Privacy policy

We are very delighted that you have shown interest in our organization. Data protection is of a particularly high priority for the management of Baum und Zeit. The Baum und Zeit website can be used without providing any personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Baum und Zeit. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, Baum und Zeit has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Baum und Zeit
Straße nach Fichtenwalde 13
14547 Beelitz-Heilstätten

Tel. : 033204/634723
info@baumundzeit.de
www.baumundzeit.de

Vertreten durch:

Managing Director: Beate Hoffmann
Managing Director: Georg Hoffmann
Managing Director: Daniel Reiche

Susanne Hartisch
Am Fuchsbau 15a
14554 Seddiner See

datenschutz@datarange.de

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

When visiting the website personal data is transferred to a server of our web hosting provider. The following data is processed:

  • IP address
  • Browser type and version
  • Operating system
  • Access status/http status code
  • Date and time of the request and the time zone
  • Referrer URL
  • Transferred data volumes
  • Internet Service Provider

This data is necessary to be able to access the website.

Our legitimate interest pursuant to Art. 6 I lit. f GDPR lies in the provision of an online offer by a professional provider for advertising and information purposes for our (potential) customers and for interested users. The web hosting is carried out in the sense of order processing. We have concluded a corresponding order processing contract with our provider.

The website runs on the Hetzner Online GmbH network. The server location is Germany.

Your data will be deleted as soon as it is no longer required for the fulfillment of the purpose. This is generally the case when your visit to our website has ended, but at the latest after 24 hours.

As part of the procurement of bookings and the purchase of items (shop), the following personal data is collected for the purpose of the proper handling of business processes: Name, address, e-mail, telephone number and fax if applicable.

This data is subject to the legally prescribed retention period of 10 years in accordance with Section 257 (4) of the German Commercial Code (HGB) and is stored in our system for this period accordingly.

The basis for data processing is Art. 6 para. 1 lit. b GDPR.

We use the Go~mus software from Giant Monkey Software Engineering GmbH, Brunnenstraße 7d, 10119 Berlin, Germany, to process bookings. The data processing takes place exclusively in Germany, in a member state of the European Union or in another state party to the Agreement on the European Economic Area.

Mit diesem Anbieter haben wir einen AV-Vertrag abgeschlossen.

Für die Zahlungsabwicklung stehen Ihnen verschiedene Möglichkeiten zur Verfügung:

Paypal:

Wir bieten die Möglichkeit, den Zahlungsvorgang über den Zahlungsdienstleister PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) abzuwickeln. Dies entspricht unserem berechtigten Interesse, eine effiziente und sichere Zahlungsmethode anzubieten (Art. 6 Abs. 1 lit. f DSGVO). Im Zusammenhang der Vertragserfüllung (Art. 6 Abs. 1 lit b. DSGVO) geben wir folgende Daten an PayPal weiter:

  • Vorname
  • Nachname
  • Adresse
  • E-Mail-Adresse
  • Telefonnummer

PayPal führt bei verschiedenen Diensten wie Zahlung per Lastschrift eine Bonitätsauskunft durch, um Ihre Zahlungsbereitschaft und -fähigkeit sicherzustellen. Dies entspricht dem berechtigten Interesse PayPals (gem. Art. 6 Abs. 1 lit. f DSGVO) und dient der Vertragsdurchführung (gem. Art. 6 Abs. 1 lit. b DSGVO). Dafür werden Ihre Daten (Name, Adresse und Geburtsdatum, Bankkontodetails) an Auskunfteien weitergegeben. Wir haben auf diesen Prozess keinen Einfluss und erhalten lediglich das Ergebnis, ob die Zahlung durchgeführt oder abgelehnt wurde oder eine Überprüfung aussteht.

Weitere Informationen zum Datenschutz und der Verarbeitung Ihrer personenbezogenen Daten finden Sie unter: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Kreditkarten oder Giropay

Giropay:

Hierbei handelt es sich um eine Online-Überweisung ähnlich wie eine normale Überweisung per Vorkasse, die direkt über das Online-Banking Ihrer Bank oder Sparkasse abgewickelt wird, sofern es von dieser unterstützt wird.

Die Nutzung von Giropay ist kostenfrei und ohne vorherige  Registrierung möglich.

Hierzu geben wir den Rechnungsbetrag, und Verwendungszweck an Ihre Bank/Sparkasse weiter. Wir erhalten von Ihrer Bank/Sparkasse lediglich die Mitteilung, dass der Betrag überwiesen wurde.

Der Bezahlvorgang erfolgt über Ihren Zugang zu Ihrem Online-Banking. Weitere Informationen zum Umgang mit Ihren personenbezogenen Daten entnehmen Sie bitte der Datenschutzerklärung Ihrer Bank oder Sparkasse.

Kreditkarten

Wir ermöglichen Ihnen das Bezahlen mittels Kreditkarten wie Visa, Mastercard, Diners Club International. Bei diesem Bezahlvorgang werden Sie auf die jeweilige Website Ihres Zahlungsdienstleisters weitergeleitet, um dort den Zahlungsprozess fertigzustellen.

Bei diesem Bezahlvorgang fragen wir Ihren Namen und die Kreditkartennummer ab. Dies ist für die Vertragsabwicklung (Art. 6 I lit. b DSGVO) notwendig.

Weitere Informationen zum Umgang mit Ihren personenbezogenen Daten entnehmen Sie bitte der Datenschutzerklärung Ihres Zahlungsdienstleisters.

Sofern Sie die Zahlart Kreditkarte oder Giropay ausgewählt haben, leiten wir Sie nach Abschluss der Bestellung auf die eingebundene Webseite des entsprechenden Zahlungsdienstleisters weiter. Dort können Sie nach Eingabe Ihrer Zugangsdaten die Zahlung über den Dienstleister beauftragen. Dazu übermitteln wir insbesondere den konkreten Zahlungsbetrag an den eingesetzten Dienstleister. Die Zahlungsarten Giropay und Kreditkarte werden durch die Adyen N.V., (Standort Deutschland: Friedrichstraße 63, 10117 Berlin) abgewickelt.

Adyen N.V. ist ein Zahlungsdienstleister und erbringt als solcher Acquiring-Dienstleistungen für ihre Kunden. Als Acquirer nimmt Adyen N.V. Zahlungen im Auftrag eines Händlers entgegen und überweist die vom Käufer (d. h. „Ihnen“) geleistete Zahlung an den Händler. Die Aufgabe besteht darin, das jeweilige Zahlungssystem, z.B. Mastercard oder Visa zu veranlassen, die Transaktion zu autorisieren und die Autorisierung zur Genehmigung an das Bankinstitut des Käufers zu senden. Wenn das Bankinstitut die Transaktion genehmigt, wird Adyen N.V. vom jeweiligen Zahlungssystem darüber benachrichtigt und überweist die Zahlung an das Bankinstitut des Händlers.

Adyen N.V. verarbeitet die Daten, die sie zur Wahrnehmung der berechtigten Interessen, d. h. der Erbringung der so genannten Acquiring-Dienstleistungen für die Händler benötigen. Das bedeutet, dass sie Ihre Zahlung im Auftrag von uns entgegennehmen und sich um alles kümmern, was im Zusammenhang mit solchen Finanztransaktionen steht. Darüber hinaus kann Adyen N.V. das jeweilige Zahlungssystem kontaktieren oder ihre aktuellen Kartendaten auf der Adyen-Plattform abrufen, um Ihre Zahlung in die Wege zu leiten, wenn ein Händler Ihre Karte aufgrund einer wiederkehrenden Zahlung belasten will, aber Ihre Karte abgelaufen ist.

Ferner verarbeitet Adyen N.V. Ihre Daten, um ihre gesetzlichen Verpflichtungen als Finanzinstitut wie die Kontrolle von Finanztransaktionen zur Verhinderung von Geldwäsche und Terrorismusfinanzierung zu erfüllen. Für diese Zwecke kann Adyen N.V. Ihre Kartennummer (die gemäß den PCI-DSS-Standards verschlüsselt wird), das Ablaufdatum (Monat und Jahr) Ihrer Kreditkarte, Ihre Kontodaten (in der Regel ohne Ihren Namen) einschließlich IBAN und SWIFT/BIC, den Transaktionsbetrag und die Währung, in der die Transaktion getätigt wurde, das Datum, den Zeitpunkt und den Ort der Transaktion sowie die Kategorie und die ID des Händlers erfassen, bei dem Sie einkaufen.

Erforderlichenfalls kann Adyen N.V. zusätzlich alle vorgenannten Daten zur Wahrnehmung ihrer berechtigten Interessen im Zusammenhang mit unter anderem Rechtsforderungen und gesetzlichen Verpflichtungen zur Verarbeitung Ihrer Daten speichern.

Außerdem verarbeitet Adyen N.V. Ihre personenbezogenen Daten für die folgenden Zwecke:

Erbringung der Dienstleistungen, die wir mit unseren Kunden und den jeweiligen Zahlungssystemen vereinbart haben, Einhaltung der anwendbaren Rechtsvorschriften, Analysen zu statistischen, strategischen und wissenschaftlichen Zwecken und Schutz unserer Plattform, Systeme und Dienste vor Missbrauch, Betrug, Finanzdelikten oder sonstiger unerlaubter oder rechtswidriger Aktivität.

Im Rahmen der Weiterleitung von Zahlungen kann Adyen N.V. Ihre personenbezogenen Daten verarbeiten, um erforderlichenfalls Zahlungen an Sie vorzunehmen oder Beträge von Ihrem Konto einzuziehen.

Adyen N.V. bewahrt Ihre Daten nur so lange auf, wie sie diese Daten nach vernünftigem Ermessen zu den vorgenannten Zwecken benötigt.

Adyen N.V. bewahrt die erfassten Daten auf, um die Transaktion gemäß geltendem Recht durchführen zu können. In den meisten Gerichtsbezirken sind das sieben Jahre nach dem Abschluss der jeweiligen Transaktion, um unsere steuerlichen, geschäftlichen und sonstigen rechtlichen Verpflichtungen zu erfüllen.

Die vorgenannte Speicherfrist kann länger sein, wenn dies nach geltendem Recht oder zur Ausübung der Geschäftstätigkeit nötig ist. Die Adyen N.V. speichert Ihre personenbezogenen Daten solange, bis die jeweiligen Forderungen geklärt sind. Also bis der Zahlungsvorgang abgeschlossen ist und keine Ansprüche mehr bestehen oder geltend gemacht werden können.

In manchen Gerichtsbezirken benötigt Adyen N.V. die Unterstützung von Dritten, um Ihnen die Acquiring-Dienstleistungen oder Ausgabedienstleistungen für unter anderem Zahlungssysteme wie Mastercard oder VISA anbieten zu können. Es hängt von Ihrem Standort, Ihrer Zahlungsmethode und der ausgebenden Bank ab, welches dieser Zahlungssysteme verwendet wird. Darüber hinaus leitet Adyen N.V. Ihre Daten an den Händler (an uns) weiter. Außerdem kann Adyen N.V. bestimmte personenbezogene Daten an zuständige Behörden und/oder Regulierungsbehörden weitergeben, wenn dies erforderlich ist, um der Verpflichtung als Finanzinstitut nachzukommen. Dies ist beispielsweise der Fall, wenn dies zur Verhinderung von Geldwäsche oder Terrorismusfinanzierung notwendig ist. Weitere Informationen finden Sie unter: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy.

Der Anbieter Adyen N.V. hat sich zum Schutz der personenbezogenen Daten seiner Kunden zur Einhaltung der Standard Contractual Clauses der Europäischen Kommission verpflichtet.

You have the option of contacting us by telephone, e-mail or our contact form on this website.

E-Mail:

The e-mail transmission is SSL- or TLS-encrypted on our part. When you send us an e-mail, we collect the personal data that you provide to us for this purpose. (Your e-mail address, possibly your name, (business) address, telephone number or all personal data that you transmit to us. Your personal data will be deleted as soon as it is no longer required and there are no statutory retention obligations to the contrary.

Phone:

If you contact us by telephone, we collect the personal data that you provide to us for this purpose. (e.g. your telephone number, your name, (business) address, telephone number or all personal data that you transmit to us. Your personal data will be deleted as soon as it is no longer required and there are no statutory retention obligations to the contrary.

Contact form:

The transmission is SSL- or TLS-encrypted on our part. If you send us an inquiry using the contact form, we collect the personal data that you provide to us for this purpose. (Your e-mail address, your name, telephone number if applicable and all personal data that you transmit to us). Your personal data will be deleted as soon as it is no longer required and there are no statutory retention obligations to the contrary.

Data processing for the purpose of contacting us is based on our legitimate interest in accordance with Art. 6 I lit. f GDPR.

You have the option of applying to us by e-mail, telephone or WhatsApp.

We collect the personal data that you provide to us for this purpose. (Your e-mail address, your name, address, telephone number, all personal data relating to your application, e.g. CV and references).

The legal basis for the processing of your personal data results from Art. 6 I lit. b GDPR and § 26 I 1 BDSG.

Your application documents will be forwarded to the application process and processed accordingly within our company. Your personal data will be deleted as soon as it is no longer required and there are no statutory retention obligations to the contrary.

As a rule, the personal data will therefore be deleted no later than 6 months after the decision to fill the position.

via e-mail:

The e-mail transmission is SSL- or TLS-encrypted on our part.

via phone:

On the telephone, we collect the personal data we need from you for an application.

via Whatsapp:

An application from you via Whatsapp is voluntary. Please note that the provider’s data protection conditions apply to data transmission. Data transfer to the USA is not excluded. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

Whatsapp belongs to Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal
Harbour, Dublin 2, Ireland.

Whatsapp states that all data is only stored in encrypted form, meaning that this data cannot be viewed by the company. According to Whatsapp, transferred photos, videos or other documents are only stored temporarily.

Whatsapp also processes its users’ metadata without encryption. This includes the following data:

  • Phone number
  • Location
  • IP address
  • Device information
  • Type and frequency of app use
  • when who sends messages to whom.

Whatsapp states that it forwards collected data to other meta companies.

All information can be found in Whatsapp’s privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea.

Please note that we will provide you with an alternative means of transferring your data. It is possible to apply by e-mail or telephone.

In order to obtain consent for further data processing that is not technically necessary and to be able to provide proof of this, we use the consent management software Compliance GDPR/CCPA Cookie Consent.

The following cookies are stored:

cmplz_banner-status

cmplz_consented_services

cmplz_functional

cmplz_marketing

cmplz_policy_id

cmplz_preferences

cmplz_statistics

All cookies have a lifetime of 355 days.

The software records the consent or refusal of further cookies on this website and thus prevents the transfer of your personal data to third parties in the event of non-consent.

The software used collects and stores the following data from you:

  • IP address in anonymized form
  • Technical browser data
  • the current website URL
  • the cookies you have authorized as proof of consent

This cookie remains active for 12 months, unless you delete it yourself beforehand, and serves as proof of the consent given on our website.

The legal basis for the processing of your personal data is basically Art. 6 I lit. c GDPR.

For some processing activities on our website, we use cookies if you have given us your consent.

(The legal basis in this case is Art. 6 I lit. a GDPR)

 

Google-Maps

Google Maps is integrated on our website by means of an API (provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

With your consent, when you click on the corresponding button, Google records your IP address and your activities that you carry out via Maps. This data includes specific locations, calculated routes, businesses and institutions that you view via Maps. Google places a cookie (called NID) on your end device in the browser to collect this data. This data is forwarded to Google servers in the USA and stored there. The validity of this cookie is 6 months.

Further information on how your data is handled when using Google services can be found at: https://policies.google.com/privacy?hl=de.

Youtube 

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you give us your consent by clicking on the preceding notice, your data will be transferred to the provider.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR.

The following cookies are set with your consent:

CONSENT:

Used to store the user’s cookie choices. This cookie is stored for 2 years.

PREF:

Used to store information such as your preferred page configuration and playback settings such as explicit autoplay options, random mix and player size. For YouTube Music, these settings include volume, repeat mode and autoplay. This cookie expires 8 months after the last use by the user.

VISITOR_INFO1_LIVE:

The purpose of this cookie is to measure the bandwidth of YouTube. It is stored for 180 days.

YSC:

Cookie is used to follow visitors on the website. The aim is to show ads that are relevant and appealing to the visitor. This is a so-called session cookie. It is therefore deleted as soon as you close the website in your browser.

Further information on the use of your personal data, in particular on the use of cookies, can be found on the following website: https://policies.google.com/technologies/cookies?hl=de.

You can find Google’s entire privacy policy at: https://policies.google.com/privacy?hl=de

Facebook

We use the services of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal
Harbour, Dublin 2, Ireland.

Facebook is integrated on our website by means of an (image) link. Clicking on this link will take you directly to our Facebook company page. Personal data will only be transferred to Facebook after you click on the link.

When you registered/created a user account, you acknowledged and agreed to Facebook’s privacy policy (Data Usage Policy: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0; also to be found here: further terms such as terms of use, data policy, cookie policy etc.)

The use of the services provided by Facebook is your own responsibility. We would simply like to point out that commenting on, sharing or rating our posts may result in this also being visible to people outside your friends list. Through our Facebook presence and the associated reach, your posts may also gain a higher reach.

When you visit our Facebook page, Facebook records your IP address and sets cookies, among other things. This information is used to provide us, as the operator of the Facebook pages, with statistical
information about the use of the Facebook page.
Facebook provides more information on this under the following link:
http://de-de.facebook.com/help/pages/insights
The data collected about you in this context will be processed by Meta Platforms.
and may be transferred to countries outside the European Union (e.g. the USA).
(e.g. the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU).

Exactly what information Facebook receives and how it is used,
Facebook only describes in general terms in its data usage guidelines. There
you will also find information about how to contact Facebook and about the
setting options for advertisements.

How Facebook uses the data from visits to Facebook pages for its own purposes
purposes, to what extent activities on the Facebook page are assigned to individual
Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a
data from a visit to the Facebook page is passed on to third parties is not
is not conclusively and clearly stated and is therefore not sufficiently known to us.

When you access a Facebook page, the IP address assigned to your end device is transmitted to
Facebook is transmitted. According to Facebook, this IP address is anonymized. Facebook also stores information about the
devices of its users (e.g. as part of the “login notification” function).
This may allow Facebook to assign IP addresses to individual users.
possible.

Instagram

We use the services of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal
Harbour, Dublin 2, Ireland.

Instagram is integrated on our website by means of an (image) link. Clicking on this link will take you directly to our Instagram company page. Personal data is only transferred to Instagram after you click on the link.

When you registered/created a user account, you acknowledged and agreed to Instagram’s privacy policy (Data Usage Policy: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect; also to be found here: further terms such as terms of use, data policy, cookie policy etc.)

The use of the services provided by Instagram is your own responsibility. We would simply like to point out that commenting on, sharing or rating our posts may result in this also being visible to people outside your friends list. Through our Instagram presence and the associated reach, your posts may also achieve a higher reach.

When you visit our Instagram page, Instagram records your IP address and sets cookies, among other things. This information is used to provide us, as the operator of the Instagram pages, with statistical
information about the use of the Instagram page and to place targeted advertising. The data collected about you in this context is processed by Meta Platforms and may be transferred to countries outside the European Union (e.g. the USA). Please note that the same level of protection under data protection law cannot be guaranteed in the USA as within the EU).

Exactly what information Instagram receives and how it is used is
Instagram only describes in general terms in its data usage guidelines. There
you will also find information about how to contact Instagram and about the
setting options for advertisements.

How Instagram uses the data from visits to Instagram pages for its own purposes
purposes, to what extent activities on the Instagram page are assigned to individual
users, how long Instagram stores this data and whether data from a visit to the Instagram
from a visit to the Instagram page is passed on to third parties is not conclusively and clearly
is not conclusively and clearly stated and is therefore not sufficiently known to us.

When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram.
Instagram is transmitted. According to Instagram, this IP address is anonymized. Instagram also stores information about the end devices of its users (e.g. as part of the “login notification” function). This may enable Instagram to assign IP addresses to individual users.

The following rights apply to all the above-mentioned processing activities on our website:

Every data subject has the right to Information (Art. 15 GDPR). You have the right to find out from us whether and which of your personal data we process.

The right to rectification (Art. 16 GDPR) allows you to demand the immediate correction of objectively incorrect data.

The right to deletion (Art. 17 GDPR) gives you the right to demand that we delete your stored personal data immediately if one of the reasons listed in Art. 17 GDPR applies.

You can request the restriction of data processing (Art. 18 GDPR) if one of the reasons stated in Art. 18 GDPR applies. This is the case, for example, if you dispute the accuracy of your stored data.

The right to withdraw consent (Art. 7 (3) GDPR) allows you to withdraw your consent to the processing of your personal data at any time. Please note in this context that your revocation does not apply to the past. All personal data that was processed on the basis of the consent until the withdrawal was processed lawfully.

In addition, you have the right to lodge a complaint (Art. 77 GDPR) with the competent supervisory authority. As a rule, this is the supervisory authority of the federal state in which you have your permanent residence.

 

No profiling is carried out by our company on our website.