Data Protection

As of: May 2018

Legal Note:
The only legally binding language of this Data Protection Declaration is German.

Preamble
With the following Data Protection Declaration we would like to inform you about the type, scope and purpose of the collection, processing and use of personal data when using the data collected by:

Fester & Co. GmbH, Trostbrücke 4
20457 Hamburg
phone: +49 (0) 40 / 37 47 16-0
fax: +49 (0) 40 / 36 36 21
email:  info@festerundco.de
on the website festerundco.de/de/

Personal data is all data that can be referred to you personally, e.g. name, address, email address, user behaviour.

1. Who is responsible for data processing and who can I contact
Responsible pursuant to Article 4, para. 7 of the EU General Data Protection Regulation (hereinafter referred to as "GDPR")  

Fester & Co. GmbH
Trostbrücke 4
20457 Hamburg
phone: +49 (0) 40 / 37 47 16-0
fax: +49 (0) 40 / 36 36 21
E email:  data-protection@festerundco.de

(see our disclaimer liability http://festerundco.de/en/disclaimer-liability.html)

Please do not hesitate to contact our data protection officer:

Herrn André Radke

Firma Netzkonzept Radke & Wunsch GbR
Hoheluftchaussee 139
20253 Hamburg

Tel: 040 421 022 – 81
E-Mail: info@netzkonzept-team.de

2. Your rights
You have the following rights vis-à-vis Fester & Co. GmbH with regard to the personal data concerning you:

- Right of access pursuant to Article 15 GDPR,
- Right to rectification pursuant to Article 16 GDPR,
- Right to erasure (right to be forgotten) pursuant to Article 17 GDPR,
- Right to restriction of processing  pursuant to Article 18 GDPR
- Right to restriction of processing pursuant to Article 21 GDPR (for more information see Clause 13),
- Right to data portability pursuant to Article 20 GDPR.


With regard to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 German Federal Data Protection Act (hereinafter referred to as “BDSG”) apply.

You also have the right to complain to a data privacy supervisory authority about the processing of your personal data by Fester & Co. GmbH
 (Article 77 GDPR in conjunction with Section 19 BDSG).

3. Collection of personal data when contacting us
When you contact us by e-mail or via a contact form, the data provided by you (your e-mail address, possibly your name and telephone number) will be stored by Fester & Co. GmbH in order to answer your question. Fester & Co. GmbH deletes the data arising in this context after storage is no longer necessary or restricts the processing if legal storage obligations exist.

In case we use contracted service providers for individual features of our service or if we intend to use your data for commercial purposes, we will inform you in detail about the respective processes below. We also state the specified criteria for the storage duration.


4. Collection of personal data when visiting our website
If you use the website purely for informational purposes, i. e. if you do not register or otherwise provide us with information, Fester & Co. GmbH  only collects the personal data that your browser transmits to Fester & Co. GmbH‘s  server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to guarantee stability and security (the legal basis for which is Article 6, para. 1, p. 1, lit. f GDPR):

- IP address (The last block of an IP address is anonymized before being saved in the log file)
- Date and time of the request
- The amount of data transferred in each case
- Website from which the request originates
- Browser
- Operating system and its interface

In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using and through which certain information flows to the site that places the cookie (Fester & Co. GmbH in this case). Cookies cannot run programmes or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective.  We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

This website only uses Transient cookies:
Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This means that your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

You can configure your browser settings according to your wishes and, for example, refuse the acceptance of cookies. Please note that in this case you may not be able to use all of the website's features.

5. Social-Media-Plugins
We currently do not use social media plugins. Our website only offers a link to the following networks:

a. LinkedIn
When using these links, no data is passed on by us. With regard to the data protection regulations of the networks, we refer to the information provided by the providers:

a. LinkedIn
LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Data privacy declarations:
https://www.linkedin.com/legal/privacy-policy

LinkedIn has submitted to the EU-US Privacy Shield,
https://www.privacyshield.gov/EU-US-Framework

6. Purpose of processing and its legal basis
We process the aforementioned personal data in accordance with the provisions of GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). In detail:

a. For the fulfilment of contractual obligations (Article 6 para. 1 b DSGVO)
The processing of personal data is carried out for the purpose of providing  brokerage services as part of the execution of our contracts with our customers or for carrying out pre-contractual measures that are carried out upon your request.

The purposes of data processing may include, among other things, Risk analysis, consulting and planning, policy optimization and claims handling.

b. In the context of the balancing of interests (Article 6,  para. 1, p. 1, lit. f GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract to protect legitimate interests of us or third parties. Examples:

Advertising or market and opinion research, as far as you have not objected to the use of your data
Ensuring IT security
Prevention of crime
Measures for business management and further development of services and products

c. On the basis of your consent (Article 6, para. 1, p. 1, lit. a GDPR)
Insofar as you have given us your consent to the processing of personal data for certain purposes (such as fulfilling contractual obligations), the legality of this processing is based on your consent.

A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the application of the EU General Data Protection Regulation, i. e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing carried out prior to revocation shall not be affected. You can request a status overview of the consents you have given at any time from us.

7.  Is data transferred to a third country
We work if necessary with certain external service providers to process your data. Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the fulfilment of our contractual obligations, if it is legally required, if you have given us your consent or if the data transfer is carried out within the scope of commissioned data processing. If service providers are deployed in the third country, they are obliged to comply with the data protection level in Europe by the agreement of the EU standard contractual clauses.

The legal basis for this is Article 46, para. 1 GDPR.

8. How long is my data stored
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its further processing - limited in time - is necessary for the following purposes:

Fulfilment of commercial and fiscal retention periods: The Commercial Code (Handelsgesetzbuch) and the Tax Code (Abgabenordnung) are to be mentioned.

Preservation of evidence under the statute of limitations. According to Sections 195 et seq. of the German Civil Code ( Bürgerliches Gesetzbuch, BGB), these periods of limitation can be up to 30 years, whereas the regular period of limitation is three years.

9. Is there an obligation for me to provide data
Within the scope of our business relationship, you must provide personal data that is necessary for the initiation and execution of our business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or will no longer be able to carry out an existing contract and may have to terminate it.

10. Miscellaneous
You may contact us any time if you have questions regarding the data protection practices or want us to delete any personal data.

In the course of the continuous development of our services and the implementation of new technologies, Fester & Co. GmbH reserves the right to update this Data Protection Declaration any time. Therefore we suggest you read our Data Protection Declaration again once in a while on festerundco.de/de/.
 
Please do not hesitate to contact us if you have any questions about data protection. Simply send us an email to: data-protection@festerundco.de or write to us at the above address.

11. Right of revocation and objection against the processing of your data
a. Revocation
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the admissibility of the processing of your personal data only after you have expressed it to us.

b. Objection
Your right of objection follows from Article 21 GDPR.

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you on the basis of Article 6, para. 1, p. 1, lit. e GDPR (data processing in the public interest) and Article 6, para. 1, p. 1, lit. f GDPR (data processing on the basis of a balance of interests).

If you exercise your right of objection, we will no longer process your personal data, unless we can prove compelling grounds worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Furthermore you have the right to object at any time to the processing of personal data concerning you for the purpose of direct advertising.

If you object to the processing for purposes of direct advertising, we will no longer process your personal data for these purposes.

The objection and revocation can be made without observing formal requirements under the following contact data:

Fester & Co. GmbH
Trostbrücke 4
20457 Hamburg
phone: +49 (0) 40 / 37 47 16-0
fax: +49 (0) 40 / 36 36 21
email: info@festerundco.de