January 2024

Information on data protection policy

in accordance with Articles 13, 14 and 21 of the European General Data Protection Regulation (hereinafter referred to as GDPR) and Sections 32 and 33 of the German Federal Data Protection Act (hereinafter referred to as BDSG)

We take our task of ensuring the confidentiality of your personal data within the framework of the applicable provisions of data protection law seriously. “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The protection and legally compliant collection, processing and use of this data is therefore an important concern for us. TOGETHER GmbH therefore uses both technical and organizational measures to protect your data from manipulation, loss, destruction or access by unauthorized persons.

Below we inform you about the processing of your personal data.

I. Who is responsible for data processing and who can you contact?

TOGETHER GmbH
Albert-Einstein-Str. 1
95028 Hof
phone: 09267 914 2990
fax: 09267 914 2999
e-Mail: info@together-gmbh.com
website: www.together-gmbh.com

II. Data Protection Officer

Data Protection Officer, who is responsible for data processing.

Jürgen Klausmann
Albert-Einstein-Str. 1
95028 Hof
phone: 09267 914 2990
e-Mail: info@together-gmbh.com

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

III. For what purposes is your data processed and on what legal basis?

We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws.

IV. General of data processing

1 Scope of the processing of personal data

We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3 Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

V. Provision of the website/description and scope of data processing

a) What data do we collect and store when you visit our website?

When you visit our website and use our Internet offering, we automatically store the data transmitted by your browser. This includes the date and time you access our website, the browser type and version you are using, the operating system of your PC, the language setting and the pages you have viewed, files accessed, the amount of data sent and the URL of the referring website and status information (e.g. error messages), the user’s Internet service provider, the user’s IP address, websites from which the user’s system accesses our website and websites that are accessed by the user’s system via our website. The data is also stored in the log files of our system.
This data is not stored together with other personal data of the user.
This data is used by us for statistical purposes, but it is not possible or intended for us to draw conclusions about personal data. We do not create a personal user profile. The data we collect automatically will not be passed on to third parties unless we are legally obliged to do so or you have given your express prior consent.

Which log files (protocols) are stored and for how long?

Automated protocols (so-called log files) are recorded for certain services. All log files are rotated daily. The logs from the previous day are archived by the Internet service provider and are available for the specified retention period. These are purely internal log files. Web server log file
Contains: Domain, IP, requests, user agent, timestamp, status code
Retention period: 3 days FTP log file
Contains: FTP user, IP, downloaded/uploaded files
Retention time: 24 hours

SSH log file
Contains: SSH user, IP
Retention time: 3 days

E-mail log file
Contains: Meta data (sender, recipient, time, IP, size)
Retention period: 3 days

b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

c) Purpose of the data processing

Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

e) Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

VI. E-Mail-Contact

If contact is made via the e-mail address provided, the user’s personal data transmitted with the e-mail as well as the user’s IP address and the date and time of the e-mail are stored.
No data is passed on to third parties in this context. The data is used exclusively for processing the conversation.

b) Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

c) Purpose of the data processing

In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If the conversation results in a purchase contract, we are obliged to store this data in accordance with the statutory retention periods pursuant to Section 257 (4) of the German Commercial Code (HGB).

e) Widerspruchs- und Beseitigungsmöglichkeit

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
To do so, please send us an e-mail, letter or fax stating that you wish your data to be deleted.
All personal data stored in the course of contacting us will be deleted in this case, provided it does not contradict the legal requirements.

VII. How does TOGETHER protect your data?

We have taken technical and organizational security measures to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in data processing are obliged to comply with the Federal Data Protection Act and other data protection laws and to handle personal data confidentially.

Our security measures are continuously revised in line with technological developments.

VIII. Rights of affected persons

a) What data protection rights do you have (information, correction and deletion of personal data)?

You can contact us by e-mail, letter or fax and request information about the personal data stored about you at any time. In addition, you can request a correction if incorrect data relating to you has been stored. You also have the right, taking into account the purposes of the processing, to request the completion of your personal data if incomplete data has been stored. In addition, you can request the deletion of your data if there are no legal regulations, in particular tax and commercial retention regulations, that prevent deletion. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used and machine-readable format. Please contact us if you wish. You can find the contact details in our legal notice.

b) Right to lodge a complaint with the supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not lawful.

IX. Social Plugins

We do not use any redirects or mechanisms that automatically transfer information to providers of social media services such as YouTube, Facebook, Twitter, etc. when you visit our website.

X. Links to other websites

Insofar as we refer or link to third-party websites from our website, we cannot assume any guarantee or liability for the accuracy or completeness of the content and data security of these websites.

As we have no influence on compliance with data protection regulations by third parties, you should check the data protection declarations offered in each case separately.

If we set a link to another website and thus redirect you to another provider, we will point this out in the text and either set this link in the format musterfirma.tld or point to musterfirma.tld in conjunction with an arrow pointing upwards to the right.

XI: Protection of minors

Children and persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children, do not collect it and do not pass it on to third parties.

XII: Scope of application

This privacy policy applies to the website www.together-gmbh.com of TOGETHER GmbH in Hof and the content offered there. Information on responsibility for the content provided on the website www.together-gmbh.com can be found in our legal notice. In accordance with Section 5 of the German Telemedia Act (TGM), the operators specified there are responsible for the content of this website.

XIII: Changes to the data protection provisions and data protection notices

We ask for your understanding that we change our data protection provisions from time to time due to legal changes and adaptations to our services. It is therefore important that you visit this page from time to time to find out about the current status of data protection in our company and your data. By continuing to use and visit our website and the services offered, you declare your agreement with these data protection provisions. This also applies to any updates in the future.

End of data protection policy