Privacy policy

♥

Data protection is of particularly high importance to the management of real-estate-majorca.com, hereinafter referred to as the “Operator.” The use of the websites is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data could become necessary.

If the processing of personal data is required and there is no statutory basis for such processing, we generally obtain the consent of the data subject. The processing of personal data (for example, the name, address, email address, or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable country-specific data protection regulations.

By means of this data protection declaration, our company intends to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights under this data protection declaration. As the controller responsible for the processing, the Operator has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

This data protection declaration is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance. Among other terms, we use the following in this data protection declaration:

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient
Recipient is a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

j) Third party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Controller Responsible for Processing

The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is: Carrer Xabec 1, 07610 Palma, Spain

3. Cookies

The Operator’s websites use cookies. Cookies are text files that are stored on a computer system via an Internet browser. Many websites and servers use cookies. Many cookies contain a so-called cookie ID, which serves as a unique identifier of the cookie. This consists of a string of characters by which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.

By using cookies, the Operator can provide users of this website with more user-friendly services that would not be possible without the cookie setting. Through a cookie, the information and offers on our website can be optimized with the user in mind. As mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to utilize our website. For example, the user of a website that uses cookies does not have to enter their login data each time they visit, because this is handled by the website and the cookie stored on the user’s computer system. Another example is the shopping cart cookie in an online store, which remembers the articles a customer placed in the virtual shopping cart.

The data subject can prevent cookies from being set by our website at any time by adjusting the appropriate settings in the Internet browser used, and thus can permanently object to the setting of cookies. Furthermore, cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

4. Collection of General Data and Information

Each time the website is accessed by a data subject or by an automated system, the Operator’s website may collect a series of general data and information. These general data and information are stored in the server log files. They can include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-pages accessed on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

The IP address of users is shortened within the Member States of the EU and the European Economic Area. As a result of this abbreviation, the personal reference of your IP address is eliminated. Under the agreement on order data processing, which the website operators have concluded with Google Inc., Google uses the collected information to evaluate website usage and website activity and to provide services related to Internet usage. The collected data are used solely for statistical evaluations and for the improvement of the website. However, the website operator reserves the right to subsequently review the server log files if there are concrete indications of unlawful use.

The Operator does not draw any conclusions about the data subject when using these general data and information. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated statistically by the Operator on the one hand, and also with the aim of increasing data protection and data security in our company in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries sent to us as the site operator. You can recognize an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser line. When the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Registration on Our Website

The data subject has the option of registering on the controller’s website by providing personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for transfer to one or more processors, such as a parcel service, which also uses the personal data exclusively for internal use attributable to the controller.

By registering on the controller’s website, the IP address assigned by the Internet service provider (ISP) of the data subject, along with the date and time of registration, is also stored. The storage of this data occurs against the backdrop that this is the only way to prevent misuse of our services, and these data make it possible to investigate any offenses committed. In this respect, the storage of this data is necessary for the controller’s security. As a matter of principle, these data are not disclosed to third parties unless there is a legal obligation to disclose them or if disclosure serves law enforcement.

Registration of the data subject, with the voluntary provision of personal data, also enables the controller to offer the data subject content or services that can only be offered to registered users due to the nature of the matter. Registered persons are free to change the personal data specified during registration at any time or to have them completely deleted from the controller’s database. The controller will inform any data subject at any time, upon request, which personal data concerning them are stored. Furthermore, the controller will correct or delete personal data at the request or notice of the data subject, provided that there are no legal retention obligations to the contrary. All of the controller’s employees are available to the data subject in this context as contacts.

6. Subscription to Our Newsletter

On the Operator’s website, users are given the opportunity to subscribe to our company’s newsletter. Which personal data are transmitted to the controller when ordering the newsletter is determined by the input mask used for this purpose. The Operator regularly informs its customers and business partners about the company’s offers via a newsletter. As a rule, the data subject can only receive our company’s newsletter if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation email in the double opt-in procedure will be sent to the email address first registered by a data subject for the newsletter dispatch. This confirmation email is used to check whether the owner of the email address has authorized receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the data subject’s computer system at the time of registration, as well as the date and time of registration. It is necessary to collect these data in order to track (possible) misuse of the data subject’s email address at a later date, and it therefore serves the legal protection of the controller.

The personal data collected during registration for the newsletter are used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by email if this is necessary for the operation of the newsletter service or for the related registration, as might be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. No personal data collected within the framework of the newsletter service will be passed on to third parties. The data subject may cancel the subscription to our newsletter at any time. The data subject’s consent to the storage of personal data that the data subject has provided for the newsletter dispatch may be revoked at any time. A corresponding link can be found in each newsletter for the purpose of revoking consent. Furthermore, there is also the option at any time to unsubscribe directly from the newsletter on the controller’s website, or to communicate this to the controller in another way.

7. Newsletter-Tracking

The Operator’s newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format, to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Through the embedded tracking pixel, the Operator can see if and when an email was opened by a data subject and which links in the email were accessed by the data subject.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent submitted via the double opt-in procedure. After a revocation, these personal data will be deleted by the controller. The Operator automatically interprets an unsubscribing from the receipt of the newsletter as a revocation.

8. Contact Possibility via the Website

Due to statutory provisions, the Operator’s website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general email address (email). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. These personal data are not transferred to third parties.

9. Routine Erasure and Blocking of Personal Data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject. If the storage purpose ceases to apply or if a storage period prescribed by the European legislator or another relevant legislator expires, the personal data are routinely blocked or deleted in accordance with the statutory provisions.

10. Rights of the Data Subject

a) Right to confirmation
Each data subject has the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. If a data subject wishes to avail themselves of this right of confirmation, they may, at any time, contact any employee of the controller.

b) Right of access
Each data subject affected by the processing of personal data has the right, granted by the European legislator, at any time to obtain from the controller, free of charge, information about the personal data stored about them, as well as a copy of that information. Furthermore, the European legislator grants the data subject access to the following information:
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject has the right to be informed as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to exercise this right of access, they may, at any time, contact an employee of the controller.

c) Right to rectification
Each data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right to rectification, they may, at any time, contact any employee of the controller.

d) Right to erasure (“right to be forgotten”)
Each data subject affected by the processing of personal data has the right, granted by the European legislator, to demand from the controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies, as long as the processing is not necessary:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent on which the processing is based according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
The personal data have been unlawfully processed.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data stored by the Operator, they may, at any time, contact any employee of the controller. The employee of the Operator will promptly ensure that the erasure request is complied with immediately. Where the personal data have been made public by the Operator and our company as the controller is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the Operator, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested erasure by such controllers of any links to, or copies or replications of, those personal data, insofar as processing is not required. The employee of the Operator will arrange the necessary measures in individual cases.

e) Right to restriction of processing
Each data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller restriction of processing where one of the following applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
The data subject has objected to processing pursuant to Art. 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met and a data subject wishes to request the restriction of personal data stored by the Operator, they may, at any time, contact an employee of the controller. The employee of the Operator will arrange the restriction of the processing.

f) Right to data portability
Each data subject affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning them, which were provided by the data subject to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, insofar as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where it does not adversely affect the rights and freedoms of others. The data subject may at any time contact any employee of the Operator to assert the right to data portability.

g) Right to object
Each data subject affected by the processing of personal data has the right, granted by the European legislator, to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on these provisions. The Operator shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

Where the Operator processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the Operator to the processing for direct marketing purposes, the Operator will no longer process the personal data for these purposes. In addition, the data subject has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them which is carried out by the Operator for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may directly contact any employee of the Operator. The data subject is also free, in the context of the use of information society services—regardless of Directive 2002/58/EC—to use automated means, using technical specifications, to exercise their right to object.

h) Automated individual decision-making, including profiling
Each data subject affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning them, or similarly significantly affects them, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) it is based on the data subject’s explicit consent, the Operator shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include, at a minimum, the right to obtain human intervention on the part of the controller, to express their own point of view, and to contest the decision. If the data subject wishes to exercise the rights concerning automated individual decision-making, they may, at any time, contact any employee of the controller.

i) Right to withdraw data protection consent
Each data subject affected by the processing of personal data has the right, granted by the European legislator, to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise the right to withdraw consent, they may, at any time, contact any employee of the controller.

11. Data Protection on the Use of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network. A social network is an internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences, or enable the internet community to provide personal or business-related information. Among other features, Facebook allows users of the social network to create private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) is integrated, is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be accessed at: https://developers.facebook.com/docs/plugins/?locale=en_US. In the course of this technical procedure, Facebook gains knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes, with each visit to our website by the data subject and for the entire duration of their stay on our website, which specific subpage the data subject visits. This information is collected by the Facebook component and assigned by Facebook to the data subject’s respective Facebook account. If the data subject presses one of the Facebook buttons integrated on our website, e.g., the “Like” button, or if the data subject submits a comment, Facebook matches this information with the data subject’s personal Facebook user account and stores the personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website, if the data subject is logged in to Facebook at the time of accessing our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If a transmission of information to Facebook is not desired by the data subject, they can prevent this by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://www.facebook.com/about/privacy/, provides information about how Facebook collects, processes, and uses personal data. It also explains what setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to block data transmission to Facebook.

12. Data Protection on the Use of Google Translate

The controller has integrated Google Translate services on this website. Google Translate is a function provided by Google that enables a company’s visitors to automatically translate websites. The integration of Google Translate therefore allows a company to create language-based texts and menus and thus display language-relevant content to the internet user.

The operating company of Google Translate is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Google Translate places a cookie on the data subject’s information technology system. What cookies are has been described above. By setting this cookie, Google can recognize the visitor of our website if he or she visits other websites that are also part of Google’s network. Each time a website is called up on which the Google Translate service is integrated, the data subject’s internet browser is automatically caused to identify itself to Google. In the course of this technical procedure, Google acquires knowledge of personal data, such as the IP address or the user’s surfing behavior, which Google uses, among other things, to display interest-based advertising.

By means of the cookie, personal information—such as the webpages visited by the data subject—is stored. Each time our webpages are visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical process on to third parties.

The data subject can prevent cookies from being set by our website at any time, as already described above, by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the used internet browser would also prevent Google from setting a cookie on the data subject’s information technology system. In addition, a cookie already set by Google Translate can be deleted at any time via the internet browser or other software programs.

Moreover, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and make the desired settings there.

Further information and Google’s current privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/.

13. Data Protection on the Use of Google AdSense

The controller has integrated Google AdSense on this website. Google AdSense is an online service that facilitates the placement of advertising on third-party sites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party sites to match the content of the respective third-party site. Google AdSense allows interest-based targeting of internet users, which is implemented by creating individual user profiles.

The operating company of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of using the Google AdSense component is to include advertisements on our website. Google AdSense places a cookie on the data subject’s information technology system. By placing the cookie, Alphabet Inc. is enabled to analyze the use of our website. Each time a page on this website is called up that is operated by the controller and on which a Google AdSense component is integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for online advertising and commission settlement. In the course of this technical procedure, Alphabet Inc. becomes aware of personal data, such as the data subject’s IP address, which enables Alphabet Inc. to trace the origin of visitors and clicks and subsequently to enable commission settlements.

The data subject can, as already mentioned, prevent the setting of cookies on our website at any time by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such an adjustment of the internet browser used would also prevent Alphabet Inc. from setting a cookie on the data subject’s information technology system. In addition, a cookie already set by Alphabet Inc. can be deleted at any time via the internet browser or other software programs.

Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in webpages to enable log file recording and log file analysis, which in turn allows for statistical evaluation. Based on the embedded tracking pixel, Alphabet Inc. can see whether and when a webpage was opened by a data subject and which links were clicked by the data subject. Tracking pixels serve, among other purposes, to evaluate visitor flow on a website.

Through Google AdSense, personal data and information—which also includes the IP address and is needed to collect and account for the displayed ads—are transmitted to Alphabet Inc. in the United States of America. These personal data are stored and processed in the USA. Alphabet Inc. may disclose these personal data collected through the technical process to third parties.

Google AdSense is further explained at: https://www.google.com/intl/en/adsense/start/.

14. Data Protection on the Use of Google Analytics (with Anonymization)

The controller has integrated the Google Analytics component (with an anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. Among other things, a web analytics service collects data on the website from which a data subject arrived at a website (the so-called referrer), which subpages were accessed, or how often and for what duration a subpage was viewed. A web analysis is mainly used to optimize a website and to perform a cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The controller uses the add-on “_gat._anonymizeIp” for web analytics through Google Analytics. This add-on truncates and anonymizes the IP address of the data subject’s internet connection when our webpages are accessed from a Member State of the European Union or another contracting state to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information collected, among other things, to evaluate the use of our website in order to compile online reports for us that show the activities on our websites and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject’s information technology system. By placing the cookie, Google is enabled to analyze the use of our website. Each time a page of this website is called up that is operated by the controller and on which a Google Analytics component is integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. In the course of this technical procedure, Google becomes aware of personal data, such as the IP address of the data subject, which enables Google to trace the origin of visitors and clicks and subsequently to enable commission settlements.

Cookies store personal information such as the time of access, the location from which the website was accessed, and the frequency of the data subject’s visits to our website. Each time our webpages are visited, these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical process on to third parties.

The data subject can, as described above, prevent the setting of cookies on our website at any time by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject’s information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Moreover, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of such data by Google. To do this, the data subject must download and install a browser add-on available at https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s information technology system is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the data subject or another person within their sphere of influence uninstalls or disables the browser add-on, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s current data protection provisions can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Analytics is further explained here: https://www.google.com/intl/en_uk/analytics/.

15. Data Protection on the Use of Google Remarketing

The controller has integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that allows a company to display advertising to internet users who have previously visited the company’s website. The integration of Google Remarketing thus allows a company to create user-based advertising and consequently display interest-based advertisements to internet users.

The operating company of Google Remarketing services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing enables us to display advertisements in the Google advertising network or on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the data subject’s information technology system. By placing the cookie, Google can recognize the visitor of our website if he or she subsequently visits websites that are also part of Google’s advertising network. Each time a website is accessed on which Google Remarketing has been integrated, the data subject’s internet browser automatically identifies itself to Google. In the course of this technical procedure, Google acquires knowledge of personal data, such as the IP address or the user’s surfing behavior, which Google uses, among other things, to display interest-related advertising.

Cookies store personal information, for example, the webpages visited by the data subject. Each time our webpages are visited, personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical process on to third parties.

The data subject can prevent the setting of cookies by our website at any time, as described above, by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such an adjustment to the internet browser would also prevent Google from setting a cookie on the data subject’s information technology system. Additionally, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Moreover, the data subject has the option of objecting to interest-based advertising by Google. For this purpose, the data subject must access the link www.google.com/settings/ads from each internet browser used and configure the desired settings there.

Further information and the applicable data protection provisions of Google can be found at: https://www.google.com/intl/en/policies/privacy/.

16. Data Protection on the Use of Google+

The controller has integrated the Google+ button as a component on this website. Google+ is a social network. A social network is an internet-based social meeting place, an online community that generally allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences, or enable the internet community to provide personal or business-related information. Google+ allows users of the social network to create private profiles, upload photos, and network through friend requests.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Each time a page on this website that is operated by the controller and in which a Google+ button has been integrated is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google+ button to download a representation of the corresponding Google+ button from Google. Within the scope of this technical procedure, Google gains knowledge of which specific subpage of our website is visited by the data subject. More detailed information about Google+ is available at https://developers.google.com/+/.

If the data subject is logged in to Google+ at the same time, Google recognizes which specific subpage of our website the data subject visits each time they access our website and for the entire duration of their stay on our website. This information is collected by the Google+ button and assigned by Google to the respective Google+ account of the data subject.

If the data subject clicks on one of the Google+ buttons integrated on our website and thus gives a Google+1 recommendation, Google associates this information with the personal Google+ user account of the data subject and stores these personal data. Google stores the Google+1 recommendation of the data subject, making it publicly available in accordance with the terms accepted by the data subject. A Google+1 recommendation made by the data subject on this website is subsequently stored and processed, along with other personal data such as the name of the Google+ account used and the photo stored with this account, in other Google services, such as the search engine results of the Google search engine, the Google account of the data subject, or in other places, e.g., on websites or in connection with advertisements. Furthermore, Google is able to link the visit to this website with other personal data stored by Google. Google also records this personal information with the aim of improving or optimizing various Google services.

Through the Google+ button, Google always receives information that the data subject has visited our website if the data subject is logged in to Google+ at the time of accessing our website; this occurs regardless of whether the data subject clicks the Google+ button or not. If the data subject does not wish personal data to be transmitted to Google, they can prevent such transmission by logging out of their Google+ account before accessing our website.

Further information and Google’s applicable data protection provisions can be found at https://www.google.com/intl/en/policies/privacy/. Further information from Google about the Google+1 button can be found at https://developers.google.com/+/web/buttons-policy.

17. Data Protection on the Use of Google Ads

The controller has integrated Google Ads on this website. Google Ads is an internet advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google Ads enables an advertiser to predefine specific keywords by means of which an ad is displayed in Google’s search engine results only when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, advertisements are distributed to topic-relevant websites by means of an automated algorithm, taking into account the predefined keywords.

The operating company of Google Ads is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google Ads is to advertise our website by displaying interest-related advertising on third-party websites and in Google’s search engine results and displaying third-party advertisements on our website.

If a data subject accesses our website via a Google ad, a so-called conversion cookie is placed on the data subject’s information technology system by Google. A conversion cookie loses its validity after thirty days and does not serve to identify the data subject. If the conversion cookie has not yet expired, it tracks whether certain subpages, such as the shopping cart of an online shop system, have been called up on our website. Through the conversion cookie, both we and Google can track whether a data subject who arrived at our website via an Ads ad generated a sale (i.e., completed or canceled a purchase).

The data and information collected through the use of the conversion cookie are used by Google to generate visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who have been referred to us via AdWords ads, i.e., to gauge the success or failure of the respective Ads ad and to optimize our Ads for the future. Neither our company nor other advertisers of Google Ads receive information from Google that could identify the data subject.

As already mentioned, the data subject can prevent the setting of cookies by our website at any time by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such an adjustment to the internet browser used would also prevent Google from placing a conversion cookie on the data subject’s information technology system. In addition, a cookie already set by Google Ads can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. For this purpose, the data subject must access the link www.google.com/settings/ads from each internet browser used and configure the desired settings there.

Further information and the current privacy policy of Google can be found at https://www.google.com/intl/en/policies/privacy/.

18. Data Protection on the Use of Instagram

The controller has integrated components of the Instagram service on this website. Instagram is a platform that can be classified as an audiovisual medium, allowing users to share photos and videos and also making it possible to distribute such data on other social networks.

The operating company of Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time a page on this website that is operated by the controller and in which an Instagram component (Insta button) has been integrated is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. In the course of this technical procedure, Instagram gains knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject visits each time they access our website for the entire duration of their stay on our website. This information is collected by the Instagram component and assigned by Instagram to the data subject’s respective Instagram account. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information thus transmitted are assigned to the data subject’s personal Instagram user account and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the time of accessing our website. This occurs regardless of whether the data subject clicks the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.

Further information and the applicable data protection regulations of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

19. Data Protection on the Use of Jetpack for WordPress

The controller has integrated Jetpack on this website. Jetpack is a WordPress plug-in that provides additional features for the operator of a website built on WordPress. Jetpack allows, among other features, an overview of the visitors to the site. By displaying related articles and publications or by sharing content on the site, Jetpack can increase visitor numbers. Security features are also integrated in Jetpack, protecting a Jetpack-using website against brute-force attacks. Furthermore, Jetpack optimizes and speeds up the loading of images on the website.

The operating company of the Jetpack plug-in for WordPress is Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.

Jetpack places a cookie on the data subject’s information technology system. Each time a page of this website that is operated by the controller and in which a Jetpack component is integrated is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis purposes. In the course of this technical procedure, Automattic becomes aware of data that are used to create an overview of website visits. Among other purposes, the data obtained are used to analyze the data subject’s behavior, who has accessed the controller’s website, and are evaluated with the aim of optimizing the website. The data collected by the Jetpack component are not used to identify the data subject without first obtaining the data subject’s separate explicit consent. Quantcast also becomes aware of the data. Quantcast uses the data for the same purposes as Automattic.

The data subject can, as already mentioned, prevent the setting of cookies by our website at any time by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such an adjustment to the internet browser used would also prevent Automattic/Quantcast from setting a cookie on the data subject’s information technology system. In addition, a cookie already set by Automattic can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by the Jetpack cookie relating to the use of this website, as well as the processing of these data by Automattic/Quantcast. For this purpose, the data subject must click the opt-out button at https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set in this way is stored on the data subject’s information technology system. If the cookies on the data subject’s system are deleted after an objection, the data subject must access the link again and set a new opt-out cookie.

Setting the opt-out cookie may result in the possibility that the controller’s websites are no longer fully usable by the data subject.

Automattic’s current privacy policy is available at https://automattic.com/privacy/. Quantcast’s privacy policy is available at https://www.quantcast.com/privacy/.

20. Data Protection on the Use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts and to create new business connections. Over 400 million registered users in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for privacy matters outside the USA.

Each time a page on this website that is operated by the controller and in which a LinkedIn component (LinkedIn plug-in) is integrated is accessed, the LinkedIn component prompts the data subject’s internet browser to download a display of the corresponding LinkedIn component from LinkedIn. You can find more information about LinkedIn plug-ins at: https://developer.linkedin.com/plugins. In the course of this technical procedure, LinkedIn becomes aware of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject visits each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the data subject’s respective LinkedIn account. If the data subject clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the data subject’s personal LinkedIn user account and stores the personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged in to LinkedIn at the time of accessing our website; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.

LinkedIn offers the possibility of unsubscribing from email messages, SMS messages, and targeted ads, as well as managing ad settings, under https://www.linkedin.com/psettings/guest-controls. LinkedIn also partners with companies such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

21. Data Protection on the Use of Pinterest

The controller has integrated components from Pinterest Inc. on this website. Pinterest is a social network. A social network is an internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the internet community to provide personal or business-related information. Pinterest enables users of the social network to publish, among other things, image collections and individual images, as well as descriptions on virtual pinboards (so-called “pinning”), which can then be shared (so-called “repinning”) or commented on by other users.

The operating company of Pinterest is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.

Each time a page of this website that is operated by the controller and in which a Pinterest component (Pinterest plug-in) is integrated is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective Pinterest component to download a representation of the corresponding Pinterest component from Pinterest. More information about Pinterest can be found at https://pinterest.com/. In the course of this technical procedure, Pinterest becomes aware of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Pinterest at the same time, Pinterest recognizes which specific subpage of our website the data subject visits each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Pinterest component and assigned by Pinterest to the data subject’s respective Pinterest account. If the data subject clicks on a Pinterest button integrated on our website, Pinterest assigns this information to the data subject’s personal Pinterest user account and stores this personal data.

Pinterest always receives information via the Pinterest component that the data subject has visited our website if the data subject is logged in to Pinterest at the time of accessing our website; this occurs regardless of whether the data subject clicks the Pinterest component or not. If the data subject does not want this information to be transmitted to Pinterest, they can prevent the transmission by logging out of their Pinterest account before accessing our website.

The privacy policy published by Pinterest, available at https://policy.pinterest.com/privacy-policy (or https://about.pinterest.com/privacy-policy depending on locale), provides information on the collection, processing, and use of personal data by Pinterest.

22. Data Protection Provisions on the Use and Application of X

The controller has integrated X components on this website. X is a multilingual, publicly accessible microblogging service where users can publish and share “posts” (formerly known as “tweets”), which are short messages limited to 280 characters. These posts are publicly visible to anyone, including those not logged in to X. Posts are also displayed to the “followers” of the respective user—followers being other X users who subscribe to a user’s posts. Furthermore, X enables broad reach through the use of hashtags, links, or reposts (formerly “retweets”). The operating company of X is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time a page of this website, operated by the controller and featuring an X component (e.g., an X button), is accessed, that X component prompts the data subject’s internet browser to download a representation of the corresponding X component from X’s servers. More information about X buttons is available at: https://about.twitter.com/en/resources/buttons

During this technical process, X gains knowledge of which specific subpage of our website is visited by the data subject. The purpose of integrating the X component is to enable our users to share the content of this website, enhance our digital visibility, and increase our visitor numbers.

If the data subject is logged in to X simultaneously, X recognizes which specific subpage of our website the data subject visits each time they access our site, throughout the duration of their stay. This information is collected by the X component and assigned by X to the respective X user account of the data subject. If the data subject clicks on an X button integrated on our website, the data and information thus transmitted are assigned to the data subject’s personal X user account and stored and processed by X.

X always receives information via the X component that the data subject has visited our website if the data subject is logged in to X at the time of accessing our website. This occurs whether or not the data subject interacts with the X component. If the data subject prefers that this information not be transmitted to X, they may prevent such transmission by logging out of their X account before visiting our website.

The current privacy policy of X can be accessed at: https://x.com/en/privacy
(If the link redirects or is unavailable, the policy may still be accessed via https://twitter.com/privacy.)

23. Data Protection on the Use of Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform presentation of fonts. When a page is accessed, the browser loads the required web fonts into its browser cache to display texts and fonts correctly. For this purpose, the data subject’s browser must establish a connection to Google’s servers.

The operating company of the Google Web Fonts component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Through this connection, Google becomes aware that our website has been accessed via the data subject’s IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the browser does not support web fonts, a default font is used by the computer.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

24. Data Protection on the Use of YouTube

The controller has integrated YouTube components into this website. YouTube is an internet video portal that enables video publishers to upload video clips for free and allows other users to view, review, and comment on them at no charge. YouTube permits the publication of all kinds of videos, making it possible to view full movies and TV broadcasts, as well as music videos, trailers, or videos created by users themselves, via the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Each time a page of this website that is operated by the controller and in which a YouTube component (YouTube video) is integrated is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. In the course of this technical procedure, YouTube and Google gain knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject visits by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the data subject’s respective YouTube account.

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the time of accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.

The privacy policy published by YouTube, available at https://www.google.com/intl/en/policies/privacy/, provides information on the collection, processing, and use of personal data by YouTube and Google.

25. Data Protection on the Use of DoubleClick

The controller has integrated components of DoubleClick by Google on this website. DoubleClick is a brand of Google under which primarily special online marketing solutions for advertising agencies and publishers are marketed.

The operating company of DoubleClick by Google is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

DoubleClick by Google transmits data to the DoubleClick server with every impression as well as with clicks or other activities. Each of these data transmissions triggers a cookie request to the data subject’s browser. If the browser accepts this request, DoubleClick places a cookie on the data subject’s information technology system. The purpose of the cookie is the optimization and display of advertising. The cookie is used, among other things, to display ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. DoubleClick uses a cookie ID required for handling technical processes. For example, the cookie ID is used to track which ads have already been displayed in a browser, in order to avoid duplicates. DoubleClick can also register conversions using the cookie ID. Conversions are tracked, for example, when a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser’s website with the same internet browser.

A DoubleClick cookie does not contain personal data. It may, however, contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which the user has already been in contact.

Each time a page of this website that is operated by the controller and in which a DoubleClick component is integrated is accessed, the internet browser on the data subject’s information technology system is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and commission settlement. In the course of this technical procedure, Google becomes aware of data, also used to create commission statements. Google may track that the data subject clicked on certain links on our website.

The data subject can, as already mentioned, prevent the setting of cookies by our website at any time by means of a corresponding adjustment of the internet browser used and thus permanently object to the setting of cookies. Such an adjustment to the internet browser used would also prevent Google from setting a cookie on the data subject’s information technology system. In addition, cookies already set by Google can be deleted at any time via an internet browser or other software programs.

Further information and the applicable data protection provisions of DoubleClick by Google can be found at: https://www.google.com/intl/en/policies/.

26. Additional Provisions for UK Residents

UK GDPR & UK Data Protection Act 2018
We also comply with the UK Data Protection Act 2018 (“UK GDPR”), which is closely aligned with the EU GDPR but references the UK’s Information Commissioner’s Office (ICO) as the relevant supervisory authority for individuals in the United Kingdom.

UK Supervisory Authority
If you are located in the UK and believe we have infringed your data protection rights under the UK GDPR, you have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO): Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, Phone: +44 303 123 1113, Website: https://ico.org.uk/

27. Additional Provisions for U.S. Residents

These provisions apply solely to residents of the United States who interact with our services and supplement the information in the rest of this Privacy Policy. Because there is no single federal privacy law in the U.S., specific rights vary by state.

A. California Consumer Privacy Act (CCPA/CPRA)
Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), California residents have the right to:

Know the categories and specific pieces of personal information we collect, use, and disclose;
Delete personal information we collect from them, subject to certain exceptions;
Correct inaccurate personal information we hold about them;
Opt out of the “sale” or “sharing” (for cross-context behavioral advertising) of their personal information, if applicable;
Not be discriminated against for exercising any of these rights.

Categories of Personal Information Collected
We collect the categories of personal information described in this Privacy Policy (e.g., identifiers such as name, email address, IP address).

Purposes for Collection and Use
The business or commercial purposes for which we collect or use personal information are detailed in the “DataCollection/PurposesDataCollection/Purposes” sections above (e.g., to provide our services, process transactions, improve our site, or communicate with you).

How to Exercise Your Rights
California residents may submit a verifiable request to: info@real-estate-majorca.com. When you make a request, we will verify your identity (for example, by matching information you have previously provided to us).

Sale or Sharing of Personal Information
We do not sell personal information in exchange for monetary compensation. If, in the future, we ever “sell” or “share” personal information under the CCPA/CPRA definitions, we will provide a “Do Not Sell or Share My Personal Information” link or banner on our website.

B. Other U.S. State Privacy Laws
Several other states (such as Colorado, Virginia, Connecticut, and Utah) have enacted privacy laws granting residents various rights regarding their personal data. If you reside in one of these states, you may have the right to request:

Access to the personal data we hold about you,
Deletion of certain personal data,
Correction of inaccurate personal data,
Opt out of certain data processing activities, including targeted advertising.

To exercise these rights or if you have any questions, please contact us at: info@real-estate-majorca.com
We will respond in accordance with applicable state laws.

C. Children’s Privacy (COPPA)
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, do not use our services or send us any personal data. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information as quickly as possible.

D. Federal Trade Commission (FTC)
In addition to state privacy laws, we strive to comply with U.S. federal guidelines enforced by the FTC against unfair or deceptive practices. If you have any concerns, please contact us using the information provided in this Privacy Policy.

28. Legal Basis of Processing

Art. 6(1)(a) GDPR serves as our company’s legal basis for processing operations in which we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, such as when processing operations are required for the supply of goods or for the provision of another service, processing is based on Art. 6(1)(b) GDPR.

The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example in cases of inquiries regarding our products or services. Where our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person, for example if a visitor to our company were injured and their name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party.

Then processing would be based on Art. 6(1)(d) GDPR. Finally, processing operations could be based on Art. 6(1)(f) GDPR if it is necessary for the purposes of our legitimate interests or those of a third party, provided such interests are not overridden by the interests, fundamental rights, or freedoms of the data subject. Such processing operations are permitted particularly because they have been specifically mentioned by the European legislator (see Recital 47, second sentence, GDPR).

29. Legitimate Interests in Processing Pursued by the Controller or a Third Party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business activities for the welfare of all our employees and shareholders.

30. Period for Which Personal Data Are Stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of this period, the corresponding data are routinely deleted, provided they are no longer necessary for the fulfillment of a contract or the initiation of a contract.

31. Statutory or Contractual Requirements to Provide Personal Data

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., details of the contractual partner). Sometimes it may be necessary to conclude a contract that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. The non-provision of personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for concluding the contract, whether there is an obligation to provide personal data, and what the consequences of not providing the personal data would be.

32. Existence of Automated Decision-Making

As a responsible company, we do not use automatic decision-making or profiling. This privacy policy was created with the help of the Data Protection Declaration Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the External Data Protection Officer in Berlin, in cooperation with the data protection (GDPR) lawyers of the law firm WILDE BEUGER SOLMECKE | Rechtsanwälte. For more information on data protection, please see:

The Federal Commissioner for Data Protection and Freedom of Information
Husarenstraße 30 | D-53117 Bonn
Phone: +49 (0)228-997799-0
poststelle@bfdi.bund.de

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Privacy Policy