Privacy Policy
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Christian-Alexander Hoffmann. The use of the Internet pages of the Christian-Alexander Hoffmann is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Christian-Alexander Hoffmann. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, the Christian-Alexander Hoffmann has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
1. Definitions
The data protection declaration of the Christian-Alexander Hoffmann is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used. In this data protection declaration, we use, inter alia, the following terms:
a) Personal data: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing: any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.
g) Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients.
j) Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Christian-Alexander Hoffmann
Heinrich-Nagel-Straße 23
50389 Wesseling
Deutschland
Phone: 004915161025732
Email: [email protected]
Website: https://chris-hoffmann.ch
3. Collection of general data and information
The website of the Christian-Alexander Hoffmann collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the Christian-Alexander Hoffmann does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The anonymously collected data and information is analyzed statistically, with the aim of increasing the data protection and data security of our enterprise. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
5. Rights of the data subject
a) Right of confirmation: Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
b) Right of access: Each data subject shall have the right to obtain from the controller free information about his or her stored personal data and a copy of this information — including:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
– where possible, the envisaged storage period, or the criteria used to determine it;
– the existence of the right to request rectification, erasure, restriction of processing, or to object;
– the existence of the right to lodge a complaint with a supervisory authority;
– where the personal data are not collected from the data subject, any available information as to their source;
– the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR, and meaningful information about the logic involved and its significance.
Furthermore, the data subject has the right to be informed whether personal data are transferred to a third country or international organisation and about the appropriate safeguards relating to the transfer.
c) Right to rectification: Each data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data and the completion of incomplete data.
d) Right to erasure (Right to be forgotten): Each data subject shall have the right to obtain the erasure of personal data concerning him or her without undue delay where one of the following grounds applies, as long as the processing is not necessary:
– The personal data are no longer necessary for the purposes for which they were collected.
– The data subject withdraws consent and there is no other legal ground for the processing.
– The data subject objects pursuant to Article 21 GDPR and there are no overriding legitimate grounds.
– The personal data have been unlawfully processed.
– Erasure is required for compliance with a legal obligation.
– The personal data have been collected in relation to information society services referred to in Article 8(1) GDPR.
e) Right of restriction of processing: Each data subject shall have the right to obtain restriction of processing where the accuracy of the data is contested, the processing is unlawful, the controller no longer needs the data but the data subject requires them for legal claims, or an objection under Article 21(1) GDPR is pending verification.
f) Right to data portability: Each data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another controller, where the processing is based on consent or a contract and is carried out by automated means.
g) Right to object: Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing based on point (e) or (f) of Article 6(1) GDPR. For direct marketing there is a right to object at any time.
h) Automated individual decision-making, including profiling: Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
i) Right to withdraw data protection consent: Each data subject shall have the right to withdraw his or her consent to the processing of personal data at any time.
To exercise these rights, the data subject may contact the controller at any time (contact details in section 2).
6. Data protection provisions about the application and use of LinkedIn
On this website we merely link to the controller’s LinkedIn profile. No LinkedIn plug-ins or other active LinkedIn components are embedded. Therefore, simply visiting our pages does not transmit any data to LinkedIn.
Only when you actively click the link and open LinkedIn’s site does LinkedIn process data; we have no influence over this. The operating company is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn’s privacy policy is available at https://www.linkedin.com/legal/privacy-policy.
7. Data protection provisions about the application and use of Matomo
This website uses the open-source web analytics tool Matomo. Matomo runs on our own server; the collected data stays with us and is not shared with third parties.
Tracking is cookieless — no cookies are set. IP addresses are processed in anonymized (truncated) form so that no personal reference is established. The purpose is the statistical analysis of visitor flows to improve our website. The legal basis is Art. 6(1) lit. f GDPR.
Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/.
8. Data protection provisions about the application and use of Xing
On this website we merely link to the controller’s XING profile. No XING plug-ins or other active XING components are embedded. Therefore, simply visiting our pages does not transmit any data to XING.
Only when you actively click the link and open XING’s site does XING process data; we have no influence over this. The operating company is New Work SE (operator of XING), Am Strandkai 1, 20457 Hamburg, Germany. XING’s privacy policy is available at https://privacy.xing.com/.
9. Data protection provisions about the application and use of YouTube
On this website we embed YouTube videos in privacy-enhanced mode (youtube-nocookie.com). Videos are not loaded automatically: when our pages load, only a preview image stored locally on our server is shown; no data is transmitted to YouTube or Google.
Only when you actively click the preview image or play button is the video loaded from YouTube and data transmitted to Google. From that point on, Google’s privacy policy applies. The operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. The privacy policy is available at https://policies.google.com/privacy.
10. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose. If the processing is necessary for the performance of a contract, it is based on Art. 6(1) lit. b GDPR; the same applies to pre-contractual measures. Where we are subject to a legal obligation (e.g. tax obligations), the processing is based on Art. 6(1) lit. c GDPR. To protect vital interests, it is based on Art. 6(1) lit. d GDPR. Finally, processing operations may be based on Art. 6(1) lit. f GDPR (legitimate interests), unless overridden by the interests or fundamental rights and freedoms of the data subject.
11. The legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.
12. Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
13. Provision of personal data as statutory or contractual requirement
The provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
14. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
Developed by the specialists for LegalTech at Willing & Able that also developed the system for online agreement. The legal texts contained in our privacy policy generator have been provided and published by Prof. Dr. h.c. Heiko Jonny Maniero from the German Association for Data Protection and Christian Solmecke from WBS law.