We are delighted by your interest in our company. Data protection is a matter of particular importance to the management of Absolute Shine UG. It is generally possible to use the websites of Absolute Shine UG without providing any personal data. However, if a data subject wishes to make use of particular services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain consent from the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in compliance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to Absolute Shine UG. Through this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about their rights through this privacy policy.
Absolute Shine UG, as the data controller, has implemented numerous technical and organisational measures to ensure the most comprehensive protection possible for personal data processed via this website. Nevertheless, internet-based data transfers can fundamentally have security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, it is up to each data subject to transmit personal data to us via alternative means, such as by telephone.
1. Definitions
The Absolute Shine UG's privacy policy is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy policy, we use a number of terms, including:
a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the „data subject“). A natural person is considered identifiable who can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Affected person
The data subject is any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing
Processing is any operation or set of operations carried out with or without the help of automated procedures in connection with personal data, such as collecting, recording, organising, arranging, storing, adapting or altering, retrieving, querying, using, disclosing by transmission, dissemination or any other form of provision, matching or linking, restricting, erasing or destroying.
Processing restriction
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
e) Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or data controller
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Data Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third
A third party is a natural or legal person, public authority, agency or other body, other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with data protection character is the:
Absolute Shine UG & Co. KG
Under the Lay 26
56457 Westerburg
Germany
Tel.: +491755216715
E-Mail: info@belle-stay.com
www.belle-stay.com
3. Cookies
The internet pages of Absolute Shine UG use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters, which allows websites and servers to be associated with the specific web browser in which the cookie has been stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other web browsers that contain different cookies. A particular web browser can be recognised and identified via the unique cookie ID.
By using cookies, Absolute Shine UG can provide users of this website with more user-friendly services that would not be possible without the use of cookies.
Through the use of cookies, information and offers on our website can be optimised for the user. As previously mentioned, cookies enable us to recognise users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not have to enter their login details again on each visit to the website, because this is handled by the website and the cookie stored on the user's computer system. Another example is a cookie for an online shop's shopping cart. The online shop remembers the items a customer has placed in their virtual shopping cart via a cookie.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, it is possible that not all functions of our website can be used in full.
4. Collection of general data and information
When a data subject or an automated system accesses the Absolute Shine UG website, a range of general data and information is recorded. This general data and information is stored in the server's log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information used for protection in the event of attacks on our information technology systems.
When using this general data and information, Absolute Shine UG draws no conclusions about the person concerned. This information is rather needed in order to (1) correctly deliver the content of our website, (2) optimise the content of our website as well as advertising for it, (3) guarantee the permanent functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore analysed by Absolute Shine UG on the one hand for statistical purposes and furthermore with the aim of increasing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data processed by us. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.
5. Contact option via the website
The Absolute Shine UG website, due to legal regulations, contains information that enables rapid electronic contact with our company as well as direct communication with us, which also includes a general electronic mail address (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data voluntarily transmitted by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.
6. Routine deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for such period as is necessary to achieve the purpose of storage or as provided for by the European or national legislator in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies, or if a storage period prescribed by the European legislator or another competent legislator expires, personal data will be routinely blocked or deleted in accordance with statutory provisions.
7. Rights of the Data Subject
Right to confirmation
Any data subject has the right conferred by the European legislator and regulator to request confirmation from the controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right of confirmation, they may contact an employee of the controller at any time.
b) Right to information
Every data subject shall have the right granted by the European legislator and rule-maker to obtain from the controller free information about and a copy of the personal data stored concerning him or her. Furthermore, the European legislator and rule-maker has granted the data subject information about the following details:
- the processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- if possible, the period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period
- the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or of a right to object to such processing
- The existence of a right of complaint to a supervisory authority
- If personal data have not been obtained from the data subject: All available information as to the source of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. Where this is the case, the data subject shall also have the right to be informed about the appropriate safeguards relating to the transfer.
If an individual wishes to exercise this right of access, they can contact any employee of the data controller at any time.
c) Right to rectification
Every data subject shall have the right granted by the European legislator and regulator to request the rectification without delay of any inaccurate personal data concerning them. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to have incomplete personal data completed, including by means of a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time.
d) Right to erasure (Right to be forgotten)
Every data subject concerned by the processing of personal data has the right, granted by the European legislator, to request from the controller the erasure of personal data concerning him or her without undue delay, provided that one of the following grounds applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws their consent on which the processing is based pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21(2) of the GDPR.
- The personal data was processed unlawfully.
- The erasure of personal data is necessary for compliance with a legal obligation to which the controller is subject under Union or Member State law.
- The personal data was collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR.
If any of the above reasons apply and a data subject wishes to request the deletion of personal data stored by Absolute Shine UG, they may contact an employee of the data controller at any time. The Absolute Shine UG employee will arrange for the deletion request to be complied with immediately.
Have personal data been made public by Absolute Shine UG, and is our company, as the controller within the meaning of Art. 17 para. 1 GDPR, obliged to delete the personal data, Absolute Shine UG shall take appropriate measures, including technical ones, taking into account the available technology and the costs of implementation, to inform other controllers processing the published personal data that the data subject has requested these other controllers to delete all links to this personal data, or copies or reproductions of this personal data, provided that processing is not necessary. The employee of Absolute Shine UG will arrange for the necessary measures to be taken on a case-by-case basis.
Right to restrict processing
Every data subject has the right granted by the European legislator to request from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is disputed by the data subject for a period that allows the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes for which they were processed, but the data subject requires them for the establishment, exercise, or defence of legal claims.
- The data subject has objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the controller's legitimate grounds override those of the data subject.
If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored by Absolute Shine UG, they may contact a member of the data controller's staff at any time. The Absolute Shine UG employee will arrange for the restriction of processing.
Right to data portability
Every data subject has the right granted by the European legislator and supervisor of directives and regulations to receive the personal data concerning them, which has been provided to a controller by the data subject, in a structured, commonly used, and machine-readable format. They shall also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject can contact an employee of Absolute Shine UG at any time.
Right to object
Every data subject shall have the right granted by the European legislator and regulator to object, on grounds relating to his or her particular situation, at any time to processing of personal data which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
Absolute Shine UG will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defence of legal claims.
If Absolute Shine UG processes personal data for the purpose of direct marketing, the data subject has the right to object to the processing of personal data for such marketing purposes at any time. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to Absolute Shine UG processing for direct marketing purposes, Absolute Shine UG shall no longer process the personal data for these purposes.
Furthermore, the data subject shall have the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out by Absolute Shine UG for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may contact any employee of Absolute Shine UG or another employee directly. Furthermore, the data subject is free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h) Automated individual decision-making, including profiling
Every data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for the conclusion or the performance of a contract between the data subject and a controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.
Whether the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is based on the explicit consent of the data subject, Absolute Shine UG shall take appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain human intervention by the controller, to express one's point of view, and to contest the decision.
If the data subject wishes to assert rights with regard to automated decisions, they can contact an employee of the controller at any time.
Right to withdraw consent regarding data protection
Every data subject has the right, granted by the European legislator, to withdraw consent for the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the data controller at any time for this purpose.
8. Data Protection Provisions on the Use and Application of Jetpack for WordPress
The data controller has integrated Jetpack on this website. Jetpack is a WordPress plugin that offers additional functions to the operator of a website built on WordPress. Among other things, Jetpack allows the website operator an overview of the site's visitors. Furthermore, visitor numbers can be increased by displaying related posts and publications or by providing the option to share content on the site. Jetpack also integrates security functions, so that a website using Jetpack is better protected against brute-force attacks. Jetpack also optimises and speeds up the loading of images integrated on the website.
The operating company for the Jetpack plug-in for WordPress is Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.
Jetpack places a cookie on the affected person's IT system. What cookies are has already been explained above. Each time one of the individual pages of this website, operated by the controller, on which a Jetpack component has been integrated is accessed, the internet browser on the affected person's IT system is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis purposes. As part of this technical process, Automattic becomes aware of data which is subsequently used to create an overview of website visits. The data thus obtained is used to analyse the behaviour of the affected person who accessed the controller's website, and is evaluated with the aim of optimising the website. The data collected via the Jetpack component will not be used to identify the affected person without the prior separate express consent of the affected person. The data is also made available to Quantcast. Quantcast uses the data for the same purposes as Automattic.
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Automattic/Quantcast from setting a cookie on the data subject's information technology system. In addition, cookies already set by Automattic can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to the collection of data generated by the Jetpack cookie, which is related to the use of this website, and to the processing of this data by Automattic/Quantcast, and to prevent such from happening. To do this, the data subject must click the opt-out button at the following link: https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the data subject. If the cookies on the data subject's system are deleted after an objection, the data subject must call up the link again and set a new opt-out cookie.
However, by setting the opt-out cookie, the websites of the controller may no longer be fully usable for the data subject.
The applicable data protection regulations from Automattic can be accessed at https://automattic.com/privacy/. The applicable data protection regulations from Quantcast can be accessed at https://www.quantcast.com/privacy/.
9. Data Protection Provisions on the Use and Application of YouTube
The controller has integrated YouTube components on this website. YouTube is an internet video portal that allows video publishers to upload video clips and other users to view, rate, and comment on them free of charge. YouTube permits the publication of all types of videos, which is why complete films and television shows, as well as music videos, trailers, or videos created by users themselves, can be accessed via the internet portal.
The operating company for YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
With every call of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be accessed at https://www.youtube.com/yt/about/de/. As part of this technical procedure, YouTube and Google will be informed which specific sub-page of our website is being visited by the person concerned.
If the person concerned is simultaneously logged into YouTube, YouTube recognises, upon calling up a sub-page containing a YouTube video, which specific sub-page of our website the person concerned has visited. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.
YouTube and Google receive information that the data subject has visited our website via the YouTube component whenever the data subject is simultaneously logged into YouTube at the time of visiting our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish for such information to be transmitted to YouTube and Google, they can prevent this transmission by logging out of their YouTube account before visiting our website.
The privacy policy published by YouTube, available at https://www.google.de/intl/de/policies/privacy/, provides information on the collection, processing, and use of personal data by YouTube and Google.
10. Legal basis for processing
Article 6(1)(a) of the GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, then the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for instance, in cases of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, for example, to fulfil tax obligations, then the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third parties. The processing would then be based on Article 6(1)(d) of the GDPR.
Ultimately, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases, provided that the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this regard, they took the view that a legitimate interest might be assumed if the data subject is a customer of the controller (Recital 47, second sentence GDPR).
11. Legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our shareholders.
12. Period for which the personal data are stored
The criterion for the duration of personal data storage is the respective statutory retention period. After the period expires, the corresponding data will be routinely deleted unless it is still required for contract performance or contract initiation.
13. Statutory or contractual requirements for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also arise from contractual agreements (e.g., details of the contractual partner).
From time to time, it may be necessary to conclude a contract for a data subject to provide us with personal data, which we then need to process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would result in the contract not being concluded with the data subject.
Before the data subject provides their personal data, they must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
14. Data protection provisions on the use and application of Google Analytics (with anonymisation function)
The controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering and analysis of data about the behaviour of visitors to websites. A web analytics service records, among other things, data on which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analytics is predominantly used for the optimisation of a website and for the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The controller uses the suffix „_gat._anonymizeIp“ for web analytics via Google Analytics. By means of this suffix, the IP address of the person concerned's internet connection is shortened and anonymised by Google when accessing our internet pages from a member state of the European Union or another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor traffic on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide other services related to the use of our website.
Google Analytics sets a cookie on the affected person's information technology system. What cookies are has already been explained above. By setting the cookie, Google is enabled to perform an analysis of the use of our website. With each call-up of one of the individual pages of this website operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the affected person's information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. In the context of this technical procedure, Google gains knowledge of personal data, such as the IP address of the affected person, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently to allow for commission settlements.
Personal data, such as the time of access, the location from which access originated, and the frequency of visits to our website by the data subject, are stored using the cookie. With every visit to our websites, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics, relating to the use of this website, and to the processing of this data by Google, and to prevent such. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. Google considers the installation of the browser add-on as an objection. If the data subject's IT system is deleted, reformatted or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person attributable to their sphere of influence, it is possible to reinstall or re-activate the browser add-on.
Further information and Google's applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.
15. Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
This privacy policy was generated by the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as External Data Protection Officer Bayreuth working in cooperation with the IT and Data Protection Lawyer Christian Solmecke created.
16. Google Fonts (Local Hosting)
This page uses so-called Google Fonts, provided by Google, for a uniform display of fonts. The Google Fonts are installed locally. No connection to Google's servers is made.
Further information about Google Fonts can be found at
https://developers.google.com/fonts/faq and in Google's privacy policy:
https://policies.google.com/privacy?hl=de.
For point 16, the following source was used: https://www.e-recht24.de