Privacy Policy

State: 25 May 2018

1. Name and address of the responsible person

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the European Union as well as other data protection regulations:

Matthias Fehring
Zum Südholz 8
34439 Willebadessen-Eissen
Germany

2. Scope of this privacy policy

This privacy policy applies to the websites and online services offered under the following domains:

3. General information on data processing

3.1. Scope of processing of personal data

I only process personal data of my users if this is necessary to provide functional websites and online services as well as my contents and services. The processing of personal data of my users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for effective reasons and processing of the data is permitted by law.

3.2.Legal basis for the processing of personal data

Insofar as I obtain the consent of the data subject for the processing of personal data, Art. 6(1)a GDPR serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

As far as a processing of personal data is necessary for the fulfilment of a legal obligation to which I am subject, Art. 6(1)c GDPR serves as legal basis.

If processing is necessary to maintain a legitimate interest on my part or that of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1)f GDPR serves as the legal basis for processing.

3.3. Data erasure and storage time

The personal data of the person affected will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

According to legal requirements in Germany, the storage takes place in particular for 10 years according to § 147(1) AO and for 6 years according to § 257(1) HGB.

3.4. Categories of persons affected

  • Visitors and users of the websites and online service listed at point 2 of this privacy policy
  • Visitors and users of websites and online services I operate for my customers (responsible for the data protection on these sites and services is the person named in the privacy policy of the respective website)

3.5. Safety precautions

In accordance with Art. 32 GDPR, I take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the current state of technology, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.

You will find my technical and operational data protection measures in this PDF file.

3.6. Cooperation with contract data processors and third parties

If, in the course of my data processing, I disclose personal data to other persons and companies (contract data processors or third parties), transfer them to them or otherwise grant them access to the personal data, this will only take place on the basis of a legal permission pursuant to Art. 6(1)b GDPR, your consent pursuant to Art. 6(1)a GDPR, a legal obligation pursuant to Art. 6(1)c GDPR or on the basis of my legitimate interest pursuant to Art. 6(1)f GDPR.

If third parties are commissioned by me with the processing of personal data, this is done on the basis of Art. 28 GDPR within the framework of a contract on data processing.

4. Providing my websites and online services

4.1. Description and scope of data processing

Every time you visit my websites and every time you use my online services, my systems automatically collect data and information from the computer system of the calling user.
The following data is collected:

4.2. Legal basis for the data processing

The legal basis for the temporary storage of data is Art. 6(1)f GDPR.

4.3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the web pages and online services to the user's computer. For this the IP address of the user must remain stored for the duration of the session. These purposes are also my legitimate interest in data processing according to Art. 6(1)f GDPR.

4.4. Storage duration

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of websites and online services, this is the case when the respective session has ended.

4.5. Possibility of objection and elimination

The collection of data for the provision of websites and online services is absolutely necessary for the operation of the websites and online services. Consequently, there is no possibility of objection on the part of the user.

5. Creation of log files

5.1. Description and scope of the data processing

My systems do not create log files for every single access to web pages (so-called access logs), but there is an evaluation of the calls using Matomo, which you can contradict here.

For security reasons, to avert danger and to correct errors, certain actions triggered by the user are logged, including in particular failed login attempts at services and websites that allow a login.

5.1.1. Error logs

All websites and online services provided by me log any internal errors that occur in log files. These entries do not contain an IP address, but may contain user names of the user whose action caused the error in order to find errors.

5.1.2. www.huessenbergnetz.de

  • If the contact form classifies an input as spam, the IP address of the user is logged in order to be able to better ward off cases of repetition.

5.1.3. statistik.huessenbergnetz.de

  • In case of failed login attempts at the Matomo administration interface, the IP address and the entered user name of the requesting user are logged in order to prevent misuse.

5.1.4. wolke.huessenbergnetz.de

  • In case of failed login attempts at the Nextcloud interface, the IP address and the entered user name of the requesting user are logged in order to prevent misuse.

5.1.5. skaffari.huessenbergnetz.de

  • When logging on to the Skaffari administration interface, the IP address and the user name entered by the requesting user are logged in order to prevent misuse.
  • For security reasons, all administrative actions performed by administrators are logged. The user name of the executing administrator is logged, but no IP address.

5.1.6. post.huessenbergnetz.de

also post.tc-eissen.de und post.die-friseurin.net

  • With each login to the web mail interface, the entered user name and the IP address of the requesting user are logged in order to prevent misuse.

5.1.7. SMTP, IMAP, POP3 and Sieve email server huessenbergnetz.de

  • During every communication with the e-mail system at huessenbergnetz.de via the protocols SMTP, IMAP, POP3 and Sieve, the user name and IP address of the requesting user are logged.

5.2. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is my legitimate interest in the secure operation of my information technology systems in accordance with Art. 6(1)f GDPR.

5.3. Purpose of the data processing

The storage of login information, fraud attempts and security-critical actions in log files ensures the security of my information technology systems. An evaluation of the data for marketing purposes does not take place in this context. My legitimate interest in data processing in accordance with Art. 6(1)f GDPR also lies in these purposes.

5.4. Storage duration

Data in log files will be deleted after seven days at the latest.

5.5. Possibility of objection and elimination

Logging of security-critical actions in log files is absolutely necessary for a secure operation of my systems. Consequently, the user has no right of objection.

6. Usage of cookies

6.1. Description and scope of the data processing

My websites and online services use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again.

I use cookies to make my website more user-friendly. Some elements of my web pages (e.g. login forms) require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

6.1.1. www.huessenbergnetz.de

Cookie name Optional Expiration Purpose
_hbnCookieHinweis yes to the end of the browser session stores whether the information banner was hidden by the user via the data protection, in order not to show it again each time the page is called up

6.1.2. statistik.huessenbergnetz.de

Cookie name Optional Expiration Purpose
piwik_ignore yes two years stores whether you have objected to the collection by Matomo web analytics
PIWIK_SESSID no to the end of the browser session stores the session ID required for logging in
piwik_auth no to the end of the browser session stores the authentification token required for logging in

6.1.3. wolke.huessenbergnetz.de

Cookie name Optional Expiration Purpose
oc_sessionPassphrase no to the end of the browser session stores the session password
random string no to the end of the browser session stores the session ID required for logging in
__Host-nc_sameSiteCookielax no approx. 83 years stores security settings
__Host-nc_sameSiteCookiestrict no approx. 83 years stores security settings

6.1.4. skaffari.huessenbergnetz.de

Cookie name Optional Expiration Purpose
Skaffari_session no to the end of the browser session stores the session ID required for logging in
csrftoken no to the end of the browser session stores a token to avoid CSRF attacks
domains_sort_col no to the end of the browser session stores sorting order settings
domains_sort_dir no to the end of the browser session stores sorting order settings
domains_filter_term no to the end of the browser session stores filter settings
domain_filters no to the end of the browser session stores filter settings

6.1.5. post.huessenbergnetz.de

alos post.tc-eissen.de und post.die-friseurin.net

Cookie name Optional Expiration Purpose
roundcube_sessid no to the end of the browser session stores the session ID required for logging in
roundcube_sessauth no to the end of the browser session stores the session authentification required for logging in

6.1.6. Matomo cookies

On some of my websites I additionally use cookies set by the web analytics software Matomo, which enable an analysis of the surfing behaviour of the users. Matomo is used on the following websites:

  • https://www.huessenbergnetz.de
  • https://doc.huessenbergnetz.de

Further information on the data collected by Matomo can be found in the corresponding section, where you can also object to the collection for the future.

Matomo sets the following cookies on the above mentioned pages:

Cookie name Optional Expiration Purpose
starts with _pk_ses no ca. 30 minutes identifying your session on the server
starts with _pk_id no ca. 13 months recognition of your visit

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

When accessing the above-mentioned websites, an information banner informs users about the use of cookies for analytical purposes and draws their attention to this privacy policy. In this context there follows also an explanation of how the collection by Matomo can be objected to in the future.

6.2. Legal basis for the data processing

The legal basis for the processing of personal data using cookies is Art. 6(1)f GDPR.

6.3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of my websites cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

Matomo's analysis cookies are used to improve the quality of my website and its content. Through the analysis cookies I learn how the websites are used and can thus constantly optimise my offer. Further information on analysis with Matomo can be found in the corresponding section.

The usage of cookies fo this purposes is my legitimate interest in accordance with Art. 6(1)f GDPR.

6.4. Storage duration, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to my pages. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for my web pages, it is possible that not all functions of the web pages can be used to their full extent.

7. Contact forms and email contact

7.1. Description and scope of the data processing

On some of my websites (www.huessenbergnetz.de) contact forms are available, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to me and saved. This data is:

  • name of the user
  • email address of the user
  • subject of the message
  • message text

At the time the message is sent, the following data is also stored:

  • date and time of sending

Alternatively, it may be possible to contact me via an e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

For the processing of data from contact forms, your consent is obtained within the scope of the sending process and reference is made to this privacy policy.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

7.2. Legal basis for the data processing

The legal basis for the processing of the data is Art. Art. 6(1)a GDPR, if the user has given his or her consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)f GDPR. If the e-mail contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6(1)b GDPR.

7.3. Purpose of the data processing

The processing of the personal data from the input mask serves me alone for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of my information technology systems.

7.4. Storage duration

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

7.5. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts me by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

To revoke your consent and/or to object to the storage, please simply send a corresponding request via the contact form to me or send an e-mail to .

All personal data stored in the course of contacting me will be deleted in this case.

8. Web analysis by Matomo (formerly PIWIK)

8.1. Description and scope of the data processing

On some of my websites I use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of my users. The used Matomo installation is operated by myself at statistik.huessenbergnetz.de. At the moment it is used on my following websites:

  • https://www.huessenbergnetz.de
  • https://doc.huessenbergnetz.de

Furthermore, I offer my customers the use of the Matomo installation at statistik.huessenbergnetz.de to analyze their own websites. With the customers who use this service, there is a contract in accordance with Art. 28 GDPR on order data processing. You will also find information on this in the privacy policy of the respective customer website.

Matomo stores cookies on the user's computer for better analysis (for cookies see above). If details of a website analysed by me are called up, the following data are stored:

  • two bytes of the IP address of the requesting system of the user
  • the requested website
  • the website from which the user has accessed the requested website (HTTP referer)
  • the subpages that are accessed from the accessed website
  • date and time of the request
  • duration of stay on the website
  • the frequency of visiting the website
  • the browser used, its version, language used and installed plugins
  • the operating system used and its version
  • the device used and its screen resolution
  • country and approximate city from which the request comes
  • average loading time of the accessed page

The software runs exclusively on my servers. The personal data of users is only stored there. A passing on to unauthorized third parties does not take place. Customers of my service only have access to the data of their own website(s).

The software is configured so that the IP addresses are not completely stored, but 2 bytes of the IP address are masked (e.g. 192.168.0.0). In this way it is no longer possible to assign the shortened IP address to the calling computer.

No data is merged across the boundaries of domains. In particular, no data from websites of different customers will be combined or passed on to other customers.

8.2. Legal basis for the data processing

The legal basis for processing the personal data of the users of my websites is Art. 6(1)f GDPR.

The legal basis for the processing of commissioned data for my customers is a contract concluded with the respective customer in accordance with Art. 28 GDPR on commissioned data processing.

8.3. Purpose of the data processing

The processing of users' personal data enables me, or my customer, to analyse the surfing behaviour of our users. We are able to compile information about the use of the individual components of our websites and online services by evaluating the data obtained. This helps us to constantly improve our online offer and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6(1)f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

In the case of commissioned data processing for customers, the purpose is to fulfil my business activities and to enable the respective customer to safely analyse his websites. For this purpose there is a contract between me and the respective customer who uses the service of statistik.huessenbergnetz.de in accordance with Art. 28 GDPR on commissioned data processing.

8.4. Storage duration

The data will be deleted as soon as they are no longer needed for our recording purposes. This is always the case after 367 days.

8.5. Possibility of objection and elimination

Matomo uses so-called cookies on the user's computer to improve the analysis, which are transferred from the user to our websites and online applications. Therefore, you as a user also have full control over the use of cookies. For more information about cookies, see the appropriate section.

Since the collected data is stored pseudonymised, no personal reference can be made from it. It is therefore not possible to delete specific data of individual users.

We also offer our users the possibility of an opt-out from the analysis procedure on all websites analysed by statistik.huessenbergnetz.de, including this one. To do this, simply click on the corresponding box in the next section. In this way, another cookie is set which signals the Matomo installation at statistik.huessenbergnetz.de not to store the user's data in the future. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again. The opt-out applies to all websites and online services analyzed by statistik.huessenbergnetz.de.

9. Hosting

9.1. Description and scope of the data processing

I use servers and infrastructure of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany to provide my websites and online services. Between me and Hetzner Online GmbH there is a contract according to Art. 28 GDPR about commissioned data processing. I offer my websites and online services, as far as possible, generally via an encrypted connection. If you access my websites and online services via an encrypted connection, the systems of Hetzner Online GmbH can only record your IP address and the IP address and host name of the target system. If the call is still made the first time or for other technical reasons via an unencrypted connection, the systems of Hetzner Online GmbH can also recognize the data listed under point 4.1. of this privacy policy.

Information about the data protection of Hetzner Online GmbH can be found in the provider's privacy policy. Information on the technical and operational measures carried out by Hetzner Online GmbH in accordance with Art. 32 GDPR can be found in this PDF document.

9.2. Legal basis for the data processing

The legal basis for the processing of personal data is my legitimate interest pursuant to Art. 6(1)f GDPR in an efficient and secure provision of my websites and online services.

9.3. Purpose of the data processing

The processing of personal data by Hetzner Online GmbH enables me to provide my own websites and online services. Only the purchase of infrastructure and server services makes my websites and online offers possible.

9.4. Storage duration

If Hetzner Online GmbH creates log files to protect its own infrastructure and information technology systems, these will be made anonymous after 7 days at the latest — which means that a personal reference can no longer be established.

9.5 Possibility of objection and elimination

The processing of data by Hetzner Online GmbH is absolutely necessary for the operation of the websites and online services. Consequently, there is no possibility of objection on the part of the user.

10. Hosting for thid parties and customers

9.1. Description and scope of the data processing

As part of my business activities, I offer third parties hosting and infrastructure services, including storage space and computing power. When providing websites and online services to third parties, the same data is collected as listed in point 4.1. of this privacy policy. For log files/log files the same applies as under point 5. of this privacy policy.

10.2. Legal basis for the data processing

Legal basis for the processing of personal data are contractually offered services and preliminary work according to Art. 6(1)b GDPR.

10.3. Purpose of the data processing

The processing of personal data for third parties enables me to conduct my business and provide services to third parties.

10.4. Storage duration

As far as personal data are not stored anonymously, they will be deleted by me after 7 days at the latest.

10.5. Possibility of objection and elimination

The collection of data for third parties is mandatory for the provision of my services and for the maintenance of my business operations. Consequently, there is no possibility of objection on the part of the user.

11. Rights of the data subjects

If your personal data is processed you are affected within the meaning of the GDPR and you have the following rights towards the person responsible:

11.1. Right to access

You have the right to request a confirmation from the person responsible as to whether personal data concerning you will be processed by us. If such processing has taken place, you can request the following information from the person responsible:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data if the personal data are not collected from the data subject;

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

11.2. Right to rectification

You have a right of rectification and/or completion towards the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

11.3. Right to restriction of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the European Union or a member state.

If processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

11.4. Right to erasure

11.4.1. Obligation to delete

You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent, on which the processing was based pursuant to Art. 6(1)a GDPR or Art. 9(2)a GDPR, and there is no other legal basis for the processing.
  3. You file an objection to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection to the processing pursuant to Art. 21(2) GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.

11.4.2. Exceptions

The right to erasure does not exist if the processing is necessary

  1. to exercise freedom of expression and information;
  2. for the fulfilment of a legal obligation required for processing under the law of the European Union or of the Member States to which the controller is subject or for the fulfilment of a task in the public interest or in the exercise of official authority conferred on the controller;
  3. to assert, exercise or defend legal claims.

11.5. Right to be notificated

If you have made use of your right of rectification, erasure or restriction of the processing towards the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort.

The person concerned has the right to be informed of these recipients.

11.6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, if

  1. the processing is based on consent pursuant to Art. 6(1)a GDPR or on a contract pursuant to Art. 6(1)b GDPR and
  2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

11.7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data in accordance with Art. 6(1)e or f GDPR.

The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

11.8. Right to revoke the consent to the privacy policy

You have the right to revoke your consent to the privacy policy at any time. The revocation of consent will not affect the legality of the processing carried out on the basis of the consent until revocation.

11.9. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged will inform the complainant of the status and results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.