This declaration informs you about the kind, scope and purpose of personal-related
data processing necessary for the provision of our services as well as the functions
and contents on our website (termed as „online services“ in the following).
The terms used in this declaration, such as „processing“ or „responsible person“,
are defined in article 4 of the General Data Protection Regulation (GDPR) of the
European Union.
Responsible Person:
Mathias Wittekopf
Hörsterholz 1 B
D 44879 Bochum
info[at]ohrwelt.de
Types of processed data:
• User-related data (e.g. personal data as name, address, age)
• Contact data (e.g. e-mail, phone number)
• Content data (e.g. text input, images, videos)
• Usage data (e.g. visited websites, web-contents, time logs)
• Meta- / Communication data (e.g. hardware information, IP addresses)
Categories of related persons:
Visitors and users of the online services (termed „user“ in the following).
Purpose of data processing:
• Provision of online services, functions and content
• Response to contact requests and communication with users
• Measures of security
• Measurement of coverage / marketing
Terminology:
„Personal-related data“ is all information related to an identified or identifiable
natural person (termed „relevant person“ in the following); a natural person is
regarded identifiable by assignment to a name, ID-number, location data, online
identifier (e.g. cookie) or special attributes that express the physical, physiological,
genetic, psychic, economical, cultural or social identity of that natural person.
„Processing“ is any activity or series of activities with or without automation
concerning personal-related data. The scope of this term applies actually to any
use of data.
„Pseudonymization“ is the processing of personal-related data in a way that these
data can not be related to a specific relevant person without the correlation of
additional information, provided that this additional information is stored separately
and is subject to technical and organizational means to make sure these personal-
related data can not be related to an identified or identifiable natural person.
„Profiling“ is any kind of automated processing of personal-related data aiming to
evaluate certain personal aspects of a natural person in order to analyse or predict
aspects related to job performance, economical status, health, personal preferences,
interests, reliability, behavior, residence or relocation of that natural person.
„Responsible party“ is the natural or legal person, agency or other institution that,
alone or together with others, decides on the purpose and means of personal-related
data processing.
„Processing contractor“ is the natural or legal person, agency or other institution
that processes personal-related data on behalf of the responsible party.
Relevant statutory sources:
By requirement of article 13, GDPR we inform you about the statutory sources
concerning our data processing.
The following applies to users within the area of application of the GDPR, i. e. the
European Union and the European Economic Area:
Statutory source for obtaining consent is article 6, section 1 lit. a and article 7,
GDPR; statutory source for data processing to fulfil our services, realize our
contractual measurements and respond to requests is article 6, section 1 lit. b,
GDPR; statutory source for the fulfilment of our legal resonsibilities is article 6,
section 1 lit. c, GDPR; regarding data processing in the case of vital interests of a
relevant person or any other natural person article 6, section 1 lit. d, GDPR is
applicable. Statutory source for data processing in need of the realization of a task of
public interest delegated to the responsible party is article 6, section 1 lit. e, GDPR.
Statutory source for data processing to protect our legitimate interests is article 6,
section 1 lit. f, GDPR. The processing of data for other purposes than for which they
were gathered is regulated by article 6, section 4, GDPR. The processing of special
categories of data as specified by article 9, section 1, GDPR, is regulated by article
9, section 2, GDPR.
Safety regulations:
According to legal standards and following the state of technology, the costs of
implementation, the need, scope and amount of data processing, and taking into
account the expectable risk for the rights and liberties of natural persons, we employ
suitable technical and organizational measures to ensure a level of protection
adequate to the risk.
These measures include safeguarding confidentiality, integrity and control over the
physical access to data, as well as the control over the data input, transmission
and separation.
Moreover we have implemented methods to respect the rights of relevant persons,
delete data and react to possible hazards.
We care for the protection of personal-related data starting from development or
choice of hardware, software and data management, according to the principle of
data protection through technology and data protectional defaults.
Cooperation with processing contractors, other and third responsible parties:
If and when during the course of processing we disclose, transfer or otherwise share
data to other persons or enterprises (processing contractors, responsible partners or
third responsible parties), this will only happen on the basis of legal permission (for
example, if a transfer of data to third parties such as financial service providers
becomes necessary for fulfilment of contracts), or with consent of the user, by legal
obligation, or on the basis of our legitimate interests (for instance in the employment
of agents and web-hosts).
Transfer of data to third countries:
If and when we commission data to be processed in a third country (i. e. under non-
EU jurisdiction, outside of the European Economic Area or in Switzerland), or if and
when this data processing happens by services of third parties, or if and when data
are communicated to other persons or companies, this may only be done with your
consent, or to fulfil our (pre-)contractual duties, or by legal duty or on the basis of our
legitimate interests.
Subject to explicit consent or necessary contractual agreement we will process data
or commission data for processing only in third countries with certified data security
standards such as US data processors with a Privacy Shield certificate, or on the
basis of special guarantees such as a contractual commitment by standard
protective clauses installed by the EU commission, applicable certificates or binding
internal data security regulations (article 44 to 49, GDPR,
Information website of
the EU commission).
Legal rights of related persons:
You have the right to request a verification, if relevant data are or were processed,
information about these data, as well as further information and copies of these data
according to legal regulations.
According to legal regulations you have the right to request completion of your
relevant data or the correction of these data in case they are incorrect.
According to legal regulations you have the right to demand relevant data to be
deleted immediately, respectively demand a limitation of data processing.
You have the right of relevant data provided to us by you to be given to you according
to legal regulations, and to demand those data to be transmitted to other responsible
parties.
According to legal regulations you furthermore have the right to file a complaint with
the responsible surveillance authority.
Right of withdrawal:
You have the right to withdraw a given consent effecting the future.
Right of objection:
You may at any time, according to legal regulations, object to future processing of
your relevant data. This applies particularly to processing for the use in direct mail.
Cookies and the right of objection concerning direct mail:
„Cookies“ is a term for small data files stored in users' computers. They can carry a
variety of data. Cookies primarily serve to store information about the user
(respectively the machine, where the cookie is stored) during or also after his visit
with an online service.
Temporary cookies (also called „session-Cookies“ or „transient cookies“) are cookies
that are deleted after the user leaves the online service and closes his browser. Such
a cookie may store the contents of a shopping cart in an online shop or the login-
status.
„Permanent“ or „persistent“ cookies will remain after the browser has been closed.
Thus the user's login-status may still be available, when he returns to an online
service after several days. Another use might be to record the user's interests for
measurement of coverage and marketing purposes.
„Third party cookies“ are offered by providers other than the responsible party that
operate the online service. (Cookies offered by the responsible party thus are called
„first party cookies“).
We may use temporary and permanent cookies and give information about this within
this declaration. If users don't wish cookies to be stored in their computers, they are
asked to deactivate that option in the configuration settings of their browser. Stored
cookies can be deleted in the browser's configuration settings as well. Excluding
cookies may lead to limited functionality of online services.
A general objection against the use of cookies for online marketing and especially
tracking can be declared to a multitude of services via the US website
YourAdChoices or the EU site
Your Online Choices.
Deletion of data:
Data processed by us will be deleted or limited in processing according to legal regulations.
Unless explicitly stated in this declaration data stored by us will be deleted as soon
as they are no longer necessary for their purpose but for any obligation of retainment.
If data are not deleted, because they are necessary for other legal purposes, their
processing will be limited, i.e. the data will be locked and unavailable for any other
purposes. This applies for example to data being retained for reasons of commercial
or financial law.
Changes and updates of this declaration:
We ask you to regularly stay informed about the content of this declaration of data
protection. We update the declaration as soon as changes in our data processing
make this necessary. We will notify you, if a change or update requires your
consent, or if any kind of individual notification becomes necessary.
Contacting:
Upon establishing contact with us (e.g. by contact form, e-mail, phone or social
media) the information given by the user is processed for handling the inquiry
according to article 6, section 1 lit. b, GDPR (contractual / precontractual
relationships), article 6, section 1 lit. f, GDPR other inquiries).
User data may be stored in a Customer-Relationship-Management System („CRM
System“) or a comparable system of inquiry organization. We delete the inquiries
when they are no longer necessary. We check the necessity every two years;
furthermore legal duties of archivation apply.
Newsletter:
Below we inform you about the contents of our newsletter, the procedures of signing
in, distribution and statistic evaluation as well as your rights of objection. By
subscribing to our newsletter you agree to its reception and the procedures
described below.
Contents of the newsletter: We may distribute newsletters, e-mails and other
electronic news containing promotional information (termed „newsletter“ in the
following) only with consent of the recipients or legal permission. As far as the
contents of a newsletter are described explicitly upon the subscription process, they
are significant for the consent of the user. Furthermore our newsletters contain
information about our services and us.
Double-Opt-In and logging: Signing in to our newsletter follows a so-called double-
opt-in procedure, i. e. upon signing in you will receive an e-mail asking you to confirm
your subscription. This confirmation is necessary to prevent others from abusing your
e-mail address. Subscriptions to the newsletter are logged in order to verify the
subscription process according to legal requirements. This includes the record of
sign-in time, confirmation time and IP-address. Changes of your data stored with a
shipping service provider will be logged as well.
Sign in data: your e-mail address is sufficient to sign in for the newsletter. Optionally
we ask you to give a personal name to be used in the newsletter.
The distribution of the newsletter and an associated measurement of success
happens on the basis of the users' consent according to article 6, section 1 lit. a,
article 7 GDPR IAW § 7, section 2, nr. 3 UWG (= „Gesetz gegen den unlauteren
Wettbewerb“ in German law, corresponding to „trade practices law“), or – if a consent
is not necessary – on the basis of our legitimate interests in direct marketing
according to article 6, section 1 lit. f, article 7 GDPR IAW § 7, section 2, nr. 3 UWG.
The logging of the subscription process happens on the basis of our legitimate
interests according to article 6, section 1 lit. f GDPR.
We aim at the operation of a user-friendly and safe newsletter system that serves our
business interests as well as the users' expectations, and which allows us the proof
of consent.
Termination / withdrawal: You may terminate the reception of our newsletter at any
time, i. e. withdraw your consent. A link to unsubscribe the newsletter is provided at
the end of each newsletter. We may keep the unsubscribed e-mail addresses for 3
years on the basis of our legitimate interests in order to prove a formerly given
consent. The processing of these data is limited to the purpose of a possible defense
against claims. An individual request of deletion is possible at any time, as far as a
former consent is confirmed.