Thank you for visiting our website and for your interest in our company. The protection of your personal data is important to us. Below we inform you in accordance with the General Data Protection Regulation (GDPR) about the handling of your personal data when using our website at https://www.klosterfrau.com.

MCM Klosterfrau Vertriebsgesellschaft mbH
Gereonsmühlengasse 1-11
50670 Cologne
Germany
Tel.: +49 221-1652-0
Fax: +49 221-1652-430
Email: dialog@klosterfrau-service.de

Alexander Bugl
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Eifelstraße 55
93057 Regensburg
Germany
Office phone: +49 941-630 49 789
Mobile: +49 176-10 31 26 88
Email: Datenschutz.buglundkollegen@klosterfrau.de 

1. Informational use of the website

You can visit our website without providing any personal information. If you use our website for informational purposes only, we do not process any personal data, with the exception of the data that your browser transmits to enable you to visit the website.

Technical provision of the website 

For the purpose of the technical provision of the website, it is necessary that we process certain automatically transmitted information from you so that your browser can display our website and you can use the website. This is technical information that is automatically collected each time you visit our website and stored in our server log files, such as:

• IP address;
• Browser type/version (Ex: Firefox 59.0.2 (64 bit));
• Browser language (ex.: German);
• Operating system used (Ex: Windows 10);
• Inner resolution of the browser window;
• Screen resolution;
• Javascript activation;
• Java On / Off;
• Cookies On / Off;
• Color depth;
• Referrer;
• Time of access.

Furthermore, we use cookies to make our website available to you for use. Cookies are text files that are stored in the internet browser or by the internet browser on your end device when you call up a website. A cookie contains a characteristic string of characters that enables unique identification of the browser when the website is called up again. We use these cookies exclusively to provide you with our website and its technical functions. Some functions of our website cannot be offered without the use of cookies. The following information is stored in the cookies and transmitted to us: Cookie ID, login information.

Your information collected through the above cookies will not be used by us to create user profiles or to evaluate your browsing behavior.

We process your personal data for the technical provision of our website on the basis of the following legal grounds:

• for the performance of a contract or for the execution of pre-contractual measures pursuant to Art. 6 (1) (b) GDPR, insofar as you visit our website to obtain information about us; and
• to protect our legitimate interests pursuant to Art. 6 (1) (f) GDPR in order to be able to provide you with the website technically. Our legitimate interest is to be able to provide you with an attractive, technically functioning and user-friendly website, as well as to take measures to protect our website from cyber risks and to prevent our website from posing cyber risks to third parties.

2. Processing for the purposes of analysis, advertising and remarketing 

For the purpose of advertising and remarketing, we use cookies and the tools explained below.

For this purpose, we only process your personal data if you have given us your consent to do so. The legal basis is Art. 6 (1) (a) GDPR. Once you have given your consent, you can revoke it in whole or in part with effect for the future by going to the cookie page, calling up the "cookie settings" again and changing your selection.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website such as

• Browser type/version,
• operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of the server request,

are usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. We have also extended Google Analytics on this website with the code "anonymizeIP". This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

IP anonymisation

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Google Tag Manager

On our website, we use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Google Tag Manager service itself (which implements the tags) is a cookieless domain and does not collect any personal data. The Google Tag Manager service takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

3. Social media links

Links to external services such as Facebook, Instagram, Pinterest and Google Maps are integrated on our website. After clicking on the link, you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on how your data is handled when using the websites of other providers, please refer to the respective data protection notices.
 

4. Plugins and tools

Google reCaptcha

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on our websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

The purpose of reCAPTCHA is to check whether the data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Legal basis for processing is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://policies.google.com/privacy and https://www.google.com/recaptcha/about/.
 

5. Active use of the website

In addition to the purely informational use of our website, you can also actively use our website. In addition to the processing of your personal data described above for purely informational use, we will then also process further personal data from you as described below.

Contact requests

In order to be able to process and respond to your inquiries to us, e.g. via the contact form or to our email address, we process the personal data from you that you provide in this context. In any case, this includes your name and email address in order to send you a reply, as well as the other information you send us as part of your communication.

We process your personal data to respond to contact requests in order to protect our legitimate interests pursuant to Art. 6 (1) (f) GDPR; our legitimate interest is to respond to contact requests appropriately.

In our companies, only those employees who need your personal data to fulfill our contractual and legal obligations will have access to it. Your data will only be passed on to external bodies if this is permitted or required by law or if you have given your consent.

Below we list the categories of external recipients of your data:

• Affiliated companies within the group of companies, insofar as they act as service providers for us and provide e.g. IT services, insofar as this is necessary for the provision of our services or if and insofar as they require the data for the fulfillment of our contractual and legal obligations or on the basis of our legitimate interests.
• Private entities outside the Group, such as in particular online media agencies that support us in carrying out advertising measures on our websites, as well as IT service providers that support us in the operation, administration and maintenance of our websites, among other things.
• Public authorities and institutions, insofar as we are legally obligated to do so. For example, as part of our legal obligation, we report reported quality defects of our products (e.g. complaints and counterfeits) to the state authorities responsible for the companies of the Klosterfrau Group. As part of our legal obligations, we report the data we collect in the course of non-interventional studies or observational studies to the respective competent authorities to which we are obliged to report.

We only transfer data to countries outside the European Union or the European Economic Area (so-called third countries) if this is necessary or legally permitted or required, if you have given us your consent, or within the scope of commissioned processing.

If service providers in the third country are used, they are obligated to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses. Alternatively, we transfer the data on the basis of an adequacy decision of the European Commission.

For further information, please contact our data protection officer.

When using our website for purely informational purposes, we generally store your personal data on our servers exclusively for the duration of your visit to our website. After you have left our website, your personal data will be deleted immediately.

When you actively use our website, we initially store your personal data for the duration of the response to your inquiry.

In addition, we then store your personal data until any legal claims arising from the relationship with you become time-barred, in order to use them as evidence if necessary. The limitation period is usually between 12 and 36 months, but can also be up to 30 years.

We delete your personal data when the statute of limitations expires, unless there is a legal obligation to retain it, for example from the German Commercial Code (§§ 238, 257 para. 4 HGB) or from the German Fiscal Code (§ 147 para. 3, 4 AO). These retention obligations can be two to ten years.

You are entitled to the following rights as a data subject under the legal conditions, which you can assert against us:

Right of access: You are entitled to request confirmation from us at any time within the scope of Article 15 of the GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Article 15 of the GDPR to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data.

Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data stored about you if it is inaccurate or incorrect.

Right to erasure: You have the right, under the conditions of Art. 17 GDPR, to demand that we delete personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of the personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) compliance with a legal obligation to which we are subject (e.g. legal obligations to retain records) or (iii) the assertion, exercise or defense of legal claims.

Right to restrict processing: You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.

Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to demand that we hand over to you the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

Right of withdrawal: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
 

Information about your right to object according to Art. 21 GDPR

1. You have the right to object at any time to the processing of your data which is carried out on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a balance of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest), if there are grounds for doing so which arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

2. We also process your personal data in individual cases for the purpose of direct advertising. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will observe this objection for the future.

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

You may address requests to exercise your aforementioned data protection rights either to us using the contact details of the controller provided above or to our external data protection officer using the contact details provided above.

In addition, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

In principle, you are not obliged to provide us with your personal data. However, if you do not do this, we may not be able to provide you with our website in its entirety and without technical errors, and we may not be able to answer your inquiries to us. Personal data that we absolutely need for the above-mentioned processing purposes are marked with an "*" or another sign as mandatory information.

We do not use any procedures for purely automated decision-making in individual cases (including profiling) pursuant to Art. 22 GDPR.

Status: 08.11.2023