State: 16 August 2018
1. Name and address of the responsible person
The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the European Union as well as other data protection regulations:Matthias Fehring
Zum Südholz 8
- Website: www.huessenbergnetz.de
- Matomo: statistik.huessenbergnetz.de
- Nextcloud: wolke.huessenbergnetz.de
- Documentation: doc.huessenbergnetz.de
- Email administration: skaffari.huessenbergnetz.de
- Web-Mail: post.huessenbergnetz.de, post.tc-eissen.de, post.die-friseurin.net, post.huessenberghof.de
- SMTP, IMAP, POP3, Sieve: huessenbergnetz.de
3. General information on data processing
3.1. Scope of processing of personal data
I only process personal data of my users if this is necessary to provide functional websites and online services as well as my contents and services. The processing of personal data of my users takes place regularly only after consent of the user. An exception applies in those cases where prior consent cannot be obtained for effective reasons and processing of the data is permitted by law.
3.2.Legal basis for the processing of personal data
Insofar as I obtain the consent of the data subject for the processing of personal data, Art. 6(1)a GDPR serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
As far as a processing of personal data is necessary for the fulfilment of a legal obligation to which I am subject, Art. 6(1)c GDPR serves as legal basis.
If processing is necessary to maintain a legitimate interest on my part or that of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1)f GDPR serves as the legal basis for processing.
3.3. Data erasure and storage time
The personal data of the person affected will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.4. Categories of persons affected
3.5. Safety precautions
In accordance with Art. 32 GDPR, I take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the current state of technology, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.
You will find my technical and operational data protection measures in this PDF file.
3.6. Cooperation with contract data processors and third parties
If, in the course of my data processing, I disclose personal data to other persons and companies (contract data processors or third parties), transfer them to them or otherwise grant them access to the personal data, this will only take place on the basis of a legal permission pursuant to Art. 6(1)b GDPR, your consent pursuant to Art. 6(1)a GDPR, a legal obligation pursuant to Art. 6(1)c GDPR or on the basis of my legitimate interest pursuant to Art. 6(1)f GDPR.
If third parties are commissioned by me with the processing of personal data, this is done on the basis of Art. 28 GDPR within the framework of a contract on data processing.
4. Providing my websites and online services
4.1. Description and scope of data processing
Every time you visit my websites and every time you use my online services, my systems automatically collect data and information from the computer system of the calling user.
The following data is collected:
- information about the web browser (type, version, language, operating system)
- the IP address of the user
- date and time of the request
- the requested page/file
- website from which the system of the user reaches my websites (HTTP referer)
4.2. Legal basis for the data processing
The legal basis for the temporary storage of data is Art. 6(1)f GDPR.
4.3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the web pages and online services to the user's computer. For this the IP address of the user must remain stored for the duration of the session. These purposes are also my legitimate interest in data processing according to Art. 6(1)f GDPR.
4.4. Storage duration
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of websites and online services, this is the case when the respective session has ended.
4.5. Possibility of objection and elimination
The collection of data for the provision of websites and online services is absolutely necessary for the operation of the websites and online services. Consequently, there is no possibility of objection on the part of the user.
5. Creation of log files
5.1. Description and scope of the data processing
For security reasons, to avert danger and to correct errors, certain actions triggered by the user are logged, including in particular failed login attempts at services and websites that allow a login.
5.1.1. Error logs
All websites and online services provided by me log any internal errors that occur in log files. These entries do not contain an IP address, but may contain user names of the user whose action caused the error in order to find errors.
- If the contact form classifies an input as spam, the IP address of the user is logged in order to be able to better ward off cases of repetition.
- In case of failed login attempts at the Matomo administration interface, the IP address and the entered user name of the requesting user are logged in order to prevent misuse.
- In case of failed login attempts at the Nextcloud interface, the IP address and the entered user name of the requesting user are logged in order to prevent misuse.
- When logging on to the Skaffari administration interface, the IP address and the user name entered by the requesting user are logged in order to prevent misuse.
- For security reasons, all administrative actions performed by administrators are logged. The user name of the executing administrator is logged, but no IP address.
also post.tc-eissen.de und post.die-friseurin.net
- With each login to the web mail interface, the entered user name and the IP address of the requesting user are logged in order to prevent misuse.
5.1.7. SMTP, IMAP, POP3 and Sieve email server huessenbergnetz.de
- During every communication with the e-mail system at huessenbergnetz.de via the protocols SMTP, IMAP, POP3 and Sieve, the user name and IP address of the requesting user are logged.
5.2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is my legitimate interest in the secure operation of my information technology systems in accordance with Art. 6(1)f GDPR.
5.3. Purpose of the data processing
The storage of login information, fraud attempts and security-critical actions in log files ensures the security of my information technology systems. An evaluation of the data for marketing purposes does not take place in this context. My legitimate interest in data processing in accordance with Art. 6(1)f GDPR also lies in these purposes.
5.4. Storage duration
Data in log files will be deleted after seven days at the latest.
5.5. Possibility of objection and elimination
Logging of security-critical actions in log files is absolutely necessary for a secure operation of my systems. Consequently, the user has no right of objection.
7. Contact forms and email contact
7.1. Description and scope of the data processing
On some of my websites (www.huessenbergnetz.de) contact forms are available, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to me and saved. This data is:
- name of the user
- email address of the user
- subject of the message
- message text
At the time the message is sent, the following data is also stored:
- date and time of sending
Alternatively, it may be possible to contact me via an e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
7.2. Legal basis for the data processing
The legal basis for the processing of the data is Art. Art. 6(1)a GDPR, if the user has given his or her consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)f GDPR. If the e-mail contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6(1)b GDPR.
7.3. Purpose of the data processing
The processing of the personal data from the input mask serves me alone for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of my information technology systems.
7.4. Storage duration
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
7.5. Possibility of objection and elimination
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts me by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
To revoke your consent and/or to object to the storage, please simply send a corresponding request via the contact form to me or send an e-mail to .
All personal data stored in the course of contacting me will be deleted in this case.
8. Web analysis by Matomo (formerly PIWIK)
8.1. Description and scope of the data processing
On some of my websites I use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of my users. The used Matomo installation is operated by myself at statistik.huessenbergnetz.de. At the moment it is used on my following websites:
Matomo stores cookies on the user's computer for better analysis (for cookies see above). If details of a website analysed by me are called up, the following data are stored:
- two bytes of the IP address of the requesting system of the user
- the requested website
- the website from which the user has accessed the requested website (HTTP referer)
- the subpages that are accessed from the accessed website
- date and time of the request
- duration of stay on the website
- the frequency of visiting the website
- the browser used, its version, language used and installed plugins
- the operating system used and its version
- the device used and its screen resolution
- country and approximate city from which the request comes
- average loading time of the accessed page
The software runs exclusively on my servers. The personal data of users is only stored there. A passing on to unauthorized third parties does not take place. Customers of my service only have access to the data of their own website(s).
The software is configured so that the IP addresses are not completely stored, but 2 bytes of the IP address are masked (e.g. 192.168.0.0). In this way it is no longer possible to assign the shortened IP address to the calling computer.
No data is merged across the boundaries of domains. In particular, no data from websites of different customers will be combined or passed on to other customers.
8.2. Legal basis for the data processing
The legal basis for processing the personal data of the users of my websites is Art. 6(1)f GDPR.
The legal basis for the processing of commissioned data for my customers is a contract concluded with the respective customer in accordance with Art. 28 GDPR on commissioned data processing.
8.3. Purpose of the data processing
The processing of users' personal data enables me, or my customer, to analyse the surfing behaviour of our users. We are able to compile information about the use of the individual components of our websites and online services by evaluating the data obtained. This helps us to constantly improve our online offer and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6(1)f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.
In the case of commissioned data processing for customers, the purpose is to fulfil my business activities and to enable the respective customer to safely analyse his websites. For this purpose there is a contract between me and the respective customer who uses the service of statistik.huessenbergnetz.de in accordance with Art. 28 GDPR on commissioned data processing.
8.4. Storage duration
The data will be deleted as soon as they are no longer needed for our recording purposes. This is always the case after 367 days.
8.5. Possibility of objection and elimination
Since the collected data is stored pseudonymised, no personal reference can be made from it. It is therefore not possible to delete specific data of individual users.
We also offer our users the possibility of an opt-out from the analysis procedure on all websites analysed by statistik.huessenbergnetz.de, including this one. To do this, simply click on the corresponding box in the next section. In this way, another cookie is set which signals the Matomo installation at statistik.huessenbergnetz.de not to store the user's data in the future. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again. The opt-out applies to all websites and online services analyzed by statistik.huessenbergnetz.de.
9.1. Description and scope of the data processing
9.2. Legal basis for the data processing
The legal basis for the processing of personal data is my legitimate interest pursuant to Art. 6(1)f GDPR in an efficient and secure provision of my websites and online services.
9.3. Purpose of the data processing
The processing of personal data by Hetzner Online GmbH enables me to provide my own websites and online services. Only the purchase of infrastructure and server services makes my websites and online offers possible.
9.4. Storage duration
If Hetzner Online GmbH creates log files to protect its own infrastructure and information technology systems, these will be made anonymous after 7 days at the latest — which means that a personal reference can no longer be established.
9.5 Possibility of objection and elimination
The processing of data by Hetzner Online GmbH is absolutely necessary for the operation of the websites and online services. Consequently, there is no possibility of objection on the part of the user.
10. Hosting for thid parties and customers
9.1. Description and scope of the data processing
10.2. Legal basis for the data processing
Legal basis for the processing of personal data are contractually offered services and preliminary work according to Art. 6(1)b GDPR.
10.3. Purpose of the data processing
The processing of personal data for third parties enables me to conduct my business and provide services to third parties.
10.4. Storage duration
As far as personal data are not stored anonymously, they will be deleted by me after 7 days at the latest.
10.5. Possibility of objection and elimination
The collection of data for third parties is mandatory for the provision of my services and for the maintenance of my business operations. Consequently, there is no possibility of objection on the part of the user.
11. Rights of the data subjects
If your personal data is processed you are affected within the meaning of the GDPR and you have the following rights towards the person responsible:
11.1. Right to access
You have the right to request a confirmation from the person responsible as to whether personal data concerning you will be processed by us. If such processing has taken place, you can request the following information from the person responsible:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
11.2. Right to rectification
You have a right of rectification and/or completion towards the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.
11.3. Right to restriction of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
- if you have filed an objection to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, these data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the European Union or a member state.
If processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
11.4. Right to erasure
11.4.1. Obligation to delete
You may request the data controller to delete the personal data relating to you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6(1)a GDPR or Art. 9(2)a GDPR, and there is no other legal basis for the processing.
- You file an objection to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection to the processing pursuant to Art. 21(2) GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
The right to erasure does not exist if the processing is necessary
- to exercise freedom of expression and information;
- for the fulfilment of a legal obligation required for processing under the law of the European Union or of the Member States to which the controller is subject or for the fulfilment of a task in the public interest or in the exercise of official authority conferred on the controller;
- to assert, exercise or defend legal claims.
11.5. Right to be notificated
If you have made use of your right of rectification, erasure or restriction of the processing towards the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort.
The person concerned has the right to be informed of these recipients.
11.6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, if
- the processing is based on consent pursuant to Art. 6(1)a GDPR or on a contract pursuant to Art. 6(1)b GDPR and
- the processing is carried out by means of automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
11.7. Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data in accordance with Art. 6(1)e or f GDPR.
The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
11.9. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged will inform the complainant of the status and results of the complaint, including the possibility of a legal remedy under Art. 78 GDPR.