Privacy Policy
We are glad that you are interested in our business. Data security is a top priority for the Company’s management. The use of our Internet pages is possible without providing any personal data; however, if a particular subject wishes to use specific services provided by our enterprise through our website, personal data processing may be required. If we need to process personal data and there is no legislative basis for doing so, we usually receive consent from the data subject.
Personal data, such as a data subject’s name, address, e-mail address, or telephone number, shall always be processed in compliance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to us. Our company would like to notify the general public about the existence, extent, and intent of the personal data we collect, use, and process utilizing this data protection declaration. Furthermore, employing this data security declaration, data subjects are told of the rights to which they are entitled.
As the controller, we have put in place various technological and organizational safeguards to ensure the most complete security of personal data processed through this website. However, since Internet-based data transfers can have security gaps, full safety cannot be guaranteed. As a result, every data subject has the option of transferring personal data to us through alternative means, such as the telephone.
1. Terms and definitions
The Company’s data security declaration is based on the terminology used by the European legislator in adopting the General Data Protection Regulation (GDPR). The general public, as well as our clients and business partners, should be able to read and appreciate our data security declaration. To ensure this, we’d like to first define the terms.
The terms “we,” “us,” “our,” “administrator,” “service provider,” and “the business” refer to visitax.eu.
We use the following words in this data security statement, among others:
a) Personal information
Personal data refers to any information about a known or identifiable natural person (the “data subject”). An identifiable natural person can be identified, directly or indirectly, by the use of an identifier such as a name, identification number, location data, an online identifier, or one or more factors unique to that natural person’s physical, physiological, genetic, emotional, economic, cultural, or social identity.
b) Data subject
A data subject is a natural individual who can be categorized, directly or indirectly, based on specific information representing personal data;
c) Processing
Processing is defined as any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) Processing restrictions
Restriction of processing is the labeling of stored personal data to restrict their future processing.
e) Profiling
Profiling is described as any type of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects relating to a natural person, specifically to analyze or predict aspects relating to that natural person’s work performance, economic condition, health, personal preferences, interests, reliability, actions, place, or movements.
f) Pseudonymization
Pseudonymization is the process of processing personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) The controller or controllers in charge of the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body that, alone or in collaboration with others, determines the purposes and means of personal data processing; where the purposes and means of such processing are determined by Union or Member State law, the controller or specific criteria for its nomination may be provided.
h) Processor
Any operation or set of operations performed on personal data or sets of personal data, whether or not through automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
i) Recipient
A natural or legal individual, public authority, entity, or other body to whom personal data are exposed, whether a third party or not, is referred to as a recipient.
However, public authorities who can collect personal data in the context of a specific investigation under Union or Member State law are not considered recipients; the processing of those data by those public authorities must be following the relevant data privacy laws based on the purposes of the processing.
j) Third party
A third party is any natural or legal entity, public authority, organization, or body other than the data subject, controller, processor, and persons allowed to process personal data under the controller’s or processor’s direct authority.
k) Consent
The data subject’s consent is any freely granted, precise, aware, and unambiguous indication of the data subject’s wishes by which he or she, by a declaration or by direct affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Processing of personal data
In its capacity as controller of personal data, the Company processes personal data in a way that ensures an acceptable degree of security, including protection against unauthorized or unlawful processing and accidental loss, degradation, or harm, while employing appropriate technological and/or organizational measures per the following principles:
(a) concerning the data subject, legally, reasonably, and transparently (“lawfulness, justice, and transparency”)
(b) data is collected for specific, explicit, and legitimate purposes and is not further processed in a way that is incompatible with those purposes (“appropriateness in personal data processing and intent limitation”).
(c) sufficient, applicable, and restricted to what is needed for the purposes for which they are processed (“data reduction”).
(d) accurate and up to date
(e) limiting storage to no more than the time required for the purposes for which they are processed (“storage limitation”).
(f) processed in a way that ensures adequate personal data security, including protection against unauthorized or unlawful processing as well as accidental loss, degradation, or harm, using appropriate technological or organizational measures (“integrity and confidentiality”).
We process personal data only if and to the degree that at least one of the following criteria is met:
(a) processing is essential for the execution of an agreement with the Company of which the data subject is a party, or to carry out steps at the data subject’s request before the signing of an agreement with us.
(b) processing is necessary to comply with a legal requirement that applies to us as controller of personal data.
(c) the data subject has consented to the processing of their personal data for one or more particular purposes.
When personal data is collected solely based on consent, the data subject has the right to revoke that consent at any time.
Withdrawal of the data subject’s consent is not applicable where the processing of the data is based on the terms of items “a” and “b” above.
In its capacity as controller, the Company does not process personal data that reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, biometric information solely for identification of the natural person, data concerning health or data concerning sex life or sexual orientation of the person unless the data subject has given explicit consent for the processing of data for specific purposes.
3. Name and Address of the controller
The controller for the General Data Protection Regulation (GDPR), other data protection laws applicable in European Union Member States, and other data protection provisions is:
4. Name and Address of the Data Protection Officer
The Data Protection Officer of the controller is:
Any data subject can contact our Data Protection Officer directly at any time with any questions or suggestions about data protection.
5. Cookies
Cookies are used on our website. Cookies are text files that are saved in a computer system after being accessed via an Internet browser. Cookies are used by many websites and servers. A cookie ID is the main identifier for any cookie.
It is made up of a character string that allows Internet pages and servers to be allocated to the same Internet browser in which the cookie was placed.
This enables visited Internet pages and servers to distinguish the data subject’s individual browser from other Internet browsers that contain other cookies.
Using the unique cookie ID, a particular Internet browser can be recognized and marked.
The Company will offer more user-friendly services to this website’s visitors by using cookies, which would not be possible without the cookie environment.
The details and deals on our website can be optimized with the user in mind by using cookies.
As previously stated, cookies allow us to recognize our website visitors. This acknowledgment is intended to make it easier for users to use our website.
The user of a website that uses cookies, for example, does not have to enter access data each time the website is accessed, since this is handled by the website, and the cookie is thus saved on the user’s computer device.
Another example is the cookie associated with a shopping cart in an online store. A cookie is used by the online store to recall the items that a customer has put in the virtual shopping cart.
The data subject can, at any time, prevent the setting of cookies via our website by adjusting the settings of the Internet browser used, and thus permanently refuse the setting of cookies.
Furthermore, cookies that have already been set can be removed at any time using an Internet browser or other software programs. This is possible in all major web browsers.
If the data subject disables cookie settings in the Internet browser used, not all functions of our website will be fully functional.
6. Collection of general data and information
When a data subject or an automated system visits the Company’s website, a set of general data and information is collected.
The server log files contain this general data and knowledge:
(1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other information may be collected.
The Company does not draw any conclusions about the data subject by using these general data and facts.
Rather, this information is required to (1) correctly deliver our website’s content, (2) optimize our website’s content as well as its advertising, (3) ensure the long-term stability of our information management infrastructure and website technology, and (4) provide law enforcement authorities with the information required for criminal prosecution in the event of a cyber-attack.
As a result, we statistically evaluate secretly collected data and information to improve our enterprise’s data privacy and data security and ensure an acceptable level of protection for the personal data we process.
The anonymous data from the server log files are kept separate from any personal information given by a data topic.
7. Contact information is available on the website
Our website contains information that allows for easy electronic interaction with our company as well as direct communication with us, including a general electronic mail address (e-mail address).
When a data subject contacts the controller via e-mail or a contact form, the personal data transmitted by the data subject are automatically saved.
Such voluntary personal data transmitted by a data subject to the data controller are retained for processing or contacting the data subject.
There is no disclosure of this personal information to third parties.
8. The website’s blog includes a comment feature.
We allow users to leave individual comments on individual blog contributions on a blog hosted on the controller’s website.
A blog is a web-based, publicly accessible portal where one or more bloggers or web-bloggers can post articles or write down thoughts in blog posts.
Third parties also leave comments on blog posts.
If a data subject leaves a comment on this website’s blog, the data subject’s comments are also saved and written, as is information on the date of the commentary and the user’s (pseudonym) chosen by the data subject.
In addition, the IP address provided to the data subject by the Internet service provider (ISP) is logged.
The IP address is saved for security purposes and if the data subject violates the rights of third parties or posts illegal material through a given comment.
The holding of these personal data is thus in the data controller’s self-interest so that he can be exonerated in the case of a violation.
This collected personal data will not be disclosed to third parties unless required by law or serves the purpose of the data controller’s protection.
Personal data is routinely erased and blocked.
The data controller shall process and store the data subject’s personal data only for the time required to achieve the purpose of storage, or for the period given by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage function is no longer relevant, or if a storage period prescribed by the European legislator or another qualified legislator expires, personal data are regularly blocked or deleted in compliance with legal requirements.
9. Rights of the data subject
a) Provision of information
Each data subject has the right granted by the European legislator to obtain clarification from the controller as to whether or not personal data relating to him or her are being processed.
If a data subject wishes to exercise this confirmation right, he or she can do so at any time by contacting any employee of the controller.
b) Access to information
Each data subject has the right granted by the European legislator to obtain free information about his or her personal data stored at any time from the controller, as well as a copy of this information.
Furthermore, European directives and regulations give the data subject access to the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations; and
• where possible, the envisaged recipients.
Furthermore, the data subject has the right to know if personal data is transmitted to a foreign party or an international agency.
In this case, the data subject has the right to be told of the relevant protections relating to the transfer.
If a data subject wishes to exercise this right of access, he or she can contact any employee of the controller at any time.
c) The right to be corrected (if data is not accurate)
Each data subject has the right granted by the European legislator to obtain from the controller, without undue delay, the correction of incorrect personal data relating to him or her.
Taking into account the processing purposes, the data subject has the right to have incomplete personal data completed, even through the provision of a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she can do so at any time by contacting any controller employee.
d) The right to be forgotten (delete all data)
Each data subject has the right granted by the European legislator to obtain from the controller, without undue delay, the erasure of personal data concerning him or her, and the controller has the obligation to erase personal data without undue delay where one of the following conditions applies, as long as the processing is not necessary:
• The personal data is no longer required for the purposes for which it was obtained or otherwise processed.
• The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing; or the data subject objects to the processing according to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing under Article 21(1) of the GDPR and there are no overriding legitimate grounds
• Personal data is illegally stored.
• The personal data must be deleted in order to comply with a legal requirement imposed by Union or Member State law on the controller; and • the personal data were collected in connection with the provision of information society services, as specified in Article 8(1) of the GDPR.
If one of the above reasons applies and a data subject wishes to request the erasure of personal data stored by us, he or she can contact any employee of the controller at any time.
Our employee will ensure that the erasure request is met as soon as possible.
Where the controller has made personal data public and is required to erase the personal data under Article 17(1), the controller shall take reasonable steps, including technical measures, to notify other controllers processing the personal data that the data subject has requested the erasure of any links by such controllers, taking into account available technology and the cost of implementation.
In any situation, our employees will take the appropriate steps.
e) Processing constraint right
Each data subject has the right granted by the European legislator to obtain from the controller a restriction of processing if one of the following conditions is met:
• The accuracy of the personal data is disputed by the data subject, with a time allowing the controller to check the accuracy of the personal data. • The processing is illegal, and the data subject refuses erasure and instead demands restriction of their use.
• The controller no longer requires the personal data for the processing, but the data subject requires them for the creation, practice, or protection of legal claims.
The data subject has objected to processing by Article 21(1) of the GDPR, pending clarification of whether the controller’s valid reasons outweigh those of the data subject.
If one of the above requirements is met, and a data subject wishes to request that the processing of personal data stored by the Company be restricted, he or she can contact any employee of the controller at any time.
Our employees can arrange for the processing to be limited.
f) The right to transfer data
Each data subject has the right granted by the European legislator to obtain personal data relating to him or her that has been given to a controller in a standardized, widely used, and machine-readable format.
He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided that the processing is based on consent according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract under point (b) of Article 6(1) of the GDPR, and the processing is carried out.
Furthermore, in exercising his or her right to data portability under Article 20(1) of the GDPR, the data subject has the right to have personal data transferred directly from one controller to another, where legally possible and not infringing on the rights and freedoms of others.
To exercise the right to data portability, the data subject can contact any employee of the Company at any time.
g) The ability to object
Each data subject has the right granted by the European legislator to object at any time, on grounds relating to his or her specific circumstance, to processing of personal data concerning him or her that is based on Article 6(1)(e) or (f) of the GDPR.
This extends to profiling based on these provisions as well.
In the event of an objection, the Company can no longer process the personal data unless we can assert convincing substantive reasons for the processing that outweigh the data subject’s interests, rights, and freedoms, or for the creation, practice, or protection of legal claims.
If we process personal data for direct marketing purposes, the data subject has the right to object to the processing of personal data about him or her for such marketing at any time.
This extends to profiling insofar as it is relevant to direct marketing.
If the data subject objects to the Company processing his or her personal data for direct marketing purposes, we can no longer process the personal data for these purposes.
Furthermore, the data subject has the right, on grounds relating to his or her particular situation, to object to the Company’s processing of personal data concerning him or her for scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1) of the GDPR, unless the processing is required for the performance of a task carried out for reasons of public interest.
The data subject can contact any employee of the Company to exercise his or her right to object.
Furthermore, in the sense of using information society facilities, and notwithstanding Directive 2002/58/EC, the data subject is free to exercise his or her right to object using automated means based on technical requirements.
h) Human decision-making automation, including profiling
Each data subject has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning him or her or has a similarly significant impact on him or her, as long as the decision (1) is not required for entering into or performing a contract between the data subject and a data co-processor.
i) Right to revoke consent to data protection
The European legislator has given each data subject the right to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise his or her right to revoke consent, he or she can do so at any time by contacting any Company employee.
We will review and respond to the request within one month of its submission.
If required, this duration can be extended by another two months.
The Company notifies the data subject of any such extension within one month of receiving the submission, explaining the reason for the delay.
If a data subject files a request electronically, the information is given electronically if necessary, unless the data subject requests otherwise.
10. Data protection provisions about the application and use of Facebook
The controller has incorporated enterprise Facebook components on this website.
Facebook is a social networking site.
A social network is an online community that enables users to connect and interact in a virtual environment. It is a venue for social meetings on the Internet.
A social network may serve as a forum for the sharing of ideas and experiences, or it may enable the Internet community to share personal or business-related information.
Facebook enables social network users to create private profiles, upload images, and network via friend requests.
Facebook’s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States.
If you live outside of the US or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the data subject accesses one of the individual pages of this Internet website, which is run by the controller and into which a Facebook feature (Facebook plug-ins) was inserted, the web browser on the data subject’s information technology device is automatically prompted to download a display of the corresponding Facebook component from Facebook through the Facebook component.
A list of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/.
During the process of this technological method, Facebook learns which particular sub-site of our website the data subject visited.
If the data subject is logging in to Facebook at the same time, Facebook detects which particular sub-domain of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is collected through the Facebook portion and associated with the data subject’s Facebook account.
If the data subject clicks on one of the Facebook buttons built into our website, such as the “Like” button, or submits a message, Facebook matches this information with the data subject’s personal Facebook user account and retains the personal data.
Facebook collects information about a data subject’s visit to our website via the Facebook portion whenever the data subject is logged in on Facebook at the same time as the call-up to our website.
This occurs whether or not the data subject clicks on the Facebook component.
If the data subject does not want such a transmission of information to Facebook, he or she can avoid it by logging out of their Facebook account before visiting our website.
Facebook’s data security guideline, which is available at https://facebook.com/about/privacy/, offers details about Facebook’s collection, processing, and usage of personal data.
Furthermore, it is clarified there what privacy settings Facebook provides to protect the data subject’s privacy.
Furthermore, various configuration options are made available to enable the removal of data transmission to Facebook.
The data subject can use these applications to avoid sending data to Facebook.
11. Data protection provisions about the application and use of Google AdSense
The controller has used Google AdSense on this website.
Google AdSense is an online service that allows advertisers to insert advertisements on third-party websites.
Google AdSense is based on an algorithm that chooses advertisements displayed on third-party sites that are relevant to the content of the third-party site.
Google AdSense enables interest-based targeting of Internet users, which is accomplished by creating individual user profiles.
Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the company that runs Google’s AdSense component.
The Google AdSense component aims to integrate advertising on our website.
Google AdSense puts a cookie on the data subject’s information technology device.
The meaning of cookies has already been clarified.
Alphabet Inc. is able to analyze the use of our website thanks to the cookie.
For each visit to one of the individual pages of this Internet site, which is run by the controller and through which a Google AdSense component is inserted, the Internet browser on the data subject’s information technology infrastructure will automatically send data to Alphabet Inc. for the purposes of online advertisement and commission settlement.
During the process of this technological practice, Alphabet Inc. gains knowledge of personal data, such as the data subject’s IP address, which allows Alphabet Inc. to understand the origin of visitors and clicks and, as a result, establish commission settlements.
As previously mentioned, the data subject can, at any time, prevent the setting of cookies through our website by adjusting the web browser used, and thus permanently refuse the setting of cookies.
A change to the Internet browser used will also prevent Alphabet Inc. from placing a cookie on the data subject’s information technology infrastructure.
Furthermore, cookies previously used by Alphabet Inc. can be removed at any time using a web browser or other software programs.
Google AdSense also employs so-called monitoring pixels.
A monitoring pixel is a small graphic that is inserted in web pages to allow log file logging and analysis, which allows statistical analysis to be conducted.
Alphabet Inc. will decide whether and when a data subject opened a page, as well as which links the data subject clicked on, using the embedded tracking pixels.
Tracking pixels are used to analyze the movement of traffic on a website, among other things.
Personal data and information, which includes the IP address and is required for the collection and accounting of the displayed advertisements, are transmitted to Alphabet Inc. in the United States of America through Google AdSense.
This personally identifiable information will be stored and processed in the United States of America.
Alphabet Inc. can reveal the collected personal data to third parties through this technical procedure.
Google AdSense is discussed in greater detail at https://www.google.com/intl/en/adsense/start/.
12. Data protection provisions about the application and use of Google Analytics (with anonymization function)
The controller has included a Google Analytics component on this website (with the anonymizer function).
Google Analytics is a service for web analytics.
Web analytics is the collection, gathering, and review of data regarding website visitors’ activities.
A web analysis service gathers information such as the website from which an individual came (the referrer), which sub-pages were accessed, and how often and for how long a sub-page was viewed.
Online analytics was mostly used for website optimization and to do a cost-benefit analysis of Internet ads.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the operator of the Google Analytics portion.
The controller employs the application “_gat. _anonymizeIp” for web analytics through Google Analytics.
When a data subject accesses our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area, Google abridges and anonymizes the IP address of the data subject’s Internet link.
The Google Analytics component aims to analyze the traffic on our website.
Google uses the collected data and information, among other things, to analyze the usage of our website and to provide online reports that display the activities on our websites, as well as to provide us with other services related to the use of our Internet site.
Google Analytics puts a cookie on the data subject’s information technology infrastructure.
The meaning of cookies has already been clarified.
Google is able to analyze the use of our website thanks to the cookie.
With each visit to one of the individual pages of this Internet site, which is run by the controller and into which a Google Analytics component has been inserted, the Internet browser on the data subject’s information technology infrastructure will automatically upload data to Google for online advertisement and commission settlement.
During the process of this technological practice, the enterprise Google obtains personal information, such as the data subject’s IP address, which allows Google to understand the origin of visitors and clicks and, as a result, establishes commission settlements.
The cookie is used to store personal information such as the time of access, the location from which the access was made, and the frequency with which the data subject visits our website.
Such personal data, including the IP address of the data subject’s Internet connection, will be transmitted to Google in the United States of America for each visit to our Internet site.
Google stores these personal data in the United States of America.
Google can disclose the personal information gathered through the technical procedure to third parties.
As previously mentioned, the data subject can, at any time, prevent the setting of cookies through our website by adjusting the web browser used, and thus permanently refuse the setting of cookies.
A change to the Internet browser used will also prevent Google Analytics from placing a cookie on the data subject’s information technology infrastructure.
Furthermore, Google Analytics cookies can be removed at any time using a web browser or other software programs.
Furthermore, the data subject has the option of objecting to a set of data produced by Google Analytics that is relevant to the use of this website, as well as the processing of this data by Google and the ability to prevent such processing.
To accomplish this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout.
This browser add-on informs Google Analytics via JavaScript that any data and information about Internet page visits will not be transmitted to Google Analytics.
Google considers the installation of browser add-ons to be an objection.
If the data subject’s information technology infrastructure is subsequently removed, formatted, or newly updated, the data subject must reinstall the browser add-ons to disable Google Analytics.
If the data subject or any other individual within their domain of competence uninstalled or disabled the browser add-on, the reinstallation or reactivation of the browser add-ons is possible.
More details and Google’s relevant data security provisions can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html.
Google Analytics is explained in greater detail at https://www.google.com/analytics/.
13. Data protection provisions about the application and use of Google Remarketing
The controller has incorporated Google Remarketing services on this website.
Google Remarketing is a Google AdWords feature that allows a business to show advertisements to Internet users who have previously visited the business’s website.
As a result of integrating Google Remarketing, an enterprise can generate user-based ads and display relevant advertisements to interested Internet users.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the organization that operates the Google Remarketing services.
Google Remarketing aims to incorporate advertisements that are important to the user’s interests.
Google Remarketing enables us to display advertisements on the Google network or on other websites that are tailored to the specific needs and desires of Internet users.
Google Remarketing places a cookie on the data subject’s information technology framework.
The meaning of cookies has already been clarified.
With the cookie, Google allows the user to our website to be recognized if he visits consecutive web pages that are also members of the Google advertising network.
For each visit to a website where Google Remarketing has been incorporated, the data subject’s web browser automatically associates with Google.
During the process of this technological method, Google collects personal information, such as the user’s IP address or surfing behavior, which Google uses, among other things, to insert interest-relevant ads.
The cookie is used to store personal information, such as the Internet pages that the data subject has visited.
When we visit our Internet sites, personal data, including the IP address of the data subject’s Internet connection, is transmitted to Google in the United States of America.
Google stores these personal data in the United States of America.
Google can disclose the personal information gathered through the technical procedure to third parties.
As previously mentioned, the data subject can, at any time, prevent the setting of cookies through our website by adjusting the web browser used, and thus permanently refuse the setting of cookies.
A change to the Internet browser used will also prevent Google from placing a cookie on the data subject’s information technology infrastructure.
Furthermore, Google cookies can be removed at any time using a web browser or other software programs.
Furthermore, the data subject has the option to object to Google’s interest-based ads.
To accomplish this, the data subject must navigate to www.google.com/settings/ads and configure the desired settings on each Internet browser used by the data subject.
More details and Google’s actual data security policy can be found at https://www.google.com/intl/en/policies/privacy/.
14. Data protection provisions about the application and use of Google-AdWords
The controller has used Google AdWords on this website.
Google AdWords is an Internet advertising service that allows advertisers to insert advertisements in Google search engine results and the Google advertising network.
Google AdWords enables advertisers to pre-define unique keywords, with the aid of which an ad on Google’s search results is only displayed when a user uses the search engine to retrieve a keyword-relevant search result.
Ads in the Google Advertising Network are distributed on related web pages automatically using an algorithm that takes into account previously identified keywords.
Google AdWords is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
Google AdWords aims to promote our website by including related ads on third-party websites and in Google search engine results, as well as the insertion of third-party advertising on our website.
If a data subject visits our website after clicking on a Google ad, Google places a conversion cookie on the data subject’s information technology device.
The meaning of cookies has already been clarified.
The validity of a conversion cookie expires after 30 days and it is not used to classify the data topic.
If the cookie has not expired, the conversion cookie is used to determine if those sub-pages on our website, such as the shopping cart from an online shop system, were accessed.
The conversion cookie allows both Google and the controller to determine if a person who clicked on an AdWords ad on our website made sales, i.e. completed or canceled a sale of products.
Google uses the data and information obtained by the conversion cookie to generate visit statistics for our website.
These visit statistics are used to calculate the total number of users served by AdWords advertising in order to determine the success or failure of each AdWords ad and to refine our AdWords ads in the future.
Google does not provide our company or other Google AdWords advertisers with details that could be used to classify the data topic.
Personal information, such as the Internet pages accessed by the data subject, is stored in the conversion cookie.
When we visit our Internet sites, personal data, including the IP address of the data subject’s Internet connection, is transmitted to Google in the United States of America.
Google stores these personal data in the United States of America.
Google can disclose the personal information gathered through the technical procedure to third parties.
The data subject can, at any time, prevent our website from setting cookies, as mentioned above, by using a corresponding setting of the Internet browser used, and thus permanently refuse cookie setting.
A similar Internet browser setting will also prohibit Google from adding a conversion cookie on the data subject’s information technology device.
Furthermore, a Google AdWords cookie can be removed at any time using an Internet browser or other software programs.
The data subject has the option to object to Google’s interest-based advertising.
As a result, the data subject must access the connection www.google.de/settings/ads from each browser and set the desired settings.
More details and Google’s relevant data security provisions can be found at https://www.google.com/intl/en/policies/privacy/.
15. Data protection provisions about the application and use of Instagram
The controller has incorporated Instagram components on this website.
Instagram is a website that can be classified as an audiovisual site because it allows users to post images and videos as well as share those data on other social networks.
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES, is the operating company for the services provided by Instagram.
With each visit to one of the individual pages of this Internet site, which is run by the controller and on which an Instagram feature (Insta button) has been integrated, the Internet browser on the data subject’s information technology device is automatically prompted to download a display of the corresponding Instagram component of Instagram.
During this technological process, Instagram learns which particular sub-page of our website the data subject visited.
If the data subject is logging in to Instagram at the same time, Instagram detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the Instagram portion and is associated with the data subject’s Instagram account.
If the data subject clicks on one of the Instagram buttons embedded on our website, Instagram matches this information with the data subject’s personal Instagram user account and stores the personal data.
Instagram receives information that the data subject has visited our website via the Instagram portion if the data subject is logged in at Instagram at the time of the call to our website.
This happens whether or not the individual clicks on the Instagram button.
If the data subject does not want such a transmission of information to Instagram, he or she can avoid it by logging out of their Instagram account before visiting our website.
More details and Instagram’s relevant data security provisions can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
16. Data protection provisions about the application and use of LinkedIn
On this website, the controller has incorporated LinkedIn Corporation components.
LinkedIn is a web-based social network that allows users to communicate with established business contacts and create new business contacts.
LinkedIn has over 400 million registered users from over 200 countries.
As a result, LinkedIn is also the biggest forum for business contacts and one of the world’s most visited websites.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, UNITED STATES, is the company’s operating company.
LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible for privacy matters outside of the UNITED STATES.
With each visit to one of the individual pages of this Internet site, which is run by the controller and on which a LinkedIn component (LinkedIn plug-in) has been inserted, the Internet browser on the data subject’s information technology system is automatically prompted to download a display of the corresponding LinkedIn component of LinkedIn.
More information about the LinkedIn plug-in is available at https://developer.linkedin.com/plugins.
During this technical process, LinkedIn learns which particular sub-page of our website the data subject visited.
If the data subject is logging in to LinkedIn at the same time, LinkedIn detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the LinkedIn component and associated with the data subject’s LinkedIn account.
If a data subject clicks on one of the LinkedIn buttons incorporated on our website, LinkedIn assigns this information to the data subject’s own LinkedIn user account and stores the personal data.
LinkedIn receives information that the data subject has visited our website through the LinkedIn component, given that the data subject is logged in at LinkedIn at the time of the call-up to our website.
This happens whether or not the individual clicks on the LinkedIn button.
If the data subject does not want such a transmission of information to LinkedIn, he or she can avoid it by logging out of their LinkedIn account before visiting our website.
LinkedIn offers the option to unsubscribe from e-mail notifications, SMS messages, and targeted advertisements, as well as monitor ad settings, at https://www.linkedin.com/psettings/guest-controls.
Affiliates on LinkedIn include Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame.
According to https://www.linkedin.com/legal/cookie-policy, such cookies can be refused.
LinkedIn’s applicable privacy policy can be found at https://www.linkedin.com/legal/privacy-policy.
LinkedIn’s Cookie Policy can be found at https://www.linkedin.com/legal/cookie-policy.
17. Data protection provisions about the application and use of Pinterest
Pinterest Inc. components have been incorporated by the controller on this website.
Pinterest is a form of a social network.
A social network is a social gathering place on the Internet, an online community that enables users to connect and interact with one another in a virtual environment.
A social network can be used to share ideas and experiences, or it can be used to provide personal or business-related information to the Internet community.
Pinterest users can post, among other things, picture collections and individual images, as well as explanations, on virtual pinboards (so-called pins), which can then be exchanged (so-called re-pins) or commented on by other users.
Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, UNITED STATES, is the company’s operating company.
For each visit to one of the individual pages of this Internet site, which is run by the controller and on which a Pinterest component (Pinterest plug-in) was integrated, the Internet browser on the data subject’s information technology system is automatically prompted to download a display of the corresponding Pinterest component via the respective Pinterest component.
More information about Pinterest can be found at https://pinterest.com/.
During the process of this technological method, Pinterest learns which particular sub-page of our website the data subject visits.
If the data subject is logging in to Pinterest at the same time, Pinterest detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the Pinterest portion and associated with the data subject’s Pinterest account.
If a data subject clicks on one of the Pinterest buttons integrated on our website, Pinterest assigns this information to the data subject’s own Pinterest user account and stores the personal data.
Pinterest receives information that the data subject has visited our website via the Pinterest component, given that the data subject is logged in at Pinterest at the time of the call-up to our website.
This happens whether or not the individual clicks on the Pinterest component.
If the data subject does not want such a transmission of information to Pinterest, he or she can avoid it by logging out of their Pinterest account before visiting our website.
Pinterest’s data security guidelines, which are available at https://about.pinterest.com/privacy-policy, offer information on Pinterest’s collection, processing, and usage of personal data. 18. Data protection provisions about the application and use of Tumblr
Tumblr components have been built into the controller on this website.
Tumblr is a blogging site that allows users to build and manage their own blogs.
A blog is a web-based, usually public-accessible forum where one or more people known as bloggers or web-bloggers can post articles or write down thoughts in blog posts.
In a Tumblr blog, for example, the user can publish text, photographs, links, and videos and distribute them in the digital space.
Tumblr users can also import content from other websites into their own blogs.
Tumblr’s parent company is Tumblr, Inc., 35 East 21st Street, Ground Floor, New York, NY 10010, UNITED STATES.
The Internet browser on the data subject’s information technology infrastructure automatically downloads a view of the corresponding Tumblr component of Tumblr for each call to one of the individual pages of this Internet site, which is run by the controller and on which a Tumblr component (Tumblr button) has been integrated.
More information about Tumblr buttons can be found at https://www.tumblr.com/buttons.
Tumblr learns the specific sub-page of our website the data subject accessed during this technical procedure.
The integration of the Tumblr component serves as retransmission of this website’s contents, allowing our users to bring this web page to the digital world and increase our visitor numbers.
If the data subject is logged in at Tumblr, Tumblr detects which particular sub-page of our Internet page was accessed by the data subject for each call-up to our website by the data subject—and for the duration of their stay on our Internet site.
This information is gathered by the Tumblr portion and associated with the data subject’s Tumblr account.
If a data subject clicks on one of the Tumblr buttons integrated on our website, Tumblr assigns this information to the data subject’s own Tumblr user account and stores the personal data.
Tumblr receives information that the data subject has visited our website via the Tumblr component, given that the data subject is logged in at Tumblr at the time of the call-up to our website.
This happens whether or not the individual clicks on the Tumblr component.
If the data subject does not want such a transfer of information to Tumblr, he or she can avoid it by logging out of their Tumblr account before visiting our website.
Tumblr’s relevant data security policies can be found at https://www.tumblr.com/policy/en/privacy.
19. Data protection provisions about the application and use of Twitter
Twitter components have been integrated by the controller on this website.
Twitter is a multilingual, publicly available micro-blogging site where users can publish and spread so-called ‘tweets,’ which are short messages of up to 280 characters.
These short messages are accessible to all users, including those who are not logged in to Twitter.
The tweets are also shown to the respective user’s “followers.”
Other Twitter users who follow a user’s tweets are known as followers.
Furthermore, Twitter helps you to reach a large number of people by using hashtags, links, or retweets.
Twitter, Inc. is the holding firm, and its address is 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.
With each visit to one of the individual pages of this Internet site, which is run by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the data subject’s information technology device is automatically prompted to download a display of the corresponding Twitter component.
More information about Twitter buttons can be found at https://about.twitter.com/de/resources/buttons.
During the course of this technological process, Twitter learns which particular sub-page of our website the data subject visited.
The introduction of the Twitter portion serves as retransmission of this website’s contents, allowing our users to add this web page to the digital world and increase our visitor numbers.
If the data subject is logging in to Twitter at the same time, Twitter detects which particular sub-page of our Internet page was visited by the data subject for each call-up to our website by the data subject and for the entire period of their stay on our Internet site.
This information is gathered by the Twitter portion and associated with the data subject’s Twitter account.
If a data subject clicks on one of the Twitter buttons integrated on our website, Twitter assigns this information to the data subject’s own Twitter user account and stores the personal data.
Twitter receives information that the data subject has visited our website via the Twitter component, given that the data subject is logged in on Twitter at the time of the call-up to our website.
This happens whether or not the individual clicks on the Twitter component.
If the data subject does not want such a transmission of information to Twitter, he or she can avoid it by logging out of their Twitter account before visiting our website.
Twitter’s relevant data security requirements can be found at https://twitter.com/privacy?lang=en.
20. Data protection provisions about the application and use of YouTube
YouTube components have been incorporated by the controller on this website.
YouTube is an Internet video site that allows video publishers to freely upload video clips and other users, as well as free streaming, review, and commenting on them.
YouTube allows you to publish any kind of video, so you can watch complete movies and TV shows, as well as music videos, trailers, and videos created by users, through the Internet portal.
YouTube’s parent company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES.
Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES, owns YouTube, LLC.
With each visit to one of the individual pages of this Internet site, which is run by the controller and on which a YouTube component (YouTube video) has been integrated, the data subject’s Internet browser on his or her information technology device is automatically prompted to download a display of the corresponding YouTube component.
More information about YouTube is available at https://www.youtube.com/yt/about/en/.
Over the course of this technological process, YouTube and Google learn which unique sub-page of our website the data subject visited.
If the data subject is logged in on YouTube, YouTube recognizes which particular sub-page of our Internet site the data subject visited for each call-up to a sub-page that contains a YouTube video.
This information is gathered by YouTube and Google and allocated to the data subject’s YouTube account.
If the data subject is logged in on YouTube at the time of the call to our website, YouTube and Google will receive information that the data subject has visited our website through the YouTube component; this happens regardless of whether the individual clicks on a YouTube video or not.
If the data subject does not want this information to be sent to YouTube and Google, the distribution will be stopped if the data subject logs out of their own YouTube account before visiting our website.
YouTube’s data security provisions, which can be found at https://www.google.com/intl/en/policies/privacy/, explain how YouTube and Google capture, store, and use personal data.
21. Payment Method: Data protection provisions about the use of PayPal as a payment processor
PayPal components have been incorporated by the controller on this website.
PayPal is a company that offers online payment services.
Payments are made using PayPal accounts, which are virtual private or company accounts.
If a user does not have a PayPal account, PayPal can still process virtual payments using credit cards.
Since a PayPal account is handled by an e-mail address, there are no traditional account numbers.
PayPal allows you to initiate online transfers to third parties as well as accept payments.
PayPal embraces trustee duties and provides buyer security services as well.
PayPal’s European subsidiary is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as a payment method in the online shop during the ordering process, we automatically transmit the data subject’s information to PayPal.
By choosing this payment method, the data subject consents to the transfer of personal data necessary for payment processing.
Personal data sent to PayPal is usually first and last name, address, email address, IP address, telephone number, cell phone number, or other payment-related information.
The processing of the purchasing contract necessitates the collection of such personal data as is associated with the respective order.
The data transfer is intended for payment processing and fraud prevention.
The controller can pass personal data to PayPal if there is a valid interest in doing so.
PayPal can send to economic credit agencies the personal data shared between PayPal and the controller for data processing.
This transmission is intended to be used for identity and creditworthiness verification.
PayPal will, if applicable, disclose personal information to affiliates, service providers, or subcontractors in order to satisfy contractual obligations or process data in the order.
The data subject has the option to withdraw consent for the handling of personal data from PayPal at any time.
A revocation has no effect on personal data that must be stored, used, or distributed in order to process (contractual) payments.
PayPal’s relevant data security requirements can be found at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
22. Payment Method: Data protection provisions about the use of CyberSource Corporation as a payment processor
The controller has incorporated payment processing components from CyberSource Corporation and its subsidiaries Authorize.net on this website.
Authorize.net is a payment portal that accepts online payments.
Payments are handled as follows:
1) The customer pays with his credit card.
2) Authorize.Net manages the complex data routing on behalf of the merchant through the steps/entities mentioned below.
3) Authorize.Net sends the encrypted transaction details to the Service Provider (e-payment and – or Talus payment system) over a secure link.
The transaction is sent to the credit card network by the Merchant Bank’s Processor (like Visa or MasterCard).
The credit card network routes the transaction to the bank that issued the customer’s credit card.
4) Depending on the customer’s available funds, the issuing bank accepts or rejects the transaction and sends the transaction results back to the credit card network.
The credit card network forwards transaction information to the merchant bank’s processor.
The transaction results are relayed to Authorize.Net by the processor.
5) Depending on the customer’s available funds, the issuing bank accepts or rejects the transaction and sends the transaction results back to the credit card network.
The credit card network forwards transaction information to the merchant bank’s processor.
The transaction results are relayed to Authorize.Net by the processor.
6) The merchant provides the customer with products or services.
7) The issuing bank transfers the purchase funds to the credit card network, which forwards the funds to the merchant’s bank.
The funds are then deposited into the merchant’s bank account by the bank.
This is known as settlement, and the transaction funds are normally deposited into the merchant’s primary bank account within two to four business days.
The address for Authorize.net is (General Inquiries) P.O. Box 8999 San Francisco, CA 94128-8999.
7556 US-70 #200, Bartlett, TN 38133, USA.
Talus is located at 12700 Park Central Dr, Dallas, TX 75251, USA.
If the data subject selects “Authorize.net” as the payment method in the online shop during the ordering process, the data subject’s information is automatically transmitted to the processor.
By choosing this payment method, the data subject consents to the transfer of personal data necessary for payment processing.
Personal data transmitted to the processor via the authorize.net gateway is usually first and last name, address, email address, IP address, telephone number, cell phone number, credit card number, or other payment processing data.
The processing of the purchasing contract necessitates the collection of such personal data as is associated with the respective order.
The data transfer is intended for payment processing and fraud prevention.
The controller can pass personal data to Authorize.net if there is a valid interest in doing so.
Personal data shared between Authorize.net and the controller for data processing will be distributed to economic credit agencies through Authorize.net.
This transmission is intended to be used for identity and creditworthiness verification.
If required, Authorize.net will disclose personal information to affiliates, service providers, or subcontractors in order to satisfy contractual obligations or process data in the order.
Authorize.net provides the data subject with the option to withdraw permission for the handling of personal data at any time.
A revocation has no effect on personal data that must be stored, used, or distributed in order to process (contractual) payments.
CyberSource’s relevant data security requirements can be found at https://www.authorize.net/en-GB/privacy/.
23. Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the abovementioned legal grounds, if the processing is necessary for the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
24. The legitimate interests pursued by the controller or by a third party
When we process personal data under Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in the best interests of both our employees and shareholders.
25. Period for which the personal data will be stored
The statutory retention period is the criterion used to assess the period of preservation of personal data.
When that time expires, the corresponding data is routinely removed, as long as it is no longer required for contract fulfillment or contract initiation.
You can ask us to delete your personal information by sending an email to info@visitax.eu or writing to the address mentioned above.
26. Personal data collection as a legislative or contractual requirement; a requirement for entering into a contract;
the obligation of the data subject to include personal information; possible consequences of failure to provide such data
We clarify that the provision of personal data is either required by law (such as tax regulations) or might be the product of contractual provisions (e.g. information on the contractual partner).
To conclude a contract, the data subject may be required to provide us with personal data, which we must then process.
When our company, for example, signs a contract with the data subject, he or she is expected to provide us with personal details.
Failure to provide personal data will prevent the contract with the data subject from being concluded.
The data subject must first contact any employee before providing personal information.
The employee clarifies to the data subject whether the provision of personal data is needed by law or contract, or whether it is required for the contract to be concluded, if there is an obligation to provide the personal data, and the consequences of failure to provide the personal data.
27. Existence of automated decision-making
As a responsible business, we will not use automated decision-making or profiling.
Last updated: 31 May 2021