Data privacy

1. Responsible Party and Contact Details

The company Uni Apart Entwicklungsgesellschaft mbH (hereinafter referred to as "Responsible") is responsible for processing. Uni Apart Entwicklungsgesellschaft mbH processes the data provided by the data subject (hereinafter referred to as "Customer") in accordance with the provisions of the European General Data Protection Regulation (hereinafter "GDPR").

The contact details of the Responsible are as follows:
Uni Apart Entwicklungsgesellschaft mbH
Schlüterstraße 3b
85057 Ingolstadt
Germany
Phone: +49 (0)841 491 570
Email: info@uniapartgruppe.de
Managing Partner: Alexander Orthmann

2. Purpose and Corresponding Legal Basis

2.1. Contract Fulfillment and Pre-Contractual Measures:

The processing of the Customer's personal data is necessary for the fulfillment of a contract in which the Customer is a party, or for the execution of pre-contractual measures requested by the Customer. The legal basis for this processing is Art. 6(1)(b) GDPR.

2.3. Contacting the Responsible:

If the Customer uses the contact form or contacts the Responsible via email, phone, WhatsApp, fax, post, or similar means, the transmitted personal data will be used and processed solely for the purpose of handling the Customer's inquiry. The legal basis for these processing activities is the Customer's consent pursuant to Art. 6(1)(a) GDPR.

3. Recipients of Personal Data

The Customer's personal data transmitted to the Responsible will be made accessible to the recipients as explained below:

3.1. Contract Fulfillment and Pre-Contractual Measures:

The Customer's personal data transmitted to the Responsible will be made accessible to the following recipients for the purpose of fulfilling the contract or conducting pre-contractual measures:

3.1a

Shipping Service Providers:
Depending on the shipping method selected by the Responsible, the data will be made accessible to:
- Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany
- DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
Email Service Provider and Web Hosting Companies:
- Host Europe GmbH, Hansestrasse 111, 51149 Köln, Germany
Telephone Service Providers:
- Vodafone GmbH Ferdinand-Braun-Platz 1, 40549 Düsseldorf
- COM-IN Telekommunikations GmbH Erni-Singerl-Straße 2b, 85053 Ingolstadt
- PASCOM GMBH & CO. KG Berger Straße 42, 94469 Deggendorf
Instant Messaging Service Provider:
- WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

3.1b

In case of payment by bank transfer, the following entities will have access to the data:
Sparkasse Ingolstadt Eichstätt, Rathausplatz 6, 85049 Ingolstadt
Tax Consultant:
Reisinger, Schlierf und Kollegen Steuerberatungsgesellschaft mbH, Fauststraße, 6185051 Ingolstadt

3.1c

If the Customer consents to the use of third-party software Google Analytics by the Responsible on the website as described in section "11. Analysis tool during the Customer's visit to the website":
- Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland

3.2. Advertising through Postal Mail as described in 2.2:

In accordance with 3.1a, the Responsible will make the personal data accessible to the shipping service provider.

3.3. Contacting the Responsible as described in 2.3:

By using the contact form, the Customer's personal data transmitted to the Responsible will be made accessible to the recipients in accordance with 3.1a.
By contacting the Responsible via email, the Customer's personal data transmitted to the Responsible will be made accessible to the recipients in accordance with 3.1a.
By contacting the Responsible via phone, the Customer's personal data transmitted to the Responsible will be made accessible to the recipients in accordance with 3.1a.
By contacting the Responsible via WhatsApp, the Customer's personal data transmitted to the Responsible will be made accessible to the recipients in accordance with 3.1a.
By contacting the Responsible via Post, the Customer's personal data transmitted to the Responsible will be made accessible to the recipients in accordance with 3.1a.

The personal data will only be made accessible to further third parties with the prior written consent of the Customer or when required by legal order.

4. Storage Period

The Customer's data that must be retained for legal reasons with the complete processing of the contract will be blocked. These data will no longer be available for any further use. After the legal basis for retention ceases to exist, the blocked data will be deleted.

In case the Customer contacts the Responsible or uses the contact form or callback request form, the personal data will be used for the duration of processing the inquiry. Subsequently, the data that must be retained for legal reasons will be blocked. These data will no longer be available for any further use.

The Responsible is subject to various retention and documentation obligations, including those arising from the Commercial Code (HGB) and the Tax Code (AO). The prescribed retention or documentation periods there are two to ten years.

Finally, the storage period is also determined by the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.

5. Data Protection Rights

Every Customer has the right, in accordance with Article 15 GDPR in conjunction with § 34 BDSG, to request information from the Responsible about the personal data processed by the Responsible and relating to the Customer. Furthermore, the Customer has the right to receive the information specified in Article 15(1) GDPR. The Customer has the right to prompt rectification of inaccurate personal data concerning them and to have incomplete personal data completed, in accordance with Article 16 GDPR. Additionally, the Customer has the right, pursuant to Article 17 GDPR in conjunction with § 35 BDSG, to request the immediate erasure of personal data concerning them. The conditions and restrictions of the right to erasure are specified in detail in Article 17 GDPR and § 35 BDSG. The Customer also has the right, in accordance with Article 18 GDPR, to request the restriction of the processing of personal data concerning them if one of the conditions of Article 18(1) GDPR is met. The Customer can, in accordance with Article 20 GDPR, request to receive the personal data provided by them to the Responsible, which the Responsible processes based on the existing contract between them and the Customer or on the Customer's consent, in a structured, commonly used, and machine-readable format. The Responsible is prohibited from hindering the transmission of this data by the Customer to another Responsible. The conditions and restrictions of the aforementioned rights are specified in detail in Article 20 GDPR. The Responsible provides the above-mentioned information and measures requested by the Customer free of charge, in accordance with Article 12(5) GDPR. Corresponding inquiries should be directed to the address specified in Point 1.

As an affected Customer, they have the right, in accordance with Article 77 GDPR in conjunction with § 19 BDSG, to lodge a complaint with a data protection supervisory authority.

6. Right to Object and Other Rights

If the Customer has given consent to the processing of their personal data for one or more specific purposes, they have the right to withdraw consent at any time, with future effect.

In addition, the Customer has the right to object to the processing of their personal data for marketing purposes, including direct mail advertising, free of charge, at any time and with future effect. The corresponding request should be directed to the address specified in Point 1.

Without prejudice to any other administrative or judicial remedy, every affected person has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement, if the affected person considers that the processing of personal data relating to them violates this Regulation.

The competent supervisory authority for Bavarian public authorities is the Landesbeauftragte für den Datenschutz (State Data Protection Officer), Prof. Dr. Thomas Petri. The contact details are provided at the following link:
https://www.datenschutz-bayern.de/vorstell/impressum.html

7. Obligation to Provide Data

The provision of the following data is mandatory (required information):

7.1. For Contract Fulfillment or Implementation of Pre-contractual Measures:

The provision of the following data is mandatory for concluding a contract (required information):

Business name
Name of the representative person
Address
Email address
Phone number

All other information is not required for contract conclusion and is therefore voluntary.

If the mandatory information required for contract conclusion is not provided, no contract will be concluded. The non-provision of voluntary information does not affect the contract conclusion.

7.2. For Contacting as Described in 2.3:

The provision of the following data is mandatory (required information) for processing a contact request through the contact form:
- Title
- First name
- Last name
- Email address
- Website
- Phone number
- Message
- Consent regarding the transmission of personal data
The provision of the following data is mandatory (required information) for processing a callback request through the callback request form:
- Contact person / Company
- Phone number
- Consent regarding the transmission of personal data
For processing an email inquiry, the provision of the following data is mandatory (required information):
- Email address
For processing a telephone inquiry, the provision of the following data is mandatory (required information):
- None
For processing a WhatsApp inquiry, the provision of the following data is mandatory (required information):
- Phone number
For processing a postal inquiry, the provision of the following data is mandatory (required information):
- Name
- Address

All other information is not required for processing an inquiry and is therefore voluntary.

If the mandatory information required for processing an inquiry is not provided, the inquiry will not be processed. The non-provision of voluntary information does not affect the processing of the inquiry.

8. Automated Decision Making

Automated decision-making, including profiling, does not take place.

9. SSL/TLS Encryption during the Customer's Website Visit

For security reasons and to protect the transmission of confidential content, the website's responsible party uses SSL/TLS encryption. An encrypted connection can be identified by the change of the browser's address bar from "http://" to "https://".

10. Cookies Due to the Customer's Website Visit

The responsible party uses cookies to make the visit to its websites attractive for the customer and to enable the use of certain functions.

10.1 Transient Cookies

The responsible party uses transient cookies only for processes that require technical necessity.

The customer can view the configuration for the use of transient cookies on the page "Cookie Settings".

10.2 Persistent Cookies

The responsible party uses persistent cookies only if the customer has consented to the use of or specific persistent cookies.

The customer can give consent or revoke the use/creation of persistent cookies on the page "Cookie Settings".

If persistent cookies are used by third-party companies or for analytical purposes with the customer's consent, it will be separately disclosed in this privacy policy.

The settings for persistent cookies on the website can be changed at:
Cookie Settings

11. Analysis Tool during the Customer's Website Visit

11.1 Google Analytics (with Customer's Consent)

The responsible party of the website uses the features of the web analysis service Google Analytics when the customer explicitly gave consent on the page regarding third-party software and the use/storage of persistent cookies by Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses "persistent cookies". These are text files that are stored on the customer's device and enable an analysis of the customer's use of the website. The information generated by the persistent cookie about the customer's use of the website is usually transmitted to a Google server in the USA and stored there.

The storage of persistent Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) lit. f GDPR. The responsible party of the website has a legitimate interest in analyzing user behavior to optimize both its website offering and its advertising.

11.1a IP Anonymization

The responsible party of the website has activated the IP anonymization feature. This means that the customer's IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the responsible party of the website, Google will use this information to evaluate the customer's use of the website, compile reports on website activities, and provide further services related to website usage and internet usage to the responsible party of the website. The IP address transmitted by the customer's browser in the context of Google Analytics will not be merged with other Google data.

11.1b Browser Plugin

The customer can prevent the storage of cookies by adjusting the browser software accordingly. The customer can also prevent the collection of data generated by the cookie and related to the use of the website (including the IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

11.1c Objection to Data Collection

The customer can prevent the collection of data by Google Analytics by revoking consent to Google Analytics on the page "Third-Party Software Settings" on the responsible party's website. Of course, the customer can also revoke consent to persistent Google Analytics cookies on the "Cookie Settings" page.

The settings for persistent cookies on the responsible party's website can be changed at:
Cookie Settings.

Settings for third-party software used on the responsible party's website can be changed at:
Third-Party Software Settings.

For more information on how user data is handled by Google Analytics, the customer can refer to Google's privacy policy:
https://support.google.com/analytics/answer/6004245?hl=en.

11.1d Data Processing on Behalf

The responsible party has concluded a contract with Google for data processing on behalf and fully complies with the strict requirements of German data protection authorities when using Google Analytics.

11.1e Demographic Features in Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information about the age, gender, and interests of customers. This data comes from Google's interest-based advertising and customer data from third-party providers. This data cannot be attributed to any specific person. The customer can deactivate this function at any time through the ad settings in their Google account or generally prohibit the collection of data by Google Analytics as described in section "11.1c Objection to Data Collection".

11.1f Data Retention

Data stored by Google on the user and event level associated with persistent cookies, user identifiers (e.g. User ID), or advertising IDs (e.g. persistent DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. For more details, please see the following link:
https://support.google.com/analytics/answer/7667196?hl=en.

12.1 Google Maps (with Customer Consent)

The responsible party of the website uses the Google Maps map service via an API, if the customer explicitly consented to it on the page "Third-Party Software Settings". The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To ensure data protection on the website, Google Maps is deactivated when the customer first enters this website. A direct connection to Google's servers is only established when the customer activates Google Maps independently (consent according to Art. 6 (1) lit. a GDPR). This prevents the customer's data from being transmitted to Google when they first enter the page.

After activation, Google Maps will store the customer's IP address. This is usually transmitted to a Google server in the USA and stored there. The responsible party of the website has no control over this data transmission after Google Maps is activated. For more information on how user data is handled, the customer can refer to Google's privacy policy:
https://www.google.de/intl/en/policies/privacy/.

Settings for third-party software used on the responsible party's website can be changed at:
Third-Party Software Settings.

12.2 Google StreetView (with Customer Consent)

The responsible party of the website uses the Google StreetView service via an API, if the customer explicitly consented to it on the page "Third-Party Software Settings". The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To ensure data protection on the website, Google StreetView is deactivated when the customer first enters this website. A direct connection to Google's servers is only established when the customer activates Google StreetView independently (consent according to Art. 6 (1) lit. a GDPR). This prevents the customer's data from being transmitted to Google when they first enter the page.

After activation, Google StreetView will store the customer's IP address. This is usually transmitted to a Google server in the USA and stored there. The provider of this website has no control over this data transmission after Google StreetView is activated. For more information on how user data is handled, the customer can refer to Google's privacy policy:
https://www.google.de/intl/en/policies/privacy/.

Settings for third-party software used on the responsible party's website can be changed at:
Third-Party Software Settings.

12.3 YouTube with Enhanced Data Protection (with Customer Consent)

This website embeds videos from the video portal YouTube, if the customer explicitly consented to it on the page "Third-Party Software Settings". The software is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To ensure data protection on the website, YouTube is deactivated when the customer first enters this website. A direct connection to Google's servers is only established when the customer activates YouTube independently (consent according to Art. 6 (1) lit. a GDPR). This prevents the customer's data from being transmitted to Google when they first enter the page.

The responsible party of the website uses YouTube in the enhanced data protection mode. According to YouTube, this mode ensures that YouTube does not store information about customers on the website until they watch the video. However, data may still be transmitted to YouTube partners through the enhanced data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether the customer watches a video or not.

Once the customer starts a YouTube video on the website, a connection to YouTube's servers is established. YouTube is then informed which pages the customer has visited. If the customer is logged into their YouTube account, YouTube can directly associate the customer's browsing behavior with their personal profile. The customer can prevent this by logging out of their YouTube account.

In addition, YouTube may store various persistent cookies on the customer's device after starting a video. With the help of these persistent cookies, YouTube can obtain information about customers of the website. This information is used, among other things, to capture video statistics, improve user-friendliness, and prevent fraud attempts. The persistent cookies remain on the customer's device until they are deleted. It is possible that further data processing operations may be triggered after the customer starts a YouTube video, over which the responsible party of the website has no control.

The use of YouTube is in the interest of an attractive presentation of the online offering. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If appropriate consent has been obtained (e.g., consent to store persistent cookies), the processing is based exclusively on Art. 6 (1) lit. a GDPR; consent can be revoked at any time.

For more information about data protection at YouTube, the customer can refer to Google's privacy policy at: https://policies.google.com/privacy?hl=en.

Settings for third-party software used on the responsible party's website can be changed at: Third-Party Software Settings.

12.4 Google reCAPTCHA (with Customer Consent)

This website uses "Google reCAPTCHA" (hereinafter "reCAPTCHA") if the customer explicitly consented to it on the page "Third-Party Software Settings". The software is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To ensure data protection on the website, reCAPTCHA is deactivated when the customer first enters this website. A direct connection to Google's servers is only established when the customer activates reCAPTCHA independently (consent according to Art. 6 (1) lit. a GDPR). This prevents the customer's data from being transmitted to Google when they first enter the page.

reCAPTCHA is used to check whether data entry on the website (e.g., in a contact form) is done by a human or an automated program. For this purpose, reCAPTCHA analyzes the customer's behavior based on various characteristics. This analysis starts automatically as soon as the customer enters the website. reCAPTCHA evaluates various information during the analysis (e.g., IP address, customer's dwell time on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to Google.

The reCAPTCHA analyses take place completely in the background. The customer is not notified that an analysis is taking place.

The storage and analysis of data are based on Art. 6 (1) lit. f GDPR. The responsible party of the website has a legitimate interest in protecting its web offerings against abusive automated spying and spam. If appropriate consent has been obtained (e.g., consent to store persistent cookies), the processing is based exclusively on Art. 6 (1) lit. a GDPR; consent can be revoked at any time.

For further information about Google reCAPTCHA, the customer can refer to Google's privacy policy and terms of use at the following links:
https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

Settings for third-party software used on the responsible party's website can be changed at: Third-Party Software Settings.