Privacy

Privacy Policy
Holz Frank GmbH & Co. KG is pleased about your visit to our website and your interest in us and our services. We take the protection of personal data very seriously and want you to feel secure when visiting our website. We process personal data collected during your visit to our website in accordance with legal regulations, in particular the GDPR.

Responsible party:
Holz Frank GmbH & Co. KG
Owner: Fabian Frank
Houbirgstrasse 9
91217 Hersbruck
What is personal data?

Personal data is data about you that makes identification possible. This includes, for example: your name, address, and email address. In some cases, we need your name and address, as well as other information, to offer you the requested products or services. We only store the data that you have transmitted to us automatically or voluntarily.

How is personal data processed?

In some areas of our website, we offer you the opportunity to contact us or use certain services. We store the personal data transmitted here only for the purpose for which it was provided to us, such as processing your request or answering any questions you may have.

What data is requested?

If the option to enter personal or business data (email addresses, names, addresses) exists within this website, the disclosure of this data by the user is expressly voluntary. The use of all offered services is permitted – insofar as technically possible and reasonable – even without providing such data or by providing anonymized data or a pseudonym. However, by correctly providing even the optional data, you enable us to provide you with personalized and individual support.

SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS.

Is the confidentiality of email communication/contact form guaranteed?

Should you wish to contact us using your own email account, please be aware that the confidentiality of the transmitted information may not be guaranteed.

If data is collected and processed via our contact form, it is encrypted before transmission. You are also welcome to send us confidential information by post.

Is data logged when I visit our website?

Every time a user accesses a page on our website or retrieves a file, access data about this process is stored in a log file on our server.

IP address
Page from which the file was requested
Date, time
Browser type and browser settings
Operating system
The page you visited
Amount of data transferred
Access status (file transferred, file not found, etc.)
This data is not combined with other data sources. Processing is carried out in accordance with Article 6 Paragraph 1 Letter f GDPR based on our legitimate interest in improving the stability and functionality of our website.

Are cookies used?

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from a web server to your browser and stored on your hard drive. Only the internet protocol address is stored – no personal data. The legal basis for the use of cookies is Article 6(1)(f) GDPR.

We use some so-called session cookies, which are automatically deleted after your visit ends. Other cookies remain stored on your device until you delete them or until they expire. This offers you the advantage that you don't have to re-enter your data every time you fill out forms. Furthermore, these cookies allow us to recognize you on your next visit.

Most browsers are set to automatically accept cookies. However, you can disable the storage of cookies or configure your browser to notify you as soon as cookies are sent.

If you have disabled all cookies in your browser, a so-called session ID is used to identify you during a continuous visit to our website. No data is stored on your computer. The session ID is deleted after you end your session.

You can find detailed information about the specific services for which we use cookies in the cookie settings.

View.

Collection and processing of data when ordering in the shop

If you have provided us with further personal data (address, payment terms), we will only use this data to process your order, to fulfill contracts concluded with you, and to deliver the goods. The legal basis for this is Article 6 Paragraph 1 b GDPR (contractual or pre-contractual measures).

Payments when ordering

When using PayPal as your payment method, data is transmitted to the payment service provider PayPal. The payment service provider is responsible for the payment data. Information, in particular about the responsible body of the respective payment service provider, the contact details of the payment service provider's data protection officer, and the categories of personal data processed by the payment service provider, can be found at the following address: PayPal Privacy Statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE. The legal basis for this is Article 6 Paragraph 1 b GDPR (contractual or pre-contractual measures).

DATA PROTECTION PROVISIONS REGARDING KLARNA AS A PAYMENT METHOD The data controller has integrated components from Klarna on this website. Klarna is an online payment service provider that enables purchases on account or flexible installment payments. Klarna also offers additional services, such as buyer protection and identity and credit checks. The operating company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. If the data subject selects either "purchase on account" or "installment purchase" as the payment option during the ordering process in our online shop, data from the data subject will be automatically transmitted to Klarna. By selecting one of these payment options, the data subject consents to this transfer of personal data, which is necessary for processing the purchase on account or in installments, or for identity and credit checks. The personal data transmitted to Klarna typically includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, and other data necessary for processing an invoice or installment purchase. Personal data related to the specific order is also necessary for processing the purchase agreement. In particular, this may involve the mutual exchange of payment information such as bank details, card number, expiry date and CVC code, quantity of items, item number, data on goods and services, prices and taxes, information on previous purchasing behavior, or other information on the financial situation of the data subject. The purpose of transmitting this data is, in particular, identity verification, payment administration, and fraud prevention. The data controller will transmit personal data to Klarna, especially when there is a legitimate interest in doing so. The personal data exchanged between Klarna and the data controller is transmitted by Klarna to credit reference agencies. This transmission is for the purpose of identity and creditworthiness checks. Klarna also shares personal data with affiliated companies (Klarna Group) and service providers or subcontractors to the extent necessary for fulfilling contractual obligations or for processing the data on Klarna's behalf. To decide whether to establish, execute, or terminate a contractual relationship, Klarna collects and uses data and information about the data subject's past payment behavior, as well as probability scores for their future behavior. The scoring is calculated using scientifically recognized mathematical and statistical methods. The data subject has the right to withdraw their consent to the processing of their personal data by Klarna at any time. Such withdrawal does not affect personal data that must be processed, used, or transmitted for the (contractual) processing of payments. Klarna's applicable data protection regulations can be found at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

The scoring is calculated using scientifically recognized mathematical and statistical methods. DATA PROTECTION PROVISIONS REGARDING SOFORT Banking AS A PAYMENT METHOD The data controller has integrated components of Sofortüberweisung (Instant Bank Transfer) on this website. Sofortüberweisung is a payment service that enables cashless payment for products and services online. Sofortüberweisung uses a technical process by which the online merchant immediately issues a payment confirmation.

This enables a merchant to deliver goods, services, or downloads to the customer immediately after the order is placed. The operator of Sofortüberweisung (Instant Bank Transfer) is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany. If the data subject selects "Sofortüberweisung" as the payment method during the ordering process in our online shop, their data is automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transfer of personal data necessary for payment processing. When making a purchase via Sofortüberweisung, the buyer transmits their PIN and TAN to Sofort GmbH. After a technical check of the account balance and retrieval of further data to verify sufficient funds, Sofortüberweisung then executes a transfer to the online merchant. The online merchant is then automatically notified of the completed financial transaction. The personal data exchanged with Sofortüberweisung (Instant Bank Transfer) includes first name, last name, address, email address, IP address, telephone number, mobile phone number, and other data necessary for payment processing. The purpose of transmitting this data is payment processing and fraud prevention. The data controller will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in doing so. The personal data exchanged between Sofortüberweisung and the data controller may be transmitted by Sofortüberweisung to credit reference agencies. This transmission is for the purpose of identity and creditworthiness verification. Sofortüberweisung may also disclose personal data to affiliated companies, service providers, or subcontractors to the extent necessary for fulfilling contractual obligations or for processing the data on its behalf. The data subject has the right to withdraw their consent to the processing of their personal data by Sofortüberweisung at any time. Such withdrawal does not affect personal data that must be processed, used, or transmitted for the (contractual) processing of payments. Sofortüberweisung's current data protection regulations can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

Do you share my data with third parties?

Your personal data will only be shared or transmitted to third parties if this is necessary for the purpose of contract processing – in particular, the transfer of address data to shipping companies – or if the data is required for billing purposes, or if you have given your prior consent. You have the right to revoke any consent you have given at any time with effect for the future. Personal data is collected and transmitted to authorized government institutions and agencies only within the framework of applicable laws or if we are legally obligated to do so by court order. All employees and service providers are bound by confidentiality agreements and are obligated to comply with data protection regulations. Stored personal data will be deleted if you revoke your consent to its storage, if knowledge of it is no longer necessary for fulfilling the purpose for which it was stored, or if its storage is inadmissible for other legal reasons.

Customer Account/Orders

Customer Account
When you open a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. This processing is based on Article 6 Paragraph 1 Letter a of the GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its revocation. Your customer account will then be deleted.

Use of Email Address for Sending Newsletters
Regardless of contract processing, we use your email address exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. This processing is based on Article 6 Paragraph 1 Letter a of the GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on the consent before its revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Use of the email address for sending

You can object to this use of your email address at any time by notifying us. Contact details for exercising your right to object can be found in the legal notice. You can also use the unsubscribe link provided in the promotional email. No costs other than standard transmission fees will be incurred.

Cookie Consent Tool
We use a cookie consent tool on our website to manage your consent regarding the use of cookies and similar technologies, as well as for certain data processing activities.

When you visit our website, your chosen consent settings are stored via the consent tool so that your selection can be tracked when you visit the site again. In particular, the following data may be processed:

Status of your consent or the withdrawal of your consent
Time of the decision
Browser information
Device information
Anonymised IP address or technically necessary connection data
The processing is carried out in order to be able to demonstrate and manage the legally required consents for the use of cookies and services that are not technically necessary.

The legal basis for the use of the consent tool is Article 6(1)(c) of the GDPR in conjunction with the fulfilment of our legal obligations regarding consent management, as well as Article 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-friendly and documented consent management. Where information is stored on your device or access is gained to information already stored, Section 25(2)(2) of the TDDDG applies, provided this is technically necessary.

You may withdraw your consent at any time with future effect via the privacy settings

External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website access data, and other data generated via a website. The host is used for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been requested, processing is carried out exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Our hosting provider will only process your data to the extent necessary to fulfill its contractual obligations and will comply with our instructions regarding this data. We use the following hosting provider: netcup GmbH, Emmy-Noether-Straße 10, 76131 Karlsruhe, Germany.

Data Processing Agreement: We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a legally required agreement under data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Google Web Fonts
To improve the visual presentation of various information on our website, we use Google Web Fonts (http://www.google.com/webfonts/). When you visit our site, the web fonts are transferred to your browser's cache so they can be used for display. If your browser does not support Google Web Fonts or blocks access to them, the text will be displayed in a standard font. No cookies are stored on your computer when you visit our site. Data transmitted in connection with your visit is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. This data is not associated with any data that may be collected in connection with the parallel use of authenticated Google services such as Gmail. You can configure your browser to prevent fonts from being loaded from Google servers (e.g., by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you block access to Google servers, the text will be displayed in the system's default font.

Information about Google's privacy policy and terms of service can be found directly at Google: http://www.google.com/intl/de-DE/privacy/
Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

If IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings; however, please note that in this case you may not be able to fully utilize all the functions of this website. You can also prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

This website uses Google Analytics with the extension "_anonymizeIp()". IP addresses are therefore only processed in abbreviated form to prevent them from being directly linked to a specific individual.

Further information on Google's privacy policy can be found here: https://support.google.com/analytics/answer/6004245?hl=de

Google CDN

We use Google CDN to ensure the proper delivery of our website's content. Google CDN is a service provided by Google Ireland Limited, which functions as a Content Delivery Network (CDN) on our website. A CDN helps to deliver content from our website, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN. The use of the Content Delivery Network is based on our legitimate interests, i.e., our interest in the secure and efficient provision and optimization of our online services, in accordance with Art. 6 Para. 1 lit. f GDPR. The specific storage period of the processed data is not within our control but is determined by Google Ireland Limited. You can find further information in the Google CDN privacy policy: https://policies.google.com/privacy.

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which may in turn collect data. However, the Google Tag Manager itself does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with the Google Tag Manager.

Google reCAPTCHA

Google reCAPTCHA is a service provided by Google Ireland Limited and allows us to distinguish whether a contact request originates from a natural person or is made automatically by a program, e.g., when entering information into online forms. "reCAPTCHA" prevents attacks from, for example, so-called bots. The service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: http://www.google.de/intl/de/policies/privacy/; Google's terms of service: https://www.google.com/intl/de_de/help/terms_maps.html;

Cloudflare (CDN, Security & Performance Services)

We use the Content Delivery Network (CDN) and security features (including DDoS protection and a web application firewall) of Cloudflare, Inc., to enhance the security and performance of our website. Requests to our website are routed through the Cloudflare network.

As part of providing and securing the website, Cloudflare processes, in particular, technically necessary connection data (e.g., IP address, date/time of access, requested content/URL, device/browser information, referrer, and security/log data). Cloudflare also processes some of this data in data centers outside the EU (especially in the USA). Appropriate safeguards are in place to ensure an adequate level of data protection (e.g., standard contractual clauses).

The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest in the secure, stable, and efficient provision of our online services).

Data processing agreement: To the extent that Cloudflare processes personal data on our behalf, this is done on the basis of a data processing agreement/Data Processing Addendum (DPA) with Cloudflare.

Cookies by Cloudflare (technically necessary): Depending on the security features activated, Cloudflare may set technically necessary cookies to manage traffic and defend against attacks. These cookies are necessary for the secure operation of the website.

Cloudflare Web Analytics

We use Cloudflare Web Analytics to statistically evaluate the use of our website and to improve our services. According to Cloudflare, Cloudflare Web Analytics works without client-side storage mechanisms such as cookies or LocalStorage and does not perform "fingerprinting" of individual users for analytical purposes.

As part of audience measurement, aggregated usage data is processed (e.g., pages visited, referrer, approximate device/browser information, timestamps). Depending on the technical setup, this processing may also take place via Cloudflare infrastructure outside the EU; appropriate safeguards (e.g., standard contractual clauses) are used for this purpose.

The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in statistical analysis to optimize our online services).

Note: Since Cloudflare Web Analytics works without cookies/LocalStorage, a cookie opt-in is generally not required solely for the purpose of measurement. However, we provide transparent information about this.

JSDelivr CDN

We use JSDelivr CDN to properly deliver the content of our website. JSDelivr CDN is a service provided by Prospect One, which functions as a Content Delivery Network (CDN) on our website.

A CDN helps to deliver the content of our online services, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of JSDelivr CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e., our interest in the secure and efficient delivery and optimization of our online services, in accordance with Article 6(1)(f) GDPR.

The specific storage period of the processed data is not within our control, but is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.

Bootstrap CDN

We use Bootstrap CDN to properly deliver the content of our website. Bootstrap CDN is a service provided by Bootstrap, which functions as a Content Delivery Network (CDN) on our website.

A CDN helps to deliver the content of our online services, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to Bootstrap servers, transmitting your IP address and, if applicable, browser data such as your user agent. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Bootstrap CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e., our interest in the secure and efficient provision and optimization of our online services, in accordance with Article 6(1)(f) GDPR.

The specific storage period of the processed data is not within our control but is determined by Bootstrap. Further information can be found in the Bootstrap CDN privacy policy: https://www.bootstrapcdn.com/privacy-policy/.

Use of Bm-Search for product searches

To make visiting our website more attractive and to present you with better search results more quickly, we use the search function of Bm-Search. This serves our legitimate interest, which outweighs your interests, in an optimized presentation of our offerings, in accordance with Article 6(1)(f) GDPR. The operator of this website is Bm-Suche (Sebastian Müller, Dr.-Berndl-Straße 4b, 87700 Memmingen). To use the Bm-Suche search function, your browser must connect to Bm-Suche's servers. This allows Bm-Suche to know that our website was accessed via your IP address. Further information about Bm-Suche's privacy policy can be found at https://www.bm-suche.de/Datenschutz

SHOPAUSKUNFT

We use SHOPAUSKUNFT to properly deliver the content of our website. SHOPAUSKUNFT is a service provided by Händlerbund Management AG, which functions as a Content Delivery Network (CDN) on our website.

A CDN helps to deliver the content of our online services, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Händlerbund Management AG, Torgauer Str. 233, ArcusPark / Haus B, 04347 Leipzig, Germany, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of SHOPAUSKUNFT.

Data Retention Period
The specific retention period of the processed data is not within our control but is determined by Händlerbund Management AG. Further information can be found in the privacy policy for SHOPAUSKUNFT: https://www.shopauskunft.de/datenschutz
Händlerbund Seal
We use the Händlerbund Seal to ensure the proper delivery of the content on our website. The Händlerbund Seal is a service provided by Händlerbund Management AG, which functions as a Content Delivery Network (CDN) on our website.

A CDN helps to deliver the content of our online services, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Händlerbund Management AG, Torgauer Str. 233, ArcusPark / Haus B, 04347 Leipzig, Germany, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of the Händlerbund Seal.

The use of the Content Delivery Network (CDN) is based on our legitimate interests, namely our interest in the secure and efficient provision and optimization of our online services, in accordance with Article 6(1)(f) of the GDPR.

The specific storage period for the processed data is beyond our control and is determined by Händlerbund Management AG. Further information can be found in the data privacy statement for Händlerbund seals: https://www.haendlerbund.de/de/datenschutzerklaerung.

Social Media Presence

We maintain various online presences – fan pages – on social media platforms to communicate with active users. We also provide visitors with information about our company, products, and services.

The legal basis for operating our fan page(s) on social media platforms – including the processing of personal data – is based on legitimate interest pursuant to Article 6(1)(f) of the GDPR. The purpose is timely customer communication, advertising, and public relations.

Your IP address is recorded and stored when you access the social media platform. A cookie is typically set that stores your visit and other data related to your visit to the social media platform.

You can regularly access the social media fan page(s), regardless of whether you have a user account and are logged in to the respective platform. In both cases, however, your data will be processed by the social media platform.

If you are logged into the respective social media platform, your visit will be recorded using cookies or other technical means and associated with your user account. This allows the social media platform to analyze user behavior. A user profile may be generated based on your interests, which can then be used to display interest-based advertising both on and off the social media platform. This can even occur across multiple devices. Furthermore, your data may be used for market research and advertising. Your user profile and content may also be recognized. For details, please refer to the following privacy policies and information notices of the social media platform(s) used.

A detailed description, privacy policy, and information notice for our social media platforms – fan page(s) – can be found here (link to a separate menu item "Social Media" or a PDF file about the social media platforms).

Services and service providers used:

We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This can include, for example, directions (maps), bot detection, graphics, posts, videos, or social media buttons (hereinafter referred to collectively as "Content").

The integration of this content always requires that the third-party providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use the IP address solely for delivering the content. We assume no responsibility for the privacy practices of other websites. By integrating the plugins, the social network receives information that you have accessed the corresponding page of our website. If you are logged into the social network, your visit can be associated with your social network account.

If you do not want social networks to collect data about you via active plugins, you can either deactivate the social plugins with a single click on our websites or select the "Block third-party cookies" option in your browser settings. With this setting, the browser will not send cookies to the server when embedded content from other providers is displayed. However, in addition to the plugins, other cross-site functions may also cease to work with this setting.

The following services or plugins are used:

Facebook:

Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out option: Ad settings: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook Pages: https://www.facebook.com/legal/terms/page_controller_addendum, Data protection information for Facebook Pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Instagram:
Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy policy: http://instagram.com/about/legal/privacy.

YouTube:
Videos; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Opt-out option: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for ad display: https://adssettings.google.com/authenticated.

How can you influence the use of your personal data?

Of course, you have the sole right to decide whether and for what purposes we may use your data. Furthermore, you alone determine whether we may use your data for consulting, advertising, and market research purposes. Naturally, you can revoke any consent you have given at any time.

We adhere to the principles of data avoidance and data minimization. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various retention periods stipulated by law. Once the respective purpose ceases to apply or these periods expire, the corresponding data is routinely blocked or deleted in accordance with legal regulations.

What security measures have we implemented?

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All employees and service providers are bound by confidentiality agreements and are obligated to comply with data protection regulations.

Whenever we collect and process personal data, it is encrypted before transmission. This means that your data cannot be misused by third parties.

Will this privacy policy also be changed?

Due to current circumstances, such as amendments to the German Federal Data Protection Act (BDSG-neu, GDPR), we will update this privacy policy as necessary.

How can I review, correct, revoke, or delete my data?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), you, as a data subject, have the right to:

Access to your personal data stored by us in accordance with Article 15 GDPR and Section 34 BDSG, including meaningful information about the details of the processing and a copy of your data;

Recognition of inaccurate or incomplete data stored by us in accordance with Article 16 GDPR;

Erasure pursuant to Article 17 GDPR of your data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

Restriction of processing pursuant to Article 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data, and you object to its erasure because you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR.

Data portability pursuant to Article 20 GDPR if you have provided us with personal data based on consent pursuant to Article 6(1)(a) GDPR or on the basis of a contract pursuant to Article 6(1)(b) GDPR, and this data has been processed by us using automated means. You will receive your data in a structured and machine-readable format, or we will transmit the data directly to another controller, insofar as this is technically feasible.

You have the right to object, pursuant to Article 21 GDPR, to the processing of your personal data if this processing is based on Article 6(1)(e) or (f) GDPR and there are grounds relating to your particular situation, or if the objection is directed against direct marketing. However, the right to object does not apply if overriding legitimate grounds for the processing are demonstrated, or if the processing is necessary for the establishment, exercise, or defense of legal claims. If the right to object does not apply to specific processing operations, this will be indicated there.

You have the right to withdraw your consent, pursuant to Article 7(3) GDPR, with effect for the future. You also have the right to lodge a complaint (https://www.lda.bayern.de/de/beschwerde.html) with a supervisory authority pursuant to Article 77 GDPR if you believe that the processing of your personal data infringes the GDPR. You can contact the supervisory authority of your habitual residence, your place of work, or our company's registered office. Further information on the supervisory authorities in the European Union can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Article 6(1)(a) GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

If the processing of personal data is necessary for compliance with a legal obligation to which we are subject, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details, or other vital information had to be disclosed to a doctor, hospital, or other third party. In such a case, the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed where the data subject is a client of the controller (Recital 47, second sentence, GDPR).

Finally, processing operations may be based on Article 6(1)(f) GDPR. All visitors to our website can contact us in writing regarding data protection issues at:

Holz Frank GmbH & Co. KG
Owner: Fabian Frank
Houbirgstrasse 9
91217 Hersbruck
Email: [email protected]
Our information obligations pursuant to Articles 13 and 14 of the GDPR can be found here:

Applicants

Customers/Prospective Customers