As of March 2021
Data protection is a top priority for GEMÜ (short for GEMÜ Gebr. Müller Apparatebau GmbH & Co. KG – Schloßhotel Ingelfingen). We know that careful handling of your personal information is important to you. For this reason, your data will be treated confidentially by us in strict compliance with the applicable data protection regulations.
In the following, we explain which data we use on the Facebook site, at what time and for what purpose.
Our objective is to help you understand the functioning of the services and how we ensure the protection of your personal data, which is very important to us. We only use your personal data if we have your consent or legal permission.
We would like to point out that there is massive criticism of Facebook’s functioning and data protection practices. One of the biggest problems in terms of data protection is that the NSA has access to Facebook data through its programmes such as PRISM and XKEYSCORE, according to the prevailing opinion in the specialist literature, and no deletion periods are provided for this data. Thus, profiles on every person are to be permanently created at the NSA intelligence agency. In addition, Facebook uses the personal data to combine it with Instagram and WhatsApp data as well as other data in order to enable profiling. At the same time, Facebook is one of the most important social media tools and many business professionals rely on working with these tools (keyword for example „social proof“). We try to make this as privacy compliant as possible by being transparent about it.
Table of contents
- Joint controllers of personal data.
- Name and address of the joint controllers.
- Contact possibilities of the data protection officer of the primary controller Facebook.
- Name and address of the data protection officer of the other controller
- Legal basis for the processing of personal data.
- Possibility of objection and removal
- Rights of the data subject
- PROCESSING OF PERSONAL DATA BY GEMÜ.
- PROCESSING OF PERSONAL DATA BY FACEBOOK.
Joint controllers of personal data
The purposes and means of processing personal data when visiting our Facebook page https://www.facebook.com/Schlo%C3%9Fhotel-Ingelfingen-201496756570218 („Facebook page“) are jointly determined by
GEMÜ Gebr. Müller Apparatebau GmbH & Co. KG – Schloßhotel Ingelfingen, Fritz-Müller-Straße 6-8, 74653 Ingelfingen-Criesbach, Germany („GEMÜ“)
Facebook Ireland Ltd. („Facebook“)
in accordance with Art. 26 of the EU General Data Protection Regulation (GDPR).
This results from the fact that GEMÜ, as the operator of the Facebook page, by setting up such a page, allows Facebook to place cookies on the computer or any other device of the person visiting the Facebook page („Visitor“), regardless of whether the Visitor has a Facebook account or not.
Facebook assumes primary responsibility under the GDPR for the processing of Insights data and fulfils all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook makes the essentials of this Page Insights supplement available to the data subjects (the corresponding „Page Insights Controller Addendum“ can be found here: https://www.facebook.com/legal/terms/page_controller_addendum).
We would like to point out that you use this Facebook page and its functions within your own responsibility. This applies in particular to the use of interactive functionalities (e.g. commenting, sharing, rating).
Name and address of the joint controllers
- The primary controller is:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
- The other controller is:
GEMÜ Gebr. Müller Apparatebau GmbH & Co. KG – Schloßhotel Ingelfingen
+49 (0) 7940 9165-0
- The primary controller is:
Contact possibilities of the data protection officer of the primary controller Facebook
You can contact the data protection officer of the primary controller Facebook under the following link: https://www.facebook.com/help/contact/540977946302970
Name and address of the data protection officer of the other controller
You can reach the data protection officer of the other controller GEMÜ at:
Dachauer Str. 65
+49 89 7400 45840
Legal basis for the processing of personal data
If the consent of the data subject is obtained for the processing of personal data, Art. 6 (1) (1) (a) GDPR serves as the legal basis for the processing of personal data.
Art. 6 (1) (1) (b) GDPR serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations required to carry out pre-contractual activities.
If the processing of personal data is necessary to fulfil a legal obligation to which GEMÜ or Facebook is subject, Art. 6 (1) (1) (c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (1) (d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of GEMÜ, Facebook or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the legitimate interest, Art. 6 (1) (1) (f) GDPR serves as the legal basis for the processing.
Possibility of objection and removal
The visitor has the possibility to withdraw his consent to the processing of personal data at any time (see also rights of the data subjects). If the visitor contacts us by email, he can object to the storage of his personal data at any time.
The collection of data for the provision of the Facebook page and the storage of data in log files is mandatory for the operation of the Facebook page. Consequently, there is no possibility for the visitor to object.
Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights regarding those responsible:
- Right to information about your personal data stored at GEMÜ or Facebook;
- Right to correction, deletion or restriction of the processing of your personal data;
- Right to object to a processing that serves the legitimate interest of GEMÜ or Facebook, a public interest or profiling, unless GEMÜ or Facebook can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims;
- Right to data portability;
- Right to complain to a supervisory authority;
- Right to withdraw your consent to the collection, processing and use of your personal data at any time with effect for the future.
If you wish to make use of your rights, you can address your request to GEMÜ as well as Facebook. For this you can use for example the contact possibilities listed above. If you contact us, we will forward your request to Facebook as far as questions regarding the processing of Insights data are concerned. Facebook will respond to enquiries in accordance with our obligations under the Page Insights Supplement.
PROCESSING OF PERSONAL DATA BY GEMÜ
Purpose of the data processing
GEMÜ maintains web profiles within social networks in order to communicate with interested parties and active users and to inform about our products, events and news.
When you access our Facebook page (regardless of whether you are logged into your Facebook account or not), your browser transmits certain technical data to the web server for which Facebook is responsible. Facebook also uses so-called „cookies“. Cookies are small text files that are stored in the memory of your device via your browser. Cookies set by Facebook are intended, among other things, to enable GEMÜ, as the operator of the Facebook page, to obtain statistics for the purpose of controlling the marketing of our activities, which Facebook compiles on the basis of visits to this page.
Description and scope of data processing
As the operator of the Facebook page, GEMÜ can use the Facebook Page Insights function, which Facebook makes available to us free of charge as an indispensable part of the user relationship, to obtain anonymous statistical data regarding visitors to our Facebook page. This data is collected by using cookies set by Facebook, which each contain a unique user code and that are stored by Facebook on the visitor’s device. The user code that can be linked to the login information of those users that are registered on Facebook is collected and processed when they visit the Facebook Page.
In particular, the Facebook fan page operator may receive demographic information provided by Facebook about its target audience – and thus the processing of that information – including trends in age, gender, relationship status and professional situation, information about the lifestyle and interests of its target audience, and information about the purchases and online purchasing behaviour of visitors to its site, the categories of goods or services that interest them most, and geographic information that informs it of where to conduct special promotions or organize events and generally enables it to target its information offering as effectively as possible.
Although the visitor statistics compiled by Facebook are transmitted exclusively in anonymous form to GEMÜ as the operator of the Facebook page, the compilation of these statistics is based on the previous survey – using cookies set by Facebook on the visitor’s device – and the processing of the personal data of these visitors for these statistical purposes. More information about Facebook Page Insights can be found at:
In addition to this automatically collected anonymous data, we also process the data that you have voluntarily provided us with, e.g. comments on posts or contacts.
Data removal and storage duration
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also be necessary if provided for by European or national lawmakers in Union regulations, laws or other rules to which GEMÜ is subject. The data shall also be deleted or the processing shall be restricted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
PROCESSING OF PERSONAL DATA BY FACEBOOK
Purpose of the data processing
Facebook processes visitors‘ personal data according to its own specifications for the following purposes:
- Deployment, personalisation and enhancement of Facebook products;
- Provision of metrics, analysis and other Facebook services;
- Promotion of protection, integrity and security;
- Communication with Facebook users;
- Research and innovation for social purposes.
Further information on Facebook’s legitimate interests with regard to the processing of personal data can be found here: https://www.facebook.com/about/privacy/legal_bases
Description and scope of data processing
(1) What type of information does Facebook process?
To provide Facebook products, it is necessary for Facebook to process information about visitors. The types of information that Facebook collects depends on how visitors use Facebook products. The following information can be processed by Facebook:
- Anything generated and provided by visitors and others, such as information about how the visitor uses Facebook products, information about transactions done on Facebook products, or information about the people, pages, accounts, hashtags, and groups with which the visitor is connected.
- Device information such as device properties, identifiers, network and connections, and cookie data.
- Partner information that allows advertisers, app developers and publishers to send information to Facebook through the Facebook business tools they use, including social plugins (such as the „Like“ button), Facebook login or Facebook pixel. These partners provide Facebook with information about the visitor’s activities outside Facebook.
- When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for „German“ IP addresses) and deleted after 90 days. In addition, Facebook stores information about its users‘ devices (e.g. as part of the „registration notification“ function); Facebook may thus be able to assign IP addresses to individual users.
If you want to avoid this, you should log out of Facebook or deactivate the function „stay logged in“, delete the cookies on your device and close and restart your browser. Thus, information that Facebook can use to identify you is deleted. This allows you to use our Facebook page without revealing your Facebook account. When you access the interactive features of the page (like, comment, share, news, etc.), a Facebook login screen appears. After an eventual login, you will again be recognisable for Facebook as a specific user.
For information on how to manage or delete existing information about you, please visit the following Facebook Support pages: https://de-de.facebook.com/about/privacy.
(2) How is the information processed by Facebook shared with others?
Facebook works with third-party partners who help Facebook deliver and enhance its products or use Facebook business tools to grow business. Facebook may share information with the following third parties:
- Partners who use Facebook analysis services;
- Partner for metrics;
- Partners who offer goods and services in Facebook products;
- Vendors and service providers;
- Researchers and scientists;
- Law enforcement authorities or legal inquiries.
(3) How does Facebook process and transmit data as part of its global services?
Facebook shares information worldwide, both internally between Facebook companies and externally with its partners, as well as with those individuals or organisations with whom the visitor connects around the world and with whom the visitor shares something. Data may also be transferred to and processed in the USA or other third countries that do not have an adequate level of data protection. In this regard, Facebook uses standard contractual clauses approved by the European Commission or relies on the European Commission’s adequacy decisions regarding certain countries.
Data removal and storage duration
Facebook stores data until it is no longer needed to provide its services and Facebook products, or until the user’s Facebook account is deleted, whichever comes first. This is a case-by-case determination and depends on such things as the nature of the data, why it is collected and processed, and the relevant legal or operational storage needs.