Privacy statement

Last updated 8th of May 2019

With this data protection declaration, campstar Worldwide Camping GmbH (hereinafter: "we" or "us") informs you about the processing of your personal data (hereinafter "data") when visiting our website ( https://www.campstar.com ) and using our services.

You will also receive information about the rights you are entitled to. Data protection is of great importance to us and we naturally comply with the applicable data protection regulations, the European Data Protection Regulation (GDPR) and the Federal Data Protection Act. Our website and our services are not directed at children under the age of 16.

If you have any questions about data protection, please do not hesitate to contact us using the contact details given below.

1
Responsible for data processing is:

campstar Worldwide Camping GmbH
Stadtdeich 5, 20097 Hamburg
datenschutz@campstar.com

Name and adress of data protection officer:
Niklas Hanitsch
Datenschutz hoch 4 GmbH
Oevelgoenne 4b
22605 Hamburg, Deutschland
Tel.: +4940809081146
Email: dsb@daten4.de
Website: http://www.daten4.de

 

I. Data processing within the scope of your visit to our website

When you use our services, there are certain pieces of information we ask for. This is done for the purposes described below and to the extent described below. We will only pass on your data to third parties as described below.

 1. Provision of our website and services

 When you visit our website, we automatically collect and process data from you to provide our website and services.

To provide our website we collect and process the following data from you:

- Date and time of your access

- Your IP-address

- the address of the website from which you have been redirected

- the websites you visit on our site

- Information about your Internet browser (browser type and version)

- the operating system of the device with which you access our website and services

- Your Internet Service Provider

 For security reasons, this information is stored in log files and deleted after 7 days. The data in the log files is stored separately from your other data.

A longer storage is only necessary in individual cases (e. g. in case of concrete suspicion of abuse or fraud). In these cases, the respective log files are stored until the facts of the case have been clarified and subsequent necessary measures have been completed.

 To provide our website and its services, we use service providers who process your data exclusively on our behalf. In accordance with our instructions and who have taken suitable technical and organizational measures to protect your rights. Stated in this data protection declaration (so-called contract processors according to Article 28 (GDPR) These include:

- For the hosting of the website including related services:

· Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Telefon: +1 (425) 882 8080

· Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telefon: +353 (0) 1 295 3826

The legal basis for processing your data to provide our website and services is Article 6 paragraph 1 sentence 1 letter f) GDPR. We have a legitimate interest in processing your data so that we can provide our website and its services technically flawless, secure and optimized for your needs. The data of the server log files is stored separately from other data.

2
Cookies

 When you visit our website, we also collect and use your information. So, you can use our website and services more conveniently and to measure and improve the effectiveness of our marketing activities. We also use so-called cookies.

Cookies are small text files that are stored on your device via your internet browser. You can find out more about the term and the functioning of cookies and other data protection and technical terms below under "Help with data protection terms".

On our website we allow our partners to use these technologies to understand your surfing behavior. We always use the most data protection-friendly option, for example by pseudonymizing or anonymizing your data as early as possible. This data protection declaration explains in detail how we use these technologies. There you will also learn how you can object to such data use.

You have the option of deactivating the use of cookies by clicking on the data protection tab under "internet options". Depending on your internet browser, there are different methods to reject cookies from websites and cookies from third parties.

 You can generally deactivate the use of cookies in your browser settings. Without the use of cookies, however, some functions of this website may not function or may not function conveniently for you as usual.

 To provide this website we use the following cookies:

Cookie:

 Google Tag Manager

 Provider:

 Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 Opt-Out:

 https://adssettings.google.com/authenticated

 Cookie:

 Google AdSense

 Provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irleand

 Opt-Out:

 https://adssettings.google.com/authenticated

 Cookie:

 Google Ad Measurement

 Provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 Opt-Out:

 https://adssettings.google.com/authenticated

Cookie:

 Google Keywords

 Provider:

 Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 Opt-Out:

 https://adssettings.google.com/authenticated

 Cookie:

 Google Analytics

 Provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 Opt-Out:

https://adssettings.google.com/authenticated

Cookie:

Google Remarketing

Provider: 

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 Opt-Out:

 https://adssettings.google.com/authenticated

 Cookie:

 Google Maps

 Provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 Opt-Out:

 https://adssettings.google.com/authenticated

 Cookie:

 Facebook Pixel

 Provider:

 Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

 Opt-Out:

 https://www.facebook.com/settings?tab=ads

 Cookie:

 Trustpilot

 Provider:

 Trustpilot A/S, Pilestraede 58, DK-1112 Copenhagen, Denmark

 Opt-Out:

 Via Mail to: privacy@trustpilot.com

 Cookie:

 Social Plugins

 Provider:

See point 10: Use of social plugins

You can find out more about the use of cookies in this data protection declaration at the points related to the use of cookies. You will also find further information on the websites http://www.meine-cookies.org/ and http://www.youronlinechoices.com  about cookies and the individual providers and may object to usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/ .

 

3
Contact us

You have the possibility to contact us in different ways. This includes contacting us using the forms on our website and by e-mail. Depending on the content of your message, the data processing that takes place within the scope of contacting us may serve different purposes. In general, we store and process the data provided to deal with the issue you submitted. Your data is also stored and processed in a customer management system.

The legal basis for the processing of your data in the context of contacting us is Article 6 paragraph 1 sentence 1 letter f) GDPR. We have a legitimate interest in processing your data so that we can offer you a quick way to contact us and ensure that your request is processed in accordance with your interests.

 Another matter only applies if the content of your contact serves directly to establish a contractual relationship between us. In these cases, we base the processing of your data on Article 6(1), first sentence, point (b) of the GDPR.

 After making contact your stored data will be deleted as soon as it’s no longer required and it’s not subject to any legal storage obligations. The check whether a storage is necessary is carried out at least once a year.

4
Use of our Newsletter

 On our website you can subscribe to a free newsletter including advertisements if you have expressly consented to its receipt. To prevent fraudulent use, you will first receive an e-mail with a confirmation link which you must activate to receive the actual newsletter (so-called double opt-in procedure).

When you register for the newsletter, your e-mail address, your IP address and the date and time of your registration will be transmitted to us and stored and processed by us. Your data will only be used to prove your consent to receive and dispatching of the newsletter.

The legal basis for the processing of your data is Article 6(1), first sentence, point (f) of the GDPR. We have a legitimate interest in processing your data so that we can inform you about interesting offers and information and prove your agreement to receive the newsletter.

To send out our newsletter we use the following service provider, who has processed your data exclusively on our behalf and in accordance with our instructions (so-called contract processor according to Article 28 GDPR) and has taken the appropriate technical and organizational measures to protect your rights.

-MailChimp, The Rocket Science Group, LLC

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Your data will be processed in and transferred to the USA that means a third country outside the European Union (EU) or the European Economic Area (EEA). There is no adequacy decision of the EU Commission for this country, which guarantees that a level of data protection complies with the European standard exists there. To protect your data effectively, the transmission and processing is carried out based on the so-called EU-US Privacy Shield, under which the provider is registered. Further information can be found here: https://www.privacyshield.gov/welcome

If we send you the newsletter regularly your data will be stored. If we no longer send you a newsletter, we will delete your data no later than 24 months after the last newsletter was sent to you. Your IP address will be deleted 7 days after registration.

Please note that you can unsubscribe at any time by sending an email to datenschutz@campstar.com or by clicking on the unsubscribe link included in each newsletter.

 

5
Integration of external content

 We have included third party content in some places on our website. These include videos, map services, images and fonts. In connection with the integration of this content, it is technically necessary that the offering third parties are informed of your IP address so that the content can be displayed to you. We do not store your IP address for the integration of external content.

 Third-party providers may use your IP address, the use of cookies and other technologies (e.g. pixel tags, i.e. invisible graphics) to track your surfing behavior and, in addition to your IP address, process other technical information (including browser type/version, operating system used, the page you have previously visited, the host name of the accessing device and the time and other information about the use of our online offering).

 The legal basis for the processing of your data by us is a balance of interests (Article 6 paragraph 1 sentence 1 letter f) GDPR). We have a legitimate interest in optimizing our website and improving our services.

 A more detailed description of whose content is embedded and how your data is processed is given below in the respective description of the embedded content:

·       YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

·       Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

·       Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

·       Billwerk (Billwerk GmbH, Mainzer Landstraße 51, 60329 Frankfurt am Main, Deutschland). Privacy policy: https://billwerk.com/datenschutz

·       The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA for the services Mailchimp.

Privacy policy: https://mailchimp.com/legal/privacy/ 

Opt-Out: personaldatarequests@mailchimp.com

·       Survicate (Survicate Office, Przyrynek 14, Warsaw, Poland). Privacy policy: https://help.survicate.com/legal-support/gdpr-privacy-policy-and-dpa

·       HotJar (HotJar Ltd, Level 2, St.Julians Business Centre, 3, Elia Zammit Street, St. Julians STJ 1000, Malta, Europe). Privacy policy: https://www.hotjar.com/legal/policies/privacy . Opt-Out: https://www.hotjar.com/legal/compliance/opt-out

·       Tidio (Tidio LLC, 180 Steuart St., CA 94119, San Francisco, USA). Privacy policy: https://www.tidio.com/en/privacy-policy/

 

6
User account

You have the option to create and use an account. When registering, the required fields will be marked with an asterisk, in order for you to know data you must send us to register. The other specifications are optional and serve to improve the use and to offer you additional features. In addition, we collect and store your IP address and your activity for a period of 28 days to prevent fraudulent use and unauthorized use of your account.

The legal basis for processing your data in connection with the registration and use of the account is Article 6(1), first sentence, point (f) of the GDPR. We have a legitimate interest in processing your data, so you can use your customer account and the associated additional functions.

You can delete your user account including your data at any time.

Your data stored during the registration and use of your account will be deleted within 7 days after you have informed us of your wish to delete your customer account. This does not apply to data that must be retained for commercial or tax law reasons. We store this data based on Article 6 paragraph 1 sentence 1 letter c) of the Basic Data Protection Regulation and delete it upon expiry of the legal retention period.

 

7
Commenting function

You can post comments on our website. We collect and process the requested data linked to the comment and the content of your comment, which is generally published on our website. In addition, we collect and store your IP address to prevent fraudulent use and unauthorized use, especially in coherence with the provision of illegal content, and, if necessary, to have it prosecuted.

The legal basis for processing your data related to the use of the commentary function is Article 6 paragraph 1 sentence 1 letter f) GDPR. We have a legitimate interest in processing your data, so you can use the comment function.

Your processed data related to the use of the comment function will be deleted as soon as it’s no longer required or as soon as you successfully request deletion of your comment. The IP address stored within the scope of the comment function is automatically deleted after 7 days, unless we have a legitimate interest in storing the IP address longer, for example in the case of illegal content.

 

8
Use of web analysis services

 When you visit our website, we automatically collect and process data to track the behavior of visitors, so that we can optimize our website and adapt it accordingly.

The legal basis for the processing of your data is Article 6(1), first sentence, point (f) of the GDPR. We have a legitimate interest in conducting web analysis on a pseudonymized basis to better understand our users, to optimize our website accordingly and to determine whether the Internet advertising we place achieves the results we desire.

A more detailed description of which services we use and how your personal data will be processed is given below in the respective description of the services used. You can object to the use of these services by opting-out. However, please note, that you may not be able to use all functions of our website.

a) Google Analytics (with anonymization function)

 On this website we use the web analysis service Google Analytics (with anonymization function) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of the Google Analytics component is to analyze the use of our website by visitors. Google as our contract processor, provides us with reports according to Article 28 GDPR. With the reports we can display and evaluate the activities on our website.

 A Google Analytics cookie is stored on the device you visit our website with. By accessing individual pages of this website, the Google Analytics component automatically transfers the Internet browsers data on your device to Google for online analysis. As part of this technical process, Google receives information about your personal data, information about the browser type/version, operating system used, the page you have previously visited, the host name of the accessing device, IP address and the time of the request, which Google uses, among other things, to trace the origin of visitors and clicks. However, this data is not merged with any other data about you. In addition, we use the function whereby Google automatically shortens the IP address of your Internet connection and thus makes it anonymous when you access our website from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area. If, in exceptional cases, data is processed outside the EEA, where there is no data protection level that meets the European standard, this is done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA

 You can object to the use of cookies by configuring your Internet browser so that generally cookies are not stored.

 Alternatively, you can use the browser add-on, which you can download and install here: https://tools.google.com/dlpage/gaoptout

 The installation of the browser add-on is contradictory. If your device is erased, formatted, or reinstalled, you must reinstall the browser add-on.

 Further information and Google's current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/  and http://www.google.com/analytics/terms/de.html Google Analytics will be explained in more detail via the following link: https://www.google.com/intl/de_en/analytics/

 We have configured Google Analytics in such a way that the data on which the reports are based on is deleted within 24 months.

 

9
Marketing services

We collect and process data on our website to be able to show you more suitable advertising on this and other websites (remarketing/re-targeting) and to measure the success of our advertising campaigns. We work together with providers who help us to understand whether users can reach us via certain advertising measures (so-called conversion tracking). In this context, pseudonymous user profiles are created. The legal basis for the processing of your data is Article 6(1), first sentence, point (f) of the GDPR. We have a legitimate economic interest in presenting advertisements of interest on our website and in measuring the success of placed advertisements.

 You can object to the use of these services by opting-out. However, please note, that you may not be able to use all functions of our website.

  a) Google Marketing Services

 On these websites we use marketing services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 The services used include:

AdWords: The use of the Google service AdWords allows us a conversion tracking, i.e. it can be determined whether you have reached our website via a Google ad. Based on that we are not able to identify you. Only statistics are created.

Double-click: The use of the Google Double-Click service allows us to present relevant advertisements to the user. Cookies are used to identify the user's browser. In this way it can be traced what displays were shown to the user and what displays he opened.

AdSense: Using the AdSense Google service allows us to display third-party ads on our pages. Cookies and pixel tags are used to evaluate visitor behavior and to be able to display ads that are as relevant to your interests as possible.

Google Re-Marketing: The use of Google's Re-Marketing function allows us to display interest-based advertisements to the user within the Google advertising network that refer to content that the user has previously accessed on our website. This can also be done across devices.

Google Tag Manager: Using the Google Tag Manager service only allows us to integrate the listed services by implementing the other cookies/tags.

Firebase: Using the Google Firebase service allows us to analyze user groups and display push messages in which only anonymous data is transmitted to Firebase. Here you can get further information: https://www.firebase.com/terms/privacy-policy.html

 

Google uses cookies and cookie-like technologies such as pixel tags (i.e. small transparent graphics, also called web beacons) and processes personal data about you, information about browser type/version, operating system used, the page you previously visited, the host name of the accessing device, IP address and the time of the request as well as offers, search terms and content in which you were interested. This data is transmitted to Google. User profiles are created on a pseudonymized basis. This means we cannot identify you based on that. For more information, please visit https://policies.google.com/technologies/types

 The cookies are automatically deleted after 30 days. You can object or adapt the use to meet advertisement interest here: https://www.google.com/ads/preferences/?hl=en

If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA

 For more information and Google's current privacy policy, visit https://policies.google.com/privacy  the functionality of the Google marketing services is explained in more detail via the following link: https://policies.google.com/technologies/ads

b) Facebook-Pixel

On this website we use the so-called "Facebook pixel" of the provider Facebook (for EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; International: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). This is a small, invisible pixel that connects to Facebook servers when you visit our website. Personal data such as the IP address and other information such as browser type/version, operating system used, the page you have previously visited, the host name of the accessing device, IP address and the time of the request can also be transmitted. This makes it possible for Facebook to identify the users of our website and to display targeted advertising to those users who are interested in our website. We can also use the Facebook pixel to see if our Facebook ads are effective.

If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

You can find Facebook's privacy policy here: https://www.facebook.com/policy.php You can object to the collection by the Facebook pixel and use of your data here: https://www.facebook.com/settings?tab=ads .

10
Social plugins

On our website we use so-called "social plugins" of various social networks (hereinafter: "plugin providers"). A social network is an internet-based social meeting point that enables users to communicate with each other and interact in a virtual space. The legal basis for the processing of your data is Article 6(1), first sentence, point (f) of the GDPR. We are interested in providing the most convenient and optimized offer on our website and to operate economically by integrating social plugins and the analyses that are thus possible at the same time.

 The social plugins are deactivated by default. Therefore, the social plugins do not send any data to the respective social plugin providers without your permission. You can only use the social plugins when you click on the buttons.

After activating the plugin, a direct connection to the system of the respective social plugin provider is established via your Internet browser. The content of the social plugin is then transmitted directly to your Internet browser and integrated into our website. At the same time the social plugin transmits the information to the respective social plugin provider that you have called the corresponding page of our Internet presence. This applies regardless of whether you have created a profile with the social plugin provider or logged in or then actively use a social plugin (e. g. by clicking the "I like" button or by making a comment). With active use of a social plugin, the corresponding information is transmitted directly from your Internet browser to the respective social plugin provider and stored there. As soon as you are logged in at the same time at one of the social plugin providers, they can assign your visit to our website to your account created there.

 We have no influence on the type and extent of the data collected and transmitted. Details on the scope and purpose of data collection, processing and use can be found in the data protection information of the social plug-in providers. There you can see your rights and setting options to protect your privacy. If you do not agree to a social plugin provider assigning the data collected through our website to your account, we would ask you to log out of your account with the respective social plugin provider before activating the social plugin. If you do not want the social plugin providers to receive, save and use data at all, please do not use or click on the respective social plugins.

 

a) Facebook

 The social plugins of the social network Facebook are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com ), and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (www.facebook.de ) ("Facebook"). An overview of Facebook's plug-ins can be found here: http://developers.facebook.com/docs/plugins ; information on data protection on Facebook can be found here: www.facebook.com/policy.php

 If data is processed outside the EEA, where no data protection level according to the European standard exists, it’s done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.

 If you would like to object to the data collection by Facebook in the future, you can

 do this here: https://www.facebook.com/settings?tab=ads

 

b) Google+

 Plugins of the social network Google+: are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). An overview of Google+ plugins can be found here: https://developers.google.com/+/plugins ; information on data protection at Google+ can be found here: www.google.com/intl/de/+/policy/+1button.html  

 If data is processed outside the EEA, where no data protection level according to the European standard exists, it’s done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA

 If you wish to object to the future collection of data by Google, you can do so here: http://www.google.com/ads/preferences

 

c) Instagram

Instagram plug-ins are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Instagram"). An overview of Instagram plug-ins can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges ; information on data protection at Instagram can be found here: https://help.instagram.com/155833707900388/

 

d) Twitter

 Twitter's social plug-ins are operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of Twitter plugins can be found here: https://twitter.com/about/resources/buttons ; information on data protection on Twitter can be found here: https://twitter.com/en/privacy .

If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

If you wish to object to the collection of data via Twitter in the future, you can set an opt-out cookie here: https://twitter.com/personalization

 

11
Handling of payments

You can make payments on our website.

 The legal basis for the processing of your data for payment handling is to fulfill the existing contract between us or to carry out pre-contractual measures (Article 6 paragraph 1 sentence 1 letter b) GDPR).

 - Billwerk (Billwerk GmbH, Mainzer Landstraße 33a, 60329 Frankfurt am Main, Germany). Privacy Policy: https://billwerk.com/datenschutz

 

12
Other service providers

We also use service providers (cloud providers, providers of accounting and comparable services, payment service providers) who process your personal data exclusively on our behalf in accordance with Art. 28 GDPR and in accordance with our instructions and who have taken appropriate technical and organizational measures to protect your rights.

 Where data is transferred outside the EEA, where no standard comparable to the European data protection level exists, this shall be done based on appropriate guarantees in accordance with Articles 44 to 49 GDPR.

 

II. Data processing within the framework of our online presences

In addition to the website, we are also represented on online platforms and social networks. If you visit these websites and communicate with us via them, the terms and conditions and data protection guidelines (see below) as well as this data protection declaration apply. In this respect, we may be jointly responsible with the provider under data protection law.

Your data can be processed for analysis and advertising purposes. This is done, for example, by creating usage profiles based on your usage behavior and the resulting interests. Cookies are usually used to store the user profiles, which make it possible to analyze your usage behavior and your interests. As a rule, the user profiles serve to enable advertisements to be placed with the respective provider or elsewhere on the Internet that correspond to your interests. Furthermore, other data may be stored in addition to the user profiles, especially if you are a registered user of the platform of the respective provider and you are logged in at the time. For a detailed description of the processing of the respective providers and the possibilities of objection (opt-out), we refer to the information of the providers linked below.

If you visit us online and communicate via our platform, the data processing takes place based on your consent (Article 6 paragraph 1 sentence 1 letter a) GDPR) if you have granted this. Otherwise, data processing, communication with us, is based on legitimate interests (Article 6 paragraph 1 sentence 1 letter f) GDPR. In this respect, we are interested in providing the most informative, customized and appealing online appearance possible.

We will delete your data (the content matter of our communication) as soon as they are no longer required for the respective purpose and as far as we are able to do so. You have the rights listed under "Your rights" (see below). Since access to your data is only partly possible for the respective provider, you should in any case also assert your rights against him.

 

Facebook

Facebook (Facebook Inc. , 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com ) and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Bulin 2, Ireland (www.facebook.de) ) enables us to receive your anonymized data on so-called fan pages using the Facebook Insight function, which is available as an irrevocable part of the user relationship. This data is collected using cookies, each of which contain a unique user code. The user code can be linked to your Facebook login information if you are registered on Facebook and is collected and processed when you visit the fan page.

 Information on data protection on Facebook can be found here https://www.facebook.com/about/privacy/

If you would like to object to the data collection by Facebook for the future, you can do so here: https://www.facebook.com/settings?tab=ads

If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.

 

Google

 Information on data protection at Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) can be found here: https://policies. google. com/privacy

 If you wish to object to the future collection of data by Google, you can do so here: http://www.google.com/ads/preferences  

 If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA

Instagram

 Information on data protection at Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and an opportunity to object can be found here: http://instagram.com/about/legal/privacy/

 

LinkedIn

 Privacy Policy of LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) can be found here: https://www.linkedin.com/legal/privacy-policy.

If you wish to object to the collection of data by LinkedIn in the future, you can set an opt-out cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

 

Twitter

 Information on data protection on Twitter (Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND) can be found here: https://twitter.com/en/privacy .

 If you wish to object to the collection of data via Twitter in the future, you can set an opt-out cookie here: https://twitter.com/personalization  

 If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

 

III. Data processing as part of applications

 If you send us data about yourself as part of an application (your name, contact details, CV, cover letter, references, etc.), we will store and process these exclusively for the duration of the application process and to carry out the application procedure. The legal basis for this is Article 6(1), first sentence, point (b), GDPR. After completion of the application process your data will be securely deleted. We do not pass these on to third parties. Only those persons who need to know internally during the application procedure or employment relationship are made aware of this.

 Please note that we do not require any information about race, ethnic origin, gender, religion or belief, disability, age or sexual identity, illness, pregnancy, political opinion, philosophical or religious beliefs, union membership, physical or mental health or sex life in your application.

 

 IV. Routine deletion and blocking of data

 We store your data only for the period necessary to achieve the storage purpose or if this is specified by the European Directive and Ordinance Giver or another legislator in laws or regulations to which we are subject. In this respect, Germany is subject in particular to an obligation to retain data for six years in accordance with Section 257 (1) of the German Commercial Code (in particular commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents) and for ten years in accordance with Section 147 (1) of the German Tax Code (in particular books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation). If the storage purpose no longer applies or if a legally prescribed storage period expires, your personal data will be blocked or deleted routinely and in accordance with legal regulations. Please also note the specific information on individual storage and deletion periods in this data protection declaration.

 

V. Your rights

 As a data subject (Article 4 No. 1 GDPR) you have numerous rights towards us, below we would like to inform you about them. Details can also be found in Articles 15 to 21 of the GDPR and Sections 32 to 37 Federal Data Protection Act(in the version applicable from 25 May 2018).

 To assert your rights, please contact the following office:

 datenschutz@campstar.com

 

1. Right to information

 You have the right to obtain information from us as to whether and which data we process about you. This also includes information on how long and for what purpose we process the data, where they come from and to which recipients or categories of recipients we pass them on to. In addition, we can provide you with a copy of this data.

2. The right to correction

 You have the right that we immediately correct any information about you that is incorrect or no longer applicable. You may also request that your incomplete personal data be completed. If this is required by law, we will also inform third parties about this correction if we have passed on your data to them.

 3. Right to cancellation ("right to be forgotten")

 You have the right to ask us for deletion of your personal data immediately if one of the following reasons applies:

 - Your data is no longer necessary for the purposes it was collected for or otherwise processed, or the purpose has been achieved;

 - You revoke your consent and there is no other legal basis for the processing;

 - You object to the processing and there are no overriding legitimate reasons for the processing; in the case of the use of personal data for direct marketing, a sole objection on your part to the processing is sufficient;

 - Your personal data has been processed unlawfully;

 - the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.

 Please note that your right to cancellation may be restricted by law. These include the restrictions listed in Article 17 GDPR and § 35 Federal Data Protection Act of the Republic of Germany (in the version applicable from 25 May 2018).

 4. Right to limitation of processing (blocking)

 You have the right to request a restriction of the processes of your personal data if one of the following conditions is met:

 - You deny the accuracy of your personal data for a period that enables us to verify the accuracy of the personal data;

 - the processing is unlawful, and you refuse to delete the personal data and instead request that the use of your personal data be restricted;

 - we no longer need your personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims, or

 - You have filed an objection against the processing if it is not yet clear whether our justified reasons outweigh yours.

 If you have obtained a restriction on processing as set out above, we will notify you before the restriction is lifted.

 5. Right of revocation for consents

 You can revoke your consent given to us at any time with effect for the future. This revocation can take place in the form of an informal message to the above-mentioned contact addresses. This also applies to consents that you have given us before the validity of the GDPR (i.e. before 25 May 2018). If you revoke your consent, the legality of the data processing carried out up to then will not be affected. As a rule, the consequence of a revocation is that you can no longer use our service, in the context of which we have asked you for your consent or can no longer use it in full.

 6. Right to data transferability

 You have the right to receive personal data that concerns you and that you have provided to us in a structured, common and machine-readable format and to transmit this data to others. For details and restrictions, see Article 20 GDPR. Exercising this right does not affect your right to cancellation.

 7. The right of appeal to the supervisory authority

 If you believe that the processing of your data by us violates applicable data protection law, you have the right of complaint to one of the competent supervisory authorities, i.e. the Hamburg Commissioner for Data Protection and Freedom of Information or the respective supervisory authority in the member state of your place of residence, your workplace or the place of presumed data protection violation.

 8. Right of objection under Article 21 GDPR

 Article 21 GDPR gives you the right to object to the processing of your data at any time for reasons arising from your situation, if we base this processing on legitimate interests in accordance with Article 6(1), first sentence, point (f) GDPR. If you object, we will no longer process your personal data, except in two cases:

 - we may prove compelling grounds for processing that outweigh your interests, rights and freedoms, or

 - the processing serves to assert, exercise or defend legal claims.

 Even if we process your personal data for direct advertising (e.g. in the context of our newsletter), you have the right to object at any time to the processing of your data for such advertising. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this purpose.

VI. Help with data protection terms

 In this data protection declaration, we use some terms which have also been used by the legislator, in the European Data Protection Basic Regulation (GDPR). Since it is important to us that you understand this data protection declaration, we will explain some important terms in alphabetical order below:

Browser: This is a program for displaying websites on the Internet, for example the programs Mozilla Firefox or Google Chrome.

Cookies: These are small text files that contain a characteristic character string (cookie ID) and are stored on your device (e. g. smartphone or computer) via an Internet browser if you do not prevent this by technical settings. Cookies enable the visited Internet pages and servers to distinguish your individual browser from other Internet browsers. A Internet browser can therefore be recognized and identified by its unique cookie ID. This makes it easier for you to use our website, as you only need to enter certain data once, for example. If possible, we use cookies that are deleted when you close your browser (so-called session cookies). In addition, we also use cookies that are stored on your computer for a longer period (so-called persistent cookies). In addition to the option of configuring your browser so that it does not accept cookies, you can delete cookies already set at any time via an Internet browser or other programs. Please note, however, that the non-use of cookies may result in not all functions of our website or services being fully usable.

Consent: This is any informed and unequivocal statement of intent, made voluntarily by the data subject in the specific case, in the form of a statement or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

Data controller or controller: these are natural or legal persons, authorities, institutions or other bodies which alone or together with others decide on the purposes and means of processing personal data.

Data subject: This is any identified or identifiable natural person whose personal data are processed by the controller.

IP address: This is an address assigned to your device (e. g. smartphone or computer) on the Internet so that your device can be addressed and reached there.

Personal data: This is all information relating to an identified or identifiable natural person (also called "data subject"). Identifiable is a natural person who can be identified directly or indirectly, by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Pixel tags (web beacons): These are small, usually invisible graphics that are integrated into websites and other services for statistical analysis, usually for marketing purposes.

Profiling: This is a type of automated processing of personal data, which consists in the use of this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.

Pseudonymization: This is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the need for further information. This is particularly the case if the additional information is kept separately and technical and organizational measures have been taken to ensure that the assignment to an identified or identifiable natural person is no longer possible with reasonable effort.

Processing: This means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data such as the collection, organization, arrangement, storage, adaptation or modification, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.

Processor: This is a natural or legal person, authority, institution or other body that processes personal data on behalf of a data controller.

Recipient: This is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not.

Restriction of processing: This is a marking of stored personal data in such a way that its future processing (for example with a view to certain processing purposes) is restricted.

Third party: This is a natural or legal person, authority, institution or other body (other than the data subject), the data controller, the processor and the persons authorized to process the personal data under the direct responsibility of the data controller or the processor.

VII. Security

We use technical and organizational security measures to protect your personal data against misuse, loss, destruction or against access by unauthorized persons. Our security measures correspond to the current state of the art.

 VIII. Validity and changes of the data protection declaration

 This data protection declaration is currently valid and dated 09. 07. 2018

 Due to the further development of our website or the implementation of new technologies, it may become necessary to change this data protection declaration. We reserve the right to make appropriate changes at any time.

 IX. Your questions about data protection

 If you have any questions about this privacy statement or your rights, please contact: datenschutz@campstar.com .