I. Collection and storage of personal data and the nature and purpose of their use
1) Use of our website
When you use our website, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is recorded automatically and stored by us until it is automatically deleted:
IP address of the requesting computer;
date and time of access;
name and URL of the retrieved file;
website from which the access takes place (referrer URL);
the browser used and, if applicable, the operating system of your computer and the name of your access provider.
The above-mentioned data will be processed by us for the following purposes:
to ensure a smooth connection of the website;
guarantee a comfortable use of our website;
evaluation of system security and stability;
for other administrative purposes.
The legal basis for the processing is Art. 6 (1) (f) of the Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR). Our legitimate interest follows from the above-mentioned purposes. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.
Apart from the log files, no processing of personal data is required for the use of our website. In particular, we do not use cookies.
2) Your inquiries
If you contact us, we use the information you provide to answer your inquiries. Legal basis for the processing is Art. 6(1) (b) GDPR if your inquiry concerns a pre-contractual or contractual relationship with us and Art. 6(1) (f) GDPR for all other inquiries. Our legitimate interest is to answer your inquiries.
II. Recipients of personal data
Within our company, those functions get access to your personal data that need it to fulfill our contractual and legal obligations. Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
you have given your express consent in accordance with Art. 6(1) (a) GDPR;
the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data in accordance with Art. 6(1) (f) GDPR;
in the event that there is a legal obligation to pass on the data in accordance with Art. 6(1) (c) GDPR;
this is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6(1) (b) GDPR.
For the above-mentioned purposes, the following categories of recipients may get access to your personal data:
IT service providers;
logistics service providers;
marketing service provider, especially in the field of email marketing and/or invitation mailings;
banks for the collection of fees;
collection companies and/or lawyers for the enforcement of claims.
Unless otherwise stated in a particular case, your personal data is not transferred to third countries outside the European Economic Area (EEA).
III. Storage periods
We process and store your personal data as long as necessary, e. g. for the initiation and duration of our contractual relationship.
In case of a contractual relationship, but also in case of other claims under civil law, the storage periods also depend on the applicable statutory limitation periods, which, for example, are generally three years in accordance with Sec. 195 et seq. of the German Civil Code (BGB), but in certain cases may be up to thirty years.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Tax Code (AO). The periods of retention or documentation specified there are six years for correspondence in connection with the conclusion of a contract and ten years for accounting documents and business letters (Sec. 238, 257 (1) and (4) HGB, Sec. 147 (1) and (3) AO).
Log files are generally deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful.
IV. Your data protection rights
You have the following data protection rights:
to request information about your personal data processed by us in (Art. 15 GDPR);
to obtain without undue delay the rectification of inaccurate or incomplete personal data concerning you (Art. 16 GDPR);
to request erasure of your personal data stored by us (Art. 17 GDPR);
to obtain from us restriction of processing (Art. 18 GDPR);
to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (Art. 20 GDPR);
to object to the processing of your personal data where the processing is based on Art. 6(1) (f) GDPR (Art. 21 GDPR);
where the processing of your personal data is based on Art. 6(1) (a) GDPR to withdraw your consent at any time with effect for the future which means that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Art. 7(3) GDPR);
to lodge a complaint with a supervisory authority—in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement—if you consider that the processing of your personal data infringes the GDPR or other applicable data protection laws (Art. 77 GDPR).
To exercise these data protection rights, please send an email to info@commonagency.eu.
V. Data security
We use the common SSL (Secure Socket Layer) method in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
VI. Vimeo
We use Vimeo (Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA) to display embedded videos on our website.
When you visit a page on our website where we have embedded the Vimeo plugin and interact with this plugin, e. g. by clicking on the start button for the video, a connection to Vimeo’s servers in the USA is established and Vimeo receives the information that you have visited the respective page of our website and played the embedded video. In this process, Vimeo receives your IP address and technical information about your device (e. g., browser type, operating system, and basic device information). If you have a Vimeo account and are logged in, Vimeo assigns the information about your interaction with the plugin to your Vimeo account; you may prevent this by logging out of your Vimeo account.
There is an adequacy decision pursuant to Art. 45 GDPR regarding Vimeo’s data protection level, as Vimeo has self-certified its adherence to the principles of the EU-US-Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active).
By using the Vimeo plugin on our website, you consent to the processing of personal data described above. Legal basis for the processing is Art. 6(1) (a) GDPR.
Vimeo is the controller for the personal data collected through its plugins. For more information on how Vimeo processes your personal data please visit Vimeo’s privacy policy (https://vimeo.com/privacy).
VII. Amendments of this privacy policy
This privacy policy is currently valid and it was last amended in October 2020. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to amend this privacy policy in the future.