I. Name and contact details of the data controller
Panama Werbeagentur GmbH
Tel.: +49 711 248 9240
Defined as the responsible party under the European General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and contact details of the data protection officer
Appointed data protection officer of the data controller:
Hanauer Landstr. 151-153
60314 Frankfurt am Main
Tel.: +49 699 043 7965
III. General information concerning data processing
1. Scope of personal data processing
We only collect and process the personal data of visitors to our homepage to the extent required to deliver our website, as well as our content and services.
The personal data of our users is generally only collected and used with their consent. Certain exceptions apply in cases where processing without consent is permitted by law, or where prior consent cannot be obtained for practical reasons.
2. Lawfulness of processing
The legal basis for the processing of personal data is generally derived from the following points of Article 6(1) of the GDPR:
- Point (a), upon obtaining the consent of the data subject.
- Point (b), for processing activities which serve to perform a contract to which the data subject is a party. This includes processing required to carry out pre-contractual tasks.
- Point (c), for processing operations required to fulfil a legal obligation.
- Point (d), in the event that the vital interests of the data subject or another natural person necessitate the processing of personal data.
- Point (f), if processing is necessary to safeguard legitimate interests of our company or a third party and the interests, basic rights and freedoms of the data subject do not outweigh the first-mentioned interest.
3. Retention and deletion of data
The personal data of users will be deleted or restricted as soon as the purpose of retention no longer applies. Data may be retained beyond this period if the European or national legal authorities have made applicable provisions in EU regulations, laws or other legislation to which the data controller is bound. The data shall also be restricted or deleted once the retention period prescribed by the aforementioned legislation expires, unless further retention of the data is necessary for the purpose of entering into or fulfilling a contract.
IV. Use of our website, general information
1. Description and scope of data processing
Each time a user accesses our website, our system automatically collects the following data and information about the user’s computer system:
- Information about the user’s browser type and version
- Operating system of the user
- Internet service provider of the user
- IP address of the user
- Date and time of website access
- Websites from which the user’s system accessed our website
The described data – with the exception of the user’s IP address or other data that enable the personal identification of a user – is stored in the log files of our system. This data is not stored together with other personally identifiable data of the user.
2. Purpose and legal basis for data processing
The temporary storage of IP addresses in our system is necessary to deliver our website to users. The user’s IP address must remain stored for the duration of the session to enable delivery.
The legal basis for temporary data storage is Article 6(1)(f) of the GDPR.
Because the collection of personal data is vital to the proper functioning and delivery of our website, users are not permitted to object in this case.
3. Length of storage
Your data will be deleted once it is no longer required for the purpose for which it was collected. If your data is collected to ensure the delivery of website content, it will be deleted at the end of your browser session.
The legal basis for the processing of personal data using cookies is derived from Article 6(1)(f) of the GDPR. Cookies are a technical necessity employed to simplify the use of our website.
You can find further information on cookies that are not required for technical reasons in the section IX. Web Analytics.
VI. Your rights/data subject rights
According to the EU General Data Protection Regulation (GDPR), you have the following rights as a data subject:
1. Right to access
You have the right to request information from us as the data controller about whether we process your personal data.
In addition, you may request the following information:
- Purpose of data processing;
- Categories of personal data processed;
- Recipients or categories of recipients to whom personal information about you has been or will be disclosed;
- Planned retention period for your personal data or, if this is not possible, criteria for determining this period;
- Confirmation of a right to correct or delete your personal data, a right to limit processing by the data controller or a right to object to such processing;
- Confirmation of a right to file a complaint with a supervisory authority;
- All available information on the origin of the data if the personal data were not collected directly from the data subject;
- Information regarding the use of automated decision-making, including profiling in accordance with Article 22, paragraphs 1 and 4, of the GDPR and – at least in these cases – meaningful information on the relevant rationale, scope and intended effects of such processing for the data subject.
Finally, you also have the right to request information as to whether your personal data will be transferred to a third country or to an international organisation. In this case, you may request information on the appropriate guarantees for the data transfer pursuant to Article 46 GDPR.
You can assert your right to information by contacting: firstname.lastname@example.org
2. Right to rectification
Should any of the personal data we process be incorrect or incomplete, you have the right to request corrections and/or amendments. The changes will be processed in a timely manner.
3. Right to restrict processing
You may exercise the right to restrict the processing of your personal data in the following cases:
- The accuracy of personal data is contested for a certain period that allows the data controller to verify their accuracy;
- data processing is unlawful and the deletion of the personal data has been declined in favour of the restricted use of said data;
- the data controller no longer requires the personal data for the original purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal claims, or
- the data subject has filed an objection against processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate interests of the data controller outweigh the interests cited by the data subject.
If the processing of your personal data has been effectively restricted, such data may only be processed – with the exception of their storage – with your consent or for the purpose of asserting, exercising or defending the legal claims of another natural or legal person, or for the protection of the rights of another natural or legal person, or to uphold a vital public interest of the European Union or of an EU Member State.
If a restriction has been placed on processing based on the aforementioned principles, we will inform you before removing the restriction.
4. Right to erasure
If the following conditions apply, you may request that your personal data be deleted immediately. The data controller is obligated to comply with your request for deletion in the following cases:
- Data regarding your person are no longer necessary for the original purposes of collection or processing.
- Data processing is protected by your consent under Article 6(1)(a) or Article 9(2)(a) GDPR and you withdraw your consent. For the request for deletion to be granted in this case, there should also be no other legal basis for data processing.
- You have objected to data processing, as provided for in Article 21(1) GDPR, and there are no overriding legitimate reasons for such processing. As an additional option, you may also submit an objection against processing as per Article 21(2) GDPR.
- Processing of your personal data is carried out unlawfully.
- Deletion of your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject.
- Your personal data was collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.
If we have made your personal data public and if we are required to delete such data pursuant to Article17(1) GDPR, we shall take appropriate steps, including technical measures, taking into account the available technology and implementation costs, to inform data controllers processing your data that you, the data subject, have requested the deletion of all links to this personal data, as well as copies and replications of this personal data.
Please note that the right to erasure does not exist when processing is required in order to
- Exercise the right to freedom of expression and information;
- Fulfil a legal obligation required by EU or Member State law to which the data controller is subject or to perform a function which is in the public interest or in the exercise of official authority conferred upon the data controller;
- Protect public interests related to public health as specified under points (h) and (i) of Article9(2) and in Article9(3) of the GDPR;
- Protect interests related to archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article89(1) GDPR, insofar as the safeguards stated therein are likely to impede or seriously impair the achievement of the specific purposes, or to
- Enforce, exercise or defend legal claims.
5. Right to be informed
If you have exercised your right to rectification, erasure or the restriction of personal data processing, we are obligated to notify all recipients to whom your personal data has been disclosed of such rectification, erasure or restriction, unless this proves impossible or would entail a disproportionate amount of effort. You also have the right to be informed of such recipients.
6. Right to data portability
Furthermore, according to the GDPR you have the right to receive your personal data in a structured, commonly used and machine-readable format. Furthermore, you have the right to transfer this data to another data controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) and
- the processing is carried out by automated means.
Finally, by exercising your right to data portability, you have the right to have your personal data transferred directly from one data controller to another, where technically feasible and where this transfer does not adversely affect the freedoms and rights of others.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to withdraw consent
You have the right to withdraw your declaration of consent under data protection law at any time. Please note that this does not affect the legality of prior data processing performed on the basis of your consent.
8. Right to object
Furthermore, you have the right, for reasons related to your individual situation, to object at any time to the processing of your personal data carried out pursuant to points (e) or (f) of Article6(1) GDPR. The right to object shall also apply to profiling based on these provisions.
The data controller will no longer process your personal data unless there are compelling legitimate grounds for data processing which outweigh your interests, rights and freedoms, or said data processing serves to enforce, assert or defend legal claims.
Furthermore, you have the right to object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling that relates to direct marketing. If you object to the processing of data for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may also exercise your right to object by automated means using technical specifications.
9. Automated decision-making in individual cases including profiling
Under the European General Data Protection Regulation, you still have the right not to be subject to a decision based solely on automated processing, including profiling, when that decision has legal implications or an otherwise significant impact for you. Exceptions do apply, however, in cases where the decision is
- Necessary for entering into, or the performance of, a contract between you and the data controller,
- Authorised by EU or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- Based on your explicit consent.
In the first and third cases referred to above, the data controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests. This shall at least include the right to obtain human intervention on the part of the controller and to have your point of view heard and to challenge any decision taken.
Decisions in all three of the above cases may not be based on special categories of personal data referred to in Article9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
10. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your residence, your workplace or the place where the alleged violation occurred.
You have the option to subscribe to a free newsletter via our homepage to receive information about current offers that may be of interest to you. The goods and services on offer are specified in the consent form. Data which you enter into the input fields during registration will be transmitted to us.
We collect the following data based on your consent during the registration process:
E-mail address, first and last name (optional), date and time of registration.
When you sign up for our newsletter, we do not use your data for any other purpose. We do not pass along data from our newsletter subscribers to third parties.
2. Double opt-in and recordkeeping
Signing up for our newsletter takes place via a so-called double opt-in procedure. After registration you will receive an e-mail with a request to confirm your registration. This confirmation procedure prevents others from using your e-mail address to sign up for mailing lists and newsletters.
Newsletter subscriptions are recorded in order to demonstrate the conformity of the registration process with legal requirements. This means that we store data with timestamps for the sign-up and confirmation steps, as well as your IP address.
3. Legal basis
The legal basis for data processing, provided that a user has given his or her consent, is point (a) of Article 6(1) GDPR. We collect the e-mail addresses of users for the purpose of delivering our newsletter.
4. Deletion, revocation and objection
Your data will be deleted as soon as they are no longer necessary to fulfil the purpose for which they were collected. Your e-mail address will therefore be stored for the duration of your active newsletter subscription. You can terminate your subscription at any time by withdrawing your consent. Every newsletter contains a dedicated link for this purpose.
We would also like to point out that you may object, at any time, to the future processing of your personal data in accordance with the provisions laid out in Article 21 GDPR. Specifically, you have the right to object to data processing for direct marketing purposes.
5. Delivery service provider “inxmail”
Our newsletter is provided via inxmail:
6. Statistical research
We also use our newsletters to analyse user behaviour. Our e-mail newsletters contain so-called web beacons or tracking pixels, which are single pixel image files stored on our website. For analytical purposes, we link the data listed under (1) above and the web beacons with your e-mail address and an individual ID. Links used in the newsletter contain this ID as well.
The data we collect in this case is strictly anonymised, i.e. the IDs are not linked to your other personal data, and there is no possibility of direct personal identification.
You may object to this tracking at any time by notifying us using the above contact details. The described information is stored only as long as you are subscribed to the newsletter. If you choose to unsubscribe, your user data will no longer be linked to any personal information and it will be stored for statistical purposes only.
VIII. Electronic communication
If you would like to contact us, you may use the contact form on our website. The following data you enter in the input fields will be transmitted to us and stored:
When your message is sent, the following data will also be stored:
- User IP address
- Date and time of transmission
Furthermore, you have the option to contact us via the e-mail address provided. In this case, personal data transmitted with your e-mail will also be stored.
Should you contact us, your data will not be passed on to third parties; your data will only be processed for communication purposes.
Provided that a user has supplied his or her consent, the legal basis for data processing is specified under point (a) of Article 6(1) GDPR. Point (f) of Article 6(1) GDPR governs the processing of data sent during e-mail transmissions. If the purpose of the e-mail contact is to enter into a contract, the additional legal basis for the data processing is point (b) of Article 6(1) GDPR.
Personal data are used in this context solely to process contact requests. For e-mail contact, this purpose also constitutes the necessary legitimate interest for the processing of data.
Should further personal data be processed during transmission, they will only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as it is no longer necessary to fulfil the purpose for which it was collected. For the personal data from the contact form fields and data sent by e-mail, this purpose expires when the respective dialogue or conversation with you, as the user, has ended. This is the case when it can be inferred from the circumstances that an appropriate resolution has been reached for the matter in question.
Any additional personal data collected during the transmission process will be deleted after a period of no longer than seven days.
You have the option to withdraw your consent to the processing of your personal data at any time. You can also object to the storage of your personal data at any time by sending us an e-mail. However, once you do so, please note that we will unable to provide further information or continue a conversation that has started.
In order to withdraw your consent and to object to the storage of your data, you may contact the above-mentioned data controller in our company, our appointed data protection officer or the relevant supervisory authority. Please provide us with sufficient information so that we can identify your personal data. We will send you the requested information within 30 days.
In this case, all personal data stored in the course of contact will be deleted.
We use the reCAPTCHA service from Google Inc. (Google) to protect your online requests.
reCAPTCHA serves to differentiate whether a request is made by human being, or whether the request function is being misused by automated, machine-based processing. The verification process includes the transmission of your IP address and any other data required for the reCAPTCHA service to Google. Your input will be transmitted to Google and used there.
By using reCaptcha, you agree that the input you provide will assist with the digitisation of old books (i.e. works that are too illegible to be scanned by computers). However, if IP anonymisation is enabled on this website, Google will abbreviate your IP address prior to transmission within EU Member States or other signatory states to the Agreement on the European Economic Area.
IX. Web analytics
1. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, in order to analyse website traffic and user behaviour. The information generated by the cookie about your use of this website is normally transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, Google will abbreviate your IP address prior to transmission within Member States of the European Union or other states that are parties to the European Economic Area (EEA) Agreement. Only in exceptional cases will the full IP address of a user be transmitted to a Google server in the USA and abbreviated there. On behalf of the provider of this website, Google will use this information to evaluate your use of this website, to compile reports on website activity and to provide other services relating to website activity and Internet usage to the website provider.
Google does not merge the IP address transmitted by your browser with other data for its analytics.
You may block the storage of cookies by selecting the appropriate settings in your browser software; however, please note that in this case you may not be able to use all features of this website to their full extent. You can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can also prevent the collection of data by clicking on the link below. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. Important: Deleting your cookies will also result in the deletion of this opt-out-cookie, which you will then need to reactivate.
Google Analytics opt-out
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that visitor IP addresses are processed in an abbreviated form to exclude the possibility of linking them to specific users. If the data collected during your visit contain any personal identifiers, they will be immediately excluded, which will also result in the immediate deletion of the associated personal data.
We use Google Analytics to analyse our website traffic and continuously improve the user experience. Statistics we obtain help us improve our services and make them more interesting to our users. In the exceptional cases in which personal data is transferred to the USA, Google has agreed to the terms laid out in the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is specified in sentence 1 and point (f) of Article 6(1) GDPR.
Third party information:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html
Data protection policy: http://www.google.de/intl/de/policies/privacy.
2. Use of Matomo (Piwik)
This website uses the web analytics service Matomo (Piwik) to analyse our website traffic. The statistics we obtain help us improve our services and make them more interesting to our users. The legal basis for the use of Matomo (Piwik) is specified in sentence 1 and point (f) of Article 6(1) GDPR.
We use Matomo (Piwik) with the extension “AnonymizeIP”, which means that IP addresses are abbreviated prior to further processing to rule out any direct identification of individuals. The IP address transmitted by your browser via Matomo (Piwik) is not grouped with other data that we collect.
Matomo (Piwik) is an open source software project. For information on data protection, go to https://matomo.org/privacy-policy/
X. Social media
1. Integration of YouTube content
We have included YouTube videos in our online content, which are stored at http://www.YouTube.com and can be viewed directly from our website.
When you visit our website, YouTube is notified that you have accessed the respective subpage of our site. This occurs regardless of whether or not you have registered for and are signed into a YouTube account. Whenever you are signed in to Google, your data will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must sign out before activating the button. YouTube stores your data in the form of user profiles which are used for the purposes of advertising and market research and/or to optimise its website design. These analytics are used (even for users who are not signed in to an account) in particular to provide targeted advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of a user profile for your activities, and you must contact YouTube to exercise this right.
2. Integration of Google Maps
We use Google Maps on this website. This enables us to display interactive maps directly on the website and enables you to easily use the map function.
3. Social media presence
We maintain fan pages within various social networks and platforms with the aim of communicating with customers, interested parties and other active social media users to inform them about our services.
We would like to point out that your personal data may be processed outside the European Union and that this processing may entail certain risks for you (e.g. in the assertion of your rights under European or German law). Please note that some US providers are certified under the Privacy Shield and are thus committed to upholding EU privacy standards.
User data collected on social media is generally used for market research and advertising purposes. For example, user profiles can be developed based on the behaviour and the presumed interests of users. These usage profiles can in turn be used to place advertisements inside platforms that are believed to reflect those interests. For these purposes, cookies are usually stored on users’ computers to track and save their behaviour and interests. Furthermore, data can be stored in user profiles independently of the devices used (especially if the users are members of and signed in to the respective platforms).
We process the personal data of our website users based on our legitimate interests in providing them with effective information and communicating with users in accordance with point (f) of Article 6(1) GDPR. If users are requested to provide their consent for data processing (i.e. declare their consent e.g. by ticking a checkbox or clicking a button) by the respective providers, the legal basis for processing is specified under point (a) of Article 6 as well as in Article 7 of the GDPR.
Further information on the use of your personal data as well as on your options to object to processing can be found under the links of the providers listed below. You can also assert your rights to information and other rights vis-à-vis the providers that have direct access to user data and the corresponding information at their disposal. If you have any questions, please do not hesitate to contact us and we will be pleased to provide our support.