INTRODUCTION AND TERMS

1. INTRODUCTION
By operating our website https://www.full-metal-holiday.com/ (hereinafter referred to as the “Website”), we process personal data. This data is treated confidentially and processed in accordance with applicable laws, particularly the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new). Through this Privacy Policy, we aim to inform you about which personal data we collect from you, for what purposes and on what legal basis we use it, and, if applicable, to whom we disclose it. Additionally, we will explain the rights you have to protect and enforce your data protection.

2. TERMS
Our Privacy Policy contains technical terms as defined in the GDPR and the BDSG-new. To help you better understand them, we will explain these terms in simple words:

2.1 Personal Data
“Personal data” refers to all information relating to an identified or identifiable individual (Art. 4 No. 1 GDPR). Information about an identified person can include their name or email address. Personal data also includes data where the identity is not immediately apparent but can be determined by combining one’s own or third-party information to identify the person. For example, a person can be identified through their address, bank details, date of birth, username, IP address, and/or location data. Essentially, any information that can, in some way, allow conclusions about a person is relevant.

2.2 Processing
“Processing” as defined in Art. 4 No. 2 GDPR refers to any operation related to personal data. This includes collecting, recording, organizing, structuring, storing, adapting, modifying, retrieving, consulting, using, disclosing, transmitting, disseminating, or otherwise making data available, as well as aligning, linking, restricting, erasing, or destroying personal data.

RESPONSIBLE ENTITY AND DATA PROTECTION OFFICER

3. Responsible Entity
The entity responsible for data processing is:

Company: Full Entertainment GmbH & Co KG („we“)
Legal Representative: Full Metal Verwaltungsgesellschaft mbH represented by Thomas Jensen (Managing Director)
Address: Schenefelder Straße 17, 25596 Wacken
Phone: 02151 – 65 44 860
Fax: 02151 – 6 44 8595
Email: info@willst-du-weg.de

4. Data Protection Officer
We have appointed an external Data Protection Officer for our company. You can reach them at:

Name: Reinher Karl
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 18189800
Fax: 040/ 181898099
Email: datenschutz@habewi.de

PROCESSING FRAMEWORK

5. Processing Framework: Website
Through the website with the URL http://www.full-metal-holiday.com, we process the personal data listed in sections 6 to 13. We only process data actively provided by you (e.g., by filling out forms) or automatically provided by you when using our services.
Your data is processed exclusively by us and is generally not sold, rented, or disclosed to third parties. If we utilize external service providers for processing your personal data, it is within the framework of so-called commissioned data processing, where we, as the client, retain authority over the contractor. For hosting, maintenance, care, and development of the website, we engage external service providers. Should additional external service providers be used for the processing activities listed in sections 6–13, they will be specifically named there.

Data transfers to third countries generally do not occur and are not planned. Any exceptions to this rule will be detailed in the subsequent descriptions of processing activities.

PROCESSING IN DETAIL

6. Provision of the Website and Server Log Files

6.1 Description of Processing
Bei jedem Aufruf der Webseite erfassen wir automatisch Informationen, die Ihr Browser an unseren Server übermittelt. Diese werden auch in den sogenannten Logfiles unseres Systems gespeichert. Dabei handelt es sich um die folgenden Daten:

• Your IP address
• The browser software you use, including version and language
• The operating system you use
• The website from which you accessed our site (referrer)
• Subpages you accessed on our website
• Date and time of access
• Data volume transferred

Your IP address is captured in the log files only in an anonymized format, with the last three digits removed.

6.2 Purpose
Processing is performed to enable access to the website and ensure its stability and security. Additionally, it serves statistical evaluations and the improvement of our online offerings.

6.3 Legal Basis
Processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose outlined in section 6.2.

6.4 Retention Period
The data is deleted as soon as it is no longer needed for the purpose of its collection. For data collected to provide the website, this is the case when the respective session ends. Log files are deleted after 30 days.

7. Contact via Email

7.1 Description of Processing
You can contact us via the email addresses provided on the website. In this case, the personal data transmitted with the email will be processed by us.

7.2 Purpose
The data transmitted with your email is used solely for processing and responding to your inquiry.

7.3 Legal Basis
Processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose outlined in section 7.2. If the email contact aims to conclude or fulfill a contract, data processing is performed to fulfill the contract (Art. 6 para. 1 lit. b GDPR).

7.4 Retention Period
The data is deleted as soon as it is no longer required for the purpose of its collection. Typically, this occurs when the communication with you is completed. Communication is considered complete when it can be inferred from the circumstances that your inquiry has been fully resolved. If statutory retention periods prevent deletion, the data will be deleted immediately after the retention period ends.

8. COOKIES

8.1 Description of Processing
Our website uses cookies. Cookies are small text files stored on the user’s device when visiting a website. Cookies contain information that allows the recognition of a device and possibly enables certain website functions. Most of the cookies we use are “session cookies,” which are automatically deleted when you end your internet session and close the browser. Other cookies remain on your device for a longer period and allow partner companies to recognize your browser or computer (persistent cookies). Persistent cookies are automatically deleted after a predefined storage period.

8.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 8.1. We also work with advertising partners to help make our website as interesting as possible for you. To this end, cookies from third-party companies may be stored on your hard drive. If we allow third parties to use such cookies, we will inform you about the information collected through them in the following sections.

8.3 Rechtsgrundlage
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose outlined in section 8.2.

8.4 Retention Period
Cookies are automatically deleted at the end of a session or after the specified storage period. Since cookies are stored on your device, you, as the user, have full control over their use. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies.
Below are links to instructions for changing cookie settings in common browsers. For further information, please consult your browser’s support menu:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, certain functions of the website may not be available or may only be available in a limited capacity.

9. Social Networks
Our website does not use so-called social media plugins. The logos of social networks like Facebook, Twitter, and Instagram displayed on our website are merely linked to our respective company profiles. If you click on one of these logos, you will be redirected to the external website of the corresponding social network.

10. GOOGLE WEB FONTS

10.1 Description of Processing
Our website uses “Google Web Fonts,” a font replacement service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). With Google Web Fonts, the standard fonts of your device are replaced with fonts from Google’s catalog when our website is displayed. If your browser prevents the integration of Google Web Fonts, the text on our website will be displayed in the standard fonts of your device. The Google Web Fonts are loaded directly from a Google server. For this to happen, your browser sends a request to a Google server. This may involve transmitting your IP address along with the address of our website to Google. Google Web Fonts does not store cookies on your device. According to Google, data processed within the scope of Google Web Fonts is transmitted to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with any data potentially collected or used in connection with other Google services such as the search engine or Gmail. Additional information about privacy at Google Web Fonts can be found at Google Fonts FAQ. General information about Google’s privacy practices is available at Google Privacy Policy.

10.2 Purpose
The processing ensures that the text on our website is displayed in a more legible and visually appealing manner.

10.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose outlined in section 10.2.

10.4 Recipients and Transfer to Third Countries
By using Google Web Fonts, personal data may be transmitted to Google. Google also processes personal data in the United States and is subject to the EU-US Privacy Shield. More information on the EU-US Privacy Shield can be found at Privacy Shield Framework.

11. YOUTUBE Videos

11.1 Description of Processing
Our website uses services provided by “YouTube,” a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames, making them directly playable on our site. The videos are embedded in the “enhanced privacy mode” offered by YouTube, meaning no personal data will be transferred to Google unless you play the videos. Data transfer to Google only occurs when you play a video, over which we have no control. When you play an embedded video on a subpage of our website, Google will receive information about which subpage you visited and which video you watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will associate this information with your user account. Google stores your data as user profiles and uses them for advertising, market research, and/or the customized design of its websites. You have the right to object to the creation of these user profiles, which you must exercise directly with Google. For further information on data privacy at Google, please visit Google Privacy Policy.

11.2 Purpose
The processing occurs to display videos on our website.

11.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose described in Section 11.2.

11.4 Recipients and Transfer to Third Countries
By embedding YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes personal data in the USA and adheres to the EU-US Privacy Shield. For more information about the EU-US Privacy Shield, please visit Privacy Shield Framework https://www.privacyshield.gov/EU-US-Framework.

12. VIMEO VIDEOS

12.1 Description of Processing
Our website uses services provided by “Vimeo,” a video platform operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”). We use Vimeo by embedding individual videos from the platform on our website as so-called iFrames, making them directly playable on our site. When you visit a subpage of our website with an embedded video, a connection to Vimeo’s servers is established, and the video is displayed within our website. Vimeo receives information about which webpage you visited. Your IP address may also be transmitted to Vimeo. If you play an embedded video, this information is also forwarded to Vimeo. If you are logged in as a Vimeo user, Vimeo associates this data with your user account. For more information on data privacy at Vimeo, please visit Vimeo Privacy Policy.

12.2 Purpose
The processing occurs to display videos on our website.

12.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose described in Section 12.2.

12.4 Recipients and Transfer to Third Countries
Vimeo also processes data in the USA.

13. SPOTIFY

13.1 Description of Processing
Our website includes functions of the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Spotify plugins can be recognized by the green logo on our website. An overview of Spotify plugins can be found at Spotify Developer. When you visit our pages, the plugin establishes a direct connection between your browser and Spotify’s server. Spotify receives the information that you visited our site with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of our pages to your Spotify profile.

This allows Spotify to associate your visit to our pages with your user account. If you do not wish Spotify to associate your visit to our pages with your user account, please log out of your Spotify account. Further information can be found in Spotify’s privacy policy: Spotify Privacy Policy.

13.2 Purpose
The processing occurs to enable you to discover music by artists related to our website.

13.3 Rechtsgrundlage
Die Verarbeitung ist zur Wahrung der überwiegenden berechtigten Interessen des Verantwortlichen erforderlich (Art. 6 Abs. 1 lit. f DSGVO). Unser berechtigtes Interesse liegt in dem in Ziffer 134.2 benannten Zweck.

13.4 Recipients and Transfer to Third Countries
Spotify transfers, processes, and stores data about users on servers located in multiple countries. For more information, please refer to Spotify’s privacy policy: Spotify Privacy Policy.

14. GOOGLE ANALYTICS

14.1 Description of Processing
Our website uses “Google Analytics,” a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies (see Section 8) to analyze your use of our services. We use Google Analytics in its “Universal Analytics” version, which allows cross-device analysis by associating data with a pseudonymous user ID. The information generated by the cookie is typically transmitted to and stored on a Google server in the USA. However, we only use Google Analytics with IP anonymization. This means that your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser in connection with Google Analytics is not merged with other Google data. Google Analytics statistics include, in particular, data about how many users visit our website, from which country or location access occurs, which subpages are accessed, and through which links or search terms visitors reach our website. For more information about Google Analytics’ privacy practices, visit Google Analytics Privacy.

14.2 Purpose
The processing is carried out to evaluate the use of our website. The information obtained is used to improve and tailor our online presence to meet users’ needs.

14.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose described in Section 14.2.

14.4 Storage Duration and Right to Object
The storage duration, as well as your control and configuration options for cookies, are described in Section 7. You can object to the processing of your data by Google Analytics at any time by downloading and installing the browser add-on provided by Google at Google Opt-Out. Alternatively, you can click the following link to set an opt-out cookie on your device, which will prevent your data from being collected during future visits to this website. Analytics data processed and stored using Google Analytics will automatically be deleted after 14 months.

14.5 Recipients and Transfer to Third Countries
Google Analytics acts as a service provider for us as part of data processing agreements. Google also processes your personal data in the USA and adheres to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, visit Privacy Shield Framework.

15. DOUBLECLICK BY GOOGLE

15.1 Description of Processing
DoubleClick by Google is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). DoubleClick uses cookies to display relevant advertisements to you. A pseudonymous identification number (ID) is assigned to your browser to verify which ads were displayed in your browser and which were clicked on. The cookies do not contain any personal information.

15.2 Purpose
Die Verwendung der DoubleClick-Cookies ermöglicht Google und seinen Partner-Webseiten lediglich die Schaltung von Anzeigen auf Basis vorheriger Besuche auf unserer oder anderen Webseiten im Internet.

15.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose described in Section 15.2.

15.4 Storage Duration and Right to Object
The storage duration, as well as your control and configuration options for cookies, are described in Section 8 .You can prevent the storage of cookies by adjusting your browser settings; however, please note that doing so may limit the full functionality of our website. Additionally, you can prevent the collection of data generated by cookies and related to your use of the website, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link under the section “DoubleClick Deactivation Extension.” Alternatively, you can deactivate DoubleClick cookies on the Digital Advertising Alliance website using the following link.

15.5 Recipients and Transfer to Third Countries
The information generated by the cookies is transmitted to a Google server in the USA for evaluation and stored there. Google complies with the data protection provisions of the “Privacy Shield” agreement and is registered with the U.S. Department of Commerce’s “Privacy Shield” program. Data transfer by Google to third parties only takes place based on legal requirements or as part of order data processing. Under no circumstances will Google merge your data with other data collected by Google. For more information on the EU-US Privacy Shield, visit Privacy Shield Framework. Google’s privacy policy can be viewed at Google Privacy Policy.

SECURITY MEASURES

16. SECURITY MEASURES
To protect your personal data from unauthorized access, our website is equipped with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security,” encrypting the communication of data between a website and the user’s device. You can identify active SSL or TLS encryption by a small lock icon displayed at the far left of your browser’s address bar.

YOUR RIGHTS

17. YOUR RIGHTS
Regarding the data processing described above, you have the following rights as a data subject:

17.1 Right of Access (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you are entitled to information about this personal data and the details specified in Art. 15 GDPR.

17.2 Right to Rectification (Art. 16 GDPR)
You have the right to request the immediate correction of inaccurate personal data concerning you and, if applicable, the completion of incomplete personal data.

17.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the deletion of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies, e.g., if your data is no longer required for the purposes pursued by us.

17.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met. For example, if you dispute the accuracy of your personal data, processing will be restricted for the period necessary to verify its accuracy.

17.5 Right to Data Portability (Art. 20 GDPR)
You have the right, under the conditions specified in Art. 20 GDPR, to receive the personal data concerning you in a structured, commonly used, and machine-readable format.

17.6 Right to Withdraw Consent (Art. 7 para. 3 GDPR)
If processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal applies from the time it is exercised and is effective for the future. In other words, processing based on your consent does not become unlawful retroactively due to the withdrawal.

17.7 Right to Lodge a Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right with a supervisory authority in the EU member state of your residence, workplace, or the location of the alleged infringement.

17.8 Prohibition of Automated Decisions/Profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We hereby inform you that we do not engage in automated decision-making, including profiling, with regard to your personal data.

17.9 Right to Object (Art. 21 GDPR)
If we process personal data concerning you based on Art. 6 para. 1 lit. f GDPR (to safeguard overriding legitimate interests), you have the right to object to this processing at any time under the conditions specified in Art. 21 GDPR, provided there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. We are also not required to cease processing if it serves the establishment, exercise, or defense of legal claims. In any case—regardless of any particular situation—you have the right to object at any time to the processing of your personal data for direct marketing purposes.

Status: May 2018