We take your privacy very seriously, and process your personal data in accordance with the applicable statutory data protection requirements. Personal data in this context means all information that can relate to you personally, for example your name, address, e-mail and IP address, user behaviour.
The following data protection information tells you how we process your personal data. We have also provided you with an overview of your data protection rights. The specific data that are processed and how they are used are largely governed by the services used, requested and agreed.
1. Controller and Data Protection Officer
The controller in accordance with Article 4(7) of the General Data Protection Regulation (GDPR) or the service provider in accordance with section 13 of the Telemediengesetz (TMG – German Telemedia Act) is:
Red Square GmbH
2. Source of personal data
We process personal data that we receive from you when you visit our website or contact us by e-mail or using our contact form.
3. Categories of personal data concerned
(1) If you visit or use our website purely for informational purposes, i.e. you do not register or otherwise provide us with any information, we collect only the personal data that your browser sends to our server. If you wish to view our website, we collect the following data that we require for technical purposes to display our website to you and to ensure its stability and security:
- Your IP address,
- The date, time and duration of your visit,
- The content of the request (specific page),
- The access status/https status code,
- The data volume transmitted,
- The website from which the request originates,
- Your browser,
- Your operating system.
These data are used exclusively for internal statistical purposes.
(2) In addition to the above data, transient and persistent cookies are saved on your computer when you use our website. Cookies are small text files that are saved on your hard drive and assigned to the browser you use, through which the body that applied the cookie receives certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make the Internet as a whole more user-friendly and more effective.
(3) Most browsers are set up to accept cookies. However, you can deactivate the saving of cookies in your browser at any time, or change your browser settings so that you receive a message whenever cookies are sent. However, please note that you might then be unable to use all the functions of this website.
(4) This information is stored separately from any other data that may be disclosed to us. In particular, cookie data are not linked with your other data.
4. Other functions and services of our website
(1) In addition to the use of our website purely for informational purposes, we also offer various services that you can use if interested. To do so, you must typically provide further personal data that we use to perform the respective service.
(2) If you contact us by e-mail, we will save the data you provide (your e-mail address, possibly your name and telephone number) in order to reply to you. To contact us using our contact form, you have to provide your first and last name, your e-mail address and your actual message. We delete the data generated in this context once they no longer need to be stored, or restrict processing if statutory retention requirements apply.
5. Categories of recipients of personal data
(1) We have some of the above processes and services performed by carefully selected service providers commissioned in accordance with data protection requirements. These external service providers are bound by our instructions and are regularly monitored. They will not share your data with third parties.
(2) Regarding the sharing of data with other recipients, we will only pass on information about you if this is required by law, you have consented or we are authorised to do so. If these criteria are met, recipients of personal data can include:
- public authorities and institutions (e.g. tax authorities, criminal prosecution authorities) where there is a legal or official obligation.
- other companies or similar institutions with which we share personal data in order to carry out our business relationship with you.
6. Purposes of the processing for which the personal data are intended and legal basis
We process your personal data in accordance with the applicable statutory data protection regulations. Processing is lawful if one of the following conditions applies:
- Consent (Article 6(1) a) GDPR:
The processing of personal data is lawful if consent has been given to processing for specific purposes (e.g. processing of your request, use of data for marketing purposes). Consent that has been granted can be revoked at any time with future effect. This also applies to consent granted to us before the GDPR became effective, i.e. before 25 May 2018.
- On the basis of contractual commitments (Article 6(1) b) GDPR:
We process personal data to carry out our contractual commitments or to take steps requested prior to entering into a contract. The purposes of the data processing are primarily determined by the nature of your request.
- retention obligations for commercial and tax law purposes in accordance with the Handelsgesetzbuch (HGB – German Commercial Code) and the Abgabenordnung (AO – German Fiscal Code);
- compliance with monitoring and reporting obligations under tax law.
- For the purposes of legitimate interests (Article 6(1) f) GDPR: If necessary, we process your data beyond the actual performance of the contract for the purposes of our legitimate interests or those of third parties. Examples:
- establishment of legal claims and defence in legal disputes;
- ensuring IT security and IT operations;
- to analyse and improve the use of our website.
7. Intention to transfer personal data to a third country or international organisation
Personal data will only be actively transferred to a third country if this has been expressly indicated in the context of the above services.
8. Criteria for determining the period for which personal data are stored
(1) Data are stored in accordance with statutory regulations on data processing and in compliance with statutory retention periods. We process and use your data exclusively for the purposes to which we are entitled and for as long as the data are required for these purposes.
(2) If the data are no longer required for these purposes or to comply with legal obligations, they are typically deleted unless their further processing – for a limited time and possibly subject to other restrictions – is necessary for the following purposes:
- retention obligations for commercial and tax purposes, including the German Commercial Code and the German Fiscal Code. These stipulate retention and documentation periods of up to 10 years.
- the preservation of evidence within the framework of the statutory statute of limitations: Under sections 195 et seq. of the Bürgerliches Gesetzbuch (BGB – German Civil Code), the standard statute of limitations is three years, but can be up to 30 years under certain circumstances.
9. Your data protection rights
(1) Every data subject has the right to access in accordance with Article 15 GDPR, the right of rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to the restriction of processing in accordance with Article 18 GDPR, the right to object to processing in accordance with Article 21 GDPR and the right to data portability in accordance with Article 20 GDPR. The restrictions of sections 34 and 35 of the Bundesdatenschutzgesetz (BDSG – German Federal Data Protection Act) apply to the right to access and the right to erasure. You also have a right to complain to the competent supervisory authority (Article 77 GDPR in conjunction with section 19 BDSG).
(2) Consent to the processing of personal data that has been granted to us can be revoked at any time with future effect. This also applies to consent granted to us before the GDPR became effective, i.e. before 25 May 2018.
(3) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1) e) GDPR (data processing in the public interest) and Article 6(1) f) GDPR (data processing for the purposes of legitimate interests).
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for the purposes of such marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Your objection is not subject to any condition as to form and, if possible, should be addressed to:
Red Square GmbH
10. Obligation to provide personal data and possible consequences of not providing personal data
When using our services, you must provide the personal data required for the performance of the purpose or that we are legally required to collect. Without these data, we are typically unable to provide the desired service.
11. Existence of automated individual decision-making, including profiling
We do not use fully automated decision-making in accordance with Article 22 GDPR to establish or implement the business relationship. If we use this procedure in individual cases, we will inform you separately if this is required by law.
12. Amendment of data protection information
We develop and optimise our services on an ongoing basis. It is therefore possible that we add new functionalities. If this affects the way your personal data are processed, we will inform you in advance in our data protection information.