2. Processing of personal data and other terms
Data protection applies to the processing of personal data (pbD). Personal means any data by which you can be personally identified. This is here, for example, the IP address of the device (PC, laptop, smartphone, etc.) in front of which you are currently sitting. Such (pb) data is processed when "something happens to it". Here, for example, "your IP" is transmitted from "your browser" to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 DSGVO) of personal data (according to Art. 4 No. 1 DSGVO).
These and other legal definitions can be found in Art. 4 DSGVO.
When data is referred to in the following, it always means personal data as defined by the GDPR.
3. Applicable regulations
The scope of data protection is governed by laws. In this case, these are basically the DSGVO (Basic Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
4. The responsible party
Responsible for the data processing on this website is the responsible person in the sense of the DSGVO. This is in this case:
GRIMMWELT Kassel gGmbH
Insofar as you have further questions or suggestions following this summary, you will find the exact contact information in the next section.
5. This is how data is basically processed on this website
As we have already stated, there are data (e.g. the IP address) that are automatically collected. These data are mainly needed for the technical provision of the homepage. Should we use this data in addition or collect other data, we will inform you of this or ask for your consent.
You also provide us with other data consciously. This happens, for example, when you send us an e-mail. In this case, we necessarily process your e-mail address and all information that you provide in this e-mail.
6. These are your rights
The GDPR equips you with comprehensive rights. These are, for example, free information about the origin, recipient and purpose of your stored personal data. In addition, you can request the correction, blocking or deletion of this data or complain to the competent data protection supervisory authority.
What these rights look like in detail and how you can easily exercise them can be found in the fourth section below.
1. Data protection – our view
Data protection is more than just an annoying duty for us! We are committed to comply with all legal requirements, collect only the data necessary for us and of course treat them confidentially.
2. Passing on and deletion
The transfer and deletion of data are also important and sensitive issues. Therefore, we would like to briefly inform you in advance about our general approach to this.
Data is only passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if a so-called processor is involved and a contract processing agreement has been concluded in accordance with Art. 28 DSGVO.
We delete your data when the purpose and the legal basis for processing cease to apply and, in addition, no other legal obligations prevent the deletion. A "good" overview of this is also provided by Art. 17 DSGVO.
The person responsible for data processing on this website is the controller within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
You can reach the responsible person at:GRIMMWELT Kassel gGmbH
4. Legal basis
The processing of personal data always requires a legal basis. The DSGVO provides the following possibilities in Art. 6 para. 1 sentence 1:
(a) the data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject's request;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
In the third section, we will provide you with the specific legal basis for the processing in question.
When you visit our website, we process your personal data.
To protect this data in the best possible way against unauthorized access by third parties, we use SSL or TLS encryption (https://www.grimmwelt.de/).
In the following, you will learn which data is collected when you visit our website, for what purpose this is done and on what legal basis.
1. Automatic data collection by server log files
By calling up the website, information is automatically stored in so-called server log files. These are automatically transmitted to our provider by your browser. It is the following information:
browser type and browser version
Operating system used
We need this data so that the website can be displayed permanently and without problems. In particular, this data serves the following purposes
If possible, this data is stored pseudonymously and deleted after the respective purpose has been achieved. A combination with other data does not take place.
The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO and is based on the legitimate interest in processing this data.
The provider of this website is netz-haut GmbH, Friedrich-Bergius-Ring 12, 97076 Würzburg, Germany.
This website uses so-called cookies. This is information that is stored in the browser of your terminal device and is related to our website.
If you want to prevent the setting of cookies as best as possible, we recommend a cookie management directly through your browser.
Here you can find the corresponding links to frequently used browsers:
Mozilla Firefox: https://support.mozilla.org/de...
Google Chrome: https://support.google.com/chr...
Microsoft Edge: https://support.microsoft.com/...
Safari: https://support.apple.com/de-d... and https://support.apple.com/de-d...;
As far as you use another browser, it is recommended to enter the name of your browser and 'Delete and manage cookies' into a search engine and follow the official link to your browser.
Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.
However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.
a) Technically necessary
Technically necessary cookies are (as the name suggests) technically necessary for a website to function without errors and in accordance with applicable laws. The following services use appropriate cookies on our website:
Cookie Consent Manager CCM19
The consent management tool CCM19 is a service of Papoo Software & Media GmbH (Auguststr. 4, 53229 Bonn, Germany) and is necessary to store your decision as to which cookies may be set.
As a cookie and in local storage, "CCM_CONSENT" is stored for one year for this purpose. The legal basis for this is the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c) DSGVO.
CCM19, as a domestic company, is also directly subject to European and national data protection regulations. We have concluded an order processing agreement with this company in accordance with Art. 28 DSGVO. Further information can also be found at https://www.ccm19.de/faq/.&nbs...;
For all further queries, you can also contact us directly at firstname.lastname@example.org.
We use Craft CMS by Pixel & Tonic (20832 SE Humber Bend, OR 97702 USA) to manage the content of our website.
Craft CMS's standard cookies are used only to communicate with the Craft installation for the purposes of user authentication, form validation/security, and basic web application operations.
The cookie "CRAFT_CSRF_TOKEN" is set when you access parts of the website with an embedded form and is stored for the duration of this access. The legal basis for this is a legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO.
We have concluded an order processing agreement with this company in accordance with Art. 28 DSGVO. More information about data protection standards at Craft CMS can be found at https://craftcms.com/privacy and https://craftcms.com/knowledge...;
For all further queries, you can also contact us directly at email@example.com.
Functional cookies, as can also be deduced from this name, are intended to provide certain functions of the website, which, however, are not technically necessary in the sense described above. The following services use such cookies:
We use Mailchimp of Rocket Science Group (LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA) to provide you with our newsletter. Various cookies may be set by Mailchimp to ensure the functionality of the newsletter.
An example of this is "AVESTA_ENVIRONMENT", which is necessary to provide the requested services. This is always set when a user registers for a newsletter mailing list and expires at the end of the session.
These cookies are only set after you have given your consent. The legal basis is consent according to Art. 6 para. 1 lit. a) DSGVO.
Mailchimp uses so-called standard contractual clauses according to Art. 46 DSGVO (Standard Contractual Clauses - SCC). These templates are provided by the EU Commission to ensure that your data is protected in accordance with European data protection standards when it is transferred to third countries (in this case the USA) and stored there. By doing so, Mailchimp commits to comply with the European level of data protection. In addition, we have also concluded an order processing agreement with this company in accordance with Art. 28 DSGVO. You can also find more information at https://mailchimp.com/de/help/... and https://mailchimp.com/de/gdpr/...;
For all further queries, you can also contact firstname.lastname@example.org directly.
We use videos from YouTube on our website. YouTube is a subsidiary of Google and is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for data processing. We use this service to offer you videos in connection with the website. The legal basis for the processing is consent in accordance with Art. 6 (1) a) DSGVO. We only use the corresponding YouTube elements after your consent has been given. The information collected here is usually sent to a Google server in the USA and also stored there.
Depending on the settings and depending on whether you have a Google account and are logged in, various cookies may be used on our website by YouTube. Regularly, the following cookies are used:
The cookie "YSC" registers a unique ID to store statistics of the video watched and expires at the end of the session.
The cookie "PREF" also registers a unique ID to store statistics of the watched video and expires after 8 months.
The "GPS" cookie registers a unique ID on mobile devices to track GPS location and expires after 30 minutes.
Data that is collected and stored in your Google account can be deleted there. Depending on the settings in your account, this data may be deleted automatically after 3 or 18 months. We would like to point out here again the possibility of blocking cookies in your browser as a matter of principle (see above).
For all further queries, you can also contact us directly at .
Marketing cookies are used to evaluate user behavior on the website. This allows the website operators to determine how the user "moves" on the corresponding website and to draw conclusions for the improvement of the internet presence. Such cookies are never set without your consent. We use the following service:
Google Analytics 4 (GA4)
This website uses Google Analytics 4. This service is offered by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), hereinafter referred to as Google, and is used to analyze website usage by the respective user. The legal basis for the processing is consent in accordance with Art. 6 (1) a) DSGVO. The information collected here is usually sent to a Google server in the USA and also stored there.
These cookies can be used by Google Analytics on our website:
The cookie "_ga" is used by default to store the user ID, to distinguish the respective visitors to the website and expires after two years. The legal basis is consent according to Art. 6 para. 1 lit. a) DSGVO.
The cookie "_gid " is also used to distinguish visitors and expires after 24 hours. The legal basis is also consent according to Art. 6 para. 1 lit. a) DSGVO.
The cookie "_gat_gtag_UA_<property-id>" is used to lower the request rate and expires after one minute. The legal basis is also consent according to Art. 6 para. 1 lit. a) DSGVO.
By using Google Analytics 4, IP anonymization takes effect. The IP address of the respective user is shortened within the member states of the EU (or the European Economic Area) in such a way that it is no longer possible to trace it back to a natural person. In addition, Google is committed to appropriate data protection via the Google Ads data processing terms and creates an evaluation of website usage and website activity and provides the services associated with usage. The Google Ads Data Processing Terms apply to companies subject to the European Economic Area (EEA) EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or similar regulations.
In addition, you can prevent the information collected (such as your IP address) from being sent to and used by Google by using an additional browser plugin. The plugin and further information can be found at https://tools.google.com/dlpag.....
You can also find more information about Google's use of data at https://support.google.com/ana..... For all other queries, you can also contact us directly at email@example.com.
In the following, we would like to inform you in detail about all further possibilities of data processing on our website. In doing so, we explicitly address each service used and clarify the functions and the associated data processing.
a) Cookie-Banner – CCM19
To ensure that only those cookies are set on our website for which there is a legal basis, we use the consent management tool CCM19 from Papoo Software & Media GmbH, which, as a domestic company, is also directly subject to European and national data protection regulations. Detailed information on the handling of personal data by Papoo Software & Media GmbH can be found at https://www.ccm19.de/faq/ and https://www.ccm19.de/themen/.&...;
We have deliberately chosen this service because we assume that CCM19 works in a completely data protection compliant manner and has assured us of this in the form of a commissioned processing agreement in accordance with Art. 28 DSGVO. Furthermore, Papoo Software & Media GmbH states that the data collected here is only hosted on servers in Germany.
By using CCM19, it is possible that you consent to certain data processing (in particular the setting of cookies) via the website, as well as make use of your right of withdrawal regarding this consent. In addition, your consents will be documented. The use is made so that we can fulfill our legal obligations.
In addition to the aforementioned cookies, the following information may be collected and transmitted to CCM19: Date and time of the page call, a random ID, Consent Status. No further processing of the data by Papoo Software & Media GmbH takes place and the data is stored as a log file. Access to these log files by Papoo Software & Media GmbH only takes place after prior consultation and with granted consent. This data is not passed on to other third parties. Data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c DSGVO.
b) Organization of the website – Craft CMS
We use Craft CMS by Pixel & Tonic (20832 SE Humber Bend, OR 97702 USA) to manage the content of our website. As a content management system, Craft CMS offers an easy structuring of our website and is based on state-of-the-art technologies, such as PHP, Composer, Twig, GraphQL or even the Yii framework. Thus, we are able to customize our website exactly to the functions and presentation we need. Even though Pixel & Tonic as a foreign company is not directly subject to the legal requirements of the GDPR and national laws, the GDPR compliance is assured by Pixel & Tonic. In particular, cookies are only used for elementary internet applications and do not collect IP addresses or personal or sensitive information. Any information stored by cookies will not be sent to Pixel & Tonic or any third party. We have deliberately chosen this service because we assume that Craft CMS operates in a completely data protection compliant manner and has assured us of this in the form of a commissioned processing agreement in accordance with Art. 28 DSGVO.
More information about data protection standards at Craft CMS can be found at https://craftcms.com/privacy and https://craftcms.com/knowledge...;
For all further queries, you can also contact us directly at .
c) Newsletter – Mailchimp
We use Mailchimp of the Rocket Science Group (LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA) to provide you with our newsletter.
In order for us to keep you informed of any new features, we offer the option to sign up for our newsletter. For this registration we need your e-mail address. With this we will then verify via a so-called double opt-in procedure that you have personally entered your mail address and that you actually want to receive the newsletter. Subsequently, there is an option in each newsletter to unsubscribe. Then your data will also be deleted from Mailchimp.
In addition, Mailchimp stores, after registration for the newsletter, your IP address used and times of registration and confirmation, in order to be able to document your consent.
Furthermore, Mailchimp evaluates performance data, such as the delivery statistics of e-mails and other communication data. This information is used to send you emails and to enable certain other Mailchimp functions (e.g. evaluation of the newsletter). This in turn allows us to tailor the newsletter to your needs and improve the service.
Mailchimp may also share this data with third parties or collect additional information about you from other sources. This is done to improve the Mailchimp services, but we have no control over this process.
Mailchimp is an American company and the collected data may also be processed on US servers. There, your data is stored permanently and will only be deleted when you delete your contact with us or Mailchimp. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA.
For all other queries, you can also contact us directly at .
4. Social media
In this section, we would like to explicitly discuss data processing through social media.
Video integration - YouTube.
We use videos from YouTube on our website. YouTube is a subsidiary of Google and is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for data processing. We use this service to offer you videos in connection with the website. The legal basis for the processing is consent in accordance with Art. 6 (1) a) DSGVO. We only use the corresponding YouTube elements after your consent has been given.
Then YouTube stores at least your IP address and our URL. Insofar as you are logged into your YouTube or Google account, the interaction on our website can be regularly assigned to your profile. This may include data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Also may be contact details, any ratings, sharing content via social media or adding favorites on YouTube.
YouTube is an American company and the data collected may also be processed on US servers. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA.
However, YouTube also uses so-called standard contractual clauses in accordance with Art. 46 DSGVO (Standard Contractual Clauses - SCC). These templates are provided by the EU Commission to ensure that your data is protected in accordance with European data protection standards when it is transferred to and stored in third countries (in this case, the USA). By doing so, YouTube undertakes to comply with the European level of data protection. You can also find more information at https://policies.google.com/pr..... For all other queries, you can also contact firstname.lastname@example.org directly.
We use Google Fonts on our website. Here, fonts from Google are made available and used in order to be able to display them accordingly. This service is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
We have integrated fonts locally on our server. Thus, despite the use, no data is transmitted to Google.
Finally, we would like to inform you in detail about your rights and how you will be informed about changes in data protection requirements.1. Your rights in detail
a) Right to information according to Art. 15 DSGVO.
You can request information about whether personal data about you is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 (1) a) to h) DSGVO.
b) Right to rectification according to Art. 16 DSGVO.
This right includes the correction of incorrect data and the completion of incomplete personal data.
c) Right to erasure according to Art. 17 DSGVO.This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the deletion of personal data by the controller. This is basically the case if the purpose of the data processing has ceased to exist, if consent has been revoked or if the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17(1)(a) to (f) DSGVO. Furthermore, this 'right to be forgotten' corresponds with the controller's obligation under Art. 17(2) DSGVO to take reasonable measures to bring about a general erasure of the data.
d) Right to restriction of processing according to Art. 18 DSGVO.
This right is subject to the conditions set out in Art. 18(1)(a) to (d).
e) Right to data portability according to Art. 20 DSGVO.
Here, the basic right to receive one's own data in a common form and to transfer it to another controller is regulated. However, this only applies to the data of a processing based on consent or contract according to Art. 20 (1) a) and b) and as far as this is technically feasible.
f) Right to object according to Art. 21 DSGVO.In principle, you may object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and or profiling.
g) Right to 'decision in individual cases' according to Art. 22 DSGVO.
In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also subject to restrictions and supplements in Article 22 (2) and (4) of the GDPR.
h) Further rights
At this point, we would like to inform you again of your right to revoke a granted consent according to Art. 7 (3) DSGVO. However, this does not affect the lawfulness of the processing carried out up to that point.
In addition, we would also like to inform you about your rights according to §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.
i) Right of complaint pursuant to Art. 77 DSGVO.
You also have the right to complain to a data protection supervisory authority if you believe that a processing of personal data concerning you violates this Regulation.
2. What if external (e.g. legal situation) or internal circumstances (e.g. new features on the website) change?