Data privacy statement
Dear Visitors! We at Fohhn take a particularly responsible approach to the data of our customers and every visitor to our website. Therefore, we don’t use any third party or external code, in order to prevent our visitor’s data to be transmitted to US data crawlers like Google Analytics.
1. Subject matter of this data protection statement
We are glad that you are interested in our website and the offers that can be found here.
The protection of your personal data (hereinafter referred to in short as “the data”) is a great and important concern for us. Therefore, we would like to provide you below with detailed information regarding which data are collected when you visit our website and use the offers therein and how these data are later processed or used by us, as well as what accompanying protection measures we have adopted on a technical and organisational level.
2. Controller/service provider
According to Art. 4 of the EU GDPR the controller and at the same time, service provider as defined by the German Telemedia Act (Telemediengesetz, TMG) is Fohhn Audio AG, Großer Forst 15, 72622 Nürtingen, Tel. 07022/93323-0, Fax 07022/93324-0, e-mail: firstname.lastname@example.org. The controller is represented by Mr. Jochen Schwarz und Mr. Uli Haug, Company Director, who are, at the same time, responsible according to Article 55 of the State Broadcasting Treaty.
The service of data protection office has been assigned to Mr. Frank Strohmer. Data Protection Officer, Großer Forst 15, 72622 Nürtingen, Tel. 07022/93323-0, Telefax 07022/93324-0. If you have any questions or comments about data protection at Fohhn Audio AG (e.g. to view, update or delete your personal data), you can contact our data protection officer by e-mail at email@example.com with the subject "Data protection".
3. Collection and use of your data
All personal data which we learn about you in the course of your use of our website are collected, processed and used only for the indicated purpose. Thereby, we take into account that the above is performed only within the framework of the valid legal regulations or, if necessary, only with your consent.
According to the EU GDPR you are entitled to information about your saved data at any time free of charge and, if applicable, are entitled to correct, restrict the processing or delete these data. Please, write to firstname.lastname@example.org or send us your request by post.
The data are processed only within the EU and the European Economic Area, unless the transfer to a third country is notified subsequently or directly upon data collection, including the relevant legal basis and if necessary, a consent will be requested. The provisions on a legal basis for international data transfer and for the necessary requirements can be received from us upon request.
Automatic individual decisions to process personal data are taken according to the following criteria:
The scope and type of collection and use of your data are different if you visit our website just to find information or to use the services we offer:
a) Using information
It is generally not required to provide personal data when using our website only for informational purposes.
In this case we rather collect and use only those data which your browser transfers to us automatically, such as:
- date and time of the visit to one of our websites
- browser type
- browser settings
- operating system used
- your last visited websites (referrer)
- data volume transferred and access status (files transferred, files not found, etc.), and
- your IP address.
In the case of an informational visit, we collect and use these data only in a depersonalised form. We do this to facilitate the use of websites you visit in general, for statistical purposes and to improve out internet offer. We save the IP address only for the duration of your visit, there is no personal analysis. We do not combine these data with other data sources and moreover, the data are deleted after a statistical analysis subject to the cases described below. According to the decision of the Federal Supreme Court dated 16th May 2017 (AZ VI ZR 135/13), based on the decision of the European Court of Justice dated 19th October 2016 (AZ C 582/14) and also in view of the Telemedia Act, it is permitted after use, if its collection and use is necessary to ensure the general functionality of the service and if the requirement of anonymous use prevails after careful consideration of the user’s interests. The statistical analysis is required to monitor the patterns of access to websites by individual IP addresses which could execute denial of service attack. Only in the case of abuse or disruption defined as the abuse of the underlying signal transfer according to Section 100 of the German Telecommunications Act (Telekommunikationsgesetz, TKG) are individual IP addresses saved further. In this case the internal data protection officer, the Federal Commissioner for Data Protection, and Freedom of Information and the Federal Network Agency are informed according to Section 100 of the TKG.
The legal basis for this transfer or saving is Art. 6 (I)(b) or Art. 6 (I)(f) of the GDPR in conjunction with Section 15 of the TMG or Section 100 of the TKG, respectively.
b) Using offers
If you would like to use the services we offer on our website or otherwise after contacting us, it might be necessary that you provide more data. These are data which are required for relevant processing according to Art. 6 (I)(b) of the GDPR, otherwise we would not be able to provide the desired service. Other offers are covered by Annex 2, if applicable.
Additional data can be provided voluntarily, optional input slots are marked accordingly.
Your data are collected or used for the purpose of providing the service you require. This also includes, e.g., enquiries by our contact form.
If providing data is prescribed by law, we shall notify you about this.
If necessary, your data shall be forwarded for the above-mentioned purpose to the service providers who support us and whom we have carefully selected and obligated to comply with the EU GDPR.
Your data will only be forwarded to other third parties if it is permitted by law or if we have received your clear consent.
4. Consent under data protection law
To process your data, we need your consent for processing data according to Art. 6 (I)(a) of the GDPR. We ensure that we always process and use data only for the purpose mentioned during their collection.
You can provide your consent separately in relation to the relevant data collection. Later you can revoke the consent at any time with future effect.
The consent for receiving a newsletter refers to Art. 5, consent for cookies or web tracker refers to the below-mentioned Art. 6 of this statement.
In order to subscribe to our e-mail newsletter service, in addition to your data protection consent pursuant to Art. 6 I a of the GDPR, we require at least your e-mail address to which the newsletter is to be sent. Any further information is voluntary and will be used to address you personally, as well as to personally design the content of the newsletter and to clarify any queries regarding the e-mail address. We use the data exclusively for sending the newsletter.
We usually use the so-called double opt-in procedure for sending out newsletters, i.e. we will only send you the newsletter if you confirm your registration via a confirmation e-mail sent to you for this purpose via the link contained therein. This is to ensure that only you can subscribe to the newsletter as the owner of the e-mail address provided. Your confirmation must be sent as soon as possible after receiving the confirmation e-mail, otherwise your newsletter subscription will be automatically deleted from our database.
You can unsubscribe from our newsletter at any time. You can either send us an informal e-mail to email@example.com or use the link at the end of the newsletter to cancel your subscription. In this case, we will delete your e-mail address immediately.
We use cookie technology for our website. Cookies are small text files which our web server sends to your browser when you visit our website. They are saved by your browser on your PC for later retrieval. We also use ‘web beacons’ (invisible graphics). Information such as your visit to our website can be analysed by the web beacons.
Analytical cookies or web beacons (small graphics for log evaluation) are used for the purpose of improving the quality of our website and its contents as well as recognizing returning visitors. Through analytical cookies, we learn how the website is used and can therefore constantly optimize our offer.
We do not allow third parties to place cookies on our websites.
We do not give third parties the ability to share cookie information.
We do not give anyone permission to pass on information from cookies to other companies outside the EU.
You can determine in the settings of your browser whether cookies can be set and retrieved. You can entirely deactivate saving of cookies on your browser, limit it to specific websites or configure your browser so that it will automatically notify you as soon as a cookie is to be set and it will ask you for feedback. However, due to technical reasons it is required for the full functionality of our website to permit ‘session cookies’.
When using a login area on the homepage, the account name and the correctness of the password entry are logged and a session cookie is transmitted to the user, which is deleted upon logout or expiry of the maximum session lifetime (within a few hours).
We do not offer the possibility to register with us via an external service provider.
7. Right to object
According to Art. 21 of the EU GDPR you can object to processing of your data in the cases mentioned therein. This shall apply, in particular, in the cases of processing based on Art. 6 (I)(e) or Art. 6 (I)(f) or in the form of direct advertising or profiling.
8. Security of data
Moreover, we introduce technical and organisational security measures to protect incoming or collected personal data, in particular, against coincidental or deliberate manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved according to technological developments.
We have provided you with different online forms and services where you can send personal data to us. These forms are protected against inspection by third parties by the use of TLS encryption. The data which you input or transfer to us as files can be saved and processed by us after it is agreed. If the use and processing require a consent of the user or third party, the consent can be revoked at any time without providing reasons. However, in this case our performance of the contract may be impeded.
Depending on the service, you may be required to input different data for identification or prevention of abuse:
a) For identification in the case of supply of data, you may be required to input a user-specific identification or another suitable authentication. The data are protected by HTTPS against use by third parties according to Art. 32 (I)(a) and (b) of the GDPR, if the user deploys the method of transferring data recommended by us.
b) To prevent being used by machines, ‘CAPTCHAS’ may be used according to Art. 32 (I)(b) of the GDPR. They contain images or tasks which cannot be processed by computer scripts.
9. Deleting periods
We store personal data according to Art. 17 of the GDPR only for as long as the purpose of data saving lasts. This does not apply if the user has voluntarily approved a longer processing of data or the deletion is prevented by legal retention periods or possible enforcement of legal claims within the pending statute of limitations (in the case of contradictory retention periods and statute of limitations periods it can become necessary that the processing of data must be restricted according to Art. 18 of the EU GDPR).
10. User rights
According to applicable laws, you have various rights in regards to your personal data. If you would like to exercise these rights, please address your request by e-mail or by post to the address stated above for the controller and provide clear identification.
In the following, you will find an overview of your rights.
a) Right to confirmation and information
You have the right to receive a confirmation from us at any time regarding whether your personal data is being processed. If this is the case, you have the right to receive information at no charge about your stored personal data and a copy of any such data. In addition, you have the right to the following information:
- the purposes for the processing;
- the categories of personal data that are being processed;
- the recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, particularly for recipients in non-EU countries or in international organisations;
- if possible, the planned duration for the storage of the personal data, or if this is not possible, the criteria for the determination of this duration;
- any rights to correct or delete your personal data or to limit of the processing of such data by controllers or to refuse the processing of such data;
- any rights to file a grievance with a supervisory authority;
- if the personal data was not collected from you, all available information about the source of the data;
- the existence of any automated decisions, including profiling in terms of article 22 paragraphs 1 and 4 GDPR and—at least in such cases—significant information about the logic used in such decisions as well as the scope and intended effects of such processing for you.
If personal data is transferred to a non-EU country or an international organisation, you have the right to be informed of the respective guarantees in terms of article 46 GDPR in connection with such transfer.
b) Right to correction
You have the right to demand that we immediately correct any incorrect personal data. In consideration of the purposes of the collected data, you have the right to demand the completion of incomplete personal data—including by means of a supplemental declaration.
c) Right to deletion ("right to be forgotten")
You have the right to demand that we immediately delete your personal data, and we are required to immediately delete personal data if any of the following reasons occur:
- The personal data is no longer required to achieve the purposes for which it was collected.
- You revoke the consent that allowed the processing according to article 6 paragraph 1 GDPR a) or article 9 paragraph 2 a) GDPR and there is no other legal basis for the processing.
- You submit an objection to the processing of your data in accordance with article 21 paragraph 1 GDPR and there are no overriding legal grounds for the processing, or you submit an objection to the processing in accordance with article 21 paragraph 2 GDPR.
- The personal data was unlawfully processed.
- The deletion of personal data is required under the legal provisions stated in EU law or the law of a member country to which we are subject.
- The personal data was collected in connection to information society services according to article 8 paragraph 1 GDPR.
There is no right to deletion if the processing is necessary
- to exercise the right to freedom of expression and information
- to fulfil a legal obligation to EU law or the laws of member countries to which the controller is subject, or to fulfil a task that is in the public interest or occurs in the exercise
- due to public interest in the area of public health according to article 9 paragraph 2 h) and i) or article 9 paragraph 3 GDPR;
- for archival purposes that affect the public interest or serve scientific or historical research purposes, or for statistical reasons according to article 89 paragraph 1 GDPR, if the relevant right is likely to make it impossible to realise the goals of such processing or to seriously hinder them.
- for the assertion, exercise or defence of legal claims.
If we have made the personal data public and if we are required by article 17 GDPR to delete it, we will take appropriate measures in consideration of the available technologies and their implementation costs to inform the parties responsible for the processing of the personal data that you have requested that they delete all links to such personal data, including copies or replications.
d) Right to the limitation of processing
You have the right to demand that we limit the processing of your data if one of the following conditions occurs:
- you contest the accuracy of the personal data (and such data has been stored for a period that has allowed us to check its accuracy),
- the processing is unlawful and, instead of deleting the personal data, you have decided to demand that the usage of such data be limited;
- we no longer require the personal data to achieve the purposes for which it was collected but you require the data to assert, exercise or protect legal claims, or
- you have submitted an objection to the processing of your data according to article 21 paragraph 1 GDPR, if it has not yet been determined whether our company's legitimate purposes override your legitimate purposes.
If the processing of your personal data has been limited, such data—apart from its storage—can only be processed with your consent or for the exercise or protection of legal claims or to protect the rights of another natural or legal entity or for the purposes of an important public interest for the EU or a member country.
e) Right to data portability
You have the right to receive the personal data that we have been provided in a structured, conventional and machine-readable format, and you have the right to transfer such data to another controller through our company with no obstacles on our part, if
- the processing is being carried out based on a declaration of consent in accordance with article 6 paragraph 1 a) GDPR or article 9 paragraph 2 a) GDPR or an agreement in terms of article 6 paragraph 1 b) GDPR, and
- the processing takes place using automated procedures.
In exercising your right to data portability according to paragraph 1, you have the right to ensure that we transfer the personal data directly to another controller, if technically possible.
The right to data portability does not apply to the processing of personal data that is required for the completion of a task that is in the public interest or takes place as part of the exercise of public authority that has been required of the controller.
f) Right of refusal
You have the right to refuse at any time the processing of your personal data for purposes stated in article 6 paragraph 1 e) or f) GDPR for reasons arising from your personal situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or if the processing serves the assertion, exercise or protection of legal claims.
If we process the personal data for the purpose of direct advertisement, you have the right to enter an objection at any time against the processing of such data for the purposes of such advertisement; this also applies to profiling, if it is in connection to such direct advertising.
You have the right to refuse at any time the processing of your personal data for scientific or historical research purposes or for statistical purposes in terms of article 89 paragraph 1 GDPR for reasons arising from your personal situation, unless such processing is necessary to fulfil a task that is in the public interest.
g) Automated decisions including profiling
You have the right to refuse to be subject to a decision that is based exclusively on automated processing, including profiling, that legally affects you or has any similar significant effect.
h) Right to revocation of a declaration of consent regarding personal data
You have the right to revoke a declaration of consent regarding the processing of personal data at any time.
i) Right to submit grievances to a supervisory authority
You have the right to submit grievances to a supervisory authority, particularly in the EU member country in which you live, where your place of work is located or in the location of the supposed infringement if you believe that the processing of your personal data is unlawful.
j) Right to information
If you have exercised the right to information, deletion or limitation of processing by the controller, such party is required to communicate this information, deletion or limitation of the processing to all recipients of the personal data, unless this is proven to be impossible or disproportionately difficult.
You have the right to be informed by the controller of any such recipients.
11. Web Analytics
We want to know what interests our website visitors and what they are looking for, so that the website can always be improved and that finding the desired Fohhn information is as easy as possible for all visitors. However, since data protection is particularly important to us, we have decided against the use of Google Analytics, a frequently used tool on the Internet. In the following you will learn how we operate instead:
- We use the web analysis tool Matomo. It is an open source code software, which works only on our web server. This means that the data that are evaluated are stored exclusively on our web server. These data will not be transmitted to any other companies. Matomo is expressly GDPR-compliant. More info: http://www.matomo.org
- We only store pseudonymised data, such as the language of the browser, the IP address or the time spent on certain pages. We are interested in what time and with what devices the website is frequently used, we count the number of clicks on control elements, such as buttons or text links so that we can evaluate the popularity of these elements – but all of this data is purely quantitative and never personalized. We do not know who clicked on a link.
- For the evaluation of the data, we use log file analysis as described here: http://www.matomo.org/log-analytics/
On our website www.fohhn.com, we do not use any social media plug-ins which could possibly transmit personal data of the users. Our website only contains links to pages of Fohhn Audio AG on various social media platforms.
Date of last change: 2019-11-25