Data Protection Declaration

of Vollers Group GmbH

Thank you for visiting our website. In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (DSGVO).

1. Responsible

The office named in the imprint is responsible for the data processing described below.

2. Usage data

You can visit our website without telling us who you are. However, when you call up our homepage, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:

  • IP address of the requesting terminal
  • Date and time of access
  • Name and URL of the retrieved file
  • Transmitted data volume
  • Message on successful call
  • Data transmission protocol used
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your end device as well as the name of your access provider.

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website
  • Ensuring a comfortable use of our website
  • Evaluation of system security and stability, and
  • For other administrative purposes.

The legal basis is Art. 6 para. 1 lit f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

Log data is only stored until the purpose for which we collected or received the data has been fulfilled, unless it exceptionally needs to be held for longer to follow up on an identified attack.

The anonymised data derived from the log file is no longer personal data. This data is used by us to compile statistics to improve the website and, if necessary, passed on to agencies that we commission to improve the website.

3. Data security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

4. Cookies

We use cookies on our websites, which are necessary for the use of our websites.

Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

5. Contact form

You have the option of contacting us via our contact form. To use our contact form, we first need the data marked as mandatory fields from you.

We use this data on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO in order to answer your enquiry.

In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for contacting us. We process your voluntary information on the basis of your consent.

Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no statutory retention obligations to the contrary.

Insofar as your data transmitted via the contact form is processed on the basis of Art. 6 (1) sentence 1 lit. f DSGVO, you can object to the processing at any time. You can also revoke your consent to the processing of voluntary data at any time. To do so, please contact the e-mail address stated in the imprint.

6. Conducting surveys – Microsoft Forms

We use the Microsoft Forms service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”) to conduct surveys or online forms. Microsoft Forms enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to Microsoft and stored on Microsoft servers. The information you enter in the forms is stored under password protection to ensure that third party access is excluded and that only we can evaluate the information data for the purpose specified in the form. When processing personal data that is required to fulfil a contract with you (this also applies to processing operations that are required to carry out pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future. We have concluded an order processing agreement with Microsoft for the use of Microsoft Forms, which obliges Microsoft to protect the data of our site visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out. For the transfer of data from the EU to the USA, Microsoft refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. Further information on Microsoft Forms and Microsoft’s data protection provisions can be found at: https://privacy.microsoft.com/de-de/privacystatement 

7. Other processors

We pass on your data to service providers who support us in the operation of our websites and the associated processes as part of commissioned processing pursuant to Art. 28 DSGVO. These are, for example, hosting service providers. Our service providers are strictly bound by instructions to us and are contractually obligated accordingly.

8. Social media

We maintain social media offerings on Instagram and LinkedIn, which we inform you about below:

a) Instagram

We use the technical platform and services of Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for the information service offered.

We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (for example, commenting or rating). In your own interest, please therefore check carefully what information you wish to disclose and share with other users.

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present on your end device in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page.

The data collected about you in this context is processed by Instagram and may be transferred to countries outside the European Union. Instagram describes in general terms what information it receives and how it is used in its privacy policy. There you will also find information on how to contact Instagram and on the setting options for advertisements. The privacy policy is available at the following link: https://help.instagram.com/519522125107875

In what way Instagram uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties is not conclusively and clearly stated by Instagram and is not known to us.

When you access an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to Instagram, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. Instagram also stores information about its users' end devices (for example, as part of the "login notification" function); this may enable Instagram to assign IP addresses to individual users.

If you are currently logged in to Instagram as a user, there is a cookie with your Instagram ID on your end device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Via Instagram buttons embedded in websites, it is possible for Instagram to record your visits to these websites and assign them to your Instagram profile. This data can be used to offer content or advertising tailored to you.

If you want to avoid this, you should log out of Instagram or deactivate the "stay logged in" function, delete the cookies on your device and close and restart your browser. This will delete Instagram information that can directly identify you. This allows you to use our Instagram page without revealing your Instagram identifier. When you access interactive features of the site (like, comment, message and more), an Instagram login screen will appear. After any login, you will again be recognisable to Instagram as a specific user.

For information on how to manage or delete information about you, see the Instagram Help section.

We, as the provider of the information service, do not collect and process any data from your use of our service beyond this. You can find this data protection declaration in the respective applicable version under the item "Data policy" on and the respective Instagram page.

b) LinkedIn

We use the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, for the channel offered on LinkedIn.

We would like to point out that you use this LinkedIn page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). In your own interest, please check carefully what information you wish to disclose and share with other users.

When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is present on your end device in the form of cookies. This information is used to provide us, as the operator of the LinkedIn pages, with statistical information about the use of the LinkedIn page. LinkedIn provides more detailed information on this under the following link:

www.linkedin.com/legal/privacy-policy

The data collected about you in this context is processed by LinkedIn Inc. and may be transferred to countries outside the European Union. LinkedIn describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact LinkedIn and on the settings for advertisements. The data usage guidelines are available at the following link:

www.linkedin.com/legal/privacy-policy

In what way LinkedIn uses the data from visits to LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn page is passed on to third parties, is not conclusively and clearly stated by LinkedIn and is not known to us.

When you access a LinkedIn page, the IP address assigned to your end device is transmitted to LinkedIn. According to LinkedIn, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. LinkedIn also stores information about its users' end devices (for example, as part of the "login notification" function); this may enable LinkedIn to assign IP addresses to individual users.

If you are currently logged in to LinkedIn as a user, a cookie with your LinkedIn ID is placed on your end device. This enables LinkedIn to track that you have visited this page and how you have used it. This also applies to all other LinkedIn pages. LinkedIn buttons embedded in websites enable LinkedIn to record your visits to these websites and assign them to your LinkedIn profile. This data can be used to offer content or advertising tailored to you.

If you want to avoid this, you should log out of LinkedIn or deactivate the "stay logged in" function, delete the cookies on your device and close and restart your browser. This will delete LinkedIn information that can directly identify you. This allows you to use our LinkedIn page without revealing your LinkedIn identifier. When you access interactive features of the site (like, comment, share, news, etc.), a LinkedIn login screen will appear. After any login, you will again be recognisable to LinkedIn as a specific user.

For information on how to manage or delete information about you, please see the following LinkedIn support pages:

www.linkedin.com/legal/privacy-policy

We, as the provider of the information service, do not collect and process any further data from your use of our service.

If you do not wish this data processing, please refrain from using our web forms.

9. Captcha

In order to protect our web forms from automated requests, we use a so-called Captcha from reCAPTCHA. The provider is Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

As part of the captcha function, all user input and mouse movements that you make on our website are automatically recorded (regardless of whether you call up pages that contain web forms or not). The data collected in this way is used to assess whether the entries originate from a human or an automated programme.

As the function is provided by a third-party provider, the display of the captcha leads to content from the third-party provider being reloaded. This provides the third-party provider with information that you have accessed our site as well as the usage data technically required in this context. The third party provider also receives your IP address, which is technically required to retrieve the content. We have no influence on the further data processing by the third-party provider.

The data processing is based on your consent, provided that you have previously given your consent via our banner solution. 

Please note that the use of captchas may result in your data being processed outside the EU/EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without informing you or allowing you to seek redress. If we use providers in insecure third countries and you consent, the transfer to an insecure third country will be based on Article 49(1)(a) of the GDPR. 

10. Google fonts

For the uniform display of fonts, this website uses fonts from Google Fonts. These are integrated locally so that no connection to Google servers is established and therefore no data transfer takes place.

11. Adobe fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you call up this website, your browser loads the required fonts directly from Adobe in order to be able to display them correctly on your end device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that this website has been accessed via your IP address. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
www.adobe.com/de/privacy/eudatatransfers.html

For more information on Adobe Fonts, please visit:
www.adobe.com/de/privacy/policies/adobe-fonts.html

You can find Adobe's privacy policy at:
www.adobe.com/de/privacy/policy.html

In order to provide services more quickly, Adobe Fonts uses the functions of Amazon Web Services. The provider is Amazon Web Services EMEA SARL, Avenue John F. Kennedy 38, 1855 Luxembourg.

Under certain circumstances, however, data may be transferred to the parent company Amazon.com Inc. based in the USA. Amazon can automatically access all data stored via hosting. This may include, for example, personal customer data such as IP addresses.

You can find more information at

https://aws.amazon.com/de/compliance/germany-data-protection/

12. Adobe Typekit

The website uses Adobe Typekit to provide fonts. The provider is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland.

The data is stored and analysed on the basis of Art. 6 para. 1 lit. f DSGVO.

You can find Adobe's privacy policy at

www.adobe.com/privacy/policy.html

13. Elfsight

We use widgets from the provider Elfsight to display our Instagram content. The provider is Elfsight, LLC, Paronyana Str 19/3, 201, Yerevan 0015, Armenia.

This means that your data may be transferred to a third country that is not subject to the scope of the DSVGO. This may result in restrictions on data protection and data security. Please bear this in mind if you decide to give your consent to our use of Elfsight.

Further information about Elfsight is available at:

https://elfsight.com/privacy-policy/

Please also note that Elfsight uses the third-party provider Yandex for marketing and optimisation purposes. The provider is Yandex LLC, 16 Lva Tolstogo St., Moscow 119021, Russia.

This means that your data may also be transmitted to Russia. We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate protection for the transfer of data to Russia. Nähere Informationen zu diesem Beschluss finden Sie unter:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914

For more information about Yandex, please visit:

https://yandex.com/company/privacy

14. Facebook Social Plugins

Facebook social plugins are used to display the Instagram feeds on our website. The provider is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland.

Which data is transferred depends on whether you have a Facebook account or not. If you are logged into your Facebook account, Facebook will link the website visit to your account. You have the option of changing your account settings yourself at: https://facebook.com/settings?tab=privacy

Even if you are not logged in or do not have a Facebook account, data such as your IP address may still be transmitted to Facebook.

You can find more information at:

https://www.facebook.com/privacy/policy/?tid=331706174624

15. Google Analytics

We use the web analysis tool "Google Analytics" to design our websites in line with requirements. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise returning visitors and count them as such.

Within the scope of Google Analytics, we are supported by Google Ireland Limited and Google LLC. (USA) as processors according to Art. 28 DSGVO. The data processing may therefore also take place outside the EU or the EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed due to processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. Please bear this in mind if you decide to give your consent to our use of Google Analytics.

The data processing is based on your consent, provided you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a DSGVO. 

You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.

16. Google Tag Manager

Google Tag Manager is an organisational tool that can be used to integrate and manage code sections, so-called tags. The data is collected and processed by Google Analytics. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Tag Manager itself does not set any cookies. It does not store any data, but makes it available to Google Analytics for further processing.

17. YouTube Video

We use YouTube to share video content on our website. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

If you call up one of the corresponding subpages with an embedded YouTube video, YouTube will set a cookie that stores your IP address and our URL. If you have a YouTube account and are logged into it, YouTube may be able to assign your activities on our website to this account. The data is stored and analysed on the basis of Art. 6 para. 1 lit. f DSVGO.

You can find more information at:

https://policies.google.com/privacy

18. Polyfill iO

We use the "Polyfill.io" service of The Financial Times Limited, Bracken House, 1 Friday Street, London, England, EC4M 9BT. This enables us to play back content in high quality even on older browser versions. When you load a web page that uses the Polyfill service, your browser downloads all the necessary polyfill files to successfully present the web page in your browser. In order to provide the polyfills, the service receives certain technical information from your browser, including: browser details; connection data, such as your IP address, the URL of the website that made the request to the service. The information is used to determine which polyfills are required by your browser. This information cannot identify you, it is anonymised. The processing is done for the purpose of enhancing your user experience and for the general optimisation of the website. You can find more information on the handling of user data on the data protection page of Polyfill.io at: https://polyfill.io/v3/privacy-policy/.

19. Consent-Management Usercentrics

We use the Usercentrics Consent Management Platform as a consent management tool as part of the analytics activities on our website.

The Usercentrics Consent Management Platform collects log file and consent data using JavaScript. This JavaScript makes it possible to inform users about their consent to certain tags on our website and to obtain, manage and document this consent.

We process the following data in the process:

  • Consent data (anonymised logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp)
  • Device data or data of the devices used (including shortened IP addresses (IP v4, IP v6), device information, timestamp).
  • User data or user data (e.g. email, ID, browser information, SettingIDs, changelog)

The ConsentID (contains the above-mentioned data), the Consent status incl. timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing only takes place if you submit a request for information or revoke your consent. In this case, the relevant information is provided to the responsible person (FIELD M) in a compact data format in an easily readable text form for the purpose of data exchange (JSON file).

No user information is stored for the statistics on the use of consent given or not given. Only the frequency and locations of clicks are stored.

The personal data is stored on a Google Cloud Server located in the EU (Brussels, Frankfurt am Main).

Purpose of the data processing

The purpose of the data processing is the analysis and management of the consents granted in order to comply with our obligation of a DSGVO-compliant consent management. The use of Usercentrics serves the purpose of proving granted and non-granted consents as well as their management.

The specific purposes of the processing of the personal data referred to above are:

  • Obtaining and providing the consents
  • Providing evidence of which device you used to provide consent and at what time
  • Legitimisation of access to the settings and documentation of changes

Legal basis of the data processing

The legal basis for the management of your consents for the processing of your personal data is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the legally secure documentation and verifiability of consents, the control of marketing measures on the basis of the consent granted and the optimisation of consent rates.

Duration of storage

The data is deleted as soon as it is no longer needed. The associated cookie has a duration of 60 days. The revocation document of a previously granted consent is stored for a period of three years. The retention is based on the one hand on our accountability pursuant to Art. 5 (2) DSGVO. This obliges us to comply with the processing of personal data in accordance with the General Data Protection Regulation. On the other hand, retention is based on the regular limitation period of three years pursuant to Section 195 of the German Civil Code (BGB). This limitation period begins at the end of the year in which the claim arose (§ 199 BGB).

20. Transfer of personal data to third countries

We transmit your personal data to countries outside the European Union or the European Economic Area (currently EU countries plus Iceland, Liechtenstein, Norway) exclusively in the context of the use of Google Analytics, AdobeFonts, Elfsight and. Further information can be found in the relevant sections.

21. Storage period

We only store your personal data until the purpose for which we collected or received it has been fulfilled. If you have provided us with your data via the contact form, we will delete this data as soon as it is no longer required for us or we will restrict processing if there are statutory retention obligations.

22. Data subject rights

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;
  • pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
  • pursuant to Art. 20 DSGVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future;
  • complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.

23. Right of objection

If we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, please send us an e-mail to info@vollers.com.

24. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and has the status 14.10.2022

Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration on our website at any time.

Your
Vollers Group GmbH

25. Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen

Web: https://www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

If you contact our data protection officer, please also state the responsible office named in the imprint.