Konferenzraum der Orangery

Privacy Policy

According to § 5 TMG

Orangery Deutschland GmbH
Bismarckplatz 10/11
31135 Hildesheim

Tax-ID: 30/211/30900
Registration number: HRB 204880
Register court: Amtsgericht Hildesheim
CEO: Dominik Groenen
Phone: 0800 005 50 77
E-Mail-Adress: contact@orangery.io

Data Protection Officer

Jakob J. Klement
Bismarckplatz 10/11
31135 Hildesheim

Last Updated: 24.02.2020

Legal basis for our services and basic information on the use and disclosure of data.

The information in this Privacy Policy is intended to inform you of the purpose, scope and manner in which your personal information is processed within our entire online offering and all related websites, including their features and content (collectively referred to herein as "Website" or "Online Content"). This statement applies to all platforms and devices (such as mobile devices or desktop PCs) on which our online offering is used or executed, regardless of the domain or system used. This information is provided in accordance with Art. 13 GDPR.

The terms used, such as: "personal data" or their "processing" are explained in the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Persons affected by data processing include all visitors to our online offer, including business partners, interested parties and customers, hereinafter referred to as "users". The terms used, such as "User", "Customer" or "Service Provider" are to be understood as gender-neutral.
All personal user data will be processed in compliance with the relevant data protection regulations. The basis for this is the existence of a legal permit and the consent of the user. The data processing is for the performance of our contractual services (eg order processing) or the online service (eg to ensure and comply with legal regulations), or due to our legitimate interest (eg for the security of our online offer within the meaning of Art. 6 (1) GDPR, analysis to optimize the safety and efficiency of our business, including profiling for advertising and marketing purposes, collection of reach and access data and third-party services), we will use the data in accordance with the legal permission framework.

Art. 6 (1) a. and Art. 7 GDPR form the legal basis for the consent, Art. 6 (1) b. GDPR serves as the legal basis for the processing of contracts and services. The legal basis for the processing of the data to fulfill our legal obligations is Art. 6 (1) c. GDPR, and as a basis for the processing of the data is tosafeguard our legitimate interests, according to Art. 6 (1) f. GDPR.

Disclosure of data to third parties and third party providers

A transfer of data to third parties takes place exclusively in accordance with legal requirements. It only takes place if this is necessary for the purpose of the contract (in accordance with Article 6 (1) (b) GDPR) or because of legitimate interests in our economic and effective business operations (pursuant to Article 6 (1) GDPR).

In order to comply with the legal requirements and for the protection of personal data, we also take appropriate legal, technical and organizational measures when using subcontractors. If third-party services, tools or other means are used and the named seat of this provider is located in a third country, data transfer to that country is also likely. The GDPR is an EU regulation and applies to all member states. Transmission to countries outside the EU or the European Economic Area is only permitted with legal permission, consent of the users, or at an adequate level of data protection in the respective third country.

Measures for protection and safety

In order to protect the data processed by us from accidental or intentional manipulation, destruction, loss or access by unauthorized persons, and to comply with the provisions of data protection laws, we make technical, organizational and contractual security arrangements according to the state of the art.

The encrypted transmission of data between our server and your browser is one of the security measures used.

Fulfillment of contractual services

In order to fulfill our contractual and service obligations, we process stock data (for example name and address as well as contact data of the users) and data on concluded contracts (for example used services, information on payment and shipping) acc. Art. 6 (1) lit b. GDPR.

The required mandatory information for the creation of a user account will be communicated to the users during the registration. Indexing of user accounts by search engines is not possible because they are not public. Data from terminated user accounts will be deleted unless storage is necessary for commercial or tax law reasons (according to Art. 6 (1) (c) GDPR). Upon termination, it is up to the users to secure their data before the end of the contract. We are entitled to the irretrievable deletion of all data stored by the user during the term of the contract.
To protect against misuse or unauthorized use and to protect our legitimate interests, we store the IP address and time when registering, re-registering and using our online services. Basically, this data is not passed on to third parties, exceptions are the pursuit of our claims or a legal obligation under Art. 6 (1) c GDPR.
For advertising purposes, we create a user profile based on the usage data (eg visits to our web pages or specific product interests) as well as content data (entries in forms or information in the customer account) in order to be able to show users interesting product hints and offers.

Contact by the user

To process user requests (via email or contact form), the information of the user in accordance with. Art. 6 (1) b GDPR processed.

Online presence in social media

Based on our legitimate interests within the meaning of Art. 6 (1) f. GDPR we maintain online presence on social networks and platforms. There it tries to communicate with customers, interested parties and users, also there is informed about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

Insofar as this privacy statement does not specify any further processing of the data, the data of the users who communicate with us or interact with our content will be processed.

Measuring the range and use of cookies

Cookies are small files that are stored on the users computer.

We mainly use cookies (session cookies), which are deleted from the respective storage medium at the end of the browser session. Session cookies are needed for example, to allow shopping cart functions or to store your entries across multiple pages. However, we also use cookies that remain on the user's hard drive. This allows for automatic detection of the user when re-visiting and the preferred inputs and settings. These cookies are stored for a period of one month to 10 years on the hard disk and delete themselves after the given time. These cookies are primarily intended to make the online offering more user-friendly, secure and effective.

We also inform users within this Privacy Policy about the use of cookies in the context of pseudonymous range measurement. If users want to avoid storing cookies, this option can be disabled in the browser settings themselves. Already stored cookies can also be deleted there, however, the exclusion of cookies can lead to functional restrictions of our online offer. An objection to the use of cookies for the purpose of measuring reach and advertising purposes can be obtained through the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org), the European website http://www.youronlinechoices.com/uk/your-ad-choices and additionally the US-American website (http://www.aboutads.info/choices).

Collection of access data and records (logfiles)

Any access to our servers is subject to our legitimate interest within the meaning of Art. 6 (1) f. GDPR, corresponding data (so-called server log files), including date and time, amount of data, name of the accessed website, success report on the call, the operating system including browser type and version, the previously visited website, the IP address and the provider.
For the purpose of fraud or misuse the logfile information is stored for security reasons for a maximum of seven days and then deleted. If certain data is necessary for evidence purposes, the deletion will be postponed until the final clarification of the incident.

Use and use of Google Analytics

For the optimization, analysis and economic operation of our online offer, we rely on our own interest within the meaning of Art. 6 (1) f. GDPR, Google Analytics. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google uses cookies for the purpose of analysis with information about the use of the online offer by the users.

Google produces reports on the use of our online offer on our behalf. For this and for further services on our behalf, information about the activities of the users are collected within our offer. This information can also be used to create pseudonymous usage profiles.

In general, Google shortens the user's IP address within the EU or the EEA (IP anonymization enabled).

A combination of the IP address of the user and other Google data does not take place. Users can prevent the collection and processing of user data by downloading and installing the browser plug-in available at this link: http://tools.google.com/dlpage/gaoptout?hl=de The storage of cookies can also be done by Settings in the respective browsers are avoided.

In addition to the browser settings and Google's additional software, we offer another function to prevent data collection. Here you can see if the collection of your views via Google Analytics is activated on our website. You can also prevent capture by clicking "Disable Now". If you click the button, an HTML5 storage object is saved on your computer, which then ensures that no script is loaded by Google Analytics. If the site data is deleted in this browser, the link must be clicked again. Furthermore, the opt-out applies only within the browser you use and only within our respective webdomain, on which the link was clicked.

For further information on settings and possibilities of appeal as well as for data collection by Google, please contact Google directly: https://www.google.com/intl/de/policies/privacy/partners, http://www.google.com/policies/technologies/ads, You can also view and edit your ad settings here, https://adssettings.google.com/.

Integration and use of Facebook marketing services (Facebook and Custom Audiences)

Due to our legitimate interests within the meaning of Art. 6 (1) f. GDPR we use the so-called "Facebook Pixel" for our online offer, which is from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland is operated ("Facebook"). Facebook provides a guarantee that it complies with European data protection law, as evidenced by certification under the Privacy Shield Agreement ( https://www.privacyshield.gov/participant).

The Facebook Pixel is used by us to display the Facebook ads we have posted only to those Facebook users who have also shown an interest in our online offer, certain products or themes. In addition, with the help of the Facebook pixel, we want to make sure that our ads on Facebook meet the potential interest of users and not be annoying. The Facebook Pixel enables us to determine the effectiveness of our Facebook Ads and to compile statistics on how many users visit our online offer via an advertisement.

If one of our web pages is opened, the Facebook pixel is automatically integrated into the page and a cookie can be stored on the device of the user. If the user is logged into Facebook or logs-in later, the visit to our online offer will also be saved in the corresponding Facebook profile. The data collected are anonymous and do not allow any conclusions about the user identity by us. However, Facebook itself stores and processes the data, however, as a result of the connection to the respective Facebook profile, Facebook has the possibility to use it for advertising or market research purposes. Should a comparison of the data on our part be necessary with Facebook, these are first encrypted within the browser and only then sent by us via a secure connection to Facebook.

Scope and processing of the data are elaborated in Facebook's Data Usage Policy. You can also find basic tips for Facebook adverts at https://www.facebook.com/policy.php.
For more information about Facebook Pixel and how it works, visit the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
A appeal against the data collection by the Facebook pixel and against the use of your data to display Facebook ads is possible. To do this, visit the page set up by Facebook and follow the instructions for the usage-based advertising settings: https://www.facebook.com/settings?tab=ads. All settings are platform independent, the application is thus on all devices (such as mobile or desktop devices).

Whether the collection of your data via the Facebook pixel on our website is activated, you can see here. You can also prevent capture by clicking "Disable Now". When you click the button, an HTML5 storage object is stored on your computer. If the site data is deleted in this browser, the link must be clicked again. Furthermore, the opt-out applies only within the browser you use and only within our respective webdomain, on which the link was clicked.

An objection to the use of cookies for the purpose of measuring reach and advertising purposes can be obtained through the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/), the European website (http://www.youronlinechoices.com/uk/your-ad-choices/ and additionally the US-American website (http://www.aboutads.info/choices).

Integration and use of Zendesk

This website uses technologies from Zendesk Inc., 1019 Market St, San Francisco, USA (www.zendesk.com) pseudonymised data for the purpose web analysis and operating the live chat system to answer live support requests collected and saved. User profiles can be created from this pseudonymized data under a pseudonym. Cookies may be used. If the information collected in this way relates to a person processing is carried out in accordance with Art. 6 Paragraph 1 lit. f GDPR based on our legitimate interest in effective customer care and the statistical analysis of user behavior for optimization purposes. The data collected with Zendesk technologies will not be used to personally identify the visitor to this website and not with personal data without the separate consent of the person concerned Data about the bearer of the pseudonym merged. In order to avoid the storage of Zendesk cookies, you can set your internet browser in such a way that cookies can no longer be stored on your computer in the future or those that have already been stored Cookies are deleted. Switching off all However, cookies can mean that some functions on our website can no longer be performed. Data collection and storage for the purpose of creating a pseudonymized user profile you can always with future effect Deactivate by sending us your objection informally by email to the email address given in the imprint. Zendesk Inc., based in the USA, is for the US-EU data protection agreement "Privacy Shield" certified, which ensures compliance with the applicable in the EU Data protection levels guaranteed.https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active For more information, please see Zendesk's privacy policy: https://www.zendesk.com/company/privacy.

You can see here whether your data is activated using the Zendesk tool on our website. You can also prevent the recording by clicking on "Deactivate now" click. If you click the button, a HTML5 storage object stored on your computer. If the website data is deleted in this browser, the link must be clicked again. Furthermore, the opt-out only applies within the browser you are using and only within our respective web domain the link was clicked on.

Integration of services and content of third parties

Our online offer also includes offers from third-party providers. This is also based on our legitimate interest within the meaning of Art. 6 (1) f. GDPR. Content and its presentation (such as videos or fonts) require that third parties recognize the user's IP address. For the transmission of the contents to the browser this is unavoidable. When selecting third-party vendors, we take care to only use those vendors who use the IP address only for delivery of the content. In addition, third parties may use web beacons or pixel tags to collect data for statistics and marketing. As a result, for example information about the visitors of the website will be evaluated. All data may be stored in cookies on the device used by the user, pseudonymised. These data include technical information about the operating system and browser, as well as data on the use of the offer. This data can also be linked to data from other sources.

Below you will find an overview of the third-party providers we include, including links to the corresponding data protection statements. These also contain further information on possibilities of objection, as well as opt-out options, if these are possible.

Personal rights of users

Upon request, every user can obtain information about their personal data stored by us.

In addition, users have the right to have incorrect data rectified and to limit the processing and deletion of their personal data. In addition, the right to data portability can be invoked. A complaint to the competent supervisory authority is possible at any time.

Any consent given by the user can always be revoked at any time, only with future effect.

Data deletion

Data that is not subject to a statutory retention period will be deleted as soon as it is no longer necessary for your purpose. If the deletion is not possible due to its purpose or other provisions, its processing will be restricted. Blocking the data thus prevents processing for other purposes.
The storage takes place in accordance with § 257 exp. 1 HGB (for trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) for 6 years, as well as § 147 (1) AO (for books, records, management reports, accounting documents, trading and business letters, documents relevant to taxation, etc.) for 10 years.

Right to object

Users may object to the processing of their personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.

Updating the privacy policy

We reserve the right to change this privacy policy if the legal situation changes, as well as changes in our services or data processing. However, this applies exclusively with regard to declarations of data processing. If users' consent is required, or if elements of the privacy policy contain provisions of the contractual relationship with the users, changes are only possible with the consent of the users.
We ask users to regularly obtain independent information about the content of the privacy policy.