This declaration regulates the protection of your personal data, which are important to us. We have taken all technical and organisational measures to properly implement the legal data protection requirements and are continually developing them further.
To make the data protection declaration easier to understand, we will first explain some important terms of the General Data Protection Regulation (GDPR).
Personal data is all information that can be used to identify a person. The identification can take place directly or indirectly via different characteristics.
Typical examples of direct personal data are name, address, e-mail addresses, telephone number, location data, date of birth. Typical examples of indirect personal data are IP addresses or user data stored in server log files.
Data subject is an identified or identifiable natural person whose personal data are processed.
Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any form of automated processing of personal data, consisting in the use of such personal data to evaluate certain personal aspects which relate to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or relocation of that natural person.
The responsible data controller is the natural or legal person, authority, body, office or other body which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or certain criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
A third party is a natural or legal person, authority, institution or other body than the data subject, the data controller, the data processor, and the persons authorised to process the personal data under the direct responsibility of the data controller or the data processor.
Data subject's consent is any voluntary, specific case, informed and unequivocal expression of consent in the form of a declaration or other clear affirmative act by which the data subject indicates his/her consent to the processing of his/her personal data.
We would like to point this out,
1. that data transmission over the Internet (e.g. communication by e-mail) may have security gaps and that complete protection of data from access by third parties is not possible.
2. that your browser transmits your IP address when you visit our website. The IP address is required to uniquely identify the device you are using for data transport.
This data protection declaration applies to the processing by:
2. Data protection officer
You can contact our data protection officer:
3. Categories of personal data, purposes and legal bases
Server log files
When you visit our website www.bakeline.de, the provider of the pages automatically and temporarily collects and stores information in so-called server log files, which your browser automatically transmits to us and stores until it is automatically deleted. These are:
- IP address of the requesting computer
- Browser type and browser version
- Operating system used
- Name and URL of the retrieved file
- Referrer URL (website from which access is made)
- Host name of the accessing computer (name of your access provider)
- Date and time of the server request
This data cannot be assigned to specific persons. These data are not combined with other data sources. We reserve the right to check these data subsequently if we become aware of concrete indications of an illegal use.
Processing is carried out for the following purposes:
Establishing of connection, stable and comfortable use, evaluation of system security, administration of our website
The legal basis is Art. 6 (1) p. 1 lit. f GDPR. The operation of an Internet site is a legitimate interest.
Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are used to make our website more user-friendly, effective and secure, as well as for statistical evaluations. Cookies are small text files that your browser automatically creates when you visit our website and stores on your terminal device.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit.
Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website. It stores which entries and settings you have made so that you do not have to make these entries again.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases. You can also exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.
Processing is carried out for the specified purposes
The legal basis is Art. 6 (1) p. 1 lit. f GDPR. The operation of the website is in our legitimate interest or that of a third party.
Tracking cookies are only used by us if you have expressly given your consent in advance. Tracking cookies show, among other things, which pages you have already visited and serve statistical purposes (evaluation and improvement of our website).
The legal basis is your voluntary consent pursuant to Art. 6 (1) p. 1 lit. a GDPR.
4. Justified interests
The operation of a website is a legitimate interest.
5. Disclosure of data to recipients or categories of recipients
The indirect personal data may be forwarded to web hosters, tool plugin providers, IT service providers, etc. . For further explanations, please refer to section 15 "Tools used" in this data protection declaration.
We will only pass on your direct personal data to third party if the following conditions are met:
- There is express consent in accordance with Art. 6 (1) lit a GDPR
- Processing is necessary to safeguard the data controller's legitimate interests under Article 6 (1) lit f GDPR, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.
- The processing is necessary to fulfil a legal obligation under Art. 6 (1) lit c GDPR to which the person responsible is subject;
- The processing is necessary for the performance of a contract under Art. 6 (1) lit b GDPR to which the data subject is a party, or for the implementation of pre-contractual measures taken at the request of the data subject;
6. Transfer of data to a third country
We do not intend to transfer your direct personal data, such as name, address, e-mail addresses, telephone number, date of birth, etc., to a third country. When using the Internet, however, technical data such as IP addresses or other technical user data (e.g. cookies) are also transmitted.
If tools or plug-ins are used on our website, indirect personal data may be transferred to the USA. This transfer is based on the EU Commission's decision of 12 July 2016 on the adequacy of the EU-US Privacy Shield between the European Union and the USA. For further explanations, please refer to section 15 "Tools used" in this data protection declaration.
7. Storage time
Your personal data will be deleted as indicated in this data protection declaration as soon as the purpose for which they were collected has ceased to exist, unless we are obliged to store them on a statutory basis.
8. Right to information, correction, deletion, restriction, objection, data transferability
You have the right of access to personal data about you (Art. 15 GDPR), the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, in particular recipients in third countries and the planned storage period. If data has not been collected from us, you have the right to information about the origin of the data. In addition, you have the right to have your data corrected (Art. 16 GDPR) or deleted (Art. 17 GDPR) or to have processing restricted (Art. 18 GDPR) and to have your data transferred (Art. 20 GDPR). The right to data transfer includes the provision of personal data concerning them in a structured, common and machine-readable format so that the data can be transferred to another controller without hindrance.
In addition, you have the right to object to the processing (Art. 21 GDPR), provided that we process your data on the basis of a legitimate interest asserted by us (Art. 6 para. 1 sentence 1 lit. f GDPR) and provided that you have reasons arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you can object without specifying a special situation.
9. Revocation of consent
If you have given us your consent to process your personal data, you have the right to revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation (Art. 7 (3) GDPR)
You can assert your rights of objection or revocation via the contact details of the person responsible or data protection officer.
10. Right of appeal
You have the right to complain to the supervisory authority of your place of residence (Art. 77 GDPR).
11. Necessity of providing personal data
You are neither legally nor contractually obliged to provide us with your personal data. However, the provision of your indirect personal data (IP address, cookies) is required for visiting our website.
12. Automated decision making
Automated decision making based on personal data, including profiling and scoring, does not take place.
13. Processing for other purposes
Further processing for purposes other than those for which the personal data was collected does not take place. Should this become necessary, we will provide you with information about this other purpose and all other relevant information prior to this further processing.
14. Data security
We use the SSL or TLS (Secure Socket Layer, Transport Layer Security) procedure on our website. The data transfer is encrypted with 256 bit, if supported by your browser. Otherwise 128-bit encryption is used. You can recognize the encrypted transmission by a lock symbol in your browser.
In addition, we have taken technical and organizational measures to ensure the security of your data on an ongoing basis.
15. Status of the data protection declaration
This data protection declaration is valid as of March 21, 2022 and is subject to change if the content of our website changes, if legal regulations change or if official requirements have to be implemented.
©2022 ZEiD GmbH. This data protection declaration is protected by copyright.