Skip to content Skip to footer
Close

Data Protection

With this information, the responsible body (“We”) named in item 1 informs the user of the website (“You” or “User”) about the collection and processing of personal data in accordance with Art. 13 and 14 of the General Data Protection Regulation (DS-GVO). At the same time, we inform you if we store information in the terminal equipment that you use when calling up our websites or if we access information that is already stored in your terminal equipment.

For the use of Internet pages of other providers, which are referred to e.g. via links, the data protection information there applies.

A General information

1 Responsible data processor and data protection officer
1.1 The responsible data processor for this website is: Ambrose Advice e.U. (see contact page for contact information).
1.2 You can reach the data protection officer by e-mail via the address in point 1.1. with the address addition “for the attention of the data protection officer”.
1.3 Our website is hosted by ALL-INKL.COM (www.all-inkl.com), i.e. technically provided on web servers of this web hoster. The web hoster is a processor obligated by us according to Art. 28 DS-GVO.

2 Data subject rights
You have the following rights as a “data subject” if personal data is collected from you by us:

2.1 Right to information

You can request information in accordance with Art. 15 DS-GVO about your personal data that we process.

2.2 Right to object
You have a right to object on the specific grounds of Art. 21 (1) DS-GVO. We inform you about this separately from this information under “B”.

2.3 Right to rectification
If the information concerning you is not (or no longer) accurate, you may request a correction in accordance with Art. 16 DS-GVO. If your data is incomplete, you may request that it be completed.

2.4 Right to deletion
You can demand the deletion of your personal data under the conditions of Art. 17 DS-GVO.

2.5 Right to restriction of processing
You have the right to request restriction of the processing of your personal data (“blocking”) in the cases of Art. 18 DS-GVO.

2.6 Right to complain
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your own choice in accordance with Art. 77 (1) DS-GVO.

2.7 Right to data portability
In the event that you have provided us with personal data pursuant to Art. 20 (1) DS-GVO, you have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to third parties in a structured, common and machine-readable format. The collection of data for the provision of the website and the storage of log files (section 3.1 below) are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6 (1) (a) DS-GVO or on a contract pursuant to Art. 6 (1) (b) DS-GVO, but are justified pursuant to Art. 6 (1) (f) DS-GVO. Accordingly, the requirements of Art. 20 (1) DS-GVO are not met in this respect.

3 Procedure: Provision of the website and creation of log files

3.1 What data is processed for what purpose?
Each time the content of the website is accessed, the web server of our web hoster, where our website is stored, temporarily collects and stores information (data) from the internet browser of the calling computer or end device of the user. This data may enable the user to be identified and is therefore personal data.
3.1.1 The following data is collected and stored by our web hoster:
    IP address of the user, date and time of the call of the website, the protocol, e.g. HTTP, the request method “Get” or “Post”, the content related to the request or the indication of the retrieved file, which was transmitted to the user, the access status (successful transmission, error etc), the amount of data transferred in each case in bytes incoming and outgoing data traffic (“traffic”), a process identification number (“process ID”), the duration until the web server has answered the user’s request, the web page from which the user’s access was made, the browser used by the user, the operating system, the interface, the language of the browser and the version of the browser software.
3.1.2 The temporary storage of this data of the user is necessary for the course of a website visit to enable the delivery of the website. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session (i.e. the website visit).
3.1.3 Further storage of the IP address with the subsequently named data from the above list beyond this purpose takes place in log files (logs). This is done so that our web host can ensure the functionality of the website and the security of the information technology systems.

3.2 On what legal basis is this data processed? The data from section 3.1 are collected and processed by our web host for the aforementioned temporary storage purpose and also for the further storage purpose according to Art. 6 para. 1 letter f DS-GVO. The legitimate interest in the data processing also lies in this purpose. This legitimate interest is the interest of our web hoster, but also our legitimate interest in a functional website.

3.3 Are there other recipients of the aforementioned data besides the responsible party? Our web hoster, as our processor, has technical access to the data mentioned in 3.1.

3.4 How long is the data stored? The data from 3.1.1 are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of website provision, this is the case when the respective session has ended. The log files are kept for a maximum of 7 days, unless a security event requires longer retention. [Design note: Here you must describe, in deviation from the standard text, a different individual handling on your part].

3.5 Is there an obligation to provide data? You must provide the data from 3.1 to our web hoster. Otherwise, you will not be able to use our website technically and our web hoster cannot guarantee secure technical operation.

4 Data processing procedures

4.1 Data and information processing requiring your consent
Insofar as we may only collect and process personal data with your consent, we provide information on this in our consent banner in the context of the consent dialog.

4.2 Use of e-mail address and contact form data based on legitimate interests
4.2.1 Which data is processed for which purpose?
Insofar as we provide you with an e-mail address and a contact form provided with input fields, this serves the purpose of enabling you to contact us. If you provide us with personal data, we will store it and process it for the purpose of contacting you. [Design note: If you design your contact form for other purposes, you must modify the standard text and also inform us about these purposes. For example, if you also forward the personal data entered and transmitted to you for third-party advertising after somewhere].
4.2.2 On what legal basis are these data processed?
The data from point 4.2.1 are processed on the basis of Art. 6 (1) letter f DS-GVO (legitimate interest of us as the controller). If your request is aimed at the conclusion of a contract, then Art. 6 (1) letter b DS-GVO is an additional legal basis (initiation, conclusion and execution of a contract).
4.2.3 Are there other recipients of the aforementioned data besides the responsible party?
Our web host, as our processor, has technical access to the data mentioned in 4.2.1. [Note: If you use another service provider (mail provider), this must be designated instead of “Our web host”].
4.2.4 How long will the data be stored?
The data from 4.2.1 will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent to us by e-mail or the contact form, this is the case when the respective correspondence with the user has ended and storage is not still required for other reasons. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
4.2.5 Is there an obligation to provide data?
You are not obliged to provide us with data from 4.2.1. You do not have to communicate with us.

4.3 Use of the session cookie “wbk_sid” based on legitimate interests.
[Design note: If login and contact form are not used, section 4.3 does not apply, because then this cookie is not set at all. If only one of the two services is not used, the following text must be used for either one or the other service only].
4.3.1 Which data is processed for which purpose?
As soon as you use the login form or the contact form, the session cookie “wbk_sid” is stored on your terminal by default. This cookie contains a long combination of numbers and letters (“ID”). The purpose of the cookie is to enable the user to be recognized as such in the event that login data or contact information is sent and to distinguish the user from abusive users (e.g. SPAM bots).
4.3.2 On what legal basis is this data processed?
The information in this cookie does constitute personal data. However, the use of the “wbk_sid” cookie does not require consent under data protection law because the data processing is necessary to protect the legitimate interests of the website operator and because the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail. Consequently, the legal basis for the data processing is Art. 6 (1) sentence 1 letter f DS-GVO.
4.3.3 Are there other recipients of the aforementioned data besides the responsible party?
Our web hoster, as our processor, has technical access to the data mentioned in
4.3.4 How long is the data stored?
If the user closes the browser, then the cookie on the user’s operating system is automatically deleted. It is therefore only valid for the duration of the visit to the websites (session cookie).
4.3.5 Is there an obligation to provide data?
You are obliged to provide us with data from 4.3.1. Otherwise, you will not be able to use the login form or the contact form.
4.3.6 Consent to the use of the cookie?
Your consent to the storage of information about the cookie “wbk_sid” in your terminal equipment or our access to this information stored in your terminal equipment is dispensable, because storage and/or access are absolutely necessary for you to be able to use the login form or the contact form (§ 25 para. 2 no. 2 TTDSG).

5 Processing of information from your end devices


5.1 Insofar as we want to store information in the terminal equipment that you use when visiting our websites and/or access information that is already stored in your terminal equipment, we will ask you for your consent on the basis of clear and comprehensive information. This is done via a consent banner deployed by us (Consent Banner). We obtain any necessary consent before we access your data. Your consent is revocable by you at any time. However, for certain purposes stated in the law, your consent is not necessary, so that we do not ask for it in these cases. On the one hand, consent is not required if the sole purpose of storing information in the end user’s terminal equipment or the sole purpose of accessing information already stored in the end user’s terminal equipment is to carry out the transmission of a message via a public telecommunications network. On the other hand, consent to the use of your terminal equipment is not required if the storage of information in the terminal equipment of the end user or the access to information already stored in the terminal equipment of the end user is absolutely necessary so that we, as the provider of a telemedia service, can provide a telemedia service expressly requested by the user.

5.2 Such access to end devices is possible via certain technologies. The best-known technology concerns cookies. Cookies are objects that can be stored in the Internet browser or by the Internet browser on the user’s terminal equipment. When a user accesses a website, the server of the website operator or a third party can read the cookie stored there via the user’s operating system and consequently the information stored therein. A cookie may, but does not have to, contain a characteristic character string that enables unique identification of the User’s browser when the Website is called up again.

5.3 Removal option: The User can prevent or restrict the installation of cookies by setting his browser accordingly. Cookies that have already been stored can also be deleted at any time by the user via his browser. The settings for this depend on the respective browser. If the user prevents or restricts the installation of cookies, however, this may mean that not all functions of the website can be fully used. What applies to cookies also applies to other technologies that use the user’s terminal device.

5.4 Cookies requiring consent and similar technologies: Our consent banner on the website provides information on cookies and similar technologies that require consent.

5.5 Cookies and similar technologies that do not require consent: For cookies and similar technologies that do not require consent, we have documented internally that consent is not required in accordance with Section 25 (2) TTDSG.

6 Consent banner (Consent banner).

6.1 In order to be able to obtain legally required consent from you for certain services or functions or to observe your revocation in this regard, you will be shown a consent banner (Consent Banner). Your consent or non-consent concerns our use of your terminal device (computer, laptop, smartphone, tablet) through cookies or similar technologies, with which information can be stored on or read from your terminal device. Your consent may also be required for the processing of personal data by us or third parties pursuant to Article 6 (1) sentence 1 letter a DS-GVO, which is associated with your use of our websites. In certain cases, the law allows us to use your terminal device without your consent and/or also the subsequent processing of your personal data without your consent.

6.2 We use the consent banner to inform you about all services or features that require your consent before we use the service or feature. The consent banner consists of an overview of all processing operations that require consent and describes details of each so that you as a user can assess the meaning and scope of your consent. You can consent to each process via a button/click area by activating it or reject this process by deactivating it. There are three ways to decide:
– Choosing “Make selection and save” will result in the user’s decision being saved as made by their selection via the button/click area. All services and functions requiring consent to which the user agrees are active and can be used. The services and functions that cannot be used without consent are not included on the website.
– Choosing “Decline all and save” will result in this decision not being saved. The user’s decision is thus that he does not consent to anything that requires his consent and has the consequence that all services and functions that require consent do not work for this user. The banner will be hidden.
– Selecting “Accept and save all” will result in all services and features requiring consent being “armed”. This means that you have given consents according to the GDPR and also agree to the end device usage. The banner will then be hidden.
In the course of his further use of the websites, the user can actively bring about the display of the consent banner by revoking the consent given or by obtaining consent that was not initially required. To do this, the user clicks on the “Consent settings” link. The Consent banner appears again.
Your consent can thus be revoked at any time with effect for the future. A later revocation no longer affects the legality of the access or storage of information that took place until the revocation.

6.3 All three aforementioned decisions of the user (“Make selection and save”, “Reject all and save” or “Accept all and save”) are stored via the browser of the user’s end device in the so-called “local storage” on the user’s end device. The storage there is permanent. The information is stored in the “wbkConsent” object. This technology is not a cookie in the true sense. The information in the “wbkConsent” also has no personal reference, i.e. the user is not recognized when he or she calls up the WBK user’s website again. The selection decision for consent is not stored on our server. This use of the user’s terminal device is free of consent according to § 25 para. 2 no. 2 TTDSG (user request). [Design note: If you include content requiring consent on your website and do not link it to the consent banner (which we strongly advise against), then not all of the information under points 5 and 6 is correct and must be adjusted].

7 Technical measures

7.1 SSL/TSL
For security reasons and to protect the transmission of confidential content, for example by means of inquiries that you send to us as the site operator, our web pages are provided with active SSL or TLS encryption. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and a lock symbol can be seen in the browser line. As a result of this encryption, data that you transmit to us cannot be read by third parties. [Note: Make sure that you store a valid SSL/TLS certificate in the KAS and that the “Force SSL” option is activated. If this is not done, then section 7.1 of this privacy policy is incorrect and must not be used].

7.2 End-to-end communication
If you contact us by means of an e-mail address provided on our websites, the transport of the content of the e-mail to us is not end-to-end encrypted. This means that although the e-mails are usually encrypted during transport via the e-mail providers involved, they are not encrypted on the servers there. Contacting us via the contact form provided is therefore technically a secure communication.

7.3 Video integration

Insofar as you can view videos on our websites that are marked as external links to third-party websites, this is done exclusively via the technology of linking to the respective referred website or to a video portal of a third-party provider. These videos are stored there under the data protection responsibility of the respective third-party provider. The respective linked website or video portal is therefore not directly embedded in our websites. This ensures that user information is not transmitted to the portal as soon as the web page on which the video is integrated is loaded. It is also guaranteed that cookies or similar technologies for tracking user activities of the portals or the advertising partners of these portals cannot be set on your end device via the mere linking. Only after your deliberate click on the video preview image is a connection to the portal of the third-party provider established and the associated data processing triggered. However, this and the associated possible data processing of your user data on the linked portal then occurs exclusively as a result of your desire to view the video there. The data processing triggered by this is beyond our control and is subject to the responsibility of these third-party providers, who provide more or less detailed information about their data processing. If you do not agree with the data processing by the third-party provider, please do not click on the video preview image. [Design note: As soon as you embed external videos outside of the video widget described above, you must comprehensively inform yourself about the associated use of the end devices of the users of your websites and about the associated data processing and inform your users accordingly].
B Special information

Special right to object pursuant to Art. 21 (1) DS-GVO.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data carried out on the basis of Article 6(1)(f) DS-GVO (processing for the purposes of safeguarding the legitimate interests of us or those of a third party), in accordance with Article 21(1) DS-GVO. You can send the objection to the address in section 1.1.

We will then no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

In the event of your objection, you must provide us with a detailed explanation of any interests you may have (your “special situation”) so that we can carry out a new weighing of interests. If our interests in the further storage do not outweigh your interests, the personal data stored in the course of contacting us will be deleted. If they still outweigh our interests, we will continue to process the data.
Go to Top