Online-Passfoto

Data protection

1. General


We take the protection of your personal data very seriously. Data will be “processed” by us in accordance with the applicable statutory data protection regulations, from 25/05/2018 in particular in accordance with the European General Data Protection Regulation (hereinafter referred to as GDPR) and the country-specific data protection regulations. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Below we inform you about the processing of your data, in particular about the type, scope and purpose of the collection and use of your personal data when you visit our website and use our offers and services as well as the corresponding legal basis of the individual processing operations. In addition, we explain to you in the context of our data protection declaration which rights you are entitled to with regard to data processing.

“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Body responsible for the data processing


As the provider of our Internet services, we are the body responsible for data processing. You can reach us at the following contact details: IT- und Medienberatung Baudach, Jan-Moritz Baudach - Wikingerufer 9a - 10555 Berlin - Phone: +49 30 66763844 - EMail: info@itmbb.de

3. Processing of your data


The type, scope and purpose of the processing of your data differ depending on whether you only visit our website or make use of the services and/or performances offered by us:

a) Visit to our Internet pages

When you visit our website, the server stores data in so-called server log files. This data is automatically transmitted by your Internet browser to the server, in particular:
  • Date and time of the retrieval of one of our Internet pages
  • Your browser type and the respective version of the browser
  • The used operating system
  • The last page you visited (so-called referrer URL)
  • The amount of data transferred and the access status (file transferred, file not found, etc.) as well as
  • Your IP address and the requesting provider.
This data is processed in order to enable you to use the Internet pages you have accessed, for statistical purposes, to improve our Internet offering and to protect against illegal cyber attacks and to exercise, assert or fend off legal claims. Your IP address will only be stored for as long as necessary to exercise, assert or fend off any legal claims and to respond to possible cyber attacks and to provide law enforcement authorities with the information necessary for law enforcement.

The above-mentioned data will be processed separately from all personal data that you provide to us when visiting our website and/or using a service, and will in no case be merged.

From 25/05/2018, this data processing described above has its legal basis in Article 6 Paragraph 1 Letter b) of the GDPR with regard to the implementation of necessary pre-contractual measures to enable you to use the websites you have accessed. If the above data is processed for statistical purposes, to improve our Internet offering, to protect against illegal cyber attacks or to exercise, assert or fend off legal claims, this will take place from 25/05/2018 on the legal basis of Art. 6 Para. 1 Letter f) of the GDPR. Our legitimate interest in this data processing lies in the evaluation of the data to improve our Internet offering, to exercise, assert or fend off any legal claims and in protecting our systems against illegal cyber attacks and to enable law enforcement authorities to initiate prosecutions if necessary.

b) Processing of personal data when using the services offered by us:

Personal data is only processed by us if this is permitted by law or if you consent to the processing of your personal data.

If you wish to make use of the services offered by us on our website, such as ordering goods, providing services, ordering vouchers or newsletters, it is necessary for you to provide further personal data. We process your personal data for the above purposes from 25/05/2018 on the legal basis of Article 6 Paragraph 1 Letter b) of the GDPR in order to perform a contract with you or to carry out necessary pre-contractual measures which take place on your request. The purpose of processing your personal data is therefore, for example, to process enquiries, to deliver ordered goods to you, to provide the desired service, to process an order for a voucher or to send you the newsletter you requested or to enable you to use our blog and comment functions. Without the indication of personal data we cannot conclude the contract with you and cannot render the offered services.

In addition, we process your data for the purpose of exercising, asserting or fending off any legal claims arising from the contractual relationship and, if necessary, enabling law enforcement authorities to initiate prosecutions. From 25/05/2018, the above data processing will take place on the legal basis of Art. 6 Para. 1 Letter f) of the GDPR or partly on Art. 6 Para. 1 Letter c) of the GDPR in order to comply with a legal obligation to which we are subject. Our legitimate interest in this data processing lies in being able to exercise, assert or fend off any legal claims arising from the contractual relationship and to enable law enforcement authorities to initiate prosecutions if necessary.

We also process your personal data for the purpose of complying with our statutory retention obligations. The legal basis for the fulfilment of our legal retention obligations is standardized from 25/05/2018 in Article 6 Paragraph 1 Letter c) of the GDPR.

Your data will be passed on to our supporting service providers, who we have of course carefully selected, for the performance of the contract or for the implementation of necessary pre-contractual measures which take place at your request. These service providers may be technical service providers or service providers who support us in shipping, payment processing or accounting. From 25/05/2018, your personal data will be forwarded to service providers supporting us either on the legal basis of Article 6 Paragraph 1 b) of the GDPR for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures or on the basis of a proper contract for processing on behalf which meets the requirements of Article 28 of the GDPR.

We also reserve the right to integrate external content from third-party providers (e.g. YouTube videos, external map services, external graphics, etc.) on our Internet pages.

If you access and use these third-party contents on our Internet pages, your IP address (also from 25/05/2018 on the legal basis of Article 6 Paragraph 1 Letter b) of the GDPR) will be forwarded to the third-party providers so that the content you are accessing can be sent from the third-party provider to your browser. The transmission of your IP address to these third-party providers is therefore absolutely necessary in order to send the accessed content to the browser of your end device. The processing of your data by the provider of the third-party content is subject to their data protection provisions. Without your explicit consent, we do not use any third-party tools that use so-called “tracking mechanisms”. “Tracking mechanisms” are technologies that track the behaviour of data subjects on the Internet and enable the creation of user profiles.

Otherwise, your personal data will only be passed on to other third parties if we are legally obliged to do so (e.g. to authorities in order to investigate cyber attacks and any criminal offences committed or to tax offices in order to comply with tax obligations or to courts in the event of legal disputes) from 25/05/2018 on the legal basis of Article 6 Paragraph 1 Letter c) of the GDPR as well as to lawyers and tax consultants on the legal basis of Article 6 Paragraph 1 Letter c) of the GDPR or Article 6 Paragraph 1 Letter f) of the GDPR. Our legitimate interest in passing on your data to lawyers lies in exercising, asserting or fending off legal claims. Our legitimate interest in passing on your data to external tax consultants lies in being able to fulfil our tax obligations properly.

Beyond that, we will not disclose your personal information to third parties without your express consent.

The mandatory data required by us can be seen in the input mask during the registration or ordering process. Further information which is not absolutely necessary for the purposes described above can be provided voluntarily; it is marked accordingly by us when collecting the data within the framework of the registration or ordering process.

4. Use of cookies


We use so-called “cookies” on our website. Cookies are small text files that are sent from our web server to your browser during your visit to our website and are stored by your browser for a limited time on your device (e.g. PC, smartphone, tablet) for various purposes. Below we inform you about the use of cookies on our website:

For the full functionality of our website it may be necessary for technical reasons to allow the use of cookies so that your device can continue to be identified during a visit to our website when changing from one of our pages to another (so-called “session cookies”).

In addition, we reserve the right to use so-called “permanent cookies” so that you can use our website more effectively. Permanent cookies allow us to recognize your device when you visit our website again and to store information about your last visit (e.g. your preferred language or other settings). We only use permanent cookies which are automatically deleted after 12 months at the latest.

The above-mentioned cookies may also be used by third-party providers of tools which we use on our website, in particular for statistical and analytical purposes. We will use third-party tools only with privacy-friendly settings. Without your prior explicit consent, we will therefore not use any so-called “targeting cookies” on our website, which make it possible to trace the behaviour of data subjects on the Internet and to create user profiles. If we use tools from third parties, we will inform you about the use, functionality and further details of the respective tools under item 15 of this data protection declaration.

The cookies described above will be used from 25/05/2018 on the legal basis of Article 6 Paragraph 1 Letter f) of the GDPR. Our legitimate interest in using these cookies is to enable our customers and users of our website to use our services more effectively and to analyse and improve our website.

You can determine yourself whether cookies can be set and retrieved by making the corresponding settings in your browser. For example, you can deactivate the storage of cookies in your browser, restrict the storage of cookies to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks for your permission. You can also set your browser so that cookies are automatically deleted when closing the browser. Finally, you may enable a Do-Not-Track (“DNT”) feature in your browser so that you are not automatically tracked by any web analytics tool that may be in use. Information about the configuration of your browser settings can be found in the help function of your respective Internet browser.

5. Storage and erasure periods for personal data


If the purpose for which your personal data is processed is no longer applicable, your personal data processed by us will be routinely erased or blocked unless you have consented to the permanent storage of your personal data.

If individual data have to be stored after the processing purposes have ceased to apply due to legal retention periods (e.g. tax and commercial retention regulations), the blocking of the data takes the place of erasure. The data to be stored may then be processed on the legal basis of Article 6 Paragraph 1 Letter c) of the GDPR exclusively for the aforementioned purposes.

6. Your rights as data subject of the data processing


You have the rights described below at all times:
  • Right to confirmation of and information about the personal data processed by us pursuant to Article 15 of the GDPR
  • Right to rectification of your personal data pursuant to Article 16 of the GDPR
  • Right to erasure of your personal data (“right to be forgotten”) pursuant to Article 17 of the GDPR
  • Right to restriction of processing of your personal data pursuant to Article 18 of the GDPR
  • Right to data portability of your personal data pursuant to Article 20 of the GDPR
  • Pursuant to Article 22 of the GDPR you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Please send us your request to the contact data given under item 2 of this data protection declaration.

7. Right to object


You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, from 25/05/2018, is based on Article 6 Paragraph 1 Letter e or f of the GDPR, including profiling based on those provisions.

In this case we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 Paragraph 1 of the GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

8. Right to withdraw consents


You can withdraw any consent you have expressly given us under data protection law at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Complaint about breaches of data protection with the supervisory authorities


If you are of the opinion that your data protection rights are being violated, you can contact the supervisory authority of your federal state or the federal state of our company headquarters. If a complaint concerns an enterprise which has its registered office in another federal state, the supervisory authority shall forward the complaint to the competent supervisory authority there.

10. Notification obligation regarding rectification or erasure of personal data or restriction of processing


We shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 Paragraph 1 and Article 18 of the GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We shall also inform you about those recipients if you request it.

11. Legal or contractual provisions relating to the provision of personal data and information on the necessity for the conclusion of the contract and the obligation of the data subject to provide the personal data and the possible consequences of not providing the data:


As described above, we collect and process your personal data in particular for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures at the request of the data subject. The provision of personal data is therefore contractually stipulated for this purpose. In some cases, the disclosure of personal data in the conclusion of contracts (e.g. for invoices) is also required by law due to tax and/or commercial law provisions. If you do not provide us with personal data, this will mean that we will not be able to conclude a contract with you and/or answer your questions.
If we process your personal data on the basis of a legitimate interest pursuant to Article 6 Paragraph 1 Letter f) of the GDPR, the provision of your data for these purposes is neither contractually nor legally prescribed. The details of data processing on the basis of a legitimate interest can be found in the above information in the relevant sections. If you do not provide us with personal data for these purposes, you may not be able to use our website to its full extent or at all.

12. Automated decisions in individual cases including profiling


We do not use automated decision-making, including profiling, pursuant to Article 22 Paragraphs 1 and 4 of the GDPR.

13. Data security


We use technical and organisational security measures to protect the processing of personal data, in particular against accidental or intentional manipulation, loss, destruction or against attacks by unauthorised persons. Our security measures are continuously improved in line with technological developments.

14. Questions / comments


If you have any questions or comments regarding this data protection declaration or data protection in general, you are welcome to send them to our contact data, which you can find in item 2 of this data protection declaration.

15. Use of third-party tools and content


If we use tools (programs) and content from third parties on our website that use permanent cookies for statistical or analytical purposes and/or process your IP address and/or other personal data, you will find information about these tools and content and how they work below:


Last revision of the data protection declaration: 01/03/2024