Information on data protection in accordance with the GDPR

1. Introduction

We, Rodewald+Partner, are aware of the importance of protecting your personal data and take our responsibility for the security and confidentiality of your data seriously. In this privacy policy, we inform you about what personal data we collect, how we use, process and protect it.

2. Responsible body and data protection officer

We are responsible for the processing of your personal data:

Rodewald+Partner e.K.
Schulstr. 5a
82237 Wörthsee

E-Mail: info@rodewald-partner.com

Our data protection officer is:

Melanie Bolkart
E-Mail: melanie.bolkart@rodewald-partner.com

3. Types of data collected

We collect and process various types of personal data, including:

  • Contact information such as name, address, e-mail address and telephone number
  • Demographic information such as age, gender and occupation
  • Financial data such as bank details or payment information
  • Technical data such as IP address, device information and browsing behavior
  • Other information that you provide to us voluntarily

4. Purpose of data processing

We process your personal data for the following purposes:

  • To provide our products and services
  • To process inquiries, orders and transactions
  • To communicate with you and respond to your inquiries
  • To improve our products, services and website
  • To carry out marketing and promotional activities
  • To comply with legal obligations

5. Legal basis of the processing

Your personal data is processed on the following legal basis:

  • Your consent to the processing of your data for specific purposes
  • The performance of a contract to which you are party or in order to take steps prior to entering into a contract
  • The fulfillment of legal obligations to which we are subject
  • Our legitimate interest in improving our products and services and in marketing activities

6. Data transfer and transmission

We only pass on your personal data to third parties if this is necessary to fulfill the above-mentioned purposes or if we are legally obliged to do so. In some cases, we may also transfer your data to third parties acting on our behalf, such as IT service providers or payment processors. We ensure that these third parties comply with appropriate data protection standards.

7. Storage duration

We only store your personal data for as long as is necessary to fulfill the above-mentioned purposes or as required by law, unless you have expressly consented to further use. (Legal basis: Art. 6 para. 1 sentence 1 a GDPR). Your data will then be securely deleted or anonymized.

8. Data processed for the provision of the website and the creation of log files

What data is processed for what purpose?

Each time you access content on the website, data is temporarily stored that may allow you to be identified. The following data is collected:

  • Date and time of access
  • IP address
  • Host name of the accessing computer
  • Website from which the website was accessed
  • Websites accessed via the website
  • Visited page on our website
  • Message as to whether the retrieval was successful
  • Amount of data transferred
  • Information about the browser type and version used
  • Operating system

Temporary storage of the data is necessary for the course of a website visit to enable delivery of the website. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes.

9. Web analysis, monitoring and optimization

The web analysis (also known as “reach measurement”) is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognize at what time our online offering or its functions or content are used most frequently or invite reuse. We can also understand which areas require optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offering or its components, for example.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a device and read from it. The information collected includes in particular websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have given us or the providers of the services we use permission to collect their location data, location data can also be processed.

The users’ IP addresses are also stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Range measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

  • Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed these again or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users who refer to our online offer and technical aspects of their end devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies may be used. Google Analytics does not log and store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, the IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible and is not used for any other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfer: EU-US Data Privacy Framework (DPF), standard contractual clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

10. Plugins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and can contain, among other things, technical information about the browser and operating system, referring websites, the time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status). Location data (information on the geographical position of a device or person).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

Google Fonts (obtained from Google server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible licensing restrictions. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA – When visiting our online offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API requires the user agent to match the font that is generated for the specific browser type. The user agent is logged primarily for debugging purposes and is used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts Analytics page. Finally, the referring URL is logged so that the data is used for production maintenance and an aggregated report on the top integrations can be generated based on the number of font requests. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.

11. Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for different purposes, e.g. to ensure the functionality, security and convenience of online offers and to create analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless this is not required by law. Consent is not necessary in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service that they have expressly requested (i.e. our online offer). The absolutely necessary cookies generally include cookies with functions that serve to display and run the online offer, load balancing, security, storing the preferences and choices of the users or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. The revocable consent is clearly communicated to the users and contains the information on the respective cookie usage.

Notes on data protection legal bases: The data protection legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for consent. If the users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and improving its usability) or, if this is done as part of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revocation and objection (so-called “opt-out”): Users can revoke the consent they have given at any time and object to processing in accordance with the legal requirements. To do this, users can, among other things, restrict the use of cookies in the settings of their browser (although this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a cookie consent management procedure, within the framework of which the consent of users to the use of cookies or the processing and providers mentioned in the cookie consent management procedure can be obtained and managed and revoked by the users. The declaration of consent is stored in order to avoid having to repeat the query and to be able to prove the consent in accordance with the legal obligation. The storage can be on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technology) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used; Legal basis: consent (Art. 6 Para. 1 Clause 1 Letter a) GDPR).

12. Your rights

You have the right

  • to obtain information about whether and what data we have stored about you (Art. 15 GDPR)
  • to withdraw your consent (if given) for the future (Art. 7 para. 3 GDPR),
  • to object to the processing of your data insofar as the processing is based on our legitimate interest and there are reasons for this arising from your particular situation (Art. 21 GDPR)
  • to have incorrect data concerning you corrected by us (Art. 16 GDPR)
  • to demand the immediate erasure of your personal data (Art. 17 GDPR),
  • that, under certain conditions, the processing of your data is restricted (Art. 18 GDPR) and to data portability, whereby we transfer your data to third parties or receive your data in a machine-readable format (Art. 20 GDPR) to lodge a complaint with a supervisory authority (Art. 77 GDPR)

13. Right to withdraw consent

You can revoke your consent at any time. All you need to do is send us a simple message. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

14. Automated decision-making and profiling

We do not use automated decision-making or profiling to process your personal data.

15. Contact information

If you have any questions or concerns about our privacy practices or wish to exercise your rights, please contact us at:

Rodewald+Partner
Melanie Bolkart
Schulstr. 5a
82237 Wörthsee

E-Mail: melanie.bolkart@rodewald-partner.com

16. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority in your country if you believe that we have breached data protection laws.

17. Updates to the privacy policy

This Privacy Policy will be reviewed and updated regularly to reflect changes to our privacy practices or legal requirements.

This Privacy Policy is intended to give you a clear idea of how we handle your personal data. If you have any questions or require further information, please do not hesitate to contact us.

nach oben