We attach great importance to data protection.

Data protection declaration

The following privacy policy applies to the use of the website www.fuf.de (hereinafter "website"). The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above-mentioned portal.
 

Responsible body

The controller for the collection, processing and use of your personal data within the meaning of the GDPR is

FUF// Frank and friends GmbH
Hirschstraße 14
70173 Stuttgart, Germany
 

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the above-mentioned responsible body.
 

Access data

We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our online offer (so-called server log files). The access data includes the name and URL of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval (HTTP response code), browser type and version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider. We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operation, security and optimization of our online offer, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services. This information enables us to search for and rectify errors and improve our services. We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).
 

Cookies

The website uses so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. The cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit.
 

Matomo

Our website uses Matomo (formerly Piwik) for web analysis, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo") using cookie technology. The processing of your personal usage data is anonymized. It is not possible for us to identify you personally. Further information on Matomo's terms of use and data protection regulations can be found at: https: //matomo.org/privacy/

Click here to stop the pseudonymous data collection.
 

E-mail contact

If you contact us (e.g. via contact form or email), we will store your details for the purpose of processing your inquiry and in the event that follow-up questions arise. We only store and use other personal data if you consent to this or if this is permitted by law without special consent.
 

Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
 

YouTube

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

When a YouTube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the storage of cookies for the Google Ad program, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at "Youtube" can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/
 

Legal basis and storage duration

The legal basis for data processing in accordance with the above paragraphs is Art. 6 para. 1 letter f) GDPR. Our interests in data processing are, in particular, to ensure the operation and security of the website, to investigate how visitors use the website and to simplify the use of the website. Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.
 

Your rights as a data subject affected by data processing

Under the applicable laws, you have various rights with regard to your personal data. If you wish to assert these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address given in the legal notice.

Below you will find an overview of your rights.
 

Right to confirmation and information

You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information from us free of charge about the personal data stored about you, together with a copy of this data. You also have the right to the following information

1. the purposes of processing;
2. the categories of personal data being processed
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
5. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
6. the existence of the right to lodge a complaint with a supervisory authority
7. if the personal data is not collected from you, all available information about the origin of the data
8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
    

Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the , you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
 

Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:

1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
4. The personal data has been processed unlawfully.
5. The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.
6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If we have made the personal data public and we are obliged to delete it, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.
 

Right to restriction of processing

You have the right to obtain from us restriction of processing where one of the following applies

1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
3. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
4. you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override yours.
    

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where

1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
 

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
 

Disclosure of data to third parties, no data transfer to non-EU countries

In principle, we only use your personal data within our company. If and insofar as we involve third parties in the fulfillment of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service. In the event that we outsource certain parts of data processing ("order processing"), we contractually oblige order processors to use personal data only in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject. There is no data transfer to bodies or persons outside the EU and there are no plans to do so.
 

Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
 

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities. We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers. We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We generally store this mainly company-related data permanently.
 

Security measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).