1.1. Data controller
Strausberger Flugplatz GmbH
Kastanienallee 38
15344 Strausberg
Tel: +49 3341 345 370
Fax: +49 3341 345 379
Email: info@sfg-strausberg.de
1.2. Name and contact details of the Data Protection Officer
Lawyer Markus Selent
Hendrik Klünder & Markus Selent GbR
Schwanebecker Chaussee 5
13125 Berlin
Tel: +49 30 6093 3555
Fax: +49 30 6093 3558
Email: selent@point-of-law.de
www.point-of-law.de
2.1. Which of your data do we use and where does your data come from?
We process data that we receive from you when you visit the website.
2.1.1. Processing in server logs
This is data that arises in the course of communication between your device and our web servers and is stored there. In particular, this is temporarily the connection data of the accessing computer. This data set is comprised of:
2.1.2. Use of contact forms
If you use contact forms on our website, we collect the data that you send us via this contact form. This includes in particular:
2.1.3. Links and widgets
If you use links inserted on our website, you will be forwarded to the corresponding linked sits. The links are recognizable as such. This relates in particular to App2Drive, the limousine / chauffeur service and the links to our affiliates. By using the link, you will be forwarded to third-party websites of other data controllers. The respective website operator is responsible for complying with the data protection regulations.
We have also inserted so-called widgets on our website. This is where external content has been integrated into our website. This is necessary in order, for example, to show you the weather on site, to integrate certain forms (e.g. PPR see Section 2.1.2.) or video modules (e.g. Youtube). By activating these widgets, at least your data according to Section 2.1.1. will be transmitted to the widget provider. In addition, there is also the data that is generated through the use of the widget.
The functionality of these widgets may be dependent on your specific consent. Therefore, the widgets will only be loaded and a connection to the respective provider established if you allow this by clicking on the widget. Permission is only effective in the respective session. Once the session has ended, your consent is also withdrawn. If you visit our website again and use the widget, you have to give your consent again.
Exceptions to this are:
2.1.5. Cookies
We use cookies on our website that are used for various purposes. You can also adjust your browser settings to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can of course also have your browser ban the placement of cookies. However, this may result in you not being able to use the full scope of our website anymore.
We use the following types of cookies on our website:
2.2 For what purposes and on what legal basis do we process your data?
We process your personal data in accordance with the data protection regulations of the GDPR, the German Federal Data Protection Act (BDSG) or special legislation.
2.2.1. Processing in server logs
When you visit our website, we process your data according to Art. 6 para. 1 lit. f GDPR. The log data is collected and stored to prevent interference with our websites, to identify attacks on our infrastructure early on and defend against them and to maintain availability. We take your legitimate interests into account by anonymising the collected log data as soon as possible, but at the latest after 7 days. We only carry out a personally identifiable evaluation of the log data if there is reasonable grounds for suspecting an attack or intentional or unintentional interference with our systems.
2.2.2. Use of contact forms
Insofar as you use contact forms to get in touch with us, the basis results from the purpose for which you have sent us your contact details. The legal bases then result from Art. 6 para. 1 lit. b) , c) or f) GDPR.
2.2.3. Links and widgets
Insofar as you follow the corresponding links, this is done on the basis of your own decision. The use of widgets used is based on your consent within the meaning of Art. 6 para. 1 lit a) GDPR or in the case of the directly loaded widgets based on Art. 6 para. 1 lit. b), c) or f) GDPR, depending on the purpose of the communication.
2.2.4. Cookies
Depending on the type of cookie used, different legal bases are considered.
2.3. How long will your data be stored?
2.3.1. Processing in server logs
We process and store your data on the server logs for a maximum of 7 days. We anonymise this data no later than this moment.
2.3.2. Use of contact forms
We process and store your data from the contact forms if this is necessary for the original purpose. In addition, we are subject to various retention and documentation obligations based on such laws as the German Commercial Code (HGB) and the Tax Code (AO). The periods for retention and documentation specified in these regulations range from two to ten years. Certain data must be deleted as soon as the purpose has been fulfilled (e.g. simple enquiries without a contractual background). Finally, the retention period is also determined based on statutory limitation periods, which, for example, according to Article 195 et seq. German Civil Code (BGB) may be up to thirty years, whereby the usual limitation period is three years. Once the storage of the data is no longer required and there are no statutory retention periods, your data will be immediately deleted.
2.3.3. Links and widgets
We do not store the use of links and widgets. With respect to the use of your data by the corresponding provider, check the provider’s respective data protection information.
2.3.4. Cookies
Depending on the type of cookie used, different deletion periods are considered. Our required cookies are deleted after one session.
3.1. Who receives your personal data?
Within the company, only those departments receive your data that require it to fulfil the abovementioned purposes. Data processors and other service providers we use may also receive data for these purposes. These include companies in the IT services and telecommunications categories.
We shall only pass on information if legal regulations require it, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example, public bodies and institutions (offices, financial or aviation governing bodies etc.) if there is a legal or official obligation. Other data recipients may be those bodies for which you have given us consent to share your data.
3.2. Is your data sent to a third country or to an international organisation?
Data is only sent to countries outside the European Economic Area (third countries) if you use corresponding widgets for which you have given your prior consent.
NOTE: Please do not use the corresponding widgets (Youtube and Google Maps) if you do not want data to be sent to the USA. The use of these widgets results in personal data of website users being sent to the USA.
Such use of service providers that send data to the USA is only permitted if an adequate level of data protection is ensured in the USA. Until 16 July 2020, this was possible, for example, if the US company had self-certified under the Privacy Shield. In this way, the adequate level of data protection required by the GDPR should be established. In its ruling of 16 July 2020 (Ref: C-311/18), the European Court of Justice declared the Privacy Shield invalid. You can consult the wording of the ruling here.
In summary, the ECJ concludes that the scope and legal reach of the US surveillance laws do not ensure sufficient protection for EU data. According to the ECJ, this poses the risk of violating the rights of EU citizens enshrined in the General Data Protection Regulation. Thus, the Court states that „the limitations on the protection of personal data assessed by the Commission in Privacy Shield Decision 2016/1250, which result from the fact that, under United States law, the United States authorities may access and use such data transferred from the Union to that third country, are not regulated in such a way as to satisfy requirements equivalent in substance to those existing under Union law in accordance with the principle of proportionality“.
We have concluded corresponding standard contractual clauses with Google to provide further guarantees for the protection of your data. EU standard contractual clauses continue to remain valid following the ECJ’s decision. Nevertheless, our duty is to minimise the risks for the data subjects. In the case of US legislation, however, we are unable to do so.
The use of the corresponding widgets, about whose use we provide information here, is of vital importance to us. We would therefore like to use it on our website.
We will, however, only transmit your personally identifiable data if you have provided your express consent for this. You have the right to revoke your consent at any time. Revocation of consent does not affect the legality of processing carried out on the basis of the consent up to the point of revocation. Since your consent is only valid for the respective website visit, it ends automatically when you leave our website.
You have a right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR) and right to object to processing (Art. 21 GDPR). Please contact us if you would like to exercise these rights.
If you believe that the processing of your personal data breaches existing data protection regulations, you can complain to a supervisory authority, without prejudice to other remedies. You can address the complaint in particular to a supervisory authority in the member state of your residence, place of work or the place of the alleged infringement.
Strausberg, 25 May 2022
Stadtwerke Gruppe Strausberg