Data protec­tion

I. General infor­ma­tion on personal data and contact infor­ma­tion of the controller

The protec­tion of your personal data is important to us.

In the following, we would like to inform you about the handling of personal data. According to Art. 4 No. 1 of Regula­tion (EU) 2016/679 (herein­af­ter referred to as "General Data Protec­tion Regula­tion" or "GDPR" for short), personal data is any infor­ma­tion relating to an identi­fied or identi­fia­ble natural person. Your data will be stored and processed by us in compli­ance with the relevant provi­si­ons of national data protec­tion laws and the General Data Protec­tion Regula­tion (GDPR).

The control­ler for data proces­sing within the meaning of the afore­men­tio­ned regula­ti­ons is

CATALLEA GmbH & Co KG

Sandäcker 21 A,
D-67686 Macken­bach

E-Mail: hello@​catallea.​com
Website: https://​catallea​.com
Phone: +49 (0) 6374 - 8089 360

The control­ler of personal data is the natural or legal person who alone or jointly with others deter­mi­nes the purposes and means of the proces­sing of personal data.

II. Your rights

You have the following rights vis-à-vis the control­ler with regard to the personal data concer­ning you. With regard to the condi­ti­ons for exercis­ing these rights, please refer to the respec­tive legal basis: 

• Right to infor­ma­tion pursuant to Art. 15 GDPR;
• Right to recti­fi­ca­tion pursuant to Art. 16 GDPR;
• Right to erasure pursuant to Art. 17 GDPR;
• Right to restric­tion of proces­sing pursuant to Art. 18 GDPR;
• Right to infor­ma­tion pursuant to Art. 19 GDPR;
• Right to data porta­bi­lity pursuant to Art. 20 GDPR;
• Right to withdraw consent granted pursuant to Art. 7 (3) GDPR; 
• Right to lodge a complaint pursuant to Art. 77 GDPR.

You also have the right to object:

Data subjects have the right to object, on grounds relating to their parti­cu­lar situation, at any time to proces­sing of personal data concer­ning them which is based on point (e) or (f) of Article 6(1) GDPR. 

The control­ler shall no longer process the personal data concerned unless the control­ler demons­tra­tes compel­ling legiti­mate grounds for the proces­sing which override the interests, rights and freedoms of the data subject or for the estab­lish­ment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to proces­sing of personal data concer­ning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If data subjects object to proces­sing for direct marketing purposes, their personal data will no longer be processed for these purposes.

Notwi­th­stan­ding Directive 2002/58/EC, data subjects may exercise their right to object in relation to the use of infor­ma­tion society services by automated means using technical specifications.

III Legal bases

Insofar as we obtain the consent of the data subject for the proces­sing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. 

Insofar as the proces­sing of personal data takes place for the fulfill­ment of contracts concluded with us, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to proces­sing opera­ti­ons that are necessary to carry out pre-contrac­tual measures. 

Insofar as the proces­sing of personal data is necessary to fulfill a legal obliga­tion to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. 

In the event that vital interests of the data subject or another natural person require the proces­sing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. 

If the proces­sing is necessary to safeguard a legiti­mate interest of our company or a third party and if the interests, funda­men­tal rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. 

If reference is made below to the fact that data is processed in the USA, we would like to point out that the European Court of Justice has deemed the level of data protec­tion in the USA to be inade­quate. In parti­cu­lar, there is a risk that your data may be processed by US autho­ri­ties for control and monito­ring purposes without any legal recourse. If you have consented to the use of the respec­tive service, you consent to your data being processed in the USA in accordance with Art. 49 para. 1, sentence 1 lit. a GDPR. 

If cookies or similar techno­lo­gies are used, we obtain prior consent for this (Section 25 TDDDG), unless this is not required by law. In parti­cu­lar, consent is not required if the storage and reading of infor­ma­tion, including cookies, is absolut­ely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offer). The revocable consent is clearly commu­ni­ca­ted to the users and contains the infor­ma­tion on the respec­tive cookie use. 

IV. Duration of storage of personal data

The respec­tive storage period of personal data depends on the legal basis, the purpose of the proces­sing and any relevant statutory retention obligations.

In principle, the following applies:

If the data proces­sing is based on consent within the meaning of Art. 6 para. 1 lit. a GDPR, the data will be stored until the consent is revoked. 

If data proces­sing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless there are compel­ling legiti­mate grounds for the proces­sing that outweigh the interests, rights and freedoms of the data subject, or the proces­sing serves to assert, exercise or defend legal claims. 

When proces­sing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, personal data is stored until the data subject exercises their right to object in accordance with Art. 21 para. 2 GDPR. 

Unless otherwise stated in the following infor­ma­tion of this statement on specific proces­sing situa­tions, personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

V. Proces­sing situa­tions in detail

1. proces­sing of personal data when visiting the website

a. Descrip­tion and scope of data processing

When you visit our website (without regis­tering or otherwise contac­ting us), the following data (so-called log files) are trans­mit­ted to our server by your browser:

• IP address
• Date and time of the request
• Time zone diffe­rence to GMT
• Content of the website
• Access status (HTTP status)
• Amount of data transferred
• Request website
• Web browser
• Operating system
• Language and version of the browser

b. Legal basis for data processing

The legal basis for the storage of data and log files is Art. 6 para. 1 lit. f GDPR. 

c. Purpose of the data processing

Storage in log files ensures the proper functio­ning of our website. It also serves to optimize and ensure the security of our systems. The data is not analyzed for marketing purposes in this context. 

d. Duration of storage

The data stored by us is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case after the end of the respec­tive session. 

Storage beyond this is possible. In this case, the IP addresses of the users are deleted or anony­mi­zed so that it is no longer possible to identify the calling client. 

e. Objection and removal option

The collec­tion of the afore­men­tio­ned data is absolut­ely necessary for the operation of the website. Conse­quently, there is no possi­bi­lity for the user to object. 

2. proces­sing of personal data through cookies

a. Descrip­tion and scope of data processing

Our website uses cookies. Cookies are text files that are stored on the visitor's computer system when our website is accessed. Cookies contain a string of charac­ters that enables the visitor's browser to be identi­fied when they return to our website. 

We use the following types of cookies:

• Transient cookies/​session cookies: Are deleted at the end of the session
• Persis­tent cookies: Are deleted after the specified storage period
• Techni­cally necessary cookies

Insofar as cookies are also used on our websites for adver­ti­sing and/​or analysis purposes, we will inform you about this separa­tely in this declaration.

You can set your browser so that you are informed about the setting of cookies and decide indivi­du­ally whether to accept them or to exclude the accep­tance of cookies for certain cases or in general. If you do not accept cookies, the function­a­lity of our website may be restricted. 

Insofar as cookies are also used on our websites for adver­ti­sing and/​or analysis purposes, we will inform you about this separa­tely in this declaration.

b. Legal basis for data processing

The legal basis for the proces­sing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR. 

c. Purpose of the data processing

Techni­cally necessary cookies serve to simplify the use of websites. Some functions of the website or the online store cannot be offered without the use of cookies. For these it is necessary that the browser is recogni­zed even after a page change. 

The user data collected by techni­cally necessary cookies is not used to create user profiles.

d. Duration of storage, objection and removal options

Cookies are stored on the user's computer and trans­mit­ted by it. Therefore, users also have full control over the use of cookies. You can deacti­vate or restrict the trans­mis­sion of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automa­ti­cally. If cookies are deacti­va­ted for our website, it may no longer be possible to use all functions of the website to their full extent. 

3. contact form and e-mail

a. Descrip­tion and scope of data processing

We provide visitors to our website with a contact form for quick, electro­nic contact. The data entered in the input mask will be trans­mit­ted to us and stored. 

If you contact us via the contact form or by email, you agree to email commu­ni­ca­tion that is transport-encrypted but not content-encrypted. Please inform yourself about the associa­ted risks, e.g. here: https://​www​.bsi​-fuer​-buerger​.de.

In addition, the user's IP address and the date and time of trans­mis­sion are stored at the time of sending.

Alter­na­tively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data trans­mit­ted with the e-mail will be stored. 

The data will not be passed on to third parties. The data will be used exclu­si­vely for proces­sing the request. 

b. Legal basis for data processing

The legal basis for the proces­sing of the data is Art. 6 para. 1 lit. a GDPR. 

The legal basis for the proces­sing of data trans­mit­ted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclu­sion of a contract, the legal basis for the proces­sing is Art. 6 para. 1 lit. b GDPR. 

c. Purpose of the data processing

The proces­sing of personal data serves solely to process the contact. In the case of contact by e-mail, this also consti­tu­tes the necessary legiti­mate interest in the proces­sing of the data. 

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our infor­ma­tion techno­logy systems.

d. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respec­tive conver­sa­tion with the user has ended. The conver­sa­tion is ended when it can be inferred from the circum­s­tances that the matter in question has been conclu­si­vely clarified. 

The additio­nal personal data collected during the sending process will be deleted after a period of seven days at the latest.

If the corre­spon­dence results in a business transac­tion, we are legally obliged to keep the exchanged corre­spon­dence for 6 years (starting at the end of the calendar year in which the respec­tive letter was sent).

e. Objection and removal option

The user has the option to withdraw their consent to the proces­sing of personal data at any time. To do so, the user can contact the control­ler using the contact options provided on the website. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conver­sa­tion cannot be continued. 

If the retention of the data results from a legal obliga­tion, there is no right of objection.