top of page
H2FLY_IMG_6290_edited.png

Privacy Policy

Data Protection Declaration in accordance with Art. 13 of the
General Data Protection Regulation (GDPR)

 

I.        Name and address of controller

The controller, as defined in the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations, is:

 

H2FLY GmbH

Augsburger Straße 283

70327 Stuttgart

Local Court of Stuttgart HRB 751648

Managing Director Prof. Dr. Josef Kallo

 

Phone: +49-711-340300-13

E-mail: info@h2fly.de

 

Our data protection officer can be reached at:

PROLIANCE GmbH

www.datenschutzexperte.de

Leopoldstraße 21

80802 München

datenschutzbeauftragter@datenschutzexperte.de

II.      General information on data processing

1.       Scope of personal data processed

We generally process the personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The processing of our users' personal data usually occurs only after the user has consented to it. Exceptions apply where it is not possible to obtain prior consent for factual reasons or where the processing of the data is legally permitted.

 

2.       Deletion of data and storage period

The personal data of a data subject shall be deleted or blocked as soon as the purpose for storing the data no longer applies. Furthermore, the data may be stored where stipulated by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted after a storage period stipulated under the above regulations expires, unless storage of the data needs to be continued in order to conclude or fulfil a contract.

 

III.     Provision of the website and creation of log files

1.       Description and scope of data processing

Each time our website is called up, our system will automatically record data and information from the computer system of the calling computer.

The following data is then collected:

  1. Partially anonymised IP address

  2. Device

  3. Operating system

  4. Internet browser

  5. Screen resolution

  6. Language and keyboard settings

  7. Internet service provider

  8. Referral and exit pages

  9. Date / time stamp

The information is also stored in the log files of our system. We do not store this data together with any other personal data of the user.

2.       Legal basis for data processing

The legal basis for accessing data already stored in the device of the user of the website is section 25 para. 2 no. 2 TTDSG [Telecommunications Telemedia Data Protection Act].

 

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

3.       Purpose of data processing

The system needs to temporarily store the IP address to allow delivery of the website to the user's computer. For this purpose, the user's IP address must be saved for the duration of the session.

 

Storage in log files is necessary to ensure the functionality of the website. Furthermore, we use the data to optimise our website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

 

These purposes also constitute our legitimate interest in the data processing according to Art. 6 para. 1 lit. f GDPR.

4.       Duration of storage

The data will be deleted from our system as soon as it is no longer needed for the purpose it was collected for. Data collected in order to provide the website will be deleted after the end of the respective session.

 

Data stored in log files will be deleted after ten days at the latest. Longer storage periods are possible. In this case, the IP addresses of the users are deleted or alienated so that they can no longer be assigned to the calling client.

5.       Objection and removal options

Both the collection of data for providing the website and the storage of data in log files are essential for the operation of the website. Therefore, the user cannot object to this in any way.

IV.    Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters by which the browser can be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

Cookies classified as necessary cookies help make a website usable because they provide basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

The following data is stored and transmitted in the cookies during this process:

b) Legal basis for data processing

The legal basis for the processing of personal data by means of cookies that are technically necessary is § 25 para. 2 no. 2 TTDSG, Art. 6 para. 1 lit. f GDPR.

c) Purpose of data processing

We aim to simplify the use of websites for our users by using technically necessary cookies. Some of the functions of our website are not available without the use of cookies, namely those that require the browser to be recognised even after a change of page. The purposes of all cookies are listed in the table above. These purposes constitute our legitimate interest in the processing of personal data pursuant to Art. 6 Para. 1 lit. f GDPR.

The user data gathered by means of technically necessary cookies is not used to create user profiles.

d) Duration of storage, objection and removal options

Cookies are stored on the user's computer and transmitted by it to our site. This gives you, the user, full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If you deactivate any cookies for our website, this may have the effect that some of the website's functions are no longer fully usable.

The transmission of flash cookies cannot be prevented by changing the browser settings, but it can be blocked by changing the settings of the flash player.

V.      Links to other websites

This website contains links to third-party websites. There is no embedding of third-party content by way of plug-ins, i.e. personal data of our website visitors is not automatically transmitted to the operators of such third-party websites (e.g. social media).

 

We endeavour to offer only links to websites that meet our high standards and share our respect for your privacy. We do not, however, monitor or control any third party website as to which information is gathered when you access it by clicking a link. The operators of third party websites may handle personal information in a manner different from ours. Accordingly, we do not assume responsibility for the content or privacy practices of other websites.

 

Any transmission to operators of social media services, e.g. YouTube or Instagram, is done exclusively by way of linking, so that the personal data of our website visitors is not transmitted to these operators until the visitors themselves actively select the link of the operator of the respective platform.

 

The following links are used on our website:

To learn more about the scope and purposes of data processing on these third party websites, please see the privacy information provided there.

VI.    Rights of data subjects

Whenever personal data relating to you is processed, you are a data subject as defined in the GDPR. As such, you have the following rights towards the controller:

1.       Right of access

You can request information from the controller on whether or not we process any personal data relating to you.

If the data is processed by us, you can request the following information from the controller:

(1)       the purposes for which your personal data is processed;

(2)       the categories of personal data which are processed;

(3)       the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4)       the intended storage period of your personal data or, if it is not possible to provide specific information on this, criteria for determining the storage period;

(5)       the existence of the right to have your personal data rectified or deleted; the right to restrict its processing by the controller or the right to object to such processing;

(6)       the existence of a right to lodge a complaint with a supervisory authority;

(7)       any available information on where the personal data originates, if it is not collected from the data subject;

(8)       whether automated decision-making, including profiling, is carried out pursuant to Art. 22 para. 1 and 4 GDPR and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You are entitled to request information on whether personal data relating to you is transmitted to a third country or to an international organisation. In this context, you may request information about the appropriate safeguards pursuant to Art. 46 GDPR as regards such transmission of data.

2.       Right to rectification

Should the processed personal data relating to you be inaccurate or incomplete, you have a right to have them corrected and/or completed by the controller. The controller has to carry out any such rectification without undue delay.

3.       Right to restriction of processing

You may request that the processing of your personal data be restricted, if any of the following conditions apply:

(1)       when you deny the accuracy of the personal data relating to you, for the period of time which permits the controller to verify the accuracy of the personal data;

(2)       where processing is unlawful and you oppose the erasure of the personal data request the restriction of their use instead;

(3)       the controller no longer needs the personal data for the purposes of the processing, whereas you need this data for the establishment, exercise or defence of legal claims; or

(4)       when you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it remains to be determined whether the legitimate grounds for the processing put forward by the controller override your grounds.

Where the processing of personal data relating to you has been restricted, this data may only be processed, except for storage, with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the EU or a member state.

If the restriction of processing was limited on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.

4.       Right to erasure

a)       Duty to erase data

You may request the controller to erase your personal data without undue delay and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

(1)       The personal data relating to you are no longer required for the purposes it was collected or otherwise processed for.

(2)       You withdraw your consent to the processing carried out pursuant to Art. 6 para. 1 lit. a GDPR and there is no other legal basis for the processing.

(3)       You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you raise an objection to the processing pursuant to Art. 21 para. 2 GDPR.

(4)       The personal data relating to you have been processed unlawfully.

(5)       Erasure of the personal data relating to you is necessary to comply with a legal obligation under EU or member state law to which the controller is subject.

(6)       The personal data relating to you have been collected in respect of services offered by an information society pursuant to Art. 8 para. 1 GDPR.

b)       Information to third parties

Where the controller has made the personal data relating to you public and is obliged to erase such data pursuant to Art. 17 para. 1 GDPR, the controller shall take reasonable steps, also technical ones, taking into account the available technology and the cost of implementation, to inform controllers that are processing the personal data of the fact that you, as the data subject, have requested them to erase all links to, or copies or replications of, this personal data.

c)       Exceptions

You do not have the right to deletion if the data processing is necessary in order to:

(1)       exercise the right to freedoms of expression and information;

(2)       comply with legal obligations which requires processing under the EU or member state law to which the controller is subject; to perform tasks carried out in the public interest or in the exercise of official authority vested in the controller;

(3)       for reasons of public interest in the area of public health pursuant to Art. 9 para 2 lit. h and i and Art. 9 para. 3 GDPR;

(4)       for archiving purposes of public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, in so far as the right referred to in section (a) above is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5)       for the assertion, exercise or defence of legal claims.

5.       Right to be informed

In the event that you have exercised the right to rectification, erasure or restriction of processing towards the controller, the controller shall be obliged to notify all recipients to whom your personal data have been disclosed of this data’s rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller of who these recipients are.

6.       Right to data portability

You have the right to receive the personal data relating to you which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, if

(1)       the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or is based on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and

(2)       the processing is carried out by means of automated procedures.

When exercising this right, you are also entitled to have your personal data transmitted directly from one controller to another controller, if technically feasible. The freedoms and rights of other individuals must not be affected by this.

The right to data portability shall not apply to the processing of personal data required in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.       Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on these provisions.

The controller shall no longer process the personal data relating to you, unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend a legal claim.

Where personal data relating to you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing. This includes profiling to the extent it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data relating to you shall no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications. 

8.       Right to withdraw consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9.       Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on your side or similarly affects you in a significant way. This shall not apply, if the decision

(1)       is necessary to enter into, or performance of, a contract between you and the controller;

(2)       is authorised by the law of the EU or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedom as well as your legitimate interests; or

(3)       is based on your explicit consent.

These decisions must not, however, be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.

As regards the cases described in (1) and (3) above, the controller shall implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

10.       Right to complain to a supervisory authority

Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or place of the alleged infringement, if in your view the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the right to an effective judicial remedy pursuant to Art. 78 GDPR.

The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg [i.e. the State Commissioner for Data Protection and Freedom of Information]
Lautenschlagerstraße 20,
70173 Stuttgart

Tel: 0711/615541 – 0
Fax: 0711/61 55 41 – 15
Mail: poststelle@lfdi.bwl.de

bottom of page