Data Protection

This data protection declaration applies to the processing of your data, namely your personal data, via the internet site "pixelnauten.com" with all secondary and sub-sites (platform). Responsible for data processing is pixelnauten GmbH (operator). The e-mail address of the operator is: info@pixelnauten.com. The complete contact details can be found in the legal notice. The platform serves to present our company on the Internet. You can access the content of this declaration at any time via the subpage of the same name on the platform and save or print it via the corresponding function of your Internet browser.

1. Preliminary remarks

The operator takes the protection of your data seriously and complies with data protection laws. These laws serve to protect natural persons when processing personal data. Personal data is any information relating to an identified or identifiable natural person. Such data will only be processed to the extent necessary to provide and improve the Platform. Processing for the purpose of provision and improvement is only carried out insofar as this is shown below or in a separate consent, ordered by authorities or courts or otherwise provided for by law. The data is processed by the operator or by processors for the operator only in the member states of the European Union (EU). In particular, the Internet servers used by the Operator for data processing are located in the Member States of the EU. A transfer to a third country or an international organisation does not take place.

2. Data processing

Your data will be processed form-dependent as well as form-independent. Form-dependent data is the data that you enter in a form on the platform. Form-independent data is the data that you leave behind when you visit the platform, even if you do not enter it in a form.

a. Form-dependent processing

The data you enter in a form on the platform is processed when you use the form, namely after submitting the form. In particular, this may involve data for contacting us via our contact form. You must fill in the mandatory fields marked as such in order to use the form. The other fields can, but do not have to be filled in. Personal data that you send via a form provided for this purpose is always transmitted in encrypted form to the operator's servers.

If you contact the operator via a form, the data you provide in the contact form will be encrypted and transmitted to the operator's servers via e-mail. This may be your enquiry, your name, your e-mail address and other contact data. No further automated processing of your personal data takes place. The data will only be used for processing your enquiry. A reply will generally be sent by e-mail, which will also be transmitted in encrypted form if your mail service provider supports this. The same applies if you contact the operator by e-mail to an address given on the platform instead of using a contact form. After final processing of the enquiry, your personal data provided in the contact form or in an e-mail to the operator will be deleted again. This does not apply as long as the data is still required for the execution of the contract, is needed for evidence purposes or is contrary to legal retention obligations; until then, however, the processing of your data will be restricted.

b. Form-independent processing

The data that the operator requires for the provision or improvement of the platform is processed in a form-independent manner. This may include, in particular, cookies, your IP address and statistical data. In the case of form-independent processing, personal data is also transmitted in encrypted form as far as this is technically possible.

(aa.) Cookies

The platform uses so-called cookies. These are small text files or simple entries in a database that your browser stores. The data in the cookies can only be read out again by the platform that stored them. Cookies are used to make internet pages more user-friendly and secure. Cookies that contain personal data are only stored or read via an encrypted connection. The platform uses so-called session cookies. Such cookies can be used, for example, to ensure that no other user can access the data you have entered in a form or stored in a possible customer account. Session cookies are deleted at the end of each visit to the platform, for example when you close your browser. The data is not processed for any other purpose and is not passed on to third parties. The cookies used by the platform do not cause any damage to your end device (e.g. computer/tablet), in particular they do not contain any viruses. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the platform. The same applies to the deletion of stored cookies.

(bb.) Access log

In order to ensure the security and functionality of the platform (e.g. defence against attacks), an access protocol (log file) is created on the servers of the operator. Data on access to the platform is stored in the log. This is the data that is transferred to the platform by your browser when a connection is established. This means your IP address, which is shortened before storage, the time of access, which address (URL) was accessed, whether the access was successful and the size of the data transmitted by the server. If your browser transmits the respective data, the previous address (referrer) and information on your operating system and browser (e.g. version) are also stored; you can prevent the transmission of this data via your browser settings if necessary. The log files are deleted at regular intervals, at the latest after 9 weeks. Prior to this, the log files may be statistically analysed. The logged data is stored separately from other data that you leave on the platform and is also not merged with these. They are not passed on to third parties and are not used for any other purposes. The statistical analysis of the log files does not allow your person to be identified.

(cc.) Embedded content

The portal partially embeds content from Google Maps (interactive maps) and Google Fonts. This content is therefore not delivered via the operator's servers, but via the servers of the responsible Google LLC based in the USA (Google). Google is certified under the Privacy Shield. When displaying and using the embedded content, your IP address is transmitted to Google. This is because without the transmission of your IP address, the embedded content cannot be accessed by your browser. In addition, your browser may transmit further data to the Google servers (e.g. your location if you use the corresponding function), over which the operator has no control. The same applies to cookies that may be set by Google to make the content more user-friendly and secure. Such cookies cannot be read by the operator. Further information on data processing by Google and your rights vis-à-vis Google can be found in Google's privacy policy:
https://policies.google.com/privacy?hl=en

3. Legal basis

The legal provisions for data protection can be found in particular in the General Data Protection Regulation (GDPR). If you have given your express consent to the processing of your data, this is also the legal basis for data processing for the purposes to which you have consented (Art. 6 (1) a GDPR). Furthermore, the legal basis for data processing is the protection of the legitimate interests of the operator (Art. 6 para. f GDPR). This is the economic interest in the operation of the platform, in particular in the self-presentation of the company on the Internet. There is no automated decision-making including profiling within the meaning of Art. 22 GDPR.

4. Your rights

If you are affected by the processing of your personal data, you are entitled to a claim against the data protection officer according to the data protection regulations. You can contact the operator at any time to assert these rights, for example by e-mail to the address given at the beginning. The same applies to other questions regarding data protection by the operator. In addition to the operator, the operator's data protection officer is also available to you: Mr. Daniel Raimer, lawyer, from the law firm Daniel Raimer in Düsseldorf; you can find the contact details of the data protection officer in his imprint.

a. Right of withdrawal

You have the right to revoke your consent to data processing at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

b. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the performance of a task carried out in the public interest or which is carried out for the purposes of safeguarding the legitimate interests of the operator. The operator will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of data for the purpose of such marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

c. Right of appeal

You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data concerning you violates the statutory provisions. The competent authority at the provider's registered office is the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, LDI), Kavalleriestr. 2-4, 40213 Düsseldorf, e-mail: poststelle@ldi.nrw.de The full contact details of the LDI can be found on the relevant Internet page at www.ldi.nrw.de. Your right to complain to another supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, remains unaffected. Furthermore, the right of appeal is without prejudice to any other administrative or judicial remedy.

d. Right of access

You have the right to request confirmation from the operator as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed of this data and of the following: (a) the purposes of the processing; (b) the categories of personal data processed; (c) the recipients or categories of recipients to whom the data have been or will be disclosed; (d) the planned duration for which the data will be stored or, if this is not possible, the criteria for determining this duration; (e) your rights under data protection legislation; (f) if the data are not collected from you, any available information about the origin of the data; (g) the existence of automated decision-making, including profiling, and meaningful information about it. You can find most of this information in this declaration. In addition, you can of course contact the operator at any time, for example by e-mail to the address given at the beginning. Upon request, the operator will provide you with a copy of the personal data that is the subject of the processing. However, this will only be done insofar as the rights and freedoms of other persons are not affected. If you make the request electronically, the information will be provided to you in a commonly used electronic format, unless you specify otherwise.

e. Recht auf rectification

You have the right to request the operator to correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

f. Right to deletion

You have the right to request the Operator to delete personal data concerning you without delay, and the Operator is obliged to delete such data without delay, if one of the following reasons applies: (a) the data is no longer necessary for the purposes for which they were collected or otherwise processed; (b) you withdraw your consent on which the processing was based and there is no other legal basis for the processing; (c) you object to the processing and there are no overriding legitimate grounds for the processing or your objection concerns direct marketing; (d) your personal data has been processed unlawfully; (e) deletion is necessary for compliance with a legal obligation to which the operator is subject; or (f) the data has been collected in an offer of information services made directly to a child on the basis of the child's consent.

However, the right to deletion does not apply insofar as the processing is necessary: (a) to exercise the right to freedom of expression and information; (b) to comply with a legal obligation; (c) to perform a task carried out in the public interest; or (d) to assert, exercise or defend legal claims. In this respect, you may request blocking if necessary.

g. Right to suspension

You have the right to request the operator to restrict (block) processing if one of the following conditions is met: (a) the accuracy of your personal data is contested by you for a period of time sufficient to enable the operator to verify the accuracy of such data; (b) the processing is unlawful and you object to the erasure of your data and request the restriction of data use instead; (c) the operator no longer needs the personal data for the purposes of processing, but you require it for the assertion, exercise or defence of legal claims; or (d) you have objected to the processing as long as it has not yet been determined whether the legitimate grounds of the operator outweigh yours; the weighing of legitimate grounds is not required in the case of an objection to processing for direct marketing purposes.

If processing has been restricted, your personal data - apart from storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest. If you have obtained a restriction of processing, you will be informed by the operator before the restriction is lifted.

h. Right to data portability

You have the right to receive your personal data that you have provided to the operator in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from the operator, provided that the processing is based on your consent or on a contract between you and the operator and the processing is carried out with the help of automated procedures. In this respect, you have the right to have your personal data transferred directly from the operator to another controller, insofar as this is technically feasible and the rights and freedoms of other persons are not affected. Your right to erasure remains unaffected. This right does not apply to processing necessary for the performance of a task carried out in the public interest.

i. Other

The operator will notify all recipients to whom your data has been disclosed of any rectification or erasure of your personal data or restriction of processing, unless this proves impossible or involves a disproportionate effort. The operator will inform you of these recipients if you so request.

If the operator has made the personal data public and is obliged to erase it, it will take reasonable steps, taking into account the available technology and the cost of implementation, to inform third parties that process your personal data that you have requested the erasure of all links to or copies of the data.

5. Concluding remarks

The Operator shall implement appropriate technical and organisational measures, taking into account the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risks to your rights and freedoms, in order to be able to ensure that the data processing is carried out in accordance with the law. The measures are taken in consideration of the state of the art and include, in particular, encryption of your data. In addition, your data is organisationally separated from other data. The facilities and systems on which the data are processed are protected against unauthorised access, both physically and digitally. In particular, the operator's servers are password protected. By regularly testing and updating the software used, the operator prevents security gaps that could allow misuse of your data. In this context, only those persons (employees) subordinate to the operator who require this for the fulfilment of their tasks are granted access to personal data, and only to the extent necessary in each case. The operator's employees are instructed in advance in data processing and are bound to secrecy. Regular backups protect the data from loss and can be restored at any time. The pre-setting of the systems ensures that, as a matter of principle, only personal data whose processing is necessary for the respective processing purpose is processed. This implements data protection principles such as data minimisation. Furthermore, the operator ensures the confidentiality, integrity, availability, and resilience of the systems through the technical and organisational measures. Compliance with data protection regulations is checked regularly and the measures are updated if necessary.