Data protection & Privacy policy

1. Scope, general information and contact data of the responsible person

In the following we inform you about the collection and processing of personal data in the context of the use of the possibilities of this website and the use of services of the waaf.net GmbH (in the following provider).

In this data protection declaration, the user is informed about the type, scope and purpose of the collection and processing of his/her personal data by the provider.
Responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is waaf.net GmbH, Achim Schmidt, Äußere Nürnberger Straße 62, DE 91301 Forchheim, Germany, Tel.: +49-9191-839968-0, E-Mail: hallo@waaf.net.


2. Data Security

This site uses SSL or TLS encryption to protect the transmission of personal information and other sensitive content. You can recognize such an encrypted connection by the string "https://" and the lock icon in the address bar of your browser.

Any information you provide to us will be stored on servers located within the European Union.


3. Collection of general information by visiting our website

When you access our Web site, we automatically record information that your browser sends to us. This information, which is stored in so-called server log files ("access log files"), includes in particular
- The address of the requested web page
- Date and time of access
- Amount of data transferred
- Message/HTTP status code indicating successful retrieval
- the type and version of browser used
- User's operating system
- Referrer URL (the previously visited page)
- IP address

This data is not transmitted or otherwise processed. They are only stored to improve and maintain the functionality of our website. According to Art. 6, par. 1 GDPR, this is a legitimate interest. However, we reserve the right to check the server log files at a later date if there are indications of illegal use.


4. Cookies

In order to make visiting our website attractive and to enable the use of certain functions in the first place, we use so-called cookies on various pages. These are small text files that are stored on your computer by your browser. Some of the cookies we use are deleted after the end of the visit (i.e. after closing the browser) (so-called session cookies).

In order to make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are stored on your computer by your browser. Some of the cookies we use are deleted after the end of your visit (i.e. when you close your browser) (so-called session cookies).

Other cookies are stored for a longer period of time and allow us to recognize your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

This cookie information is not shared and we do not use third party cookies.

Cookies set by us are used to enable the ordering process or the use of the customer area. If personal data is processed by a cookie set by us, this processing is carried out in accordance with Art. 6, par. 1 GDPR either to fulfill contractual obligations or to protect our legitimate interest in realizing the best possible functionality of our website as well as a user-friendly design of your visit to our website.
You can set your browser so that you are informed about the setting of cookies and can decide whether to accept or reject them.
Depending on the browser you are using, you can configure these cookie settings differently:

Firefox: support.mozilla.org/en/kb/block-cookies
Chrome: support.google.com/chrome/answer/95647
Safari: support.apple.com/kb/ph21411?locale=en_US

Please note that blocking cookies may limit the functionality of our site.


5. Use of Piwik

This website uses Piwik, an open source software that collects and stores information. This information is used for marketing and optimization purposes. For this purpose, Piwik creates user profiles with a pseudonym from the data. For this purpose, the software stores cookies on your computer, which can be used to analyze your use of the website.
Your IP address is anonymized immediately after processing and before storage. The data is stored on the provider's servers in Germany. If you do not want Piwik to store cookies, you can adjust your browser settings to prevent the installation of cookies (see 4.). In this case, however, you may not be able to use all the features of the website.



6. Use of Script Libraries (Google Webfonts)

In order to display our content correctly and graphically appealingly across browsers, we use script libraries and font libraries such as B. Google Webfonts (https://www.google.com/webfonts/). Google Web Fonts are cached in your browser to avoid multiple downloads. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a default font. When you access a script or font library, you automatically connect to the library owner. It is theoretically possible - although currently unclear whether and for what purpose - that the operators of such libraries may collect data.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/


7. Contact and Online Application

If you contact us via email, our contact form or our support/ticket system, the data you provide in the email or the respective form will be collected and processed.
This data is stored and used by us solely for the purpose of responding to your inquiry or for the actual establishment of contact and related technical administration.
The legal basis for this processing is the legitimate interest in responding to your request pursuant to Art. 6, para. 1 GDPR. If your inquiry is aimed at the conclusion of a contract, this is another legal basis for processing in accordance with Art. 6, par. 1 GDPR.
After processing your request, the data you have provided will be deleted, unless there is a legal obligation to retain it.


8. Newsletter Subscription

By registering and agreeing to receive our email newsletter, you agree to receive regular information about our offers and promotions.
As part of the newsletter registration process, you will receive a confirmation email asking you to validate your email address by clicking on a confirmation link in order to be added to our email distribution list (so-called "double opt-in").
Consent to receive our newsletter is voluntary and can be given at any time by an informal request or by using the unsubscribe link contained in each newsletter.
A valid e-mail address is required to receive our newsletter. We also store the IP address used to register and the date the newsletter was ordered. These data serve as proof of misuse if a third party's email address is registered for the newsletter.
According to Art. 6, para. 1 GDPR, the legal basis for this processing is the provision of the services resulting from your newsletter subscription.


9. Data processing for the opening of an account and for the execution of the contract

According to Art. 6, para. 1 GDPR, your personal data is collected and processed to the extent that you have provided it to us for the purpose of providing services under a contractual relationship or in connection with the opening of a customer account. What data is actually collected can be found in the respective input forms or contracts. You may delete your account at any time by sending an informal request to us at the above address. If your customer account has been deleted or if the contractual relationship between you and us has expired, your data will be blocked taking into account the retention periods under tax and commercial law and finally deleted after these periods have expired.


10. Data processing for order processing

In order to fulfill our obligations under the purchase and service contracts we have entered into with you, we may need to share some personal information with third parties.

a) When paying by direct debit, we pass on your payment details to VR Bank Bamberg-Forchheim eG Volks-Raiffeisenbank, Willy-Lessing-Str. 2, 96047 Bamberg.

b) If you choose to pay by "PayPal", we will forward your payment information to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Further information on data protection, including information on the credit agencies used, can be found in PayPal's data protection declaration: www.paypal.com/de/webapps/mpp/ua/privacy-full.

c) We regularly check the creditworthiness of existing customers when concluding contracts and in certain cases where there is a legitimate interest. For this purpose, we work together with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany, from whom we obtain the necessary data. For this purpose, we transmit your name and contact details to Creditreform Boniversum GmbH. The information according to Art. 14 GDPR on the data processing carried out by Creditreform Boniversum GmbH can be found here: www.boniversum.de/EU-DSGVO

d) In the context of domain registrations, we transmit certain personal data (name, address, contact data) to the respective registration authorities (e.g. DENIC for .de domains) in accordance with Art. 6, para. 1b GDPR, so that you can be registered as the holder of your domain name. These data are stored in the respective Whois databases of the registration authorities and are publicly accessible to varying degrees via the respective Whois queries of the registration authorities. In the context of the registration of domain names under a non-EU top-level domain, your data will be transferred to third countries in accordance with Art. 49, para. 1b GDPR.


11. Retention period of personal data

We store personal data for as long as we are obliged to do so by commercial and tax law retention periods. After the expiration of these periods, the corresponding data will be automatically deleted by us, unless they are still required for the performance of services under existing contracts, for the initiation of new contracts or due to legitimate interests on our part.


12. Rights of the data subject

Based on the applicable data protection law, you have extensive rights of information and intervention, about which we inform you here:

• Right of access according to Art. 15 GDPR
You have the right to obtain information about the personal data stored and processed by us, the purpose of this processing, any transfer and disclosure, the duration of storage and the type of storage.

• Right to rectification according to Art. 16 GDPR
You have the right to have inaccurate or incomplete data completed or corrected immediately.

• Right of erasure ("right to be forgotten") according to Art. 17 GDPR
You have the right to request the deletion of your personal data if the conditions set out in Art. 17, para. 1 GDPR are met.
However, this right does not exist, inter alia, if the storage and processing is necessary to
- to exercise the right to freedom of expression and information,
- for compliance with a legal obligation which requires processing under the law of the Union or of a Member State to which the controller is subject
- for archiving purposes in the public interest, for scientific or historical research or for statistical purposes pursuant to Art. 89, para. 1 GDPR,
- for the establishment, exercise or defense of legal claims.

• Right to restrict processing pursuant to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful, if the data are no longer necessary for the purposes of the processing or if you object to the processing in accordance with Art. 21, para. 1 GDPR.

• Right of access according to Art. 19 GDPR
As far as you are not entitled according to Arts. 16 - 18 GDPR, we will transmit this deletion, correction or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

• Right to data portability pursuant to Art. 20 GDPR
You have the right to have all personal data provided by you made available to us in a structured, customary and machine-readable format or to have it transferred to another controller, insofar as this is technically feasible and the rights and freedoms of other persons are not affected.

• Right to complain according to Art. 77 GDPR
If you consider that the processing of your personal data does not comply with the principles of the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority.

• Right to revoke the given consent according to Art. 7 para. 3 GDPR
You have the right to revoke your consent to the processing of your data at any time with effect for the future. In the event of such a revocation, we will immediately delete your data. Such revocation of consent does not affect the lawfulness of the processing carried out on the basis of the original consent up to the time of revocation.

Forchheim, May 21, 2018