Definitions of the terms used (e.g., “personal data” or “processing”) can be found in Art. 4 GDPR.
The Provider’s domains include:
The website operator or page provider collects data about access to the website based on our legitimate interest (see Art. 6 section 1 lit. f. GDPR) and stores them as “server log files” on the website server. The following data is logged in this way:
- Visited website
- Time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address
The server log files are stored for a maximum of four days and then deleted. The data is stored for security reasons, e.g., to be able to clarify cases of abuse. If data must be retained for evidentiary reasons, they are exempt from deletion until the incident is finally clarified.
The IP address is stored for the sole purpose of taking countermeasures in the event of attacks on the server, spam prevention, and disregard of the general netiquette in the comment function and is deleted with the server’s log files after four days. An exception is a case that the IP address was stored in the firewall due to an attack.
Basic logging of the IP address does not occur but can be activated individually for each domain if necessary. The exception is the TOR inbound proxy, where the IP address is used in an encrypted state for load balancing and the detection and containment of above-average accesses.
Collection and processing of personal data
The website operator collects, uses, and discloses your data only if this is necessary for the operation of the service, is permitted by law or if you consent to the collection of data. Personal data is any information that can be used to identify you and can be traced back to you – for example, your name, e-mail address, and telephone number.
You can also visit this website without providing any personal information. However, to improve our online services, we store (without personal reference) your access data to this website. This access data includes, for example, the file you requested or the name of your Internet provider. By anonymizing the data, it is not possible to conclude your person.
Handling of contact data
If you contact us as the website operator through the contact options offered, your details will be stored so that they can be used to process and respond to your request. This data will not be passed on to third parties without your consent.
Integration of third-party sources
As far as possible, the website operator undertakes to refrain from integrating third-party sources. Integrations from already mentioned domains and their subdomains are excluded from this, as the website operator provides them.
- IP address, anonymized by shortening
- Two cookies to distinguish different visitors (pk_id and pk_sess)
- Previously visited URL (referrer), if transmitted by the browser
- Name and version of the operating system
- Name, version, and language setting of the browser
The storage and evaluation of the data take place exclusively on a central server operated by BKA.li. The legal basis for processing the users’ data is Art. 6 section. One lit. f GDPR. The processing of the users’ data enables us to analyze the usage behavior of our users. We can compile information about using our websites’ components by evaluating the data obtained. This helps us to improve our websites and their user-friendliness continuously. These purposes are also our legitimate interest in processing the data, according to Art. 6 section. One lit. f GDPR. By anonymizing the IP address, users’ interest in their data protection is sufficiently taken into account.
The data is deleted after forming the final annual totals for the access statistics.
Of course, you can opt-out of the data collection. You have the following independent options to object to data collection by the central server:
Activate the Do-Not-Track or Do Not Follow setting in your browser. As long as this setting is active, our central Matomo server will not store any data from you. Important: The Do-Not-Track statement usually only applies to the one device and browser you enable the setting. If you use multiple devices/browsers, you must activate Do-Not-Track everywhere separately.
The storage and evaluation are always anonymized. Session cookies are deleted at the latest when you close your browser.
Personal user profiles are not created.
Services that can/must be integrated on external pages, such as Commento, fonts, or the files on the CDN, will never be part of web analytics!
Right of complaint to the competent supervisory authority
In the event of violations of data protection law, the affected party has a right of appeal to the competent supervisory authority. The competent supervisory authority in data protection law matters is the state data protection commissioner of the federal state our company is based on. A list of data protection officers and their contact details can be found at the following link: bfdi.bund.de.