Data privacy statement

Data privacy policy

We, Marta Herford gGmbH, the operator of this website, are the controller responsible for the processing of personal data of users of this website. Our contact details are contained in the legal disclosure on this website, and the individuals to be contacted about the processing of personal data are specified in this Privacy Policy.

We take the protection of your privacy and your private data very seriously. We’ll collect, store, and use your personal data solely in accordance with the content of this Privacy Policy and the applicable data protection regulations, especially the European General Data Protection Regulation (GDPR) and national data protection legislation.

In this Privacy Policy, we’d like to explain what personal data is processed in connection with the use of the website and why.

 

Personal data

Personal data means information about an identified or identifiable natural person. This includes all information about their identity, such as their name, email address, and postal address. Information that can’t be associated with your identity (such as statistical data, for instance on the degree of usage of the website) is not considered personal data.

You can use our website without disclosing your identity or providing any personal data. In this case, we’ll only collect general information about your visit to our website. For some of the services offered, however, you’ll be asked to provide personal data. But we’ll only process this data for purposes related to the usage of this website, especially to provide information that you’ve requested. When entering your personal data, you only need to provide data that is absolutely necessary, although you may be invited to voluntarily provide additional information. In each case, we’ll tell you whether the details requested are mandatory or voluntary. More detailed information is contained in the corresponding section of this Privacy Policy.

No automated decision-making based on your personal data will be carried out in connection with the use of our website.

 

Processing of personal data

Your data will be stored by us on specially protected servers in the European Union. Technical and organizational measures are employed to prevent the loss, destruction, modification, or distribution of your data as well as access to it by unauthorized people. Access to your data is limited to a small number of authorized people responsible for the technical, commercial, or editorial support of the servers. However, despite regular checks, please note that absolute protection against all risks is not possible.

Your personal data will be transmitted over the internet in encrypted form using TLS (Transport Layer Security) encryption.

 

Disclosure of personal data to third parties

We’ll only use your personal information to provide services that you’ve requested. Whenever we use service providers to deliver such services, their access to your data will also be limited to the purpose of providing the service concerned. We take technical and organizational measures to ensure compliance with data protection regulations, and oblige our external service providers to do the same.

Beyond this, we won’t forward your data to any third parties without your express consent, especially not for advertising purposes. Your personal data will only be passed on if you yourself have consented to this, or if we are entitled or obliged to do so on the basis of statutory regulations and/or official or court orders. In particular, such cases may involve the disclosure of information for the purposes of criminal prosecution, to avert danger, or to enforce intellectual property rights.

Whenever we transfer your personal data ourselves – or have it transferred by service providers – to countries outside the European Union, we will comply with the special provisions of Article 44 et seq. GDPR and oblige our external service providers to do the same. We’ll therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection must be ensured in particular by an adequacy decision by the European Commission or by appropriate safeguards pursuant to Article 46 GDPR.

 

Legal bases of data processing

If we obtain consent for the processing of your personal data, the legal basis for this is point (a) of Article 6(1) GDPR.
If we process your personal data because this is necessary for the performance of a contract or in the context of a legal relationship with you similar to a contract, the legal basis for this is point (b) of Article 6(1) GDPR.

If we process your personal data for the fulfillment of a legal obligation, the legal basis for this is point (c) of Article 6(1) GDPR.

Furthermore, point (f) of Article 6(1) GDPR can be considered the legal basis for data processing if the processing of your personal data is necessary to protect a legitimate interest of our organization or a third party, and your interests, fundamental rights and freedoms in this respect do not require the protection of personal data.

In connection with this Privacy Policy, we’ll always state the legal basis on which the processing of your personal data is based.

 

Data deletion and storage duration

We’ll normally delete or block your personal data when the purpose for which it was stored no longer applies. However, data may be stored for longer if required under legal obligations to which we are subject, for example statutory retention and documentation obligations. In this case, we’ll delete or block your personal data once the corresponding requirements no longer apply.

 

Use of our website

Information about your computer

Regardless of whether you’re a registered user of this website or not, each time you access our site, we’ll collect the following data about your computer: its IP address, the request from your browser, and the time of this request. We’ll also log the status and the amount of data transferred as part of this request, along with product and version information about your browser and your computer’s operating system. In addition, we’ll log the website from which you accessed our site. Your computer’s IP address will only be stored for the period in which you use our website and will then be deleted or anonymized by means of truncation. The other data will be stored for a limited period.

We’ll use this data to serve the operation of our website, in particular to detect and eliminate errors, to measure the take-up of the website, and to make adjustments and improvements. These purposes also constitute our legitimate interest in data processing pursuant to point (f) of Article 6(1) GDPR.

 

Cookies

Like many other websites, we use cookies on our site. Cookies are small text files that are transferred to your hard drive and which store certain settings as well as data to be exchanged with our website via your browser. A cookie usually contains the name of the domain from which the cookie file was sent as well as information about the age of the cookie and an alphanumeric identifier.

Cookies allow us to recognize your computer and make any preferences immediately available. Whenever possible, the cookies we use are “session cookies,” which are automatically deleted after the end of the browser session. Occasionally, cookies with a longer storage period may also be used so that your preferences and settings can be restored the next time you visit our website.

Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent. It is also possible to manually delete previously saved cookies via the browser settings. Please note that completely disabling cookies or deleting essential cookies may prevent you from using certain features of our website.

Although cookies aren’t essential to visit our website, we’ll ask you to consent to the use of cookies when you first access our website. Regarding non-essential cookies from third-party providers, a detailed description of the services of these third-party providers used by us is contained below. In each case, the legal basis for the data processing involved (including any data transfer) is your consent as allowed for in point (a) of Article 6(1) GDPR. Once given, consent can be revoked at any time with future effect, in particular by changing the settings.

The legal basis for the use of essential cookies is our legitimate interest in the proper operation of our website as provided for in point (f) of Article 6(1) GDPR as well as – insofar as contracts are concluded or performed via our website – the performance of a contract as provided for in point (b) of Article 6(1) GDPR.

 

Integration of third-party services

For some features of our website, we use services from third-party providers. These services are mainly optional features explicitly selected and used by you. We’ve concluded contractual agreements with the respective providers for the provision or integration of their services, and do everything in our power to ensure that these third-party providers also provide transparent information about the scope of their processing of personal data and that they comply with data protection regulations.

 

Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Tag Manager is a tag management system that allows us to manage measurement codes and related code fragments collectively known as tags on our website.

When using Google Tag Manager, a connection is established with Google’s servers. As a result, the IP address of the browser on the device used by the visitor of this website will be stored by Google. It may happen that data is transmitted to Google in the USA and that, under certain circumstances, US security agencies will be able to access this data. However, cookies are not set when Google Tag Manager is used. To find out more about Google Tag Manager and data processing by Google, go to:

https://support.google.com/tagmanager/answer/6102821
https://www.google.com/policies/privacy/

Our legal basis for the use of Google Tag Manager is our legitimate interest under point (f) of Article 6(1) GDPR. Our legitimate interest is the management of tracking codes on our website, which enable us to analyze the use of our website as well as to improve and personalize our services.

 

Google Analytics

We use Google Analytics for statistical analysis. Google Analytics is a web analytics service provided by Google.
Google also uses cookies for analysis purposes in connection with Google Analytics. The type and scope of use and analysis are specified by Google. The information generated by the cookies about your use of the website will be transmitted to a Google server and stored there. It is possible that data will be transmitted to the USA, and that US government agencies may therefore be able to obtain access to this data. However, if IP anonymization is activated on this website, Google will truncate your IP address prior to transmission. Only under exceptional circumstances will the complete IP address be transmitted to a Google server and truncated there.

Google will use this information on our behalf to analyze your use of our website, to compile reports about activities on our website, and to provide other services relating to the use of our website and the internet for us as the website’s operator. In addition, Google may use the data for its own purposes. In connection with these purposes, Google may, for example, create a profile of the user’s browsing behavior or link the data to other data such as an existing Google account. We’ve no control over these data processing operations. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other data from Google. For more information, please see Google’s privacy policy, which is linked below.

We also use the Demographics feature of Google Analytics. It allows us to create reports containing information about the age, gender, and interests of visitors to our website. This data is derived from interest-based advertising by Google and from visitor data supplied by third-party providers. You can deactivate this function at any time by means of the ad settings in your Google account or completely prevent the collection of your data by Google Analytics as described in the following paragraph. For further information on the Demographics feature of Google Analytics, go to https://support.google.com/analytics/answer/2799357.

You can prevent Google from collecting cookie-generated data regarding your use of the website (including your IP address) and processing this data by downloading and installing the Google Analytics opt-out browser add-on available at http://tools.google.com/dlpage/gaoptout. For general information about Google Analytics and data protection, go to http://tools.google.com/dlpage/gaoptout and http://www.google.com/intl/de/analytics/privacyoverview.html. Please note that on our website, Google Analytics has been extended by the code “anonymizeIp()” to ensure that IP addresses are logged anonymously by deleting the last octet. The legal basis for the use of Google Analytics is your consent pursuant to point (a) of Article 6(1) GDPR.

 

Retargeting and remarketing

Retargeting and remarketing refer to technology that displays relevant advertising to users who have visited a certain website, even after they have left it. This requires recognizing internet users outside our website by means of cookies from the service providers concerned. Previous browsing behavior is also taken into account. For example, if a user views certain products, these or similar items may be subsequently displayed on other websites as advertising. This is personalized advertising tailored to the needs of individual users, and involves recognizing but not identifying users. Therefore, we won’t merge data used for retargeting and remarketing with other data.

This technology is used to enable such advertising to be displayed by third-party providers. We use services provided by Google and other organizations that enable ads to be automatically displayed for products of interest to the user. This function is carried out by using cookies. It may happen that data will be transmitted to Google in the USA and that US security agencies will be able to access this data. However, cookies are not set when Google Tag Manager is used. Related cookies will only be set with your consent. Our legitimate interest is therefore point (a) of Article 6(1) GDPR.

To find out more about this technology, go to Google’s privacy policy at https://policies.google.com/privacy . To set your browser to prevent the installation of cookies for Google Remarketing and Google AdWords Conversion Tracking, go to http://www.google.com/policies/privacy/ads/ and change the corresponding settings.

 

YouTube

YouTube videos are embedded on our website. To play them, we use a plugin from YouTube (hereinafter referred to as “YouTube”), a service operated by Google.

To protect your privacy as much as possible, we use YouTube in privacy-enhanced mode. If you access a page of our website on which a YouTube video is embedded, Google will initially receive only the information necessary for its integration, and no cookies will be set for usage analysis. Only when you play the embedded video will Google receive further information. Google may also set cookies to analyze your browsing behavior. When you play the video, Google’s YouTube servers will be told, for example, which page of our website you’re using to watch the video.

If you’re logged into your Google account, Google and YouTube will be able to assign your browsing behavior directly to your personal Google profile. We therefore recommend that you only play embedded YouTube videos if you consent to the related data processing by Google. You can prevent the assignment of data to your Google profile by logging out of your YouTube account. For more information on the treatment of user data, please see Google’s privacy policy at https://policies.google.com/privacy, which also applies to YouTube.

We use YouTube so that we can show you videos and tell you more about us and our services. The legal basis for the integration of YouTube videos is our legitimate interest as provided for in point (f) of Article 6(1) GDPR; however, the playing of videos and the related further data processing will only take place with your consent in accordance with point (a) of Article 6(1) GDPR.

 

Communication with us

You can contact us in various ways. We’d also be delighted to keep you abreast of what’s going on at Marta in our email newsletter.

 

Newsletter

If you sign up for our newsletter, your email address will be used for our own advertising purposes until you unsubscribe. You’ll receive regular information by email on current topics of your choice as well as emails for special occasions, such as special promotions.

Unless you’ve already given us your consent in writing, we’ll use the double opt-in procedure to ensure that third parties do not register using your email address. Once you’ve expressly declared that you want us to activate the newsletter service, we’ll send you an email requesting you to click on a link it contains to confirm that you wish to receive our newsletter. Only then will we start sending you our newsletter by email.

The legal basis for the processing of your data is your consent pursuant to point (a) of Article 6(1) GDPR, assuming you’ve expressly registered for the newsletter. In accordance with legal requirements, it may also be possible that you receive our newsletter without giving your explicit consent because you’ve ordered goods or services from us and you’ve not objected to receiving information by email sent to the email address used in your order. In this case, our legal basis is our legitimate interest in sending direct advertising provided for in point (f) of Article 6(1) GDPR.

In connection with our newsletters, we carry out analysis using the services of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede (“CleverReach”). This enables us to record the extent to which the newsletter is viewed, and also to log information about your computer (as happens when you visit our website). Insofar as personal data is collected in this context, this is done in order to optimize our newsletter and its reach; this purpose also constitutes our legitimate interest in data processing pursuant to point (f) of Article 6(1) GDPR. This analysis takes place on a purely statistical level, i.e., without reference to the individual recipient.

If you no longer wish to receive newsletters from us, you can revoke your consent at any time and unsubscribe without incurring any costs other than the transmission costs according to your basic charges. Simply use the unsubscribe link contained in each newsletter or send a message to us.

 

Press mailing list

If you’re a journalist and would like to be included in our press mailing list, we’ll collect your personal data that you enter in the corresponding contact form, in particular your name and email address. We’ll also log the IP address and the date and time of your request. We’ll process the data transmitted via the contact form solely in order to include you in our press mailing list. You have the option of sending us the data requested in order to be included in our press mailing list either by using the contact form or by writing to us separately. The legal basis for the processing of your data is your consent as provided for in point (a) of Article 6(1) GDPR.

 

TripAdvisor

If you’re satisfied with our services, we’d be delighted to be reviewed on TripAdvisor. You can of course also express fair criticism on TripAdvisor, although it usually makes more sense to contact us directly in order to deal with your concerns. We’ve provided links to TripAdvisor on our website that will take you straight to the corresponding page and display our current reviews. To view our current reviews, the content will have to be reloaded directly from the platform concerned. The content and external websites of such platforms are subject to their own data protection policies; TripAdvisor’s privacy policy can be viewed here: https://tripadvisor.mediaroom.com/de-privacy-policy.

We believe that displaying current reviews serves transparency and is in our legitimate interest as provided for in point (f) of Article 6(1) GDPR. If you’d like to submit a review on the websites of review platforms or read previous reviews, please note that accessing these linked websites also constitutes the legal basis for related data processing by their respective providers.

 

Social Media

In addition to our website, we also use various social media channels for the transmission of information and communication, links to which are contained on our website. Specifically, we use the social networks Facebook, Instagram, Google+ and Pinterest as well as the career-oriented social networking site XING and the microblogging service Twitter. The links are identified by the providers’ logos.

Clicking on the links will open the corresponding social media pages, which are subject to the respective provider’s provisions and privacy policies, a list of which is contained below:

Facebook: http://www.facebook.com/policy.php
Instagram https://help.instagram.com/519522125107875
Google+: https://www.google.com/policies/privacy/
Pinterest: https://policy.pinterest.com/de/privacy-policy
XING: https://www.xing.com/privacy
Twitter: https://twitter.com/en/privacy

Before access the corresponding links, no personal information will be transmitted to the respective providers. Viewing a linked page constitutes the basis for data processing by the respective provider.

In addition, please note the following information on the processing of your personal data in connection with our use of the social media channels Facebook and Instagram.

 

Facebook Fan Page

In addition to our own website, we also operate a Fan Page on the social network Facebook. We use our Instagram account to provide information about our activities and offer a channel for communication. Facebook is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Facebook”).

Delineation of responsibility:
Within the options provided by Facebook, we endeavor to ensure the protection of your privacy and your private data. If your personal data is processed by us in connection with your visit to the Facebook Fan Page, the notes in this Privacy Policy will apply without restriction. Due to the integration of the Fan Page into Facebook, please note that personal data is also processed by Facebook. We’ve no control over data processing by Facebook; in particular, Facebook does not act as a contract processor retained by us. According to Facebook, data processing by Facebook is subject to Facebook’s data policy, which can be viewed at https://de-de.facebook.com/policy.php.

Regarding data protection, it can be assumed that we are jointly responsible with Facebook for the operation of the Fan Page and the analysis of the data of users visiting the Fan Page. In accordance with the requirements of data protection law, we’ve reached an internal agreement with Facebook on the delineation of responsibility.

Facebook Insights:
Facebook lets operators of Fan Pages obtain an overview of how people use the Fan Page via the Page Insights functions. Page Insights enables mainly statistical data to be accessed and analyzed. We use data from Page Insights to make the Fan Page as attractive and efficient as possible. To this end, Facebook provides us with data that it’s generated at its own initiative. Further information on the functionality and responsibility for the Page Insights feature is provided by Facebook on https://www.facebook.com/legal/terms/page_controller_addendum.

Messenger:
Facebook lets registered users directly communicate using Facebook Messenger. If you contact us via Messenger, the data transmitted will be stored and used by us solely for the purpose of responding to your inquiry. The legal basis for the processing of your data is your consent as provided for in point (a) of Article 6(1) GDPR and our legitimate interest under point (f) of Article 6(1) GDPR. Our legitimate interest lies in the logging and processing of customer inquiries, the evaluation of customer inquiries, and preventing misuse.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Regarding your personal data, this is the case when the conversation concerned has ended. For us, the conversation has ended when it is apparent that the matter has been conclusively dealt with. You may revoke your consent to the processing of your personal data at any time, in which case the data will be deleted by us without delay if there are no grounds for further storage.

Further information about Facebook:
If you’ve any questions about how we use personal data in connection with the use of our Fan Page on Facebook, you’re welcome to contact us and our data protection officer at any time. The contact details and communication channels are contained in our Privacy Policy. If you’ve any questions regarding data protection on Facebook, please contact Facebook directly. General information and advice on how to use social networks safely is also provided by the BSI German Federal Office for Information Security on its website at https://www.bsi.bund.de/EN/Home/home_node.html.

 

Instagram

In addition to our own website, we also operate an account on the social network Instagram. We use our Instagram account to provide information about our activities and offer a channel for communication. Instagram is operated by Facebook.

Responsibility under data protection law:
Within the options provided by Instagram, we endeavor to ensure the protection of your privacy and your private data. If your personal data is processed by us in connection with your visit to our Instagram account, the notes in this Privacy Policy will apply without restriction. Due to the integration of our Instagram account into Facebook, please note that personal data is also processed by Facebook. We’ve no control over data processing by Facebook; in particular, Facebook does not act as a contract processor retained by us. According to Facebook, data processing by Facebook is subject to its data policy, which can be viewed at https://de-de.facebook.com/help/instagram/519522125107875.

Regarding data protection, two separate responsibilities of Facebook and us for the operation of the account on Instagram and the related communication and analysis options are to be assumed. If we process your personal data in connection with your visit to our Instagram account, and we alone decide on the purposes and means of this data processing, we are responsible for this data processing. This is usually the case if you communicate with us directly using the Instagram Direct Messaging feature and transmit your data to us when doing so. If your personal data is processed by Facebook, and Facebook alone decides on the purposes and means of data processing, Facebook is solely responsible for this data processing. This applies in particular to the analysis of browsing behavior by Facebook for its own purposes.

Instagram Insights:
Facebook enables operators of Instagram accounts to obtain an overview of how people use their accounts by means of the Instagram Insights feature. Instagram Insights allows above all statistical data to be accessed and analyzed. We use the data from Instagram Insights to make our Instagram account as attractive and efficient as possible. To this end, Facebook provides us with data that it has generated at its own initiative. The data we receive from Facebook is mostly anonymized data and statistics. If we receive personal data in this connection, we are responsible for our further processing of this data to analyze the use of our Instagram account. More information about Instagram Insights is available from Facebook at https://www.facebook.com/help/instagram/788388387972460.

Instagram Direct Messaging:
Instagram lets users directly communicate with us using the feature Instagram Direct Messaging. If you contact us via Instagram Direct Messaging, the data transmitted will be stored and used by us solely for the purpose of responding to your inquiry. The legal basis for the processing of your data is your consent as provided for in point (a) of Article 6(1) GDPR and our legitimate interest under point (f) of Article 6(1) GDPR. Our legitimate interest lies in the logging and processing of customer inquiries, the evaluation of customer inquiries, and preventing misuse.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Regarding your personal data, this is the case when the conversation concerned has ended. For us, the conversation has ended when it is apparent that the matter has been conclusively dealt with. You may revoke your consent to the processing of your personal data at any time, in which case the data will be deleted by us without delay if there are no grounds for further storage.

Further information about Instagram:
If you’ve any questions about how we use personal data in connection with our Instagram account, you’re welcome to contact us and our data protection officer at any time. The contact details and communication channels are contained in our Privacy Policy. If you’ve any questions regarding data protection on the social network Instagram operated by Facebook, please contact Facebook directly. General information and advice on how to use social networks safely is also provided by the BSI German Federal Office for Information Security on its website at https://www.bsi.bund.de/EN/Home/home_node.html.

 

Your rights; contact details

We attach great importance to explaining the processing of your personal data as transparently as possible, and also to informing you of your rights in this regard. If you’d like more detailed information or wish to exercise the rights to which you’re entitled, you can contact us at any time so that we can deal with your concern.

 

Your rights

You’ve extensive rights in connection with the processing of your personal data. First of all, you’ve extensive rights to obtain information about data stored by us and concerning you. You can insist that any inaccurate information about you be corrected, deleted, or blocked. You can also insist that the processing of data concerning you be restricted, and you may object to the processing of such data. Moreover, you have the right to data portability with regard to the personal data you’ve provided to us.

If you’d like to exercise any of your rights or receive more information, please contact our customer service team. Alternatively, you can also contact our data protection officer.

 

Withdrawal of your consent; objection

Whenever you’ve given your consent, you can freely revoke it at any time with future effect. The revocation of consent does not affect the lawfulness of processing carried out on the basis of your consent until revocation. To revoke your consent, please get in touch with our customer service team or our data protection officer.

If the processing of your personal data is based not on your consent but on other legal grounds, you’ve the right to object to this data processing. Your objection will lead to a review and, if need be, the cessation of data processing. You’ll be informed of the findings of the review. If data processing nevertheless has to be continued, we’ll send you details explaining why.

 

Data protection officer

We’ve appointed an external data protection officer to assist us with data protection matters, whom you can also contact directly. If you’ve any questions regarding our handling of personal data or require further information on data protection issues, our data protection officer and his team will be delighted to help:

RA Dr. Sebastian Meyer, LL.M.
c/o BRANDI Rechtsanwälte

Adenauerplatz 1, 33602 Bielefeld
Telefon: 0521 / 96535-812
E-Mail: datenschutz @ brandi.net

If you’d like to contact our data protection officer personally by email, he can also be reached on sebastian.meyer@brandi.net.

 

Complaints

If you feel that our processing of your personal data does not comply with this Privacy Policy or the applicable data protection regulations, you’ve the right to complain to a supervisory authority. You can also complain to our data protection officer, who will then examine the matter and inform you of the result.

 

Further information and amendments

Links to other websites

Our website may contain hyperlinks to other websites. These links are usually marked as such. We’ve no control over whether the applicable data protection provisions and regulations are observed on linked websites. We therefore recommend that you also find out about the privacy policies of the other websites concerned.

 

Amendments to this Privacy Policy

The effective date of this Privacy Policy is shown below. We reserve the right to amend this Privacy Policy at any time with future effect. Amendments are carried out in particular when technical modifications are made to the website or if the statutory data protection regulations change. The current version of the Privacy Policy can always be accessed directly from our website. We recommend that you regularly find out about the amendments made to this Privacy Policy.

 

Effective date of this Privacy Policy: April 2021