Responsible in terms of the European General Data Protection Regulation (GDPR) and other national data privacy statements of the EU member states as well as other privacy regulations – for the website «empire2.info» is:
Speaking of the «controller» or respectively of «we» designates the author of the website empire2.info, the responsible person mentioned above.
«Data subject» or respectively «you» denotes the user or visitor of the website. To be exact: a natural person whose personal data is processed by a controller.
«GDPR»: General Data Protection Regulation
«EU», respectively «Union»: European Union
Link to the official website of the GDPR of the EU in all languages of its member states
In following statement we believe to have achieved utmost exactness and comprehensibility and tried to our best knowledge and belief.
In general we only process personal data of data subjects as far as we require it to allocate a functioning website, its content and services. Processing of personal data takes place only in compliance with the data subject. Exception takes place in those cases where prior consent in fact is not possible to obtain and processing of data is, due to statutory provision, permitted.
As far as the controller obtains assent for processing personal data, point (a) of Article 6(1) GDPR provides the legal basis.
Point (b) of Article 6(1) GDPR provides the legal basis for processing personal data necessary for the performance of a contract to which the data subject is party. This also includes processing needed to perform conditions prior to entering into a contract.
As far as processing personal data concerns fulfilling of a lawful obligation that the controller is subject, point (c) of Article 6(1) GDPR provides the legal basis.
In case that information of vital interest for the data subject or of another natural persons require processing personal data, point (d) of Article 6(1) GDPR serves as the legal basis.
Is processing necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, point (f) of Article 6(1) GDPR applies as legal basis.
Personal data of the data subject will be deleted or locked as soon as the means of storing doesn’t apply anymore. Above all storing data can occur, as far as the controller is subject to regulations stated by EU or national legislators within legal regulations of the EU. Suspension or deletion of data can also occur, if due to the mentioned standards the required data retention period expires. Unless it’s required to store the data further to for a conclusion or fulfilment of a contract.
Anytime our website is visited our system does not create any server logfiles.
On our website we make use of the open-source software tool Matomo to analyse the browsing behaviour our website users. The software saves cookies onto the user’s computer.
What are cookies? Cookies are text files that are saved by the user’s browser onto the computer system. Does a user browse to a webpage a cookie can be placed onto the user’s operating system. The cookie contains a distinctive string of characters to identify the browser when the website is visited anew.
Every time a webpage is visited following data will be saved:
The analytics software runs solely on the server where our website is hosted. Storage of personal data of the data subject exclusively occurs there. No data is passed to third parties.
Furthermore the software does not store the full IP-address, but is shortened by two bytes (ie. 192.168.xxx.xxx). Consequently, correlation of the any IP-address of the computer used for visiting our website is not possible.
As far as we obtain assent for processing personal data, point (f) of Article 6(1) GDPR provides the legal basis.
Processing of above described data enables us to analyse the browsing behaviour of our users. The evaluation of that data allows us to collate the information about the website visits of the data-subjects. That allows us to make our website more user-friendly and constantly optimise it. This aim is the legitimate interest in processing data according to point (f) of Article 6(1). By making the IP-address anonymous we sufficiently accommodate the user’s interest of protecting his or her personal data.
The data will be deleted as soon as they are not necessary anymore for above mentioned purposes. In our case data is deleted after 40 days.
Cookies are saved onto the data subject’s computer system and information passed on to the controller’s server. Therefore users have full control over the usage of cookies. The user can, by changing the preferences in the browser, deactivate cookies or limit the cookie’s functionality. Cookies already saved can be deleted at any time, deletion can also be automated.
Further information according privacy protection of the Matomo Software you can find at: https://matomo.org/docs/privacy
Establishing contact with us is possible by using the provided e-mail-address. In this case personal data sent to us via e-mail will be saved.
No data will be passed on to third parties. The data will only be used for processing the conversation.
Legal basis for processing of data is, in case there consent of the user, point (a) of Article 6(1) GDPR.
Legal basis for processing data according to sending of e-mails is point (f) of Article 6(1) GDPR. Does the e-mail contact aim at a conclusion of contract, additionally point (b) of Article 6(1) GDPR is the legal basis for processing.
Processing personal data of an e-mail serves for handling the e-mail conversation only. Therein lies the legitimate interest in processing the data.
Personal data will be deleted as soon as the conversation with the user has ended. The conversation ends, when it becomes clear of the circumstances, that the concerned inquiry was finally clarified.
At any time the user has the option to object to his or her consent of processing personal data. Does the user get in contact with us via e-mail, he or her can at any time object against storing personal data. In such a case the conversation cannot be continued.
For this case please send a letter to the address:
All personal data that were stored for the establishing of contacts will be deleted.
In case that personal data of you is being processed, you are the person concerned by the means of the GDPR and you are entitled to following rights against the responsible party:
You can demand a confirmation from the accountable party, if personal data about you is being processed. You can demand following information:
You’re entitled to claim information about whether personal data concerned is passed on to a third party country or to an international organisation. In that respect you can also request to be informed about eligible safeguards according to Article 46 GBPR.
You are entitled to rectification and/or completion against the person in charge, as far as the processed data concerned is incorrect or incomplete. The person in charge has to carry out the amendment without delay.
Under following circumstances you can demand that personal data concerning you has to be restricted:
Where processing has been restricted, such personal data will be, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
After processing was rectified, according to above mentioned requirements, you will be informed by the controller before the confinement is abrogated.
1. Obligation to erasure
You can demand that the party responsible immediately must delete personal data concerning you. The party responsible has to immediately delete the data provided following reasons:
2. Information to third parties
Did the responsible person publish the personal data concerned and is he obliged to delete the data according to Article 17(1) GDPR, the person in charge takes appropriate measures – in regard to available technology and costs of implementation – to inform the responsible people that process personal data, that the person concerned demanded the deletion of all links to the personal data its copies or replications.
The right to deletion does not apply as far as processing is required
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising his or her right to data portability the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others must not be adversely affected.
That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
The data subject is entitled to withdraw his or her declaration of consent for data protection at any time. The withdrawal of consent does not affect the legitimacy of prior processing with consent before the data subject’s withdrawal.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This shall not apply if the decision:
However those decisions not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.