Privacy Policy

This privacy policy (“data protection declaration”) informs you about the collection, processing and use of your data (“data processing”) on the website of Fleury & Fleury GbR.

 

It describes the processing of personal data on our website » https://www.fleuryfleury.com/ including the subpages. If you leave our website via a link or visit our website on a social media platform, you also leave the area of application of this privacy policy.

 

We explain to you below,

 

  • who is responsible for data processing on our website,

  • the legal basis on which we process data,

  • when or for which actions we process data,

  • which data we process for which reasons,

  • who receives data, and

  • which rights you have with regard to data processing by us.

 

You can retrieve, print or download this privacy policy permanently and at any time at » https://www.fleuryfleury.com/­en/privacy-policy.

Responsible for data processing

Responsible for data processing within the scope of this website in accordance with the General Data Protection Regulation (GDPR) is:

Fleury & Fleury GbR

Zollstockgürtel 61
50969 Cologne
Germany



Legal basis

We process your personal data on the basis of the European Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG):

 

  • On the basis of a consent pursuant to Art. 6 para. 1 a) GDPR, insofar as you have expressly agreed to the type and scope of data processing. You can revoke your consent at any time with effect for the future. This does not affect the processing that has taken place up to this point in time.

  • For the purpose of fulfilling the contract or implementing pre-contractual measures pursuant to Art. 6 para. 1 b) GDPR to the extent necessary for exercising the rights and obligations arising from the contract or the pre-contractual legal relationship.

  • On the basis of legal obligations pursuant to Art. 6 para. 1 c) GDPR, insofar as this is necessary to fulfil German or European statutory obligations.

  • On the basis of legitimate interest pursuant to Art. 6 para. 1 f) GDPR, insofar as we have a legitimate interest and no conflicting overriding interests of the party or parties concerned are evident. The specific interest is explained in this privacy statement in the context of the processing description.

Scope of processing of personal data

Making our websites available requires the processing of various information. Furthermore, the scope of data processing depends on your use of the functionalities of the websites, for example if you communicate with us via the contact form or agree to the processing of data.

You do not have to provide us with personal data. However, if the provision of this data is technically mandatory when you visit our website, refusal will result in your being unable to visit and use our website.

TLS encryption, PFS and HSTS

For security reasons and to protect the transmission of confidential content over the Internet, our websites use TLS encryption (Transport Layer Security) in the versions TLSv1.3 and TLSv1.2 that are currently considered secure.

In addition, we secure the connection with PFS (Perfect Forward Secrecy) and HSTS (HTTP Strict Transport Security). PFS uses a non-reconstructable random component to ensure that encrypted data cannot be subsequently decrypted even if the TLS key valid during transmission is known. Together with an automatic redirection through our web server to an encrypted connection, HSTS ensures that your browser only establishes encrypted connections to our web pages, regardless of how you access the web pages.

You can recognize an encrypted connection by the fact that the address line of your browser changes from http:// to https://, and by the (sometimes green colored) lock symbol in the address time of your browser. In this way, the data you transmit to us and the data you receive from us cannot be read by third parties on the insecure Internet and cannot be subsequently decrypted after any possible recording by third parties.

We use links on our websites that enable you to send us an e-mail. Our mail server also uses TLS encryption and PFS for the secure transport of messages between our mail server and your mail server over the Internet. The connections between our mail server and our work computers are also encrypted.

Deletion of data and storage time

We will delete your personal data as soon as the legal basis for its processing ceases to exist. In some cases, however, legal bases can exist in parallel or, if a legal basis ceases to exist, a new one can intervene, such as the obligation to store certain data in order to fulfil a legal obligation to store data.

Data processing for the provision of the web pages

We may need to process certain information in order to display the website to you. This is already done when you visit our website. In addition, we offer various functionalities on our website which require further data processing.

 

1. Log files

 

When you visit our website, your browser sends various information to our server. We need these to establish and maintain the connection. Among the data is also your IP address, which we treat as personal data. All in all, the following data is collected:

 

  • IP address

  • Date and time at the time of access

  • Requested web page

  • Access status / HTTP status code

  • Amount of data transferred

  • Referrer URL (the previously visited page)

  • Browser

  • Language and version of the browser software

  • Operating system and its interface

 

We store this data in so-called server log files. This data is not combined with any other data about you. The storage of log files including your IP address serves the legitimate interest of providing our websites and preventing their misuse. Stored log files will be deleted after 30 days at the latest, unless longer storage is necessary, for example to ward off or clarify an attack on our website.

 

2. Cookies and Web Storage Objects

 

A cookie is a small text file that is stored on your computer and whose content is transmitted to a server by your browser. It is used to store various information beyond the current Internet session, e.g. independently of closing the browser window. This information can then be read out again at a later time, e.g. on your next visit. In addition, cookies can be read by third parties and thus make your end device identifiable across different websites and, for example, control the display of advertising on other websites. You can control the use of cookies in your browser.

 

We do not use cookies on our websites.

 

Instead, we use web storage objects. Web storage is a more modern and privacy-friendly technology introduced with HTML5. Web storage objects are also text files, but they are only valid for a specific domain (e.g. our web pages). Furthermore, the information they contain remains exclusively local on your computer and cannot be read by servers – including our web server. In this way, we protect your end device from being identifiable across different websites and your data, which you enter e.g. in a web form, from being misused for other purposes.

 

We use these web storage objects in order not to lose any entries you have already made in input masks, to privide you with the comfort of reusing already made entries in other input masks by your browser – without data being transmitted to our server –, and to enable the recovery of your entries in case of a malfunction (e.g. if the Internet connection is temporarily disconnected during your entries) and the correction of already made entries (e.g. when using the “Back” button of your browser). Only when you send a form, the data entered in the input mask is transmitted to our server. You therefore retain full control.

 

The use of web storage objects complies in this respect with the recognised technical and organisational measures to prevent unintentional access to your data by third parties. You can control the use of Web Storage Objects in your browser. If you deactivate the use, it is possible that some comfort functions of our website will not be available to you. However, the basic functionality will be retained.

 

3. Contact Form

 

You can contact us at any time using the contact form on our website. The following information is requested:

 

  • First name and surname

  • Company

  • e-mail address

 

These details are marked as mandatory fields. The following data will also be transmitted to us:

 

  • IP address of the calling computer

  • Date and time of contact

 

All other information that you send us in the context of the inquiry, e.g. via the free text field (your message), is provided voluntarily.

 

We save the IP address, date and time and the e-mail address in so-called server log files. In addition, they are transmitted to us together with the name, your company name and your message in the e-mail that is sent to us via the contact form. The storage and transmission of this data, including your IP address, serves to answer your inquiry and the associated communication. The legal basis for this processing of your data depends on the content of your inquiry. Basically, our legitimate interest in the provision of the contact functionality and the correct response to your transmitted inquiry applies here. If your inquiry is directed towards the conclusion of a contract with us, the processing will be carried out within the framework of this pre-contractual obligation. The storage of log files including your IP address serves the legitimate interest of providing our web pages and preventing their misuse.

 

Your data will be deleted as soon as your request has been finally processed, log files at the latest after 30 days, unless longer storage is necessary, for example, to prevent or clarify an abuse or an attack on our web pages or our mail server. In the event of a contract being concluded, we may process the data further for the purpose of fulfilling the contract.

 

4. Infomail

 

If you take the opportunity to subscribe to our Infomail, the following data, which you entered in the registration mask as well as the data technically necessary for the registration, will be transmitted to us

 

  • First name and last name

  • Email address

 

These details are marked as mandatory fields. The following data will also be transmitted to us:

 

  • IP address of the calling computer

  • Date and time of registration

 

The Infomail of our company can only be received by you if you a) have a valid e-mail address and b) register for the Infomail dispatch. For legal reasons, we use the so-called double opt-in procedure for the Infomail registration. After your registration, an email will be sent to the specified email address, which contains a confirmation link to receive the newsletter. This confirmation email is used to check whether the owner of the email address, as the person concerned, has authorised the receipt of the Infomail. The confirmation link contains a unique ID with which the respective confirmation process and the registration data can be identified and assigned to the registration process. In order to protect your data, it is authenticated and encrypted using the cryptographic algorithm AES-256-GCM, which is currently considered secure.

 

The collection of this data is necessary in order to technically enable the registration according to the double-opt-in procedure and to be able to trace the (possible) misuse of the email address of a concerned person at a later date and therefore serves our legal protection. It also serves to be able to address you correctly.

 

In case of abuse of your email address we can block it upon request, so that no more confirmation e-mails can be sent to this address.  In this case please contact us briefly. In order to protect your data, we do not store your e-mail address in case of a block. Instead, we store a so-called cryptological hash value for this address in a database. Such a hash value is a unique value calculated according to a complex mathematical algorithm, similar to a checksum, from which the underlying e-mail address cannot be recalculated, even by us. Our server then calculates the hash value of the e-mail address entered during a registration, compares it with the stored hash value of your blocked e-mail address and does not perform any actions if they match. For this purpose we use the cryptological hash algorithm HMAC-SHA-256 which is currently considered secure for this application.

 

With our Infomail we inform interested parties at irregular intervals about events, news, announcements and offers. The data provided by you for this purpose will be processed exclusively for the purpose of sending the Infomail to you

 

The legal basis for the processing for the purpose of sending the Infomail is the existence of consent in accordance with Art. 6 para. 1 a) DSGVO or an existing business relationship in the sense of Art. 6 para. 1 1 f) DSGVO.

 

The data required for sending the Infomail is stored for as long as the subscription to the Infomail is used. You can revoke your consent to receive the Infomail at any time. The revocation can be made via the link provided in every Infomail. If you click on the link, you will be directed to a website where you can give us additional feedback if you wish. If you send this message, the following data will be transmitted to us:

 

  • IP address of the calling computer

  • Date and time of access by your browser

  • Email address

  • ID of the unsubscribe link

 

The collection of this data is necessary in order to be able to trace the (possible) misuse of the email address or unsubscribe link of a person concerned at a later date and therefore serves our legal protection.

 

All other data that you send us, in particular the text of the message, you send us voluntarily. This data will be deleted as soon as your feedback has been finally processed.

 

5. Registration for Open Events

 

If you take the opportunity to register for open events via our registration form, the following data entered by you in the registration mask will be transmitted to us:

 

  • Contact person: first name, last name, company, street and house number, postcode and city, email address and telephone number

  • In case of a different billing address: Company, email, street address, postal code and city

  • First name, last name and email address for each participant

  • Desired date and place of participation

 

These details are marked as mandatory fields. The collection of this data is necessary in order to be able to process your communication aimed at the conclusion of a contract within the framework of this pre-contractual obligation, to be able to identify you as a contractual partner and invoice recipient and to be able to guarantee proper invoicing and implementation of the respective open event.

 

In addition, the following data will be transmitted to us:

 

  • IP address of the calling computer

  • Date and time of registration

 

The collection of this data is necessary in order to be able to trace the (possible) abuse of the registration option at a later date and therefore serves our legal protection.

 

All other details such as address supplements, country, department, own notes (e.g. internal order number or cost centre), interests and expectations or further information and questions which you send us in the course of your registration are provided voluntarily.

 

During the registration process, a unique ID is also created to identify the registration data and to associate it with the registration process. In order to protect your data, it is authenticated and encrypted using the cryptographic algorithm AES-256-GCM, which is currently considered secure.

 

Your data will be stored and processed for the purpose of fulfilling the contract or implementing pre-contractual measures in accordance with Art. 6 Para. 1 b) DSGVO, to the extent necessary for exercising the rights and obligations arising from the contract or the pre-contractual legal relationship.

 

Your data will be deleted as soon as your inquiry has been finally processed. In the event of a contract being concluded, we may process the data further for the purpose of fulfilling the contract or within the scope of statutory storage obligations.

 

6. In-house Inquiries

 

If you take the opportunity to request an in-house event via our request form, the following data entered by you in the request mask will be transmitted to us:

 

  • Name / Subject of the in-house event

  • Contact person: first name, surname, company, street address, postal code and city, email address and telephone number

  • Number of participants

  • Desired date or period of the in-house event

 

These details are marked as mandatory fields. The collection of this data is necessary in order to be able to process your communication aimed at the conclusion of a contract within the framework of this pre-contractual obligation and to be able to identify you as a contact or possible contractual partner and to be able to guarantee the proper execution of the in-house event.

 

These details are marked as mandatory fields. In addition, the following data will be transmitted to us:

 

  • IP address of the calling computer

  • Date and time of registration

 

The collection of this data is necessary in order to be able to trace the (possible) misuse of the inquiry option at a later time and therefore serves our legal protection.

 

All other details such as address supplements, country, department, own notes (e.g. internal order number or cost centre), requirements, interests and expectations or further information and questions which you send us in the course of your registration are provided voluntarily.

 

Your data will be stored and processed for the purpose of carrying out pre-contractual measures in accordance with Art. 6 Para. 1 b) DSGVO, to the extent necessary for exercising the rights and obligations arising from the pre-contractual legal relationship.

 

Your data will be deleted as soon as your inquiry has been finally processed. In the event of a contract being concluded, we may process the data further for the purpose of fulfilling the contract or within the scope of statutory storage obligations.

 

7. E-Mail

 

We also use links on our website that display our e-mail addresses. If you click on one of these links, your e-mail program starts and offers you to send an e-mail to the address provided. If you send us an e-mail with your own e-mail program, the following data will be transmitted to us:

 

  • Name, as it is stored in your e-mail program

  • Email address

  • IP address

 

All other data that you submit to us in the context of e-mail communication, in particular the text of the e-mail, you voluntarily transmit to us.

 

We use your data for the answering of your enquiry and the related communication. The legal basis of this processing of your data depends on the content of your request. In principle, our legitimate interest in the provision of the contact functionality by e-mail and the correct response to your inquiry transmitted via it applies here. If your request is aimed at concluding a contract with us, the processing will take place within the framework of this pre-contractual obligation.

 

Your data will be deleted as soon as your request has been processed. In the event of a contract being concluded, we may process the data to fulfil the contract or within the framework of statutory storage obligations.

 

8. Phone calls

 

On our website we also use links that show our telephone numbers. When you click on one of these links, your browser starts the phone functions on your mobile device or computer and offers you to make a call. When you call us, your telephone number will be transferred to us. All other data that you provide to us during a telephone call is provided voluntarily.

 

We use the information you provide to us to respond to your enquiry and to communicate with you. The legal basis of this processing of your data depends on the content of your request. In principle, our legitimate interest in the provision of the availability by telephone and the communication carried out over it applies here. If your request is aimed at concluding a contract with us, the processing will take place within the framework of this pre-contractual obligation.

 

Your data will be deleted as soon as your request has been processed. In the event of a contract being concluded, we may process the data to fulfil the contract or within the framework of statutory storage obligations.

 

9. Social media links

 

Social media icons (recognizable by the logo of the respective social network) are displayed in the footer area of our website. Until final legal clarification, they are exclusively static links to the websites of the respective providers or to our company channels set up there. They have no further functionality, in particular they do not transfer any data to third parties. These icons merely represent a service by making it easier for you to access the respective websites, which you can then use at your own risk, for example for information, to make contact or to pass on information about our offer. If you click on these icons, you leave our website via the linked link and thus also the area of application of this privacy statement.

 

10. Google Maps

 

On our websites we use the map service Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) to show our location and enable you to plan your journey.

 

When you enter the page on which the Google Maps map is integrated, our website sends various information including your IP address to Google in the USA, where it is stored on its servers. If you have a Google Account and are logged in at the time you visit our site, the information will be associated directly with your account. But even without a user account, Google will create a user profile about you.

 

Our transmission of the data to Google is based on our legitimate interest in offering you the map function of Google Maps on our website.

 

You can prevent the allocation of the data we transmit to your user account by logging out of Google before you visit our website. To stop the data transfer to Google completely, you have to switch off the JavaScript application in your browser. The map display can then no longer be used.

 

More information about Google and the use of Google Maps can be found here:

 

 

11. Google AdWords

 

This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (Google). It is an Internet advertising service that allows advertisers to place ads in Google's search engine results and the Google Advertising Network.

 

Google AdWords allows an advertiser to pre-define certain keywords to display an ad in Google's search engine results when the user uses the search engine to retrieve a keyword relevant search result.

 

The purpose of our use of Google AdWords is exclusively to advertise our websites by displaying interest-relevant advertising in the search engine results of the Google search engine. We deliberately do not participate in the advertising network and also deliberately do not use conversion tracking, which is also offered in connection with Google AdWords.

 

You can find more information about Google AdWords in » Google's Privacy Policy.

 

12. Google Fonts

 

We use web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

 

When you call up a page, your browser loads the required web fonts into your browser to display texts and fonts correctly. To do this, your browser connects to Google, which tells Google that our websites have been accessed via your IP address.

 

We use Google Fonts to ensure a consistent and legible presentation of our web pages. If your browser does not support Google Fonts or Web Fonts, your device uses a default font.

 

Google is certified for this for the » EU-US Privacy Shield privacy convention, which is intended to ensure compliance with the data protection level applicable in the EU.

 

For more information about Google Fonts and Googles privacy policy, please visit the following Web sites:

 

 

The legal basis for the processing of personal data using Google Fonts is Art. 6 para. 1 f) GDPR (legitimate interest).

Utilization analysis and tracking

We do not currently use any further usage analysis or tracking.

Possibility of objection and revocation

If the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to revoke your consent at any time. Your objection or revocation only has an effect for the future. If the analysis cookies used offer their own technical options for deactivation, this is shown there in each case. You can contact datenschutz@fleuryfleury.com at any time to exercise your right of objection or revocation. If you object to processing on the basis of our legitimate interest, we may nevertheless continue processing if we can prove compelling reasons worthy of protection for the processing which outweigh your interests, your rights and freedoms.

Rights of the parties concerned

If personal data are processed, you are a data subject within the meaning of Art. 4 para. 1 GDPR. As the data subject, you have the following rights with regard to your personal data. To exercise these rights, please contact us using the contact details above.

Right to request information according to Art. 15 GDPR

You have a right to request information about your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.

Right of amendment in accordance with Art. 16 GDPR

You have the right to correct incorrect personal data without delay and to complete incorrect personal data.

Right of deletion in accordance with Art. 17 GDPR

You have the right to request the deletion of your personal data if one of the reasons mentioned in Art. 17 GDPR applies, in particular if there is no longer a legal basis for the processing.

Right to limitation of processing according to Art. 18 GDPR

You have the right to demand the restriction of the processing of your personal data if one of the reasons mentioned in Art. 18 GDPR applies, in particular at your request instead of deletion of the data.

Right to data transferability in accordance with Art. 20 GDPR

You have the right to request all personal data stored by us about you in a structured, current and machine-readable format and to transmit this data to another person in charge without obstruction by the person responsible to whom the personal data was provided.

Right of appeal to the competent supervisory authority in accordance with Art. 77 GDPR

According to Art. 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for you.

Recipients of data

The processing of your personal data in the context of our web pages, in particular by calls started from the web pages, takes place partially also via processors. These are included exclusively on the basis of an agreement to the order agreement in accordance with Art. 28 para. 3 GDPR.

Data transfer to third countries

The personal data we collect from you through the website will also be transferred to a certain extent to third countries outside the European Economic Area.

When using Google Maps or Google Fonts, your IP address may be transmitted to Google LLC.

Google LLC. is based in the USA and thus according to Art. 44 GDPR in a so-called third country. Google LLC. is certified under the
» EU-US Privacy Shield privacy convention, which legally guarantees compliance with a European level of data protection.

Update and modification

Parts of this privacy policy may be changed or updated by us without prior notice to you. Please check the privacy policy before using our site to keep up to date with any updates or changes.



Status: February 2020