Data protection
Data protection
Thank you for visiting our website and for your interest in our services. We want you to feel comfortable on our website and not have to worry about the confidentiality of your data. We are very committed to data protection and consider transparency in the handling of your data to be very important. We would therefore like to inform you about what data we collect, for what purpose we do this and how you can exercise control over your data at all times.
Controller
The controller within the meaning of the law is responsible for the processing of the data:
puris Bad GmbH & Co. KG
Hinterm Gallberg 6 a
59929 Brilon
mail@puris.de
Categories of data, purpose and legal basis of processing
You can of course visit our website without providing any personal data. You can access the data protection information via the link at the bottom of each page.
We only use your personal data when you visit our website to operate and optimise our website. For this purpose, the IP address, various technical data of the end device (e.g. operating system, browser used, etc.) and data on the use of our website are recorded. We do not store this data beyond the statutory retention periods or the fulfilment of the purpose. The processing of this data is necessary to ensure the operation of the website. If you do not agree to this processing, we will not be able to provide you with our online services. We analyse this information statistically in order to make the use of our website even more pleasant for all visitors. It is not linked to any personal data already stored by us. The data collected in the course of using the website will be deleted after 14 months at the latest. The storage of data may be extended in individual cases for the enforcement of legal claims, for defence against any legal claims or due to legal obligations.
The processing of personal data for the purpose of operating the website as well as network and information security is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. There is no legal or contractual obligation on your part to provide data when using our website. However, it is not possible to operate the website or respond to your enquiries without processing your data.
For more information about the data collected in the various services, please refer to the relevant sections in this privacy policy.
Recipient of the data
Your data will not be disclosed to third parties unless there is a legal obligation to transfer the data. This processing is carried out on the basis of Article 6 (1) c) GDPR and in connection with the respective order or legal obligation to which we are subject in individual cases. According to Article 6 (1) c) GDPR, it is permitted to process personal data if the processing is necessary to fulfil a legal obligation to which the controller is subject. Categories of recipients of the data are public authorities in the event of a legal obligation and processors who process the data collected online on our behalf and, if applicable, joint controllers with us. The processor involved is Mittwald Kirchner Media.
Contact form
You provide us with personal data when filling in the contact or calendar order form and when contacting us by e-mail or telephone. We may collect the following types of data: Name, email address, address, telephone number and information to create a personalised quote, or to respond to your enquiry and send you the catalogue you have chosen. We only use this data to respond to your specific enquiry or request and to provide you with information. To protect your data, we use a recognised encryption method when transmitting it to us. We will retain your personal data for the period necessary to fulfil the purposes described in this notice. Statutory retention periods remain unaffected.
The legal basis for processing general enquiries is your consent in accordance with Art. 6 para. 1 sentence 1 lit a GDPR.
In the case of enquiries about contracts or in the context of contract initiation, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
The legal basis for enquiries about data protection is Art. 6 para. 1 sentence 1 lit. c GDPR.
By submitting the form, you consent to the processing of the data.
Photographs and video as part of events (e.g. trade fair)
Recordings of participants and the event venue are made and processed for the purpose of capturing the atmosphere and overall impression of the event. These recordings may be used for internal and external marketing purposes as well as for presentations. Selected images/videos of this public event will be marketed on the puris Bad GmbH & Co KG website and on social media such as Instagram.
The legal basis is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
Matomo
This website uses the open source software "Matomo", matomo.org (formerly Piwik). So-called "cookies" are used for this purpose. These are text files that are stored on the user's computer. The software runs exclusively on Mittwald's servers. The user's personal data is only stored there. The software is set up so that IP addresses are not stored in full. The data is not passed on to third parties.It is no longer possible to assign the truncated IP address to the accessing computer.
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Matomo is only used if you have given us your consent to do so. The legal basis for the processing of users' personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. The data will be stored by us in accordance with the statutory retention periods.
Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The transfer of data to the USA takes place on the basis of the Data Privacy Framework.
Google Maps is only used if you consent to the use of Google Maps. The legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 TDDDG.
You can find more information on the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
If you consent to the use of Google Maps, Google will also load so-called web fonts (Google Fonts). For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.
We have no influence on this data collection.
YouTube videos
We have integrated YouTube videos (the operator of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) via a so-called iframe. This iframe is only loaded if you consent to this by making the appropriate selection in the cookie banner. As soon as you do this, a connection to the YouTube server in the USA is established.
This connection is necessary in order to be able to display the respective video on our website via your internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time and the website you have visited. In addition, a connection to Google's "DoubleClick" advertising network is established.
If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
For the purpose of functionality and analysis of user behaviour, YouTube permanently stores cookies on your end device via your Internet browser.
In addition, Google loads so-called web fonts into your browser cache after your consent in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.
The legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Instagram account
We have a profile on Instagram. The provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA.
We have concluded an agreement with Meta on joint responsibility for the processing of data (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook fan page. Meta Platforms has primary responsibility under the GDPR for the processing of Insights data. You can view this agreement at the following link https://www.facebook.com/legal/terms/page_controller_addendum
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads
Details can be found in Meta's privacy policy: https://www.facebook.com/about/privacy/
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in tailoring our posts to the target group. We receive aggregated data from Meta that cannot be traced back to individuals.
Your rights in relation to the processing of your personal data
You have various rights with regard to the processing of personal data, which we would like to inform you about below. Details of your rights can also be found in Articles 15 to 21 GDPR and Sections 32 to 37 of the German Federal Data Protection Act ("BDSG").
You have the right to receive information about your personal data. You can also request the correction of incorrect data.
In addition, under certain conditions, you have the right to erasure of data, the right to restriction of data processing and the right to data portability. You can object to processing on the basis of Art. 6 (1) (f) GDPR, as well as to any profiling in accordance with Art. 21 GDPR. You can revoke any consent you have given in the context of using the website informally and without giving reasons at any time with effect for the future.
You can assert all of the above rights in accordance with Art. 15 to 21 GDPR informally by e-mail or post to the controller.
You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data is unlawful. A list of data protection officers and their contact details can be found at
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
If you have any questions about data protection, you are welcome to contact our external data protection officer:
David Gabel - Email: david.gabel@your-insider.com
General information on data protection and the processing of personal data in data protection processes can be found at https://www.dsgvo-support.de
Data protection information for Facebook
Welcome to our Facebook page.
We are very committed to data protection and consider transparency in the handling of your data to be very important. We would therefore like to inform you accordingly.
There is an agreement between Facebook and us as joint controllers in accordance with Art. 26 GDPR. You can access this agreement at the following link [https://www.facebook.com/legal/terms/page_controller_addendum]. This agreement stipulates that Facebook assumes full responsibility for data protection obligations in connection with Page Insights.
1. name and address of the person responsible:
Jointly responsible for the operation of this Facebook page are:
a)
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2 Ireland
You can contact Facebook's data protection officer using the following form: www.facebook.com/help/contact/540977946302970.
and
b)
puris Bad GmbH & Co. KG
Hinterm Gallberg 6 a
59929 Brilon
mail@puris.de
You can reach our external data protection officer at
E-mail: david.gabel@your-insider.com
2. categories of data, purpose and legal basis of processing
With regard to data processing by Facebook, we refer to their privacy policy https://www.facebook.com/privacy/center/
In the following, we explain the data processing procedures we carry out.
a. Statistical data
We can access statistical data of different categories via the so-called "Insights" of the Facebook page. (https://www.facebook.com/business/a/page/page-insights)
These statistics are generated and provided by Facebook. As the operator of the site, we have no influence on the generation and presentation of these statistics. We cannot switch off this function or prevent the generation and processing of data. Facebook provides us with the following data relating to our Facebook page for a selectable period of time and for the categories fans, subscribers, people reached and people interacting:
Total number of page views, "Like" information, page activity,
Post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin in relation to country and city, language, views and clicks in the shop, clicks on route planners, clicks on telephone numbers. Data on the Facebook groups linked to our Facebook page is also provided in this way. Due to the constant development of Facebook, the availability and processing of the data changes, so we refer you to the above-mentioned Facebook privacy policy for further details.
The processing of personal data is based on Art. 6 para. 1 f) GDPR. Our legitimate interest is to make our posts and activities on our Facebook page more attractive to users. For example, we use the distribution by age and gender for a customised approach and the preferred visiting times of the users for a time-optimised planning of our posts. Information about the type of end devices used by visitors helps us to adapt the design of our posts accordingly.
b. Interactions with our account
It is also possible for you to interact with our account. You can do this, for example, by marking a post with "Like", sharing or commenting on it or by writing to us directly.
When you interact with us, data processing by us is usually inevitable, as this allows us to view your account and thus gain access to your personal data, such as your user name, your profile picture or the date or time of the interaction. In accordance with the Facebook terms of use, which every user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information shared by you.
The data collected here is information that is only made available to us through your interaction with our profile. The processing of personal data is therefore based on Art. 6 para. 1 b) GDPR.
3. recipient of the data
We would like to point out that your data may be passed on to third parties by Facebook. However, we have no influence on this. You can find more detailed information on this in Facebook's privacy policy: https://www.facebook.com/privacy/center/
We will not disclose your data unless there is a legal obligation to transfer the data. Such a transfer takes place on the basis of Article 6 (1) c) GDPR and in connection with the respective order or legal obligation to which we are subject in individual cases. Categories of recipients of the data are public authorities in the event of a legal obligation and processors who process the data collected online on our behalf, such as web hosts and designers, providers of analytics services, etc.
4. storage period and deletion
Information on data storage by Facebook can be found in their privacy policy: https://www.facebook.com/privacy/center/.
We store all personal data that you transmit to us only for as long as it is required to fulfil the purposes for which this data was transmitted or as long as this is required by law. Once the purpose has been fulfilled and/or the statutory retention periods have expired, we will delete or block the data.
5. rights of the data subject
You have various rights with regard to the processing of personal data, which we would like to inform you about below. Details of your rights can also be found in Articles 15 to 21 GDPR and Sections 32 to 37 of the German Federal Data Protection Act ("BDSG").
You have the right to receive information about your personal data. You can also request the correction of incorrect data.
In addition, under certain conditions, you have the right to erasure of data, the right to restriction of data processing and the right to data portability. You can object to processing on the basis of Art. 6 (1) (f) GDPR, as well as to any profiling in accordance with Art. 21 GDPR. You can revoke any consent you have given in the context of using the website informally and without giving reasons at any time with effect for the future.
You can assert all of the above rights in accordance with Art. 15 to 21 GDPR informally by e-mail or post to the controller.
You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your data is unlawful. You can find a list of data protection officers and their contact details at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
If the processing is carried out by Facebook, you can also contact Facebook directly. This is particularly the case if the processing is part of Page Insights.
You can send them by post to the following address:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2 Ireland
Alternatively, you can of course also contact us and we will forward your enquiry to Facebook in these cases - in accordance with our agreement with Facebook pursuant to Art. 26 GDPR.