Privacy statement for visitors to our website
Thank you for your interest in our online presence. We take many things seriously – one of them being your rights to privacy, the protection of your data, and information autonomy. For this very reason, we have put together the following information for you:
We are:
Schmidt Spiele GmbH
Managing Directors: Axel Kaldenhoven and Martina Priemer
Lahnstrasse 21, 12055 Berlin
Fax.: +49 (0)30/68 39 02 30
E-mail: info@schmidtspiele.de
Tel.: +49 (0)30/68 39 02 0
Our data protection officer is
DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 89 7400 45840
Use of this website for information purposes only:
When using our website for information purposes only, meaning that you wish to neither register as a user nor transfer any other information, we will collect the following data from you: IP address, date and time of enquiry, time-zone difference to Greenwich Mean Time (GMT), content of request (specific page), access status/http status code, data volume transferred, website from which the request was made, browser, operating system and interface, language and version of the browser software. Cookies and your browser send these data directly to us. The purpose of this processing is the provision of our website and a statistical evaluation. The legal framework for this is Article 6 (1) first sentence lit. f GDPR, according to which the processing of personal data is feasible without consent from the data subject insofar as processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. The above purposes constitute our interest. To the extent that we us cookies, please refer to our chapter titled "Our use of cookies on the website".
Use of the contact field:
Whenever you communicate with us using our contact field, we will collect the following data: gender/first name/last name/e-mail address, text of your inquiry, status graphic security check (mandatory fields) and title/address/phone/fax (optional). Only you will know the reasons for contacting us. The response to this describes the purpose of processing. To the extent that this is a specific contractual obligation, whether in connection with the instigation, the execution or termination, Article 6 (1) lit. b GDPR constitutes the legal basis for this. In this case we will store the data until the end of the statutory retention period. Article 6 (1) first sentence lit. f GDPR constitutes the legal framework for all other cases; according to this, the processing of personal data is possible without consent from the data subject if this is necessary for the purposes of legitimate interests on the part of the controller or a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a child. Communication outside a contractual obligation is in the interest of both parties. We store your data until fulfilment of the purpose derived from the legitimate interest.
Registration with our visitors' platform:
When you register with our visitors' platform, we will collect the following data from you: user name, password, selected security question, response to security question, user gender/first name/last name/e-mail address, status community, status graphic security check (mandatory fields), user title/address/phone/fax, status opt-in newsletter (optional). Internally we register your activities insofar as this is necessary to provide the contractual obligation pursued hereunder. Article 6 (1) lit. b GDPR constitutes the legal basis for this. We will store your data until the end of the statutory retention period.
Participation in a prize draw:
Whenever you participate in a prize draw that we organize, the data requested when registering your participation will be collected – including, but not limited to: date/time of participation, prize draw participant's gender/first name/last name/e-mail address, status graphic security check (mandatory fields), allocation to the individual prize draw, status win or no-win, where appropriate shipment data for sending out the prize. Article 6 (1) lit. b GDPR constitutes the legal basis for this.
Registration with our closed, internal area:
A closed user group can log-in to an internal area with us. We will process the following data for this: user's first name/last name/e-mail address, user's date/time of login, user activity (e.g. password changed). Internally we register your activities insofar as this is necessary to provide the contractual obligation pursued hereunder. Article 6 (1) lit. b GDPR constitutes the legal basis for this. We will store your data until the end of the statutory retention period.
Our use of Google Analytics:
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how you as a user, use the site. The information generated by the cookie about your use of this website will usually be transmitted to, and stored by, Google on servers in the USA. If IP anonymization has been activated on this website, Google will truncate your IP address in Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of this website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator. The legal basis for this is Article 6 (1) first sentence lit. f GDPR, according to which the processing of personal data is feasible without consent from the data subject insofar as processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a child. Our legitimate business interest is to evaluate the user behavior on this website. Your interests are protected by opt-out options made available to you and described below in addition to anonymization. Additionally, we have a data processing agreement with the provider to secure our right to issue instructions on the provider. We will delete the data after 14 months the latest.
(2) Google will not associate your IP address with any other data held by Google within the context of Google Analytics.
(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. To opt out of data collected by cookies and the use of website-related data (including your IP address) to Google as well as the processing of data by Google, download and install the add-on for your current web browser available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
(4) This website uses Google Analytics with the add-on “_anonymizeIp()”. This processes truncated IP addresses which exclude any reference to natural persons. If your identity can be revealed based on the data collected on you, this is immediately ruled out and therefore personal data are immediately deleted.
(5) We use Google Analytics to analyze the use of our website and routinely improve it. The statistical information gained allows us to improve and create a more interesting offer for you as a user. In the exceptional case where personal data are transferred to the USA, Google complies with the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
(6) Information on third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and conditions of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy statement: http://www.google.de/intl/de/policies/privacy.
[(7) This website also uses Google Analytics for the cross-device analysis of visitor volumes under a user ID. Go to My Data - Personal Data to deactivate cross-device analytics for your customer account.]
Our use of social media plugins:
(1) We currently use only the following social media plug-in: Facebook. We use Shariff's latest social media buttons and thus protect your privacy as if using a two-step verification. For more detailed information please go to: https://www.heise.de/ct/ausgabe/2014-26-Social-Media-Buttons-datenschutzkonform-nutzen-2463330.html.
(2) We cannot influence the data collected and data processing operations, nor are we aware of the full scope of the data collection, of its processing purposes or of data-retention periods. Neither are we in receipt of information pertaining to the erasure of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected on you as user profiles and uses them for the purpose of promotion, market research and/or the demand-actuated design of its website. This analysis is done specifically (even for users who are not logged in) to present demand-actuated promotions and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective plug-in provider. Plug-ins allow us to offer you the possibility to interact with social networks and other users in order to improve and create a more interesting offer for you as a user.
(4) Data are forwarded regardless of whether you have an account with the plug-in provider and are logged in, or not. If you have logged in with the plug-in provider, the data which we collected on you are attributed directly to your account with the plug-in provider. If you click on the activated button and e.g. link the page, the plug-in provider stores this information, too, in your user account and publicly informs your contacts of this. We recommend that you routinely log off after having logged in to a social network, yet especially before activating the button in order to avoid being attributed to your profile with the plug-in provider.
(5) Further information about the purpose and scope of data collection and processing by the plug-in provider is available in the privacy statements of these providers listed below. These statements also include additional information about your rights and settings options to protect your privacy.
(6) We also maintain a business page with this provider. If you interact with this page, it is possible that the provider processes your data in the manner as described under paragraphs (2) to (5).
(7) The legal basis for this is Article 6 (1) first sentence lit. f GDPR, according to which the processing of personal data is feasible without consent from the data subject insofar as processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a child. It is our legitimate business interest to offer you the possibility to voluntarily interact with us on social media networks in the manner as described hereunder.
(8) Addresses of the plug-in provider and URL plus privacy statements:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php. Facebook complies with the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
Our use of YouTube videos:
(1) We have embedded YouTube videos into our online offer which are stored at http://www.YouTube.com and which can be played directly from our website. All YouTube videos are embedded under the "extended data privacy mode", meaning that no data about you as a user are transmitted to YouTube unless you play the videos. Only when you play the videos are the data as listed under paragraph (2) transmitted. We do not have any influence on this data transfer.
(2) When visiting the website, YouTube receives the information that you prompted the respective subpage on our website. Also, the information listed under paragraph (3) is transferred. This is regardless as to whether YouTube provides a user account via which you are logged in or if there is no user account. If you have logged in to Google, your data are attributed directly to your account. If you do not wish this to be attributed to your YouTube profile, you must log off before activating the button. YouTube stores your data as user profiles and uses them for the purpose of promotion, market research and/or the demand-actuated design of its website. This analysis is done specifically (even for users who are not logged in) to provide demand-actuated promotions and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.
(3) Further information about the purpose and scope of data collection and processing by YouTube is available in the data privacy statement. These statements also include additional information about your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and complies with the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
(4) The legal basis for this is Article 6 (1) first sentence lit. f GDPR, according to which the processing of personal data is feasible without consent from the data subject insofar as processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a child. We refer to our interest in direct marketing in accordance with recital 47 (end of recital) GDPR.
(5) We also maintain our own channel with this provider. If you interact with this page, it is possible that the provider processes your data in the manner as described under paragraphs (2) and (3).
Our use of Google Maps:
(1) This website uses Google Maps. This allows us to show interactive maps directly on the website and facilitates a convenient use of the map function for you.
(2) When visiting the website, Google receives the information that you prompted the respective subpage on our website. Also, the information listed under paragraph (3) is transferred. This is regardless as to whether Google provides a user account via which you are logged in or if there is no user account. If you have logged in to Google, your data are attributed directly to your account. If you do not wish this to be attributed to your Google profile, you must log off before activating the button. Google stores your data as user profiles and uses them for the purpose of promotion, market research and/or the demand-actuated design of its websites. This analysis is done specifically (even for users who are not logged in) to provide demand-actuated promotions and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google.
(3) Further information about the purpose and scope of data collection and processing by the plug-in provider is available in the data privacy statements of the provider. These statements also include additional information about your rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and complies with the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
(4) The legal basis for this is Article 6 (1) first sentence lit. f GDPR, according to which the processing of personal data is feasible without consent from the data subject insofar as processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data, in particular where the data subject is a child. We refer to our interest in direct marketing in accordance with recital 47 (end of recital) GDPR. We will erase the data as soon as the purpose no longer exists, yet when you opt-out from processing the latest.
Is it mandatory for us to collect these data? What happens if we do not collect these data?
There is no legal obligation to collect these data. However, it is possible that if the requested data are not collected, your visit to our website will be less user-friendly.
Who receives these data? And: Do the data leave the European Union or the European Economic Area?
The following enterprises either receive the above data, whereby below it is pointed out if data leave the European Union or the European Economic Area:
Third-country reference:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on the collection of data: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other applications and http://www.facebook.com/about/privacy/your-info everyoneinfo.
- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.
Miscellaneous:
- Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 (Google Analytics)
Ensuring adequate data integrity:
We maintain current technical measures that guarantee data integrity, especially to protect your personal data against risks from data transmissions as well through third parties obtaining your information. They all comply with state-of-the-art technology.
Our use of cookies on the website:
Also, when using the website, cookies are saved on your computer. Cookies are small text files allocated on your hard drive to the browser that you use which forward specific information to the site that places the cookies (in this case, us). Cookies cannot execute programs or deliver viruses to your computer. They serve the purpose of making the online offer a more user-friendly and efficient experience overall. However, cookies are deleted as soon as the following storage period has been reached:
Know your rights:
You have certain rights. You have the right to be informed about personal data stored on you, and to have such personal data rectified, erased or its processing restricted, as well as the right to object to these data being processed and for them to be shared (data portability). Moreover, you have the possibility to lodge a complaint about us with the competent supervisory authority. We wish to point out that these rights may be tied to requirements whose applicability we may insist on.
Our use of Google Fonts:
Our website uses Google Fonts. Google Fonts is a service provided by Google Inc. These web fonts are integrated by communicating with a server, usually a Google server the USA. This informs the server which websites of ours you visited. Google also stores the IP address of the terminal device's browser used by the visitor to these websites. For more information about Google's privacy policy, please go to: www.google.com/fonts#AboutPlace:about; www.google.com/policies/privacy/. These data are processed to pursue our legitimate interests in the optimization and the economic operation of our website. Article 6 (1) lit. f GDPR constitutes the legal basis for this. Google has certified that it adheres to the Privacy Shield Framework which provides for adequate data and privacy protection in accordance with Article 45 GDPR. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Our use of Font Awesome:
Our website uses third-party fonts, so-called web fonts provided by Fonticons, Inc. Prompting a page invites your browser to download the required web fonts into your browser's cache in order to correctly display text and typography.
To do this, your browser must communicate with Fonticons, Inc.'s servers to inform Fonticons, Inc. that your IP address prompted our website. Web fonts are used for the standardized and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR. Furthere information about Font Awesome is available at https://fontawesome.com/help as well as the privacy statement of Fonticons, Inc.: https://fontawesome.com/privacy.
Our use of browser-update.org:
Our website updates JavaScript using browser-update.org. browser-update.org is an initiative of Webmasterpro.de, Team23 GmbH & Co. KG, Werner-von-Siemens-Str. 6, 86159 Augsburg. If JavaScript is enabled for your browser and if you have not installed a JavaScript blocker, you will be notified when using an outdated web browser. The prompted website, the web browser used and whether the browser has been updated is transmitted to browser-update.org which produces a statistical summary of the web browsers used. However, your IP address is not stored there. This service is used for the standardized and secure presentation of our online offers in compliance with state-of-the-art technology. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR insofar as personal data are processed. More information about how browser-update.org uses your data is made available at https://www.browser-update.org/de/contact.html.