Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on the registration form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
The party responsible for processing data on this website is:
Deutsche Orient-Stiftung (click here to see imprint)
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Data transmitted when entering into a contract with us
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
1. Scope of the data protection declaration
This data protection declaration serves to inform the user about the type, scope and purpose of the collection and use of personal data for the online services of the publisher Deutsche Orient-Stiftung on the website www.orient-online.com .
2. Principles and terms
The processing of personal data in the context of the online services and their websites is carried out in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). This data protection declaration informs users about the collection and processing of personal data.
The publisher Deutsche Orient-Stiftung is the provider of the respective online service.
The customer is the legal or natural person who concludes a contract with the provider for the provision of deliveries or services.
The user is any natural person who uses the online service.
Online services are all services associated with the Journal Orient which are carried out through the website
Website is the respective website available under the relevant URL: www.orient-online.com .
The definitions of terms according to Art. 4 GDPR also apply to this data protection declaration.
3. Name and contact details of the person responsible
Address: Kronenstraße 1, 10117 Berlin, Germany
4. Data Subject Rights
The data subject has the following rights:
- Right to information about the personal data concerned (Art. 15 GDPR).
- Right to correction (Art. 16 GDPR).
- Right to deletion (Art. 17 GDPR).
- Right to restriction of processing (Art. 18 GDPR).
- Right to object to the processing if the data processing takes place on the basis of Art. 6 Paragraph 1 Letter e or Letter f GDPR (Art. 21 GDPR); see also the section III. the reference to the right of objection according to Art. 21 GDPR.
- Right to data portability (Art. 20 GDPR).
- Right to revoke a given consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the revocation, if the data processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR is based.
- Right of appeal to a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for the provider is the Berlin State Office for Data Protection Supervision.
Questions to the provider in this regard should be sent by email to: email@example.com
5. Protection of personal data
The provider takes technical and organizational measures in accordance with the requirements of Art. 32 GDPR to protect the user's personal data. All employees of the provider who are involved in the processing of personal data are obliged to maintain data secrecy. Personal data of the user is generally encrypted using HTTPS when it is transmitted to the website.
6. Change of the data protection declaration
On a case-by-case basis, it is necessary to adapt and change the content of this data protection declaration. The provider therefore reserves the right to change this data protection declaration and will make the changed data protection declaration available on the website and inform the data subjects about the changed data protection declaration in advance if the provider intends to process the personal data for another purpose.
7. Purposes and legal bases for the processing of personal data when using the websites for informational purposes
7.1 Information transmitted through the browser
When visiting the website of an online service for informational purposes only (i.e. using it without registering, logging in or communicating with the provider via the website), the user's browser automatically sends information to the provider's server and temporarily stores it there in a so called Log file. In this context, the provider collects and processes the following information and personal data in particular:
- Date and time the website was accessed
- Time zone difference to Greenwich Mean Time (GMT)
- Browser type and browser settings
- Language and version of the browser software
- operating system used
- Content of the request (specific page)
- the page last visited by the user
- the amount of data transferred
- Access status / HTTP status code
- IP address.
This information and personal data are required for the purpose of correctly delivering and optimizing the content of the website, optimizing advertising for the website, ensuring network and information security and protecting the website from attacks, disruptions and damage.
The personal data and information collected in this way are statistically evaluated by the provider for the purpose of increasing data protection and data security in order to ensure a level of protection appropriate to the risk for the personal data processed by the provider. The personal data collected when the website is accessed, in particular the user's IP address, is deleted no later than thirty days after it has been collected, unless an attack or threat by the user has been detected.
Insofar as the provider collects and processes personal data of the user when calling up and visiting the website, in particular the IP address of the user, the legal basis for this is Article 6 (1) (f) GDPR, because this processing is to safeguard legitimate interests of the provider is required. The provider hereby pursues the legitimate interests of increasing data protection and data security in order to guarantee a level of protection appropriate to the risk for the personal data processed by it, to guarantee network and information security and to optimize the website and protect it from attacks and disruptions and protect against damage.
(1) Cookies are used when using the website. The purpose of cookies is to personalize the website for the user's visit and to facilitate the use of the website. Cookies are small text files that the website transmits to the cookie file of the internet browser on the user's device and stores them there for later retrieval so that the user is recognized when the website is visited again. A cookie typically contains the name of the domain from which the cookie originates, the "lifetime" of the cookie and a unique identifier.
(2) The following types of cookies are used on the website:
Session cookies: These are temporarily set cookies that remain in the browser's cookie file until the user leaves the website. Session cookies are primarily necessary so that the user can use the website and, if necessary, make registrations, logins or orders. Session cookies are deleted when the browser session ends.
Persistent cookies: These remain in the browser's cookie file for a longer period of time. The duration depends on the lifetime of the specific cookie. It can be unlimited or extend to deletion. Persistent cookies from the provider enable the website to remember the selection made by the user (e.g. registration data of the user, the language he has chosen or the region in which he is located).
Web Beacons: These are electronic characters (also called "Clear GIFs" or "Web Bugs") that allow the provider to count the number of users who have visited the website.
(3) If the user does not want to accept cookies or web beacons, he can reject them and object to access to previously stored information by setting his Internet browser accordingly. The settings within the browser that allow the user to do this differ from browser to browser. They can usually be found under “Data Protection” or “Cookies” in the “Internet Options” or “Settings” menu of the browser. If the user needs help to deactivate or delete cookies, he can use the "Help" menu within the browser. It should be noted, however, that it may not be possible to use all of the interactive features and functions of the website if cookies and / or web beacons are blocked or deleted.
7.3 Services used
Essential services are required for the Website to function technically. The processing is based on the legitimate interest of the provider.
a. Ultimate Member
Ultimate Member allows users to log in to the website with their credentials. The cookies store the credentials of the logged-in user as hash, login status, and user ID.
Wordfence secures this website from attacks of various kinds. Cookies are used to check the permissions of the user before accessing WordPress, to notify administrators when a user signs in with a new device or location, and to bypass defined country restrictions through specially prepared links.
WooCommerce is an e-commerce shop system that allows you to buy products on this website. Cookies are used to collect items in a shopping cart, to store the shopping cart of the user in the database of the website, to store recently viewed products to show them again and to allow users to dismiss notices in the online shop.
d. Real Cookie Banner
Real Cookie Banner asks website visitors for consent to set cookies and process personal data. For this purpose, a UUID (pseudonymous identification of the user) is assigned to each website visitor, which is valid until the cookie expires to store the consent. Cookies are used to test whether cookies can be set, to store reference to documented consent, to store which services from which service groups the visitor has consented to, and, if consent is obtained under the Transparency & Consent Framework (TCF), to store consent in TCF partners, purposes, special purposes, features and special features. As part of the obligation to disclose according to GDPR, the collected consent is fully documented. This includes, in addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and features the visitor has consented, all cookie banner settings at the time of consent as well as the technical circumstances (e.g. size of the displayed area at the time of consent) and the user interactions (e.g. clicking on buttons) that led to consent. Consent is collected once per language.
Functional services are necessary to provide features beyond the essential functions such as prettier fonts, video playback or interactive Web 2.0 features. Content from e.g. video platforms and social media platforms are blocked by default, and can be consented to. If the service is agreed to, this content is loaded automatically without further manual consent.
a. Jetpack Comments
Jetpack Comments is a comment system for WordPress sites that allows you to post comments using your email, wordpress.com, google.com, twitter.com or facebook.com account. The cookies are used to display the comment form and add integrations from wordpress.com, google.com, twitter.com or facebook.com. The data of the visited website may be shared with the above mentioned third party providers.
b. Google Tag Manager
Google Tag Manager is a service for managing tags triggered by a specific event that injects a third script or sends data to a third service. No cookies in the technical sense are set on the client of the user, but technical and personal data such as the IP address will be transmitted from the client to the server of the service provider to make the use of the service possible.
Gravatar is a service where people can associate their email address with an avatar image that is for example loaded in the comment area. No cookies in the technical sense are set on the client of the user, but technical and personal data such as the IP address will be transmitted from the client to the server of the service provider to make the use of the service possible.
d. Google Fonts
Google Fonts is a service that downloads fonts that are not installed on the client device of the user and embeds them into the website. No cookies in the technical sense are set on the client of the user, but technical and personal data such as the IP address will be transmitted from the client to the server of the service provider to make the use of the service possible.
WordPress Emoji is an emoji set that is loaded from wordpress.org. No cookies in the technical sense are set on the client of the user, but technical and personal data such as the IP address will be transmitted from the client to the server of the service provider to make the use of the service possible.
f. Font Awesome
Font Awesome is a service that downloads a custom icon font that are not installed on the client device of the user and embeds them into the website. No cookies in the technical sense are set on the client of the user, but technical and personal data such as the IP address will be transmitted from the client to the server of the service provider to make the use of the service possible.
WordPress as a content management system offers the possibility to write comments under blog posts and similar content. The cookie stores the name, e-mail address and website of a commentator to display it again if the commentator wants to write another comment on this website.
WooCommerce is an e-commerce shop system that allows you to buy products on this website. Cookies are used to collect items in a shopping cart, to store the shopping cart of the user in the database of the website, to store recently viewed products to show them again and to allow users to dismiss notices in the online shop.
Statistics services are needed to collect pseudonymous data about the visitors of the website. The data enables us to understand visitors better and to optimize the website.
If you have given your consent, Google Analytics, a web analysis service provided by Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Scope of processing
We use the User-ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.
We use Google signals. This means that Google Analytics collects additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
We have activated the IP anonymization feature on this website through the ‘anonymizeIP’ function (so-called IP masking): Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
During your visit to the website, the following data is recorded:
- The pages you have visited, your "click path"
- Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behavior (e.g. clicks, length of stay, bounce rates)
- Your approximate location (region)
- Your IP address (in abbreviated form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your internet provider
- The referrer URL (via which website / via which advertising material you came to this website)
- Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipient and Transfer to third countries
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. A transmission of data to the USA cannot be ruled out: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA., and possibly US authorities, can access the data stored by Google.
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
The data sent by us and linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google
- Do not give your consent to the setting of the cookie or
- Download and install a browser add-on to deactivate Google Analytics.
You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser so that all cookies are rejected, functionality on this and other websites may be restricted.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
Legal basis and possibility of revocation
Your consent is required for this data processing, Article 6 Paragraph 1 Sentence 1 Letter a GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings [here] and changing your selection there.
The provider processes the user's data partially automatically with the aim of evaluating certain personal aspects (profiling). Profiling is carried out for the purpose of enabling needs-based communication and advertising, including market and opinion research, as well as needs-based design of the website, unless the user has objected.
The legal basis for profiling is Article 6 Paragraph 1 Clause 1 Letter f GDPR. Profiling is necessary to protect the legitimate interests of the provider. The legitimate interests pursued by the provider consist in enabling advertising and market and opinion research as well as in designing the website according to the needs of the user.
With regard to the user's right of objection, please refer to the information referenced in the relevant below section.
8. Purposes and legal bases for the processing of personal data when using orient-online
When using orient-online with the prior registration and login of the user, the following specific information applies in addition to the information given under Section 7.1:
8.1 Registration, login and purchases
The user can register and shop on the website by providing personal data in order to be able to use orient-online. The personal data that the user transmits to the provider can be found in the relevant registration form on the website. The personal data transmitted to the provider is collected and stored for the purpose of registration and order fulfillment (inventory data).
Only the mandatory information is required for a successful registration or purchase. All other information is voluntary. Voluntary information is desired by the provider, but not required.
Mandatory information about the customer are:
- Name and Surname
- Billing Information
If it is a customer who uses orient-online with IP-Address based login (subscription for institutions), i.e. who does not require his users to log in individually with their username and password, these mandatory details are not required for those users.
The purpose of using inventory data is to establish the contractual relationship for the use of orient-online, to design the content, to change or terminate it, to fulfill the contractual obligations, to enable the customer or user to log in to orient-online, as well as enabling the customer or user to be contacted, if requested by him or required or permitted by law in the context of the contractual relationship.
The legal basis for the processing of this personal data is Art. 6 Paragraph 1 Clause 1 Letter b GDPR, because the processing is necessary for the fulfillment of a contract between the service provider and the customer or for the implementation of pre-contractual measures that are carried out at the customer's request.
If the user is not also the customer who has concluded the user contract with the provider, i.e. is authorized to use orient-online by the institutions’ subscription, the legal basis for processing is Art. 6 Paragraph 1 Clause 1 Letter f GDPR, because the processing takes place in the legitimate interest of the customer. The legitimate interest of the customer is to enable the user to use orient-online in accordance with the contract.
8.1 Administration of users by the customer's administrator
The provider can set up an administrator (customer administrator) for the customer who can export user data, call up statistical data, create new users, carry out various operations for several users and create his own e-mail templates. A customer administrator can independently grant administration authorization to other users within his organization. A customer administrator only has access to user data from his organization or, if applicable, sub-organization.
8.2 Collection and processing of personal data when using orient-online
Each time a page from orient-online is called up, the access data of the user required to use orient-online is stored in a log file on the provider's server. The following data is collected and stored here:
- IP address of the computer requesting the page
- Website from which the user may have come to the requested page
- Date and time the page was requested
- retrieved documents
- amount of data transferred
- Product and version information of the browser used by the customer or user
- Number of daily log-ins.
This information and personal data are used for the purpose of evaluating the retrieval of documents, and to ensure that orient-online is used in accordance with the contract and to prevent use of orient-online that is contrary to the contract or otherwise unlawful.
The legal basis for the processing of this personal data is Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR, because the processing is necessary for the performance of a contract between the provider and the customer.
The legal basis is also Article 6, Paragraph 1, Sentence 1, Letter f of the GDPR, because processing is necessary to safeguard the legitimate interests of the provider and the legitimate interests of the customer. The legitimate interests pursued by the provider hereby consist in ensuring the use of orient-online in accordance with the contract and preventing any use of orient-online that is contrary to the contract or otherwise illegal. The legitimate interest of the customer is to enable the user to use orient-online in accordance with the contract and to enable the user to use orient-online in accordance with the contract.
8.3 Online presence in social media
The provider maintains an online presence within social networks in order to be able to communicate with the customers, interested parties and users active there and to inform them about its services. In this context, only simple links or only those social media plug-ins that do not connect to the respective network when the page is loaded are used. This differentiates the social media plug-ins used here from the widespread Like buttons, which transmit data to the social networks when the page is loaded without having to click the button.
9. Requirements for username and password
The user name can be freely chosen by the user, but must consist of at least five characters and be unique in orient-online.
When setting the password, some standard security requirements need to be met. You are informed of these requirements when setting up the password.
The user should treat the password confidentially. For security reasons, he should change his password from time to time. To do this, click on "Settings" in the footer of the homepage and then on "Change password" on the left. The change can then be made in the form that opens.
When logging in, the user name and password are transmitted in https-encrypted form. This increases security.
The provider and employees do not have access to chosen passwords.
No employee of the provider will ask the user to disclose the password. Should the user still receive such a request, it is likely a phishing attack. In such a case, the provider asks to be notified by the user of such attack.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
11. Settings in the browser for cookies
After the user logs in to orient-online, permanent cookies are stored on the user's device. If the user ends the session by closing the browser, the cookie remains on his device for three months (single sign-on: until the first day of the following month) and is then deleted. The user's device is recognized by orient-online during this period, which can be seen in particular from the fact that the search term entered last appears again the next time orient-online is started. However, the user can set the browser so that the cookies are automatically deleted when the browser is closed.
With regard to cookies, the information according to Section 7 also applies.
12. Recipients of personal data
(1) The personal data are processed on the provider's systems in order to rule out improper external influences from outside or from neighboring third-party hosting applications. This data is only used by the provider, and access is only possible to an authorized group of employees. Access is also limited to those data that are necessary to fulfill the respective task.
(2) A transfer of personal data of the user to third parties takes place exclusively (a) in the context of contract processing, or (b) for the purpose of fulfilling legal requirements, according to which the provider is obliged to provide information, to report or to pass on data, or (c) due to the legitimate interest of the provider or the legitimate interest of the third party or (d) if the user has given consent to the transfer to third parties.
13. Transfer of personal data to a third country
14. Duration of storage and deletion of personal data
The provider processes and stores the user's personal data for the duration of the business relationship between the user and the provider. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, the provider processes and stores the personal data if this is necessary due to legal storage and documentation obligations. Such obligations result from the Commercial Code (HGB) and the Tax Code (AO), among others. The periods for storage and documentation specified there are up to ten years after the end of the business relationship or the pre-contractual legal relationship.
Furthermore, other legal regulations may require a longer retention period, such as the preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. Of the German Civil Code (BGB), the regular limitation period is three years; in certain cases, limitation periods of up to 30 years can also apply.
If the data are no longer required for the fulfillment of contractual or legal obligations and rights, they are regularly deleted, unless their further processing is necessary for the fulfillment of purposes that are based on an overriding legitimate interest of the provider within the meaning of Art. 6 Paragraph 1 Sentence 1 letter f GDPR are justified. An overriding legitimate interest of the provider exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organizational measures.
15. Obligation of the user to provide personal data and possible consequences of failure to provide it
The customer is obliged to provide the provider with personal data, in particular the inventory data, if he would like to conclude a contract with the provider for the use of orient-online. In the event of non-provision, the user contract cannot be concluded. In addition, the user must provide personal data in order to use orient-online. In the event of non-provision, orient-online cannot be used or can only be used with a limited range of functions.
16. No automated decision making
The provider does not make any automated decision-making within the meaning of Art. 22 Paragraph 1 GDPR, which has legal effect on the user or significantly affects him in a similar way.
17. Processing of personal data on behalf
The processing of personal data on behalf of Art. 28 GDPR is regulated in Section 14 of the General Terms and Conditions for orient-online, see https://www.orient-online.com/terms-and-conditions
18. Accessibility of the data protection declaration
This data protection declaration can be called up and printed out in the footer of the orient-online homepage.
Right of objection according to Art. 21 GDPR
a) Right to object based on the particular situation
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 letter e (public security) or f (data processing on the basis of a Weighing of interests) DS-GVO takes place, to object; this also applies to profiling based on these provisions. When the objection is lodged, the provider will no longer process the personal data unless it can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
b) Right to object to direct mail
If the provider processes your personal data in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
c) Addressee of the objection
Please send your objection to the following email address: