Information on Data Processing for This Website in Accordance with Art. 13 EU General Data Protection Regulation (GDPR) When Collecting Personal Data from the Data Subject
(Version: GDPR 2.1 from November 2024)
Urban GmbH & Co. Maschinenbau KG is responsible for this website and, as a provider of telemedia services, must inform you at the beginning of your visit about the type, scope, and purposes of the collection and use of personal data in a precise, transparent, understandable, and easily accessible manner in plain and simple language. This content must be available to you at all times.
We place the utmost importance on the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the applicable European and national laws.
With the following data protection information, we would like to show you how we handle your personal data and how you can contact us:
Urban GmbH & Co. Maschinenbau KG
Dornierstraße 5
87700 Memmingen
Germany
Commercial Register No.: HRA 8463
Managing Directors: Josef Urban, Martin Urban, Peter Urban
Phone: +49 8331 858-0
Email: urban@u-r-b-a-n.com
Our Data Protection Officer
Sven Lenz
Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
Germany
If you have questions about data protection or other privacy-related concerns, please send an email to: datenschutz@u-r-b-a-n.com
A. General
For better readability, we refrain from gender-specific differentiation. In the interest of equal treatment, corresponding terms apply to all genders. Definitions of terms such as “personal data” or their “processing” can be found in Art. 4 GDPR.
Personal data processed in connection with this website includes:
– Usage data (e.g., pages visited on our website), and
– Content data (e.g., entries in online forms).
B. Specific
Data Protection Information
We ensure that your data is processed solely in connection with handling your inquiries, for internal purposes, and to provide the services you request or make content available.
Legal Basis for Data Processing
We process your personal data only in compliance with the relevant data protection regulations and on the following legal grounds:
– Processing for the fulfillment of our services and execution of contractual measures
Art. 6 para. 1 lit. b GDPR
– Processing to fulfill our legal obligations
Art. 6 para. 1 lit. c GDPR
– Consent
Art. 6 para. 1 lit. a and Art. 7 GDPR
– Processing to protect our legitimate interests
Art. 6 para. 1 lit. f GDPR
Data Transfer to Third Parties
We would like to point out that using our website may result in data being transferred if you select services via the “Cookie-Consent-Tool” provided on the website. If no service is selected, no data transfer to third parties occurs.
In the context of website hosting, the service provider used may have access to your data. The hosting provider we use is listed in these data protection notices.
Should we use subcontractors to provide our services, we take appropriate legal precautions and technical and organizational measures to protect personal data under applicable legal regulations.
Data Transfer to a Third Country or International Organization
Third countries are countries where the GDPR does not directly apply as law. This generally includes all countries outside the EU or the European Economic Area.
We would like to point out that using our website may result in data being transferred to a third country if you select services via the “Cookie-Consent-Tool” provided on the website. If no service is selected, no data transfer to a third country occurs.
This considers the adequacy decision of the EU Commission, which specifies that it is a safe third country or organization with an adequate level of protection.
For data transfers to the USA: As of July 2023, the EU Commission’s adequacy decision (Data Privacy Framework) deems the USA a third country with data protection standards comparable to the EU. This framework serves as a basis for data transfers to certified organizations in the USA.
The U.S. services used are certified under the Data Privacy Framework. Details can be found for each service.
Retention Period for Your Personal Data
We adhere to the principles of data minimization and avoidance. This means that we store your data only as long as necessary to fulfill the purposes mentioned above or as specified by various legally required retention periods. Once the purpose ceases or these periods expire, your data is routinely blocked or deleted in accordance with legal provisions.
Contacting Us
When contacting us electronically (e.g., via contact form or email), personal data is processed. The information you provide is stored solely to process your inquiry and for possible follow-up questions.
We would like to provide the legal basis for this:
• Processing for the fulfillment of our services and execution of contractual measures
Art. 6 para. 1 lit. b GDPR
We would like to point out that emails may be intercepted or altered without authorization during transmission. Additionally, we use spam filtering software to filter out unwanted emails. As a result, emails may be rejected if falsely identified as spam based on certain characteristics.
Your Rights
a) Right to Information
You have the right to request free information about your stored data. Upon request, we will inform you in writing of the personal data we have stored about you. This includes the origin and recipients of your data and the purpose of data processing.
b) Right to Rectification
You have the right to correct your stored data if it is incorrect. You may also request a restriction of processing, e.g., if you contest the accuracy of your personal data.
c) Right to Blocking
Furthermore, you can have your data blocked. To ensure that your data is blocked at all times, this data must be kept in a blocking file for control purposes.
d) Right to Deletion
You can request the deletion of your personal data unless there are legal retention obligations. If such an obligation exists, we will block your data upon request. If the relevant legal requirements exist, we will also delete your personal data without your request.
e) Right to Data Portability
You are entitled to request that we provide the personal data you have submitted in a format that allows it to be transferred to another entity.
f) Right to Complain to a Supervisory Authority
You can file a complaint with one of the data protection supervisory authorities.
The competent authority for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Phone: +49 981 53-1300
Fax: +49 981 53-981300
The complaint form can be accessed via the following link: https://www.lda.bayern.de/de/beschwerde.html
Note: A complaint can also be directed to any data protection supervisory authority within the EU.
g) Right to Object
You can object at any time to data processing based on Art. 6 para. 1 letters e) and f) for reasons arising from your particular situation. This also applies to profiling based on these provisions.
We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling, insofar as it is connected to such direct advertising. If you object, we will no longer process your personal data for direct marketing purposes. To do so, it is sufficient to send us an email.
h) Right of Withdrawal
You have the right to withdraw your consent to the processing of your data at any time with effect for the future without providing reasons. You will not suffer any disadvantages as a result of the withdrawal. To withdraw, it is sufficient to send us an email.
Such a withdrawal does not affect the lawfulness of the processing carried out up to the point of withdrawal on the legal basis of Art. 6 para. 1 lit. a GDPR.
To exercise your rights as a data subject, please send us an email to one of the above-mentioned addresses.
Protection of Your Personal Data
We take contractual, technical, and organizational security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the processed data from accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties.
These security measures include, in particular, the encrypted transmission of data between your browser and our server. For this purpose, a 256-bit SSL (AES 256) encryption technology is used.
Your personal data is protected as follows (excerpt):
a) Ensuring the confidentiality of your personal data
To ensure the confidentiality of your data stored with us, we have implemented various access, entry, and access control measures.
b) Ensuring the integrity of your personal data
To ensure the integrity of your data stored with us, we have implemented various control measures for transmission and input.
c) Ensuring the availability of your personal data
To ensure the availability of your data stored with us, we have implemented various measures for order and availability control.
The security measures we implement are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the insecure nature of the Internet. Any data transmission you undertake is therefore at your own risk.
Protection of Minors
Personal information may only be provided to us by persons under the age of 16 with the express consent of their legal guardians. These data will be processed in accordance with this privacy policy.
Server Log Files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address
This data is not merged with other data sources.
The basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
Cookies
Cookies are small text files stored locally in your internet browser’s cache. Cookies enable, for example, the recognition of the internet browser. The files are used to help the browser navigate through the website and make full use of all functionalities.
Cookie Consent Tool
We use a “cookie consent tool” to obtain valid user consent for cookies requiring consent and cookie-based applications.
This website uses the Borlabs Cookie Consent Tool, provided by Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (“Borlabs”).
The “Cookie Consent Tool” is displayed to users upon accessing the website as an interactive user interface, allowing users to grant consent for specific cookies and/or cookie-based applications via checkboxes. Only those cookies/services requiring consent will be loaded when the user provides consent via checkbox. This ensures that such cookies are only set on the user’s device if consent is provided.
The tool sets technically necessary cookies to save your cookie preferences. No personal user data is processed in principle.
In exceptional cases where personal data (such as the IP address) is processed for the storage, assignment, or logging of cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly cookie consent management and in the legally compliant design of our website.
Another legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the responsible party, we are legally obligated to make the use of technically non-essential cookies dependent on the user’s consent.
For further information about the provider and configuration options of the Cookie Consent Tool, please refer directly to the relevant user interface on our website.
Website Hosting
We use the system of the following provider for hosting our website and presenting the page contents: ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf.
All data collected on our website is processed on the provider’s servers.
We have entered into a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prevent unauthorized disclosure to third parties.
Videos from Vimeo
Our website includes plugins from the video portal Vimeo, provided by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.
When you access a page of our website containing such a plugin, your browser establishes a direct connection to Vimeo’s servers. The content of the plugin is transmitted directly from Vimeo to your browser and integrated into the page. By integrating the plugin, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged into Vimeo. We have configured Vimeo to be privacy-friendly so that no personal data is transmitted.
Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG.
You can withdraw your consent at any time with effect for the future. To do so, disable this service in the “Cookie Consent Tool” provided on the website or in the settings under the privacy notices.
There may be a data transfer to a third country (e.g., the USA) or an international organization. As of July 2023, the EU Commission’s adequacy decision (Data Privacy Framework) has deemed the USA a third country with a level of data protection comparable to the EU. The adequacy decision now serves as a basis for data transfers to certified organizations in the USA.
If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. If you interact with the plugins (e.g., by pressing the play button on a video), this information is also transmitted directly to a Vimeo server and stored there. If you do not want Vimeo to associate the data collected via our website directly with your Vimeo account, you must log out of Vimeo before visiting our website.
For more information on the purpose and scope of data collection and further processing and use of the data by Vimeo, as well as your rights and settings to protect your privacy, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy
3-D View
To provide virtual 360-degree tours offering an interactive way to explore rooms online, we use the following service provider on our website: Kuula LLC, 2176 Coldwater Canyon Dr, Beverly Hills, CA 90210, USA.
The provider collects and analyzes personal data. The provider provides the following information:
Log file information: This includes web requests, IP addresses, browser types, referring/exit pages and URLs, number of clicks, and how users interact with links on the service.
Cookies and similar technologies: We use these to collect information about how users interact with our tours, helping us to improve the user experience.
Analytical information: We use third-party analytics tools that collect data sent from your device or our service, such as visited websites and used add-ons.
We obtain your consent for the described processing of your data in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG.
You can withdraw your consent at any time with effect for the future. To exercise your withdrawal, deactivate this service via the “Cookie Consent Tool” provided on the website or in the settings under the privacy notices.
Matomo (formerly Piwik) without Cookies
On this website, certain user information is collected and stored using the web analytics software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”). Pseudonymized user profiles can be created and evaluated from this information. The information collected using Matomo technology (including your pseudonymized IP address) is processed on our servers. This website exclusively uses Matomo without cookies, meaning Matomo does not set cookies on your device at any time.
Insofar as personal data is processed during the described procedures, the processing is based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR.
If you disagree with the storage and evaluation of information from your visit, you can object to the storage and usage for the future at any time by clicking. In this case, a so-called opt-out cookie will be placed in your browser, which means Matomo will not collect any session data. Please note that fully deleting your cookies will also delete the opt-out cookie, which may need to be reactivated.
Social Networks
In addition to this online offering, we also maintain presences on various social media platforms, which you can access via corresponding buttons on our website. When you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to storing the data you specifically enter on this social media platform, the provider may also process further information.
For more information, please refer to our Social Media Privacy Policy.
Changes to Our Privacy Policy
We reserve the right to update our privacy policy at short notice to ensure compliance with current legal requirements or to implement changes to our services. This may include the introduction of new services. For your next visit, the new privacy policy will apply.