Protection de données


Data protection declaration

We are delighted that you have decided to visit our website and we would like to thank you for your interest in our company. The protection of personal data is very important to us. The use of our website is fundamentally possible without the provision of any personal data. However, if a user wishes to avail of specific company services via this website then it may be necessary to process personal data. If it is necessary to process personal data and if no legal basis for such processing exists then we will obtain the permission of the affected person as a general rule.

You can withdraw your consent at any time with effect for the future. The contact details of the data controller can be found at the end of this data protection declaration.

The personal data (name, address, email address or telephone number) of a user of this website is always processed on the basis of the General Data Protection Regulation and in accordance with the valid and applicable national data protection provisions.

BlowerDoor GmbH officially informs you in this data protection declaration of the type, purpose and scope of your personal data subject to processing. Furthermore, the persons affected by this data protection declaration are informed here of their associated rights.

The following terms are used in this data protection declaration, which were also used with the enactment of the EU General Data Protection Regulation. In order to keep the data protection declaration simple and comprehensible, these terms are explained here.

Personal data - according to Art 4 (1) GDPR, this is:

All information that pertains to an identified or identifiable natural person (referred to in the following as “affected person”). A natural person is deemed to be identifiable if they can be directly or indirectly identified, in particular with assignment to an identifier such as a name, an ID number, location data, an online identification, or one or more particular characteristics, which constitute a manifestation of the physical, physiological, psychological, mental, economic, cultural or social identity of this natural person.

Affected person

Every identified or identifiable natural person, whose personal data is processed by the data controller.

Processing - according to Art 4 (2) GDPR, this is:

Any procedure or sequence of procedures, executed with or without the help of automated processes, that takes place in conjunction with personal data, such as acquisition, recording, organisation, sorting, storage, alignment or modification, reading out, querying, utilisation, publication or disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Restriction of processing

                The marking of stored personal data with the aim of restricting its future processing.

Affected person

Every identified or identifiable natural person, whose personal data is processed by the data controller.

Profiling - according to Art 4 (4) GDPR, this is:

Any form of automated processing of personal data, which consists of using this personal data in order to evaluate specific personal aspects that pertain to a natural person, in particular in order to analyse or predict aspects pertaining to work performance, financial situation, health, personal preferences, interests, reliability, conduct or behaviour, whereabouts or change of location of this natural person.

Pseudonymisation

The processing of personal data in such a way that the personal data can no longer be attributed to a specific affected person without drawing upon additional information, insofar as this additional information is stored separately and is subject to technical and organisational measures that guarantee that the personal data cannot be assigned to an identified or identifiable natural person.

Data controller - according to Art 4 (7) GDPR, this is:

The natural or legal person, authority, institution or any other entity that decides, autonomously or together with others, on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or by the law of the member states then the data controller or the specific criteria governing their designation may be set out by Union law or by the law of the member states.

Recipient

A natural or legal person, authority, institution or any other entity to whom personal data is disclosed, irrespective of whether this is a third party or not. However, authorities that may receive personal data within the framework of a specific investigation mandate in accordance with Union law or the law of the member states are not deemed to be recipients.

Third party

A natural or legal person, authority, institution or any other entity apart from the affected person, the data controller, the order processor and the persons who are authorised under the direct responsibility of the data controller or the order processor, to process the personal data.

Order processor - according to Art 4 (8) GDPR, this is:

A natural or legal person, authority, institution or any other entity that processes the personal data on behalf of the data controller.

Consent - according to Art 4 (11) GDPR, this is:

Every manner in which the affected person provides permission and clearly states their will in the form of a declaration or any other unambiguous action of conveying confirmation on a voluntary basis for the specific case, whereby the affected person confirms that they permit the processing of their respective personal data.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Cookies

This website uses cookies. Cookies are small text files that are sent to your browser by a web server and stored on the hard drive of your computer. Apart from the Internet Protocol Address, no personal data of the user is stored whatsoever. This information serves to automatically identify you and ease your navigation when you next visit our website. When you visit our website, our web server automatically stores information of a general nature in an anonymized form for marketing and optimisation purposes. This includes, as standard, the type of web browser, the operating system used, the domain name of your Internet Service Provider, the IP address that has been assigned to you by your Internet Service Provider, the website that you have visited us from, the web pages of ours that you visit, as well as the date and duration of your visit. This is exclusively information that permits no further conclusions to be drawn regarding you personally. Personal data is only stored if you provide this to us, for example within the framework of registration, a survey or when executing a contract. Through the use of cookies, it is possible to provide more user-friendly services to visitors to this website, which would not be possible without setting cookies.

Cookies can be used to optimise the information and services presented on this website for the specific user. The use of this website is simplified by the recognition of users. For example, the user of a website that uses cookies is not required to re-enter their access data every time they visit the site. Online shops are able to make a note of the items that a customer has placed in their virtual shopping basket through the use of cookies.

The visitor is able to prevent the use of cookies by this website at any time with the settings in their internet browser, and thereby permanently inhibit the use of cookies. Any cookies that have already been set can be deleted in all standard internet browsers or via other software programs. If the use of cookies is blocked or deactivated by the user, it may not be possible to use all of the functions of this website.

 

Contact

Personal data is also processed by BlowerDoor GmbH if you provide this to us. This takes place every time you get in contact with us for example. Personal data transmitted to us in this way is naturally only used for the purpose intended by you when you provide this to us at the time of establishing contact. This information is provided expressly on a voluntary basis and with your consent. Insofar as this information pertains to communication channels (e.g. email address, telephone number) then you also consent to us contacting you via these communication channels if necessary, in order to respond to your inquiry.

Security

BlowerDoor GmbH implements numerous technical and organisational measures, in order to protect your personal data against unintended or unlawful deletion, amendment or loss, and against unauthorised passing on or access. However, internet-based data transmissions for example may always be at risk of security breaches and it is therefore not possible to guarantee absolute protection. For this reason, all affected persons are free to transmit their personal data to us via alternative routes, for example on the telephone.

Data protection with applications and application procedures

The data controller acquires and processes personal data from applicants for the purposes of conducting the application procedure. This processing may also take place via electronic channels. This is the case in particular if an applicant transmits their application documents to the data controller via electronic channels, for example by email or via a web form provided on the website. If the data controller concludes an employment contract with an applicant then the transmitted data will be saved for the purposes of establishing the employment relationship with consideration to the legal regulations. If the data controller does not conclude an employment contract with the applicant then the application documents are automatically deleted two months after the rejection decision has been issued, unless other justified interests of the data controller stand against deletion. Other justified interests in this regard are for example the burden of proof in conjunction with processes in accordance with German general equal treatment law (AGG).

 

Data transfer when concluding online shop contract

If you order a voucher via our website, the following data must be entered:

• Salutation of the customer

• First name, last name of the customer

• Address details of the customer (e.g. sending the voucher by post / for invoicing)

• Email of the customer (for booking confirmation and sending the invoice)

• Credit card details (only if you pay by credit card)

You have the option of paying for the selected voucher in advance or by credit card. We will send your booking confirmation to the email you provided. If necessary, personal data will be passed on to the companies (see information on data recipients point 14) that are involved in the processing of this contract, e.g. credit institutions for payment processing. The data required to fulfill the contract will be deleted no later than 6 months after the end of the contract and will only be kept available for any queries.
We only transmit data to third parties if this is necessary in the context of contract processing, e.g. the payment platform commissioned with the payment processing or the one for processing the voucher by post (address data provided for sending).

Payment method: Data protection provisions for PayPal as a payment method

The person responsible for processing has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the person concerned selects “PayPal” as the payment option in our online shop during the ordering process, the data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that are necessary for payment processing. In order to process the purchase contract, personal data related to the respective order is also necessary.

The purpose of transmitting the data is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfill the contractual obligations or the data are to be processed on behalf of.

The data subject has the option of revoking their consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal's current data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Links with other websites

This website contains links with other websites (so-called external links).
As the provider, BlowerDoor GmbH is responsible for its own contents in accordance with the valid European and national legal provisions. It is necessary to distinguish between these contents and the contents of other providers accessed via links. We have no influence over the operators of other websites and we cannot ensure that they comply with the valid European and national legal provisions. Please refer in this regard to the data protection declarations on the respective website. BlowerDoor GmbH accepts no liability for external contents that are marked as such and that are accessed via links. Furthermore, we do not adopt such contents as our own. Providers of the linked websites bear sole responsibility for unlawful, inaccurate or incomplete contents and for damages arising in connection with the use or non-use of information supplied in this way.

Acquisition of general data and information

The website of BlowerDoor GmbH acquires various general data and information every time an affected person or an automated system calls up the website. This general data and information is stored in the server log files. The data acquired may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system arrived on our website (so-called referrer), (4) the sub-pages that are called up on our website by the accessing system, (5) the date and time of access to the website, (6) an Internet Protocol Address (IP Address), (7) the Internet Service Provider of the accessing system and (8) other similar data and information that facilitates defence in the event of attacks of our information technology systems. When using this general data and information, BlowerDoor GmbH draws no conclusions regarding the affected person. Rather, this information is in fact required in order to (1) deliver the contents of our website correctly, (2) optimise the contents of our website and our advertising for this, (3) guarantee the continuous functionality of our information technology systems and the technology of our website, and (4) so that we can provide the necessary information to the law enforcement authorities for the purpose of prosecution in case of a cyber attack. This anonymously acquired data and information is evaluated by BlowerDoor GmbH on the one hand statistically and also with the aim of safeguarding data protection and the processed personal data. The anonymous data in the server log files is stored separately to all personal data provided by an affected person.

Registering on our website

The affected person has the option of registering on the website of the data controller by providing their personal data. The personal data that is transmitted to the data controller depends on the respective input screen that is used for registration. The personal data entered by the affected person is acquired and stored exclusively for internal use by the data controller and for their own purposes. The data controller can initiate the passing on of the personal data to one or more order processors, for example a mailing service provider, who will also use the data exclusively internally and for the purpose of the data controller.

When registering on the website of the data controller, the IP address assigned to the affected person by the Internet Service Provider (ISP), as well as the date and time of registration will also be stored. The storage of this data takes place because it is only in this way that misuse of our services can be prevented. Furthermore, if necessary this data also facilitates the detection of committed offences. As such, the storage of this data is necessary to safeguard the data controller. This data is never passed on to third parties unless a legal obligation exists to pass this on, or if this is necessary for prosecution purposes.

The registration of the affected person with the voluntary provision of personal data enables the data controller to offer the affected person contents or services that can only be offered to registered users due to the nature of the matter. Registered persons are entitled to have the personal data they provided at the time of registration amended or deleted from the data inventory of the data controller in full at any time.

On request, the data controller shall inform any affected person of the personal data that is stored about them at any time. Furthermore, the data controller shall correct or delete the personal data on request or notification by the affected person, unless statutory storage periods prevent this. All employees of the data controller are available to the affected person as points of contact in this regard.

Contact options via the website

On the basis of statutory provisions, the website of BlowerDoor GmbH contains information that enables you to quickly get in touch with our company electronically and communicate with us directly. This information also includes a general electronic mail address (email address). If an affected person gets in touch with the data controller by email or via a contact form then the personal data transmitted by the affected person will be automatically saved. Such personal data transmitted by the affected person to the data controller on a voluntary basis is stored for the purpose of processing the inquiry or for getting in touch with the affected person personally. This personal data is not passed on to third parties.

Routine deletion and blocking of personal data

The data controller only processes and stores personal data of the affected person for the period required in order to realise the purpose of storage, or if this is prescribed by the European lawmakers and regulators, or by another legislator in laws or provisions that the data controller is subject to.

If the storage purpose no longer exists or a statutory storage period prescribed by the European lawmakers and regulators, or by another legislator, expires then the personal data will be routinely blocked or deleted in accordance with the legal provisions.

Rights of the affected person

  • Right to confirmation

Every affected person has the right granted by the European lawmakers and regulators to demand confirmation from the data controller regarding whether they are processing personal data pertaining to the affected person. If an affected person wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time in this regard.

  • Right to information

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to free information at any time from the data controller regarding any personal data stored about them personally, and to receive a copy of this information. Furthermore, the European lawmakers and regulators have granted the affected person the right to the following information:

    • the purpose of processing
    • the categories of personal data that are processed
    • the recipients or categories of recipient that the personal data has been or is being disclosed to; in particular with recipients in third countries or with international organisations
    • if possible, the planned duration of storage of the personal data, or if this is not possible then the criteria that determine this duration
    • the existence of a right to correction or deletion of personal data that pertains to the affected person, or to the restriction of processing by the data controller, or a right to object to this processing
    • the existence of a right to appeal to a regulatory authority
    • if personal data is not acquired from the affected person: all available information regarding the origins of the data
    • the existence of automated decision-making including profiling, in accordance with Article 22, sections 1 and 4 of the GDPR and - at least in these cases - meaningful information regarding the logic involved, as well as the implications and intended impacts of such processing for the affected person

Furthermore, the affected person has the right be informed as to whether personal data has been transmitted to a third country or an international organisation. If this is the case then the affected person also has the right to information regarding the appropriate guarantees provided in relation to the transmission.

If an affected person wishes to exercise this right to information, they can contact an employee of the data controller at any time in this regard.

  • Right to correction

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to demand the immediate correction of incorrect personal data pertaining to them. Furthermore, the affected person also has the right to demand that incomplete personal data be completed - also with a supplementary explanation - with consideration to the purposes of processing.

If an affected person wishes to exercise this right to correction, they can contact an employee of the data controller at any time in this regard.

  • Right to deletion (right to be forgotten)

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to demand that the data controller immediately delete any personal data pertaining to them, insofar as one of the following reasons applies and insofar as processing is not necessary:

    • The personal data was acquired for such purposes as are no longer applicable, or processed in such a way that is no longer necessary.
    • The affected person withdraws their consent to processing in accordance with Art. 6 section 1, letter a GDPR or Art. 9 section 2 letter a GDPR, and if no other legal grounds for processing exist.
    • The affected person lodges their withdrawal of consent to processing in accordance with Art. 21 section 1 GDPR and no overriding justified grounds for processing exist, or the affected person lodges their withdrawal of consent to processing in accordance with Art. 21 section 2 GDPR.
    • The personal data was processed unlawfully.
    • Deletion of the personal data is necessary in order to satisfy a legal obligation in accordance with Union law, or the law of the member states applicable to the data controller.
    • The personal data has been acquired in relation to a service provided by the information society in accordance with Art. 8 section 1 GDPR.

If one of the aforementioned reasons applies and an affected person wishes to initiate the deletion of personal data that is stored by BlowerDoor GmbH, they can contact an employee of the data controller at any time. The employee of BlowerDoor GmbH will ensure that the deletion request is satisfied immediately.

If personal data has been published by BlowerDoor GmbH and if our company is obligated to delete the personal data as the data controller in accordance with Art. 17 section 1 GDPR, BlowerDoor GmbH shall implement appropriate measures with consideration to the available technology and the costs of implementation, also of a technical nature, to inform other bodies responsible for data processing, which are processing the published personal data, that the affected person has demanded the deletion of this personal data by the other bodies responsible for the data processing, including all links to this personal data and all copies and duplicates of this personal data, insofar as processing is not necessary. The employee of BlowerDoor GmbH shall initiate the necessary measures in individual cases.

  • Right to restriction of processing

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to demand the restriction of processing if one of the following preconditions exists:

    • The correctness of the personal data is disputed by the affected person, whereby this restriction applies for a period that enables the data controller to check the correctness of the personal data.
    • Processing is unlawful, the affected person rejects the deletion of their personal data and instead demands that use of the personal data be restricted.
    • The data controller no longer requires the personal data for the processing purposes, however the affected person requires it in order to assert, exercise or defend against legal claims.
    • The affected person has submitted an objection to processing in accordance with Art. 21 section 1 GDPR and it has not yet been determined, whether the justified reasons of the data controller outweigh the justified reasons of the affected person.

If one of the aforementioned preconditions exists and an affected person wishes to demand the restriction of personal data that is stored by BlowerDoor GmbH, they can contact an employee of the data controller at any time. The employee of BlowerDoor GmbH shall initiate the restriction of processing.

  • The right to data portability

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to receive the personal data pertaining to them, which the affected person previously provided to a data controller, in a structured, conventional and machine-readable format. Furthermore, they also have the right to demand that this data be transmitted without hindrance to another data controller by the data controller to which they initially provided the personal data, insofar as processing was based on consent in accordance with Art. 6 section 1 letter a GDPR or Art. 9 section 2 letter a GDPR, or on a contract in accordance with Art. 6 section 1 letter b GDPR and processing takes place with the aid of an automated process, insofar as processing is not required in order to perform a task that lies in the public interest or that takes place within the framework of exercising official authority, where this has been transferred to the data controller.

Furthermore, the affected person has the right, when exercising their right to data portability in accordance with Art. 20 section 1 GDPR, to demand that the personal data be transmitted directly from one data controller to another data controller, insofar as this is technically feasible and if this does not infringe on the rights and freedoms of other persons.

The affected person can contact an employee of BlowerDoor GmbH at any time in order to exercise their right to data portability.

  • Right to objection

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to object at any time to the processing of personal data pertaining to them for reasons that arise due to their specific situation, where processing takes place on the basis of Art. 6 section 1 letters e or f GDPR. This also applies to profiling based on these conditions.

If an objection is lodged, BlowerDoor GmbH will no longer process the personal data unless we can verify compelling legitimate grounds for the processing, that outweigh the interests, rights and freedoms of the affected person, or if processing serves the assertion, exercising or defence of legal claims.

If BlowerDoor GmbH processes personal data for the purposes of direct advertising, the affected person has the right to object at any time to the processing of the personal data for the purposes of this type of advertising. This also applies to profiling, insofar as this is connected to such direct advertising. If the affected person lodges an objection with BlowerDoor GmbH regarding processing for the purposes of direct advertising then BlowerDoor GmbH shall no longer process the personal data for these purposes.

Furthermore, the affected person has the right, for reasons that arise from their specific situation, to lodge an objection to the use of the personal data pertaining to them by BlowerDoor GmbH for scientific or historic research purposes or for statistical purposes in accordance with Art. 89 section 1 GDPR, unless such processing is necessary in order to perform a task that lies in the public interest.

The affected person can contact any employee of BlowerDoor GmbH directly at any time in order to exercise their right to objection. The affected person is also entitled to exercise their right to object in relation to the use of services of the information society, notwithstanding directive 2002/58/EC, with automated processes whereby technical specifications are used.

  • Automated decision-making in individual cases including profiling

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to avoid being subjected to a decision that is based exclusively on automated processing - including profiling - which has a legal affect on them or significantly affects them in a similar way, unless the decision (1) is necessary in order to conclude or realise a contract between the affected person and the data controller, or (2) is permissible on the basis of the legal provisions of the Union or the member states applicable to the data controller and this legal provision contains appropriate measures to safeguard the rights and freedoms, as well as the justified interests of the affected person, or (3) takes place with the express consent of the affected person.

If the decision (1) is necessary in order to conclude or realise a contract between the affected person and the data controller, or (2) takes place with the express consent of the affected person, BlowerDoor GmbH shall implement appropriate measures in order to safeguard the rights and freedoms, as well as the justified interests of the affected person, which include at least the right to obtain human intervention on the part of the data controller, to express their own point of view and to contest the decision.

If the affected person wishes to exercise rights in relation to automated decisions, they can contact an employee of the data controller at any time in this regard.

  • Right to withdraw consent in relation to data protection

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to withdraw their consent to the processing of their personal data at any time.

If the affected person wishes to exercise this right to withdraw consent, they can contact an employee of the data controller at any time in this regard.

Data protection with applications and application procedures

The data controller acquires and processes personal data from applicants for the purposes of conducting the application procedure. This processing may also take place via electronic channels. This is the case in particular if an applicant transmits their application documents to the data controller via electronic channels, for example by email or via a web form provided on the website. If the data controller concludes an employment contract with an applicant then the transmitted data will be saved for the purposes of establishing the employment relationship with consideration to the legal regulations. If the data controller does not conclude an employment contract with the applicant then the application documents are automatically deleted two months after the rejection decision has been issued, unless other justified interests of the data controller stand against deletion. Other justified interests in this regard are for example the burden of proof in conjunction with processes in accordance with German general equal treatment law (AGG).

Data protection provisions on the use and application of Google Analytics (with anonymization function)

The data controller has integrated the Google Analytics component (with anonymization function) in this website. Google Analytics is a web analysis service. Web analysis is the acquisition, collection and evaluation of data regarding the behaviour of visitors to websites. A web analysis service logs data and information such as the website from which an affected person arrived on a website (so-called referrer), the sub-pages of the website that an affected person visits, or how often and for what length of time a sub-page was viewed. A web analysis service is predominantly used in order to optimise a website and to analyse the value for money of internet advertising.

The provider of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the suffix “_gat._anonymizeIp” for web analysis via Google Analytics. Using this suffix, the IP address of the internet connection of the affected person is abbreviated and anonymised by Google, if the access to our website takes place from a member state of the European Union or another state that is a contracting party to the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information acquired, for example, to evaluate the use of our website, to generate online reports for us, which show the activities on our web pages, and to deliver further services connected with the use of our website.

Google Analytics sets a cookie on the information technology system of the affected person. The nature of cookies is explained above. By setting cookies, Google is able to analyse the use of our website. By calling up individual pages of this website, which are operated by the data controller and in which a Google Analytics component has been integrated, the internet browser on the information technology system of the affected person will be automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP address of the affected person, which Google uses for example to track the origin of visitors and clicks, and to accordingly settle commission.

Personal information pertaining to the affected person - such as the access time, place from which access was initiated, and the frequency of visits to our website - is saved with the cookie. With every visit to our website this personal data, including the IP address of the internet connection used by the affected person, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America.            Google may pass this personal data, acquired via the technical process, on to third parties under certain circumstances.

The affected person is able to prevent the setting of cookies by our website at any time with the requisite settings in their internet browser, as described previously, and thereby permanently inhibit the setting of cookies. Applying these settings to the internet browser used would also prevent Google setting a cookie on the information technology system of the affected person. Furthermore, any cookie previously set by Google Analytics can be deleted via the internet browser or another software program at any time.

Additionally, the affected person can also object to and prevent the acquisition of the data logged by Google Analytics regarding the use of this website, as well as the processing of this data by Google. To do so, the affected person must download and install a browser add-on, via the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that it is prohibited to transmit data and information regarding visits to websites to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the information technology system of the affected person is deleted, reformatted or reinstalled at a later point in time then the affected person must reinstall the browser add-on, in order to deactivate Google Analytics again. If the browser add-on is de-installed or deactivated by the affected person or by another person within their sphere of influence, it is possible to reinstall or reactivate the browser add-on.

Further information and the valid data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in greater detail here: https://www.google.com/intl/de_de/analytics/.

Data protection provisions on the use and application of YouTube

The data controller has integrated components of YouTube in this website. YouTube is an internet video portal, which enables video publishers to present video clips free of charge, and also allows other users to view, rate and comment on these for free. YouTube permits the publication of all types of videos, so that complete films and television programs, as well as music videos, trailers or videos produced by the users themselves can be called up via the internet portal.

The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By calling up individual pages of this website, which are operated by the data controller and in which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the affected person will be automatically prompted by the respective YouTube component to download an image of the respective YouTube component from YouTube. For further information on YouTube, visit https://www.youtube.com/yt/about/de/. Within the framework of this technical process, YouTube and Google receive information regarding the actual sub-pages of our website visited by the affected person.

If the affected person is logged into YouTube at the same time, YouTube recognises which sub-page of our website containing a YouTube video is actually visited by the affected person when this sub-page is called up. This information is collected by YouTube and Google and assigned to the affected person by means of the respective YouTube account.

YouTube and Google always receive information via the YouTube component that the affected person has visited our website if the affected person is logged into their YouTube account and accesses our website at the same time; this takes place irrespective of whether the affected person clicks on the YouTube video or not. If the affected person does not wish this form of information transmission to YouTube and Google, it is possible to prevent this transmission by logging out of the YouTube account before accessing our website.

The data protection provisions published by YouTube can be viewed at https://www.google.de/intl/de/policies/privacy/. These provide information on the acquisition, processing and use of personal data by YouTube and Google.

Legal basis for processing

Art. 6 I lit. a GDPR serves as the legal basis for our company’s processing procedures, whereby we obtain consent for a certain processing purpose. If the processing of personal data is necessary in order to implement a contract to which the affected person is a contracting party, for example the data processing required in order to deliver goods or provide any other form of service or counter-performance, processing takes place on the basis of Art. 6 I lit. b GDPR. The same applies to processing procedures that are necessary in order to perform pre-contractual measures, for example in the event of inquiries regarding our products or services. If our company is subject to a legal obligation, which results in a necessity to process personal data, for example to fulfil fiscal obligations, then processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary in order to protect the vital interests of the affected person or another natural person. This would be the case for example if a visitor to our company were to sustain an injury and it were consequently necessary to inform a doctor, hospital or another third party of their name, age, health insurance details or other vital information. In this case, processing would be based on Art. 6 I lit. d GDPR. Finally, processing could be based on Art. 6 I lit. f GDPR. Processing procedures that take place on this legal basis, to which none of the previous legal bases apply, arise if processing is necessary in order to protect a justified interest of our company or a third party, insofar as this interest is not outweighed by the interests, basic rights and basic freedoms of the affected party. We are permitted to perform such processing procedures in particular because these have been specifically admitted by the European lawmakers. The legislation considers that a justified interest could be assumed if the affected person is a customer of the data controller (recital 47 clause 2 GDPR).

Justified interests in processing, which are pursued by the data controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR then our justified interest is the performance of our commercial activity to the benefit of the well-being of all our employees and our shareholders.

Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the retention period has expired, the corresponding data is routinely deleted insofar as it is no longer required for contract fulfilment or contract initiation.

Legal or contractual regulations for the provision of personal data; necessity for contract conclusion; obligation of the affected person to provide the personal data; possible consequences of a failure to provide

Please note that the provision of personal data may be prescribed in certain cases (e.g. tax legislation), or that it may be necessary due to contract regulations (e.g. information about the contract partner). It may sometimes be necessary with the conclusion of a contract, for the affected person to provide personal data, which must in turn be processed by us. The affected person is obligated to provide personal data to us for example if our company is concluding a contract with them. A failure to provide the personal data would result in it being impossible to conclude a contract with the affected party. Before the affected person provides personal data, they must contact one of our employees. Our employee will clarify with the affected person, whether the provision of the required personal data is prescribed by law or by the contract in the respective case, or whether it is essential due to conclusion of the contract, and furthermore what the consequences would be for the affected person with a failure to provide the personal data.

Existence of automated decision-making

                We do not perform any automatic decision-making or profiling.

Name and address of the data controller:

BlowerDoor GmbH
Geschäftsführer: Dipl.-Ing. Paul Simons, Alexander Kiß
Zum Energie- und Umweltzentrum 1
31382 Springe
Deutschland
Tel.: +49 5044 9754 0
E-Mail: info(at)blowerdoor.de
Internet: 
www.blowerdoor.de

We reserve the right to amend our data protection practices and these guidelines, in order to align them with any changes in the relevant laws or provisions where applicable, or to better meet with your needs. Any changes to our data protection practices shall be duly noted here. Please observe the latest valid version of the data protection declaration in this regard.

March, 2021