized by Google, if the access to our website takes place in a member state of the EU or with another signatory of the European Economic Area.
The purpose of the Google Analytics feature is the analysis of visitor flows to our website. Google uses the collected data and information to evaluate the use of our website, to compile online reports for us, which indicate the activity on our webpage and to provide other services regarding the usage of our website.
Google Analytics sets a cookie on the IT systems of the data subject. The explanation of “cookie” was given above. With the setting of cookies Google can analyse the usage of the website. With every call up of a single page of the website, which is operated by the controller and for which a Google Analytics feature was integrated, the internet browser of data subject’s IT system is prompted to transmit data for the purpose of web analysis to Google by the Google Analytics feature. Google receives information about personal data, e.g. the IP address of the data subject, which provide Google with information about the origin of the visitors and clicks, therefore making commission bills possible.
With cookies, personal data such as the time and place of access and the amount of visitors to our website is stored. With every visit to our website, this personal data, including the IP address of the data subject’s internet connection is transmitted to Google in The United States Of America. Google can transmit this data to third parties.
The data subject can prevent the setting of cookies by our website every at any time through an appropriate setting in his internet browser and therefore permanently object to the setting of cookies.
This setting in the respectively used internet browser would also prevent Google from setting a cookie on the IT system of the data subject. A cookie that has already been set by Google Analytics can be deleted at any time via the internet browser or other software program.
The data subject has the possibility to object to the collection and usage of personal data by Google Analytics as well as the processing of data by Google. For this to be implemented, the data subject has to download and install a browser add-on via this link https://tools.google.com/dlpage/gaoptout
For further information regarding Google’s data security regulations go to https://www.google.de/intl/de/policies/privacy/ or http://www.google.com/analytics/terms/de.html.
Google Analytics is explained here: https://www.google.com/intl/de_de/analytics/
The processing controller of this website has integrated Google AdWords on this website. Google AdWords is a service for online advertisement, which enables advertisers to place ads in the search engine results of Google as well as in the Google advertisement network. Google AdWords enables advertisers to select specific search terms in advance. With those terms, an ad will only be visible to the user, if he gets a search result with the search engine containing the terms.
In the Google advertisement network, the ads are placed by an automatized algorithm on different websites that match the search terms that were selected previously.
Operating company of Google Adwords is Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the advertisement of our website via showing interest-related ads on the websites of third party companies as well as in the search results of the search engine Google and showing external ads on our website.
If a data subject gets to our website through a Google advertisement, a so-called Conversion Cookie is placed on the IT system of the data subject. The term cookies has been explained above. A conversion cookie is valid for 30 hours and is not used for identification of the person. Via the Conversion Cookie, assuming the cookie is still valid, it can be determined if specific subpages, such as the checkout of an online shop system, have been called up on our webpage. Via the cookie, we, as well as Google, can see if the data subject, that visited our page through an Adwords advertisement, has generated sales, i.e. completed or cancelled a purchase.
The data and information collected through the use of the conversion cookie are used by Google to generate visitor statistics. Those statistics are used by us to determine the overall number of visitors that were brought to our site by the AdWords advertisement, i.e.to determine the failure of the respective AdWords advertisement and for future optimization. Neither our company nor other advertisement customers of Google AdWords receive information by Google which could identify the data subject.
With the conversion cookies, personal data, e.g. the websites visited by the data subject, are stored. With every visit to our page personal data, including the IP address of the data subject’s internet connection, are transmitted to Google in The United States of America. This personal data is stored by Google in The United States of America. Google might transmit personal data to third parties via technical methods.
The data subject can prevent the setting of cookies by our website, as declared above, at any time via the appropriate setting in the used internet browser, thereby permanently preventing the setting of cookies. This setting would also prevent Google from setting a conversion cookie on the IT system of the data subject. A cookie set previously by Google AdWords can be deleted at any time via the internet browser or other software programs.