Data Protection

Data protection policy in accordance with the provisions of the General Data Protection Regulation (GDPR)

We are very pleased that you are interested in our company. The management of Spot2Sale GmbH places great importance on data protection. In principle, Spot2Sale GmbH websites can be used without providing any personal data . Where a data subject would like to make use of particular services via our websites, personal data may nevertheless need to be processed. Where the processing of personal data is required and no legal basis exists for such processing, we generally obtain consent of the data subject.

Personal data, for example the name, address, email address or telephone number of a data subject is always processed in accordance with the General Data Protection Regulation and in agreement with the country-specific data protection regulations applicable to Spot2sale GmbH. Our company would like to inform the public by means of this data protection policy about the nature, extent and purpose of personal data collected, used and processed by us. The rights available to data subjects are also explained to them by means of this data protection policy.

As the controller for processing, Spot2Sale GmbH has implemented numerous technical and organisational measures for ensuring the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transfer may present security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, every data subject remains free to send us personal data via alternative methods, for example by telephone.

Definitions
The data protection policy of Spot2Sale GmbH is based on the terms used by European legislators when enacting the General Data Protection Regulation (GDPR). Our data protection policy is intended to be clear and understandable both for the public and our clients and business partners. We would like to explain the terms in advance to guarantee this.

Among others, we use the following terms in this data protection policy:

• a) personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• b) data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the Controller for processing.

• c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

• e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

• f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

• g) Controller or person responsible for processing

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purpose and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

• h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
• j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller in the sense of the General Data Protection Regulation, other data protection legislation applicable in Member States of the European Union, and other provisions with a data protection character is:

Spot2Sale GmbH
Salzgasse 6
01067 Dresden

info@spot2sale.com
www.spot2sale.com

Toralf René Dathe

Telephone: +49 351 49771849

Contact details for the Data Protection Officer:

info@spot2sale.com
Contact phone number: +49 351 49771849

The relevant State Data Protection Authority has been informed in writing of the appointment of the Data Protection Officer.

Data subjects are able to contact our Data Protection Officer to directly assert their rights and with any questions and suggestions about data protection.

In this case we forward your personal data and the content of your enquiry to the Data Protection Officer.
Your victims rights
Your rights in question
You are able to exercise the following rights at any time under the contact details provided for our Data Protection

Officer:
Access to your data kept by us and its processing,
Rectification of incorrect personal data, Erasure of your data kept by us,
Restriction of data processing where we are not allowed to erasure your data due to statutory obligations,
Objection to the processing of your data with us and data portability where you have consented to the data processing or have entered into a contract with us.

Where you have provided us with consent, you can revoke it any time with future effect.
You can lodge a complaint with the supervisory authority with responsibility for you. Your relevant supervisory authority depends on the Federal State of your residence, your work, or the alleged breach. You will find a list of supervisory authorities (for the non-public area) with addresses under:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Purposes of data processing by the responsible body and third parties
Purposes of data processing by the controller and third parties
We only process your personal data for the purposes stated in this data protection policy. Your personal data is not transmitted to third parties for purposes other than those stated. We will only disclose your personal data to third parties if:

You have provided your express consent to do so,
Processing is required for performing a contract with you,
Processing is required for complying with a legal obligation,
Processing is required for safeguarding legitimate interests and there are no reasons for assuming that you have an overriding interest worth protecting in your data not being disclosed
server data
For technical reasons, the following data, among other, sent to us or our webspace provider by your internet browser, is collected (so-called server log files):

- type and version of browser
- operating system used
- website from which you visit (referrer URL)
- website visited by you
- date and time of your access
- your internet protocol (IP) address.

This anonymous data is separated from any stored personal data provided by you, and as such allows no conclusions to be drawn about a specific person. It is evaluated for statistical purposes to allow our online presence and offers to be optimised.

Collecting general information when visiting our website
When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) contains, for instance, the type of web browser, the operating system uses, the domain names of your internet service provider, and similar. This solely involves information not allowing any conclusions about your identity.

This information is required for technical purposes to correctly deliver website content requested by you and is mandatory when using the internet. It is processed in particular for the following purposes:

Ensuring a problem-free connection to the website,
Ensuring smooth use of our website,
Evaluation of system security and stability as well as for other administrative purposes.

The processing of your personal data is based on our legitimate interest resulting from the aforementioned purposes for collecting data. We do not use your data to draw conclusions about your identity. Recipients of the data are the controller and, where applicable, the processor.
Anonymous information of this type is evaluated by us where required to optimise our online presence and the technology behind it.

Cookies

As with many other websites, we also use so-called 'cookies'. Cookies are small text files sent from a website server to your hard drive. This provides us automatically with, for example, the IP address, browser used, operating system and your internet connection.
Cookies cannot be used for starting programs or placing viruses on a computer. Information provided in cookies allow us to make browsing easier for you and to facilitate displaying our websites easier.

Under no circumstances is data collected by us forwarded to third parties or a link established with personal data without your consent.
Of course, in principle you are also able to view our website without cookies. As a rule, internet browsers are set in such a way that they accept cookies. In general, you can disable the use of cookies at any time via your browser settings. Please use your internet browser's settings to find out how you can change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.
Registration on our website
When registering to use our personalised services, some personal data is collected such as name, address, and contact and communication details such as telephone number and email address. Being registered with us allows you to access content and services that we only offer to registered users. Registered users also have the option of modifying or deleting data provided on registration at any time. We will, of course, also provide you at any time with access at any time to personal data kept by us about you. We will be happy to rectify or, as may apply, erase it at your request provided that no statutory duties of retention stand in the way. To make contact in this respect, please use the contact details provided at the end of this data protection policy.

Provision of services subject to charge

In order to provide services subject to charge, additional is requested by us such as payment details to be able to perform your order. We store this data on our systems until the statutory retention periods have expired.
SSL encryption
In order to protect your data when transferring it, we use encryption procedures meeting the latest standards of technology (e.g. SSL) via HTTPS.

Newsletter

With your express permission, we email you our newsletter or, as may apply, comparable information to the email address you have provided.
Provision of your email address is sufficient for receiving the newsletter. When registering for receipt of our newsletter, the data provided by you is used solely for this purpose. Subscribers can also be informed about circumstances relevant for the service or registration (for example changes to the newsletter offer or technical facts).

We require a valid email address for effective registration. To verify that registration is actually by an email's holder, we use the double opt-in process. To do this we log the ordering of the newsletter, the sending of a confirmation email, and the receipt of the answer required by it. Other data cannot be collected. The data is solely used for sending the newsletter and not forwarded to third parties.
You can revoke consent to your personal data being kept and used for sending the newsletter at any time. You will find a corresponding link for this in every news letter. You can also unsubscribe directly on our website at any time, or notify us of your wish in this respect via the contact option at the end of this data protection notice.
Contact form & inquiries
Should you contact us via email or the contact form, you grant us your voluntary consent for the purposes of making contact. Provision of a valid email address is required for this. This serves to allocate the enquiry and the subsequent response. The provision of further data is optional. The details provided by you are kept for the purposes of processing the enquiry and for possible follow-up enquiries. Personal data is automatically erased once the enquiry made by you has been dealt with.

Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (hereinafter: Google). Google Analytics uses cookies, i.e. text files stored on your computer that allow analysis of how you use the website. The information generated by the cookie about your usage of this website (including your IP address) is generally passed to and stored on a Google server in the USA. Due to IP anonymisation enabled on these websites, your IP address is abbreviated within Member States of the European Union or in other Signatory States to the Agreement on the European Economic Area beforehand. The full IP address is only forwarded to and abbreviated on a Google server in the USA in exceptional cases. Google will use this information on behalf of the website's operator to evaluate your use of the website, compile reports about website activity for the website operator, and to provide the website operator with services associated with use of the website and internet. The IP address provided from your browser by Google Analytics is not combined with other data from Google.

The purpose of data processing is for evaluating use of the website and for compiling reports about activities on the website. The intention is then to provide further associated services based on use of the website and internet. Processing is based on the website operator's legitimate interest.

You can prevent the storage of cookies by setting your browser software appropriately. However, we would like to point out that in this case, not all functions of this website may work to their full extent. You can also prevent the collection of data generated by the cookie referring to your use of the website (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the browser plugin available via the following link: Browser Add On zur Deaktivierung von Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our sites by clicking on this link. This installs an opt-out cookie on your device. This prevents future collection by Google Analytics for this website and browser provided that the cookie remains installed on your browser.

Use of script libraries (Google Webfonts)
In order to correctly display our content across browsers in terms of graphics, we use script and font libraries on the website such as Google Webfonts. (https://www.google.com/webfonts/). Google Webfonts are cached to your browser to avoid multiple loading. Content is displayed in a standard font in the event of the browser not supporting Google Webfonts or access being refused.

Accessing script or font libraries automatically triggers a connection to the library operator. This makes it theoretically possible (although still currently unclear if and for what purpose) for operators of corresponding libraries to collect data.

You will find the the privacy policy of the library operator Google here: https://www.google.com/policies/privacy/

Use of Google Maps

This website uses the Google Maps app for displaying geographic information. When Google Maps is used, data about the use of the map functions by visitors is also collected, processed and used by Google. You can find more detailed information about data processing by Google in Google's Privacy Policy. You can also change your personal privacy settings den Google-Datenschutzhinweisenin the privacy centre.

You will find detailed instructions for managing your own data in connection with Google products here.

Embedded YouTube videos

We embed YouTube videos in some of our web pages. The corresponding plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page with the YouTube plug-in, a connection is established with YouTube servers. This informs YouTube of the pages you visit. If you are logged in to your YouTube account, YouTube is able to associate your browsing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

If you play a YouTube video, the provider uses cookies that collect information about the user's behaviour.
Anyone having disabled cookies for the Google Ad program will not have to anticipate such cookies either when watching YouTube videos. But YouTube also places non-personal usage information in other cookies. If you would like to prevent this, you need to block the storage of cookies in the browser.

You cab find further information about privacy with 'YouTube' in the provider's privacy policy under: https://www.google.de/intl/de/policies/privacy/.

Google Adwords

Our website uses Google Conversion Tracking. If you reach our website via an advert delivered by Google, a cookie will be placed on your computer by Google AdWords. The conversion tracking cookie is placed if a user clicks on an advert delivered by Google. These cookies lose their validity after 30 days and are not used for personal identification. Where the user visits specific pages of our website and the cookie has not yet expired, we and Google are able to see that the user has clicked on the advert and been forwarded to this page. Every Google AdWords client receives a different cookie. This means that cookies cannot be tracked via AdWords customer websites. Information obtained with the help of conversion cookies serves to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers are provided with the total number of users having clicked on their advert and been forwarded to a page provided with a conversion tracking tag. Nevertheless, they are provided with no information allowing users to be personally identified.

If you would not like to take part in tracking, you can reject placement of the cookie required for this, for instance via the browser setting that generally disables the automatic placing of cookies or setting your browser in such a way that cookies are blocked by the domain 'googleleadservices.com'.

Please note that you may not delete opt-out cookies where you do not want to display measurement data. If you have deleted all of your cookies from the browser, you need to reset the respective opt-out cookie.

Use of Google Remarketing

This website uses Google Inc's remarketing function. The function serves to present interest-based advertisements to website visitors within the Google advertising network. A so-called 'cookie' is stored on the website visitor's browser that enables it to recognise the visitor if it accesses websites belonging to Google's advertising network. The visitor can be shown advertisements on these pages that refer to content previously called up by the visitor on websites using Google's remarketing function.

According to its own information, Google does not collect personal data as part of this process. Should you however not want Google's remarketing function, you can invariably disable it by applying the corresponding settings under http://www.google.com/settings/ads . Alternatively, you can disable the use of cookies for interest-specific advertising by following the instructions under http://www.networkadvertising.org/managing/opt_out.asp .

Changes to our data protection policy

We reserve the the right to modify this data protection policy from time to time to ensure that it always meets current legal requirements, or to implement changes to our services in the data protection policy, for example by introducing new services. The new data protection policy applies to your next visit.

Questions to the Data Protection Officer

If you have questions about data protection, please email us or contact the person responsible for data protection in our organisation directly:

E-Mail: info@spot2sale.com
Kontakt Tel.: +49 351 49771849

The order of the data protection officer has been communicated in writing to the responsible state data protection authority.

Concerned persons can turn to the assertion of their rights, in all questions and suggestions for data protection directly to our data protection officer.