June 2021 I. Name and address of the person responsible The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: MST-Design e.K. Lutherstrasse 62 73614 Schorndorf Telephone: 0049 (0) 7181/89 44 3 Telephone: 0049 (0) 7181/98 56 81 5 www.mst-design.de firstname.lastname@example.org II General information on data processing 1. Scope of processing of personal data In principle, we only collect and use personal data of our users insofar as this is necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing. 3. Data deletion and storage duration The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
III. Provision of the website and creation of log files 1. Description and scope of data processing Every time our website is called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected: Information about the browser type and the version used The user's operating system The user's internet service provider The IP address of the user Date and time of access Websites from which the user's system reached our website Websites that are accessed by the user's system via our website The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place. 2. Legal basis for data processing The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit.f GDPR. 3. Purpose of data processing The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session. The storage in log files takes place in order to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing according to Art. 6 Para. 1 lit.f GDPR also lies in these purposes. 4. Duration of storage The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Any further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the accessing client. 5. Possibility of objection and removal The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.