Data protection
I. General information on personal data and contact information of the controller
The protection of your personal data is important to us.
In the following, we would like to inform you about the handling of personal data. According to Art. 4 No. 1 of Regulation (EU) 2016/679 (hereinafter referred to as "General Data Protection Regulation" or "GDPR" for short), personal data is any information relating to an identified or identifiable natural person. Your data will be stored and processed by us in compliance with the relevant provisions of national data protection laws and the General Data Protection Regulation (GDPR).
The controller for data processing within the meaning of the aforementioned regulations is
CATALLEA GmbH & Co KG
Sandäcker 21 A,
D-67686 Mackenbach
E-Mail: hello@catallea.com
Website: https://catallea.com
Phone: +49 (0) 6374 - 8089 360
The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
II. Your rights
You have the following rights vis-à-vis the controller with regard to the personal data concerning you. With regard to the conditions for exercising these rights, please refer to the respective legal basis:
- Right to information pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
You also have the right to object:
Data subjects have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR.
The controller shall no longer process the personal data concerned unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If data subjects object to processing for direct marketing purposes, their personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, data subjects may exercise their right to object in relation to the use of information society services by automated means using technical specifications.
III Legal bases
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
Insofar as the processing of personal data takes place for the fulfillment of contracts concluded with us, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
If reference is made below to the fact that data is processed in the USA, we would like to point out that the European Court of Justice has deemed the level of data protection in the USA to be inadequate. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes without any legal recourse. If you have consented to the use of the respective service, you consent to your data being processed in the USA in accordance with Art. 49 para. 1, sentence 1 lit. a GDPR.
If cookies or similar technologies are used, we obtain prior consent for this (Section 25 TDDDG), unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offer). The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.
IV. Duration of storage of personal data
The respective storage period of personal data depends on the legal basis, the purpose of the processing and any relevant statutory retention obligations.
In principle, the following applies:
If the data processing is based on consent within the meaning of Art. 6 para. 1 lit. a GDPR, the data will be stored until the consent is revoked.
If data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless there are compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, personal data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR.
Unless otherwise stated in the following information of this statement on specific processing situations, personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
V. Processing situations in detail
1. processing of personal data when visiting the website
a. Description and scope of data processing
When you visit our website (without registering or otherwise contacting us), the following data (so-called log files) are transmitted to our server by your browser:
- IP address
- Date and time of the request
- Time zone difference to GMT
- Content of the website
- Access status (HTTP status)
- Amount of data transferred
- Request website
- Web browser
- Operating system
- Language and version of the browser
b. Legal basis for data processing
The legal basis for the storage of data and log files is Art. 6 para. 1 lit. f GDPR.
c. Purpose of the data processing
Storage in log files ensures the proper functioning of our website. It also serves to optimize and ensure the security of our systems. The data is not analyzed for marketing purposes in this context.
d. Duration of storage
The data stored by us is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case after the end of the respective session.
Storage beyond this is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the calling client.
e. Objection and removal option
The collection of the aforementioned data is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
2. processing of personal data through cookies
a. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on the visitor's computer system when our website is accessed. Cookies contain a string of characters that enables the visitor's browser to be identified when they return to our website.
We use the following types of cookies:
- Transient cookies/session cookies: Are deleted at the end of the session
- Persistent cookies: Are deleted after the specified storage period
- Technically necessary cookies
Insofar as cookies are also used on our websites for advertising and/or analysis purposes, we will inform you about this separately in this declaration.
You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be restricted.
Insofar as cookies are also used on our websites for advertising and/or analysis purposes, we will inform you about this separately in this declaration.
b. Legal basis for data processing
The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR.
c. Purpose of the data processing
Technically necessary cookies serve to simplify the use of websites. Some functions of the website or the online store cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.
The user data collected by technically necessary cookies is not used to create user profiles.
d. Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted by it. Therefore, users also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
3. contact form and e-mail
a. Description and scope of data processing
We provide visitors to our website with a contact form for quick, electronic contact. The data entered in the input mask will be transmitted to us and stored.
If you contact us via the contact form or by email, you agree to email communication that is transport-encrypted but not content-encrypted. Please inform yourself about the associated risks, e.g. here: https://www.bsi-fuer-buerger.de.
In addition, the user's IP address and the date and time of transmission are stored at the time of sending.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
The data will not be passed on to third parties. The data will be used exclusively for processing the request.
b. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
c. Purpose of the data processing
The processing of personal data serves solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
d. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
If the correspondence results in a business transaction, we are legally obliged to keep the exchanged correspondence for 6 years (starting at the end of the calendar year in which the respective letter was sent).
e. Objection and removal option
The user has the option to withdraw their consent to the processing of personal data at any time. To do so, the user can contact the controller using the contact options provided on the website. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
If the retention of the data results from a legal obligation, there is no right of objection.
