Privacy Policy

1. Controller and Data Protection Officer

Thank you for your interest in our information services.

Your privacy as a data subject and your right to “informational self-determination” are very important to us. We process your personal data in accordance with the EU General Data Protection Regulation (EU GDPR) and the Federal Data Protection Act (BDSG).

The controller in the sense of the GDPR is:
SINDRI & BROCK – Die Unikatmanufaktur
Noidach 1
83735 Bayrischzell
Phone 0176 609 333 90
Email: info@sindriundbrock.de

Data Protection Officer:
Please address all requests for information, access requests, or objections to data processing to this address:

PrioDesign
Noidach 1
83735 Bayrischzell
Phone 0176 609 333 90
Email: info@priodesign.de
www.priodesign.de

We take the protection of your personal data very seriously. Personal data refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Legal Basis for Processing Your Personal Data

We process your personal data in accordance with specific purposes related to your expressions of interest in our offers, for the initiation of contractual or quasi-contractual business relationships, for offering products and services, for maintaining business contacts, and for compliance with processing regulations under tax law, commercial law, and other relevant laws and ordinances.

In this sense, we also pursue changes to purposes if necessary – e.g., in the context of advertising activities (direct marketing) – as long as these do not contradict your right to informational self-determination or you do not withdraw your consent to this processing of your personal data.

Legal bases for the processing of your personal data arise in particular from Art. 6 EU GDPR.

A large part of personal data is collected and processed directly from data subjects via our website – especially when you actively use the online forms yourself. This happens, for example, when using the contact form or subscribing to the online newsletter.

Processing of special categories of personal data within the meaning of Art. 9 Para. 1 EU GDPR, for example, when registering for events, applications, or participating in further training courses, only takes place if this is necessary due to your consent or legal provisions and there is no reason to assume that your legitimate interest in the exclusion of processing outweighs this, Art. 88 Para. 1 EU GDPR.

3. Your Rights as a Data Subject

The EU GDPR grants you, as a data subject, relevant rights regarding the processing of your personal data by the Controller, especially the:

Right of Access (Art. 15 EU GDPR)
You have the right, pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

Right to Rectification (Art. 16 EU GDPR)
You have the right, pursuant to Art. 16 GDPR, to demand the immediate rectification of inaccurate personal data stored by us or the completion of incomplete personal data;

Right to Erasure (Art. 17 EU GDPR)
You have the right, pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;

Right to Restriction of Processing (Art. 18 EU GDPR)
You have the right, pursuant to Art. 18 GDPR, to demand the restriction of processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;

Right to Data Portability (Art. 20 EU GDPR)
You have the right, pursuant to Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;

Right to Withdraw Your Consent
You have the right, pursuant to Art. 7 Para. 3 GDPR, to withdraw your consent at any time. This means that we may no longer continue the data processing that was based on this consent in the future.

Right to Lodge a Complaint with a Supervisory Authority
You have the right, pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office, the Bavarian State Commissioner for Data Protection, for this purpose.

Right to Object to Data Processing (Art. 21 EU GDPR)
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that there are grounds arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to specify a particular situation.
If you wish to exercise your right of withdrawal or objection, an email to the data protection officer is sufficient: info@priodesign.de.

4. Data Protection in Specific Areas

Data Security of the Web Platform

During your visit to our website, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted encrypted by the closed display of the key or lock symbol in your browser’s status bar.

Furthermore, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Our websites at https://www.sindriundbrock.de are intended to facilitate your access to our information and services.

We reserve the right to make changes or additions to the information provided at any time. When creating our pages, we carefully ensure the accuracy, topicality, completeness, comprehensibility, and constant availability of the information provided. The service provider according to § 13 Telemedia Act (TMG) and the controller according to Art. 4 No. 7 GDPR is SINDRI & BROCK, Marcus Pfeiffer, Ginsham 32, 83052 Bruckmühl.

Collection and Storage of Personal Data, and the Type and Purpose of its Use:

a) When visiting the website

When using our website, information is automatically sent to our website’s server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software.

The aforementioned data is processed by us for the following purposes:

• Ensuring a smooth connection to the website,
• Ensuring comfortable use of our website,
• Evaluating system security and stability, and
• for further administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the purposes of data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
Furthermore, we use cookies when you visit our website. You can find more information on this in the separate section on Cookies below.

b) Contact Form

For any questions, we offer you the possibility to contact us via a form provided on the website. Providing your name and a valid email address is required so that we know who the inquiry is from and can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out according to Art. 6 Para. 1 S. 1 lit. a GDPR based on your voluntarily given consent.

c) Event Registration

If you wish to register for one of our events, we offer you the possibility to register via a form provided on the website. Providing your name, a valid email address, and your address is required so that we know who the registration is from and can process it. Further information can be provided voluntarily.
Data processing for the purpose of event registration with us is carried out according to Art. 6 Para. 1 lit. b GDPR. We delete your personal data after the contract has been processed and the tax and commercial law retention periods have expired.

Disclosure of Data:

The transfer of personal data usually takes place exclusively for the purpose of commissioned processing by external service providers, in particular for the purpose of sending the Lebenshilfe-Zeitung, the specialist journal Teilhabe, and the legal service to the respective customers or subscribers.
No other transfer of your personal data to third parties for purposes other than those listed will occur.
We only transfer your personal data to third parties if:

• you have given your explicit consent thereto pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR,
• the transfer is necessary pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred,
• in the event that there is a legal obligation for the transfer pursuant to Art. 6 Para. 1 S. 1 lit. c GDPR, and
• this is legally permissible and necessary pursuant to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.

5. Technical Background for the Processing of Personal Data

A) Use of Cookies:

Furthermore, when using the website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the overall internet offering more user-friendly and effective. We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.
This website uses cookies to the following extent:

• Transient Cookies (temporary use)
• Persistent Cookies (limited-time use)
• Third-Party Cookies (from third-party providers)
• Flash Cookies (permanent use; cannot be excluded by third-party providers).

Transient cookies are automatically deleted when you close the browser. This includes, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the common session. This enables your computer to be recognized when you return to the website. Session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a predetermined period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all functions of this website.

The Flash cookies used are not recorded by your browser, but by your Flash plug-in. These store the necessary data independently of your browser and do not have an automatic expiry date. If you do not wish Flash cookies to be processed, you must install a corresponding add-on, e.g., “Better Privacy” for Mozilla Firefox or Adobe-Flash-Killer-Cookie for Google Chrome.
This stored information is stored separately from any other data you may have provided to us. In particular, the cookie data is not linked to your other data.

B) Use of Google Products:

The legal basis for the processing of users’ personal data is generally the user’s consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR.
With the tracking measures used, we aim to ensure a needs-based design and continuous optimization of our website. Furthermore, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offerings for you. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

• Google Fonts
• Google reCAPTCHA
• Integration of Google Maps

1. Google Fonts:

Our website uses so-called Web Fonts, provided by Google, for the uniform display of fonts. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, the browser you are using must connect to Google’s servers. This allows Google to know that our website has been accessed via your IP address. The IP address of the browser of the visitor’s device to these web pages is also stored by Google. If your browser does not support Web Fonts, a standard font from your computer will be used.

For more information about Google Fonts, see developers.google.com/fonts/faq and Google’s privacy policy: policies.google.com/privacy.

2. Google reCAPTCHA:

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is designed to check whether data entry on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please see the Google privacy policy and the Google terms of use at the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de.

3. Integration of Google Maps:

We have integrated content from Google Maps on this website. By visiting the website, Google Maps receives the information that you are on the corresponding subpage of our website and the data mentioned under section 1. Google Maps works with an autofill function, which automatically completes your address data to make it easier for you to enter it. Otherwise, the information on Google Analytics also applies to the transfer of data to Google Maps. The additional terms of use for Google Maps under https://www.google.com/intl/de_de/help/terms_maps.html also apply. You have the option to deactivate the Google Maps service at any time and thus prevent the data transfer to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

• Framework for data transfers: https://policies.google.com/privacy/frameworks
• EU standard contractual clauses: https://privacy.google.com/businesses/controllerterms/mccs/

C) Disclosure to Third Countries

When using cookies, data may be transferred to third countries – in particular the USA – for which there is no adequacy decision pursuant to Art. 45 para. 3 GDPR and no suitable guarantees pursuant to Art. 46 GDPR exist. We would like to point out that a data transfer without an adequacy decision and without suitable guarantees entails certain risks, which we may point out to you below:

US intelligence services take certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transferred here can be traced back to you.

Providers of electronic communication services with headquarters in the USA are subject to monitoring by US intelligence services pursuant to 50 U.S. Code § 1881a (“FISA 702”). Accordingly, providers of electronic communication services with headquarters in the USA have the obligation to provide personal data to the US authorities pursuant to 50 U.S. Code § 1881a, without you possibly having legal remedies. Even encryption of the data in the data centers of the provider of electronic communication services cannot provide adequate protection, as a provider of electronic communication services has a direct obligation, with regard to the imported data that is in its possession or custody or under its control, to grant access to it or to release it. This obligation may expressly extend to the cryptographic keys without which the data is not readable.

The fact that this is not merely a “theoretical danger” is demonstrated by the ECJ’s judgment of July 16, 2020, C‑311/18.

The legal basis for the transfer of users’ personal data to a third country is the user’s consent pursuant to Art. 49 para. 1 lit. a GDPR.

6. Social Media

We use different networks for our company presences. When using some networks, personal data may be transferred to servers in the USA. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the data is transferred to and processed by the companies listed below on the basis of appropriate guarantees pursuant to Art. 46 ff GDPR, in particular through the conclusion of so-called standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR.

Facebook

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller for the processing of personal data is, if a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, is called up, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook recognizes with each call-up of our website by the data subject and during the entire duration of the respective stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example the “Like” button, or makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the time of the call-up of our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of this information to Facebook is not wanted by the data subject, he or she can prevent the transmission by logging out of his or her Facebook account before calling up our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

YouTube

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

Our website uses plugins from the Google-operated site YouTube. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the Youtube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

On our YouTube company page, we provide information and offer YouTube users the opportunity to communicate. If you perform an action on our YouTube company presence (e.g. comments, posts, likes, etc.), you may be making personal data (e.g. your user profile’s clear name or photo) public. However, since we generally or largely have no influence on the processing of your personal data by the jointly responsible company YouTube, we cannot make any binding statements regarding the purpose and scope of the processing of your data.

Our company presence in social networks is used for communication and information exchange with (potential) customers. The publications via the company presence may contain the following content:

• Information about products
• Information about services
• Sweepstakes
• Advertising
• Customer contact

Each user is free to publish personal data through activities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

The data generated by the company presence is not stored in our own systems.

You can object to the processing of your personal data, which we collect as part of your use of our YouTube company presence, at any time and assert your data subject rights. Send us an informal e-mail to do so. For further information on the processing of your personal data by YouTube and the corresponding objection options, please see here:

YouTube: https://policies.google.com/privacy?gl=DE&hl=de

7. Topicality and amendment of this privacy policy

This privacy policy is currently valid and is dated October 2022.

Due to the further development of our website and offers above or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed out by you at any time on the website via this link.