data protection
Foreword
We, Expedicial Reise GmbH, Zum Stadtpark 5, 93142 Maxhütte-Haidhof, together with our subsidiaries (hereinafter jointly referred to as“the company”,“we” or“us”) take the protection of your personal data seriously and would like to take this opportunity to inform you about data protection in our company. Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR ”) in order to ensure the protection of personal data of the person affected by a processing operation (we also address you as data subject hereinafter with “customer”, “user”, ” you”, ” you ” or“data subject”). Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 DS-GVO). With this declaration (hereinafter:“data protection information”) we inform you about the way in which your personal data is processed by us. Our data protection information is modular in structure. They consist of a general part for any processing of personal data and processing situations that come into play each time a website is accessed (A. General) and a special part, the content of which relates in each case only to the processing situation indicated there with designation of the respective offer or product, in particular the visit to websites as detailed here (B. Visit to websites). In order to find the parts relevant to you, please refer to the following overview of the subdivision of the data protection information:
Part | Designation | This part is for you |
Part A | General information | always relevant. |
Part B | Website and social media presences | relevant if you use our German website, including our social media presence. |
A) General
(1) Definitions
Following the model of Art. 4 GDPR, this data protection notice is based on the following definitions: — “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if he or she can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, an online identifier, location data or with the aid of information about his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information does not matter (even photographs, video or audio recordings may contain personal data). — “Processing” (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by means of automated (i.e. technology-based) processes. This includes, in particular, the collection (i.e., acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing was originally based. — “Controller” (Art. 4 No. 7 DS-GVO) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. — “Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor; this also includes other group-affiliated legal entities. — “Processor” (Art. 4 No. 8 DS-GVO) means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In particular, a processor is not a third party in the sense of data protection law. — “Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
(2) Name and address of the controller
We are the controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR: Expedicial Reise GmbH Zum Stadtpark 5 93142 Maxhütte-Haidhof Managing Director Nils Lührmann Phone: +49 176 21729138 Email: info@npl-overland.eu Further information about our company can be found in the legal notice on our website: https://npl-overland.eu/impressum
(3) Contact of the controller
If you have any questions or would like to contact us about data protection, please contact our data controller at any time.
(4) Legal basis for data processing
In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications: — Art. 6 para. 1 p. 1 lit. a GDPR (“consent”): Where the data subject has voluntarily, in an informed and unambiguous manner, indicated by a statement or other unambiguous affirmative act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes; — Art. 6 para. 1 p. 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; — Art. 6 para. 1 p. 1 lit. c GDPR: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data); — Art. 6 para. 1 p. 1 lit. d GDPR: Where processing is necessary in order to protect the vital interests of the data subject or of another natural person; — Art. 6 para. 1 p. 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or — Art. 6 para. 1 p. 1 lit. f DS-GVO (“legitimate interests”): Where processing is necessary for the purposes of legitimate (in particular legal or economic) interests of the controller or a third party, unless such interests are overridden by the conflicting interests or rights of the data subject (in particular where the data subject is a minor). For the processing operations carried out by us, we indicate below the applicable legal basis in each case. Processing can also be based on several legal bases.
(5) Data deletion and storage period
For the processing operations carried out by us, we indicate below how long the data is stored by us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will generally only be stored on our servers in Germany, subject to any disclosure in accordance with the provisions in A.(7) and A.(8). However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the controller (e.g. Section 257 HGB, Section 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
(6) Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments. We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see under A.(3)).
(7) Cooperation with processors
As with any large company, we also use external domestic and foreign service providers to handle our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). They will only act according to our instructions and have been contractually obligated to comply with the data protection provisions pursuant to Art. 28 DS-GVO. If your personal data is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.
(8) Conditions for the transfer of personal data to third countries
As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These can also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points. The European Commission certifies that some third countries have data protection standards comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see A.(3)) if you would like more information on this.
(9) Automated decision making (including profiling).
If we carry out automated decision-making (including profiling), we will inform you of this at the relevant point in this privacy policy, as well as of the logic involved, the scope and the intended effects of such processing. We do not use the personal data collected from you for automated decision-making (including profiling).
(10) No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products presented below and offered by us, you will be informed of this separately.
(11) Legal obligation to transmit certain data
We may be subject to a special legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public authorities (Art. 6 para. 1 sentence 1 lit. c GDPR).
(12) Your rights
You can assert your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided at the beginning under A.(2). As a data subject, you have the right: — to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. in accordance with Art. 16 GDPR, to immediately request the rectification of inaccurate data or the completion of your data stored by us; — in accordance with Art. 17 GDPR, to request the erasure of your data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims; — in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR pending the verification whether our legitimate grounds override yours as the data subject; — pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller (“data portability”); — to object to the processing pursuant to Art. 21 GDPR, provided that the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing; — in accordance with Art. 7 para. 3 GDPR, your consent given once (even before the GDPR came into force, i.e. before 25.5.2018), i.e. your voluntary, informed and unequivocal consent to the processing of the personal data concerned for one or more specific purposes, which you have given to us at any time by means of a declaration or other unambiguous confirmatory act, if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future and — in accordance with Art. 77 GDPR to complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us, the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18. 91522 Ansbach, e‑mail:
poststelle@datenschutz-bayern.de.
(13) Changes to the data protection notice
As part of the ongoing development of data protection law and technological or organizational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed about changes in particular on our German website at https://npl-overland.eu/. This data protection notice is valid as of May 2023.
B) Visiting websites
(1) Explanation of the function
Information about our company and the services we offer can be found in particular at https://npl-overland.eu/ together with the associated subpages (hereinafter jointly referred to as “websites”). When you visit our website, your personal data may be processed.
(2) Personal data processed
a) Informational use
We collect, store and process the following categories of personal data when you use the websites for information purposes: “Log data”: When you visit our websites, a so-called log data record (so-called server log files) is temporarily and anonymously stored on our web server.
This consists of: — the page from which the page was requested (so-called referrer URL) — the name and URL of the requested page — the date and time of the call — the description of the type, language and version of the web browser used — the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established — the amount of data transferred — the operating system — the message as to whether the call was successful (access status/Http status code) — the GMT time zone difference
b) Contact
Contact form data:
When using contact forms (e.g. for communication via our services), the data transmitted in this way is processed (e.g. gender, surname and first name, date of birth, address, company, e‑mail address, telephone number, and the time of transmission).
WhatsApp:
On our website, we offer the option of contacting us directly via an integrated WhatsApp button. When you use this service, personal data (such as your telephone number and the messages you send) are transmitted to WhatsApp Inc, 1601 Willow Road, Menlo Park, California 94025, USA.
Purpose of data processing: The data is processed for the purpose of communicating directly with you and processing your inquiries.
The legal basis for data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, as it enables fast and uncomplicated communication. Disclosure to third parties: WhatsApp Inc.
processes the personal data on our behalf.
This may also involve the transfer of data to third countries outside the European Union.
WhatsApp has undertaken to comply with EU data protection standards and offers guarantees in accordance with Art. 44 et seq. GDPR. Storage period: The data you transmit via WhatsApp will only be stored for as long as is necessary to fulfill the respective communication purposes and then deleted, unless there are legal obligations to retain it. Rights of data subjects: You have the right to request information about the personal data stored by us as well as the right to rectification, erasure, restriction of processing and objection to processing in accordance with the provisions of the GDPR.
Further information on your rights can be found in the general information on data protection in this privacy policy. Opt-out: If you do not want WhatsApp to collect or process data about you, you should not use this service.
You can also uninstall WhatsApp from your device to prevent WhatsApp from processing your data.
c) Newsletter
In addition to the purely informational use of our website, we offer a subscription to our newsletter, with which we inform you about current offers. If you register for our newsletter, the following “newsletter data” will be collected, stored and processed by us: — the page from which the page was requested (so-called referrer URL) — the date and time of the request — the description of the type of web browser used — the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established — the e‑mail address — the date and time of registration and confirmation We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e‑mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively pseudonymized, i.e.. The IDs are therefore not linked to your other personal data, so that they cannot be directly linked to a person.
(3) Purpose and legal basis of data processing
We also process the personal data described in more detail above in accordance with the provisions of the GDPR and other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 para. 1 p. 1 lit. f DS-GVO, the aforementioned purposes also represent our legitimate interests. The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO). Contact form data is processed to handle customer inquiries and to communicate about our offers or our services (legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO). The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a DS-GVO). For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e‑mail to the e‑mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare your revocation by clicking on the link provided in every newsletter e‑mail, by e‑mail to info@npl-overland.eu or by sending a message to the contact details given in the imprint.
(4) Duration of data processing
Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. If you have consented to data processing, your data will only be processed until you withdraw your consent. The legal basis is Art. 7 para. 3 GDPR. With regard to the use and storage duration of cookies, please refer to point A.(5) and the following cookie policy. Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of the services for us in accordance with the respective order. You can find more details on the storage period under A.(5) and the following cookie policy.
(5) Transfer of personal data to third parties; basis for justification
Transmission to other third parties
The following categories of recipients, which are usually processors (see A.(7)), may receive access to your personal data: — Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR, unless they are processors; — Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. c GDPR; — Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. b or lit. f GDPR. For the guarantees of an appropriate level of data protection when transferring data to third countries, see A.(8). In addition, we will only pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
(6) Use of cookies, plugins and other services on our website
a) Cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic string of characters, and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you. Cookies may contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, cookies are again divided into: — Technical cookies: These are absolutely necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited; — Performance cookies: These collect information about how you use our website, which pages you visit and, for example performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website; they do not collect any information that could identify you — all information collected is anonymous and is only used to improve our website and to find out what interests our users; — advertising cookies, targeting cookies: These are used to offer the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months; — sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks). social networks); sharing cookies are stored for a maximum of 13 months. Any use of cookies that is not strictly necessary from a technical point of view constitutes data processing that can only be carried out with your explicit and active consent in accordance with the Data Protection Act. Art. 6 par. 1 p. 1 lit. a GDPR is allowed. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only disclose your personal data processed by cookies to third parties if you have given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have given their express consent to this.
b) Cookie Policy
Here you can manage your cookie settings and disable certain types of tracking. You can find more information about which cookies we use below: Cookies: real_cookie_banner*, real_cookie_banner*-tcf, real_cookie_banner-test Domain: npl-overland.eu Description: Real Cookie Banner asks website visitors to consent to the setting of cookies and the processing of personal data. For this purpose, each website visitor is assigned a UUID (pseudonymous identification of the user), which is valid until the expiration of the cookie for storing consent. Cookies are used to test whether cookies can be set, to store reference to documented consent, to store which services from which service groups the visitor has consented to, and, if consent is obtained under the Transparency & Consent Framework (TCF), to store consents in TCF Partners, Purposes, Special Purposes, Functions, and Special Functions. Within the scope of the duty of disclosure according to the GDPR, the collected consent is fully documented. This includes, in addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and functions the visitor has consented, all cookie banner settings at the time of consent as well as the technical circumstances (e.g. size of the viewing area at the time of consent) and user interactions (e.g. clicking on buttons) that led to consent. Consent is collected once per language. Duration: 1 year Type: Essential Cookie: wp-wpml_current_language Domain: npl-overland.eu Description: WPML is a multi-language system for WordPress websites. The cookies store the user’s language and can redirect the user to the version of the website that corresponds to the language of the user’s browser. Duration: 1 day Type: Functional Cookie: _icl_visitor_lang_js Domain: npl-overland.eu Description: WPML is a multi-language system for WordPress websites. The cookies store the user’s language and can redirect the user to the version of the website that corresponds to the language of the user’s browser. Duration: Session Type: Functional Cookie: wpml_browser_redirect_test Domain: npl-overland.eu Description: WPML is a multi-language system for WordPress websites. The cookies store the user’s language and can redirect the user to the version of the website that corresponds to the language of the user’s browser. Duration: Session Type: Functional Cookies: SSID, HSID, SID, __Secure-3PAPISID, SAPISID, APISID, __Secure-3PSID Domain: google.com Description: YouTube enables the direct embedding of content published on youtube.com in websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 2 years Type: Functional Cookie: SIDCC Domain: google.com Description: YouTube enables content published on youtube.com to be embedded directly into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 1 year Type: Functional Cookie: NID Domain: google.com Description: YouTube allows content published on youtube.com to be embedded directly into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 6 months Type: Functional Cookie: 1P_JAR Domain: google.com Description: YouTube allows content published on youtube.com to be embedded directly into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 1 month Type: Functional Cookie: SIDCC Domain: youtube.com Description: YouTube enables content published on youtube.com to be embedded directly into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 1 year Type: Functional Cookies: __Secure-3PAPISID, SAPISID, SSID, LOGIN_INFO, HSID Domain: youtube.com Description: YouTube enables the direct embedding of content published on youtube.com into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 2 years Type: Functional Cookies: __Secure-APISID, 1P_JAR Domain: youtube.com Description: YouTube allows content published on youtube.com to be embedded directly into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 1 month Type: Functional Cookies: SEARCH_SAMESITE, VISITOR_INFO1_LIVE Domain: youtube.com Description: YouTube enables the direct embedding of content published on youtube.com into websites. The cookies are used to collect visited websites and detailed statistics about user behavior. This data may be linked to the data of users logged on to youtube.com and google.com. Duration: 6 months Type: Functional Cookies: _ga, _ga_* Domain: npl-overland.eu Description: Google Analytics is a service for generating detailed statistics on user behavior on the website. The cookies are used to distinguish users, store campaign-related information for and from the user, and to link data from multiple page views. Duration: 2 years Type: Statistics Cookie: 1P_JAR Domain: google.com Description: Google Ads Conversion Tracking tracks the conversion rate and the success of Google Ads campaigns. Cookies are used to distinguish users and track their behavior on the website in detail and link this data with advertising data from the Google Ads advertising network. In addition, the data is used for so-called “remarketing” in order to display targeted advertising again to users who have already clicked on one of our ads in the Google Ads network. This data may be linked to data from users who have logged into their Google accounts on google.com or a localized version of Google. Duration: 1 month Type: Marketing Cookie: CONSENT Domain: google.com Description: Google Ads Conversion Tracking tracks the conversion rate and the success of Google Ads campaigns. Cookies are used to distinguish users and track their behavior on the website in detail and link this data with advertising data from the Google Ads advertising network. In addition, the data is used for so-called “remarketing” in order to display targeted advertising again to users who have already clicked on one of our ads in the Google Ads network. This data may be linked to data from users who have logged into their Google accounts on google.com or a localized version of Google. Duration: 18 years Type: Marketing Cookie: test_cookie Domain: doubleclick.net Description: Google Ads Conversion Tracking tracks the conversion rate and the success of Google Ads campaigns. Cookies are used to distinguish users and track their behavior on the website in detail and link this data with advertising data from the Google Ads advertising network. In addition, the data is used for so-called “remarketing” in order to display targeted advertising again to users who have already clicked on one of our ads in the Google Ads network. This data may be linked to data from users who have logged into their Google accounts on google.com or a localized version of Google. Duration: 1 day Type: Marketing Cookie: IDE Domain: doubleclick.net Description: Google Ads Conversion Tracking tracks the conversion rate and the success of Google Ads campaigns. Cookies are used to distinguish users and track their behavior on the website in detail and link this data with advertising data from the Google Ads advertising network. In addition, the data is used for so-called “remarketing” in order to display targeted advertising again to users who have already clicked on one of our ads in the Google Ads network. This data may be linked to data from users who have logged into their Google accounts on google.com or a localized version of Google. Duration: 1 year Type: Marketing Cookie: _gcl_au Domain: npl-overland.eu Description: Google Ads Conversion Tracking tracks the conversion rate and the success of Google Ads campaigns. Cookies are used to distinguish users and track their behavior on the website in detail and link this data with advertising data from the Google Ads advertising network. In addition, the data is used for so-called “remarketing” in order to display targeted advertising again to users who have already clicked on one of our ads in the Google Ads network. This data may be linked to data from users who have logged into their Google accounts on google.com or a localized version of Google. Duration: 3 months Type: Marketing
c) Google Analytics
This website uses the functions of Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your express consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). You can give us your consent voluntarily when you call up our website by pressing the corresponding button in the “cookie banner”. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as “Google”. Google Analytics uses cookies (first-party cookies), which enable an analysis of your use of the website. This does not mean, however, that we thereby obtain direct knowledge of your identity. Google uses the information generated by the cookies on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. This allows us to improve the quality of our website and its content. We learn on the basis of statistical analyses how the website is used and can thus constantly optimize our offer. During data processing via Google Analytics, data may be transmitted to the USA. We would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for a data transfer to the USA. If data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for monitoring and surveillance purposes without any legal recourse available to you. The security of data transfers is regularly guaranteed by EU Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR). Google Analytics has SCC, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR. Further details can be found at: https://business.safety.google/adscontrollerterms/sccs/. If these EU standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, Art. 49 para. 1 lit. a DSGVO, which justifies a data transfer to unsafe third countries, serve as a legal basis. The use of Google Analytics is based on your consent given to us (Art. 6 para. 1 sentence 1 lit. a) GDPR). i) IP anonymization We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA and thereby anonymized. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. According to Google’s own information, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data relating to your person. ii) Browser plugin You can prevent the storage of Google Analytics cookies by setting your browser software accordingly (see above).
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. iii) Objection to data collection Alternatively, you can activate/deactivate the collection of your data by Google Analytics in the privacy settings, especially on mobile devices. When deactivated, a cookie is set that prevents the collection of your data during future visits to this website. Specifically, the following tracking cookies are used by Google Analytics:__utmz, __utma, __utmb, __utmc, __utmt. You can find more information on the handling of user data at Google Analytics and the security and data protection principles as well as setting and objection options in Google’s data protection declaration, available via the following link: https://support.google.com/analytics/answer/6004245?hl=de. d) Google Ads and Google Conversion Tracking This website uses Google Ads (formerly “Google AdWords”). Ads is an online advertising program provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, (“Google”). We use Google Ads to advertise this website in Google search results and on third-party websites. In connection with Google Ads, we use what is known as conversion tracking. This means that when you click on an ad placed by Google, a cookie is set for conversion tracking. These cookies are valid for up to 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each user receives a different cookie through Google Ads. These cookies cannot be tracked via the websites of Ads users. The purpose of the information collected by the conversion cookie is to create conversion statistics for us. This tells us the total number of users who clicked on our ad and were redirected to a page with conversion tracking. However, we do not receive any information with which the user can be personally identified. If you do not wish to participate in conversion tracking, you can object to this use. To do this, deactivate the Google Conversion Tracking cookie via your Internet browser in the user settings. You will no longer be included in the conversion tracking statistics. The use of Google Ads and the storage of conversion cookies by means of conversion tracking is in the interest of optimizing our online offers and advertising. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use Google Ads and conversion tracking on the basis of your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. When processing data via Google Ads and Google Conversion Tracking, data may be transferred to the USA. We would like to point out that, in the opinion of the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA. If data is transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring and control purposes without you having any legal recourse. The security of data transmission is regularly guaranteed by EU Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR). Google Ads has SCCs that ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. Further details can be found at: https://business.safety.google/adscontrollerterms/sccs/. If these EU standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, Art. 49 para. 1 lit. a GDPR, which justifies a data transfer to insecure third countries, can serve as a legal basis. You can find more information about Google Ads and Google Conversion Tracking in Google’s privacy policy:
https://www.google.de/policies/privacy/.
e) YouTube
Our website uses plugins from the Google-operated YouTube site. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for data processing in Europe. YouTube allows us to embed videos directly on our website and make them available to you in order to offer you the best possible user experience. When you visit a page on our website that has a YouTube video embedded or click on a YouTube embed to play a video, your browser automatically connects to the YouTube or Google servers, whereby data is transmitted depending on your settings. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube or Google account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. If you are not logged in with a YouTube or Google account, Google stores data using a unique identifier that is linked to your browser, device or app. You can prevent cookies from being set by deleting existing cookies in your browser and deactivating the storage of cookies in your browser settings. In this case, you may not be able to use all the functions of our online offering. We use YouTube on the basis of your consent, Art. 6 para. 1, sentence 1 lit. a GDPR. YouTube may also be used in the interest of an appealing presentation of our online offers, which constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use YouTube on the basis of your consent. When data is processed via YouTube, data may be transferred to the USA. We would like to point out that, in the opinion of the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA. If data is transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring and control purposes without you having any legal recourse. The security of data transmission is regularly guaranteed by EU Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR). YouTube has SCCs that ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If these EU standard contractual clauses and Binding Corporate Rules are not sufficient to establish an adequate level of security, Art. 49 para. 1 lit. a GDPR, which justifies a data transfer to insecure third countries, can serve as a legal basis. Further information on the handling of user data can be found in Google’s privacy policy as a subsidiary of YouTube at
https://policies.google.com/privacy?hl=de.
f) Font Awesome Web Fonts
This site uses so-called web fonts (“Font Awesome”), which are provided by Fonticons, 307 S. Main St., Suite 202, Bentonville, AR 72712, USA, for the purpose of uniform representation of fonts. Font Awesome Web Fonts are installed locally; there is no connection to Fonticons servers.
g) jQuery, jQueryUI and jQuery Migrate
This website uses jQuery or jQueryUI and jQuery Migrate technologies from the provider jQuery Foundation. This optimizes the loading speeds of our website. These libraries are installed locally and do not connect to StackPath’s CDN servers. The use of jQuery is in the interest of an appealing and fast presentation of our online offers. This constitutes a legitimate interest, legal basis is Art. 6 para. 1 lit. f GDPR represent.
h) Google Hosted Libraries
This website uses the free JavaScript library “jQuery” to display animations, interactive elements, etc. Google Hosted Libraries from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is a globally available content distribution network (CDN) for such open source JavaScript libraries. When you visit a website, your browser loads the necessary files into your browser’s cache to display that website correctly and properly. For this purpose, the browser you are using connects to Google’s servers, which enables Google to recognize that you have accessed our website via your IP address. Google Hosted Libraries are used in the interest of an appealing presentation of our online offers and our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on Google Hosted Libraries can be found at https://developers.google.com/speed/libraries/ and in Google’s privacy policy: https://www.google.com/policies/privacy/.
i) Ninja Forms
This website uses the Ninja Forms form plug-in from the provider Saturday Drive Inc, 1809 Keith St., Cleveland, Tennessee 37311, USA. We use Ninja Forms on the basis of your consent, Art. 6 para. 1, sentence 1 lit. a GDPR. Ninja Forms may also be used in the interest of an appealing presentation of our online offers, which constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use Ninja Forms on the basis of your consent. When data is processed via Ninja Forms, data may be transferred to the USA. We would like to point out that, in the opinion of the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA. If data is transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring and control purposes without you having any legal recourse. If these EU standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, Art. 49 para. 1 lit. a GDPR, which justifies a data transfer to insecure third countries, can serve as a legal basis. Further information can be found in Ninja Forms’ privacy policy at
https://ninjaforms.com/privacy-policy/.
j) Yoast SEO
This website uses plugins from Yoast SEO, a service provided by Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands. By means of Yoast SEO we can optimize our websites for search engines. You can prevent Yoast SEO from storing cookies by selecting the appropriate setting in your browser. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. Further information can be found in Yoast BV’s privacy policy at https://yoast.com/privacy-policy/.
k) CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede. CleverReach is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. e‑mail address) is stored on CleverReach’s servers in Germany or Ireland. Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Here, among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website. The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e‑mail addresses for the member area) remain unaffected by this. You can find more details in CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/. Conclusion of a contract for commissioned data processing We have concluded a contract with CleverReach for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using CleverReach.
l) Real Cookie Banner
We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/. Legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to manage the cookies and similar technologies used and the related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal information, we will not be able to manage your consents.