Data Protection
With the following information, we would like to give you an overview of how we process your personal data and your rights under data protection laws. The privacy policy covers our website “pat-patachon.de” and the data processing carried out through this website.
Part 1: Responsible Party
Pat Patachon GmbH
Hinter der Mühle 25
12685 Berlin
Phone: (+49 30) 679 648 840 0
Email: info@pat-patachon.de
You can contact the above contacts at any time regarding data protection issues.
You have the right to lodge a complaint with the data protection supervisory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Phone: 030 13889-0, Email: mailbox@datenschutz-berlin.de
Part 2: Definitions
The privacy policy is based on the terms used by the European legislators when issuing the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used.
Personal data: Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject: Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling: Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Part 3: your Rights
Articles 12 – 23 GDPR guarantee you, as the data subject, extensive rights regarding the processing of your personal data by us. Below you will find an overview of these so-called “data subject rights”. You can exercise any of these rights against us at any time. Please contact the above-mentioned contact person using one of the provided contact details.
Right to confirmation: You have the right to request confirmation from us as to whether personal data concerning you is being processed.
Right to information: Art. 15 GDPR: You have the right to obtain from us at any time free information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
Right to rectification: Art. 16 GDPR You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Erasure Art. 17 GDPR: You have the right to demand from us that personal data concerning you be deleted immediately, provided that one of the legally prescribed reasons applies and insofar as the processing or storage is not necessary.
Restriction of processing Art. 18 GDPR: You have the right to demand the restriction of processing from us if one of the legal requirements is met.
Data portability Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, insofar as the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
Objection Art. 21 GDPR: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims. In individual cases, we process personal data to conduct direct marketing. You may at any time object to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Revocation of data protection consent: You have the right to revoke your consent to the processing of personal data at any time with effect for the future. Complaint to a supervisory authority You have the right to complain to a data protection supervisory authority about our processing of personal data.
Part 4: Processing Operations
Hosting of our Website – Hetzner
- Description and scope of data processing
When you merely view our website, without otherwise providing us with information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security, and must therefore be processed by us. Hetzner is a hosting service to make our website accessible to the public. The hosting service includes domain registration and maintenance of the web offering. Server logs are usually processed to increase the security of the website. As part of this process, we process the following data: IP address, browser data, access time, email addresses, log files
Recipient: Hetzner Online GmbH (Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen), order processing. - Purpose of data processing and legal basis
The purpose of data processing is to ensure that it is accessible and available to our users. For this purpose, the data is stored, processed and secured on the server.
Legal basis for data processing: Art. 6 lit f GDPR – legitimate interest: We have a legitimate interest in securely hosting our website. - Duration of storage/blocking of data
The data is automatically deleted after 7 days.
General Inquiries from Customers and Interested Parties via Email
- Description and scope of data processing
The data processing serves to process inquiries from you (regarding existing contracts, new customer inquiries, support). As part of this process, we process the data that you provide to us via email. Usually, this includes: name, email address, phone number, message, date and time of the inquiry. - Purpose of data processing and legal basis
The purpose of the processing is to give you the opportunity to contact us easily for the purpose of contract initiation, for general inquiries or for support.
Legal basis for data processing: Art. 6 lit b GDPR – pre-contractual or contractual measure – We process the data based on your inquiry regarding an existing or potential contract. - Duration of storage/blocking of data
The data is stored until it is no longer needed to process user inquiries or manage the customer relationship. In addition, we are subject to various retention and documentation obligations. In Germany, these may arise, among other things, from the Commercial Code (HGB) and the Tax Code (AO). The retention or documentation periods specified there are up to ten years. In the case of customer communication, these are regularly commercial letters, which are subject to a retention period of 6 years. In addition, the storage period is also determined by the statutory limitation periods, which according to §§ 195 ff. BGB can be up to thirty years, with the regular limitation period being three years.
Embedding Media in our Website via YouTube
- Description and scope of data processing
We embed media content such as videos and audio files on our website. This way, website visitors don’t have to switch to another website, but can consume the content directly on the currently accessed website. As part of this process, we process the following data: IP address, video URL, video title, video description, video tags, video comments, video views, video likes.
Recipient: YouTube (Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland), order processing. Google Ireland is a subsidiary of Google LLC based in the USA, which means that a third-country transfer according to the GDPR is given. Therefore, it is necessary for us to obtain appropriate guarantees for compliance with a level of data protection comparable to that of the EU. Such a guarantee in the case of a US company is the self-certification of this company under the Data Privacy Framework Program (https://www.dataprivacyframework.gov/s/participant-search). Google LLC is certified under the Data Privacy Framework, which guarantees a comparable level of data protection. - Purpose of data processing and legal basis
The purpose of the processing is to embed media content such as videos, images and audio files on our website via YouTube to provide our visitors with a better experience. For this purpose, the media content is uploaded to YouTube and embedded in our website so that it can be displayed directly on our page.
Legal basis for data processing: Art. 6 lit a GDPR – Your consent: We only process this data based on your explicit, prior consent. - Duration of storage/blocking of data
The data is deleted as soon as the YouTube videos are no longer displayed on our website. For information on data processing by Google, see: https://policies.google.com/privacy?hl=en You have the right to withdraw your consent. You can most easily withdraw your consent via our Consent Manager.
Web Tracking and User Statistics Collection via Google Analytics
- Description and scope of data processing
A web tracking and analysis tool is integrated into our website via code snippet. This allows us to track, among other things, which content is particularly relevant or how many interested parties actually became customers (conversion tracking). As part of this process, we process the following data: number of visitors, page views, duration of stay, origin of visitors, browser type, operating system, screen resolution, search terms, time of visit, visitor activities, page views per visit, bounce rate, time spent per page, time spent per visit, page views per visit, number of visitors per day, number of visitors per month, number of visitors per year, number of page views per day, number of page views per month, number of page views per year.
Recipient: Google Inc (Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland). Google Ireland is a subsidiary of Google LLC based in the USA, which means that a third-country transfer is given according to the provisions of the GDPR. Therefore, it is necessary for us to obtain appropriate guarantees for compliance with a level of data protection comparable to that of the EU. In the case of a US company, such a guarantee is the self-certification of this company under the Data Privacy Framework Program (https://www.dataprivacyframework.gov/s/participant-search). Google LLC is certified under the Data Privacy Framework, which guarantees a comparable level of data protection. - Purpose of data processing and legal basis
Google Analytics uses web tracking and user statistics to collect information about website visitors. This information can be used to improve the user-friendliness of the website, measure the effectiveness of advertising campaigns, and adapt the website to users’ needs.
Legal basis for data processing: Art. 6 para. 1 lit a GDPR, your explicit consent via our Consent Manager. - Duration of storage/blocking of data
Google Analytics typically automatically deletes user data after 14 months. More on data storage via Google Analytics: https://policies.google.com/privacy?hl=en. You have the right to revoke your consent. You can most easily revoke your consent via our Consent Manager or install Google’s browser add-on, which is available at the following link: tools.google.com/dlpage/gaoptout?hl=en/.
User Feedback via the Contact Form on our Website
- Description and scope of data processing
The data processing serves to process user feedback via the contact form on our website to improve the user experience and optimize the website and our service. As part of this process, we process the following data: name, email address, phone number, message (possibly based on experience categories), IP address, browser type, operating system, date and time of submission. - Purpose of data processing and legal basis
The purpose of processing user feedback via the contact form on our website is to measure customer satisfaction and improve the quality of our services. The processing includes collecting, storing, and analyzing feedback. Anonymization of the data may occur to subject the feedback to further analysis.
Legal basis for data processing: Art. 6 lit f GDPR – legitimate interest – We process the data based on a legitimate interest in developing and improving our services. Furthermore, our customers have an interest in high-quality services. - Duration of storage/blocking of data
The data is processed until it is no longer needed to process user requests. The data is anonymized and permanently stored. In addition, we are subject to various retention and documentation obligations. In Germany, these may arise, among other things, from the Commercial Code (HGB) and the Tax Code (AO). In the case of customer communication, these are regularly commercial letters, which are subject to a retention period of 6 years. In addition, the storage period is also determined by the statutory limitation periods, which according to §§ 195 ff. of the German Civil Code (BGB) can be up to thirty years, whereby the regular limitation period is three years.
Processing Applications
- Description and scope of data processing
The data processing includes processing applications. This involves collecting, reviewing, and processing applicant data to find the best candidates for a position. As part of this process, we process the following data: name, contact details, resume, work history, education history, cover letter, certificates, references, contact details of references. - Purpose of data processing and legal basis
The purpose of this processing is to hire new applicants for the company.
Legal basis for data processing: § 26 para. 1 sentence 1 – Employment relationship, as well as Art. 6 lit b GDPR: Pre-contractual measure. - Duration of Data Storage/Blocking
The duration of storage depends on the purpose of collection, unless legal deadlines dictate otherwise. To defend against legal claims, applications must be stored for a period of 3 months after non-employment. Additionally, we are subject to various retention and documentation obligations. In Germany, these may arise from the Commercial Code (HGB) and the Tax Code (AO). The retention or documentation periods specified there are up to ten years. Furthermore, the storage duration is also determined by the statutory limitation periods, which according to §§ 195 ff. BGB can be up to thirty years, with the regular limitation period being three years.
Processing of Data via our Company Page on Facebook
- Description and Scope of Data Processing
We maintain a page on the social network Facebook. Users of the social network can view our content or “subscribe” to us. In the latter case, updates are often automatically sent to subscribers when there are news from our page. As part of this process, we process the following data: name, phone number, address, email address, IP address, age, gender, location information, likes, comments, interests, images, videos, followers, hashtags
Recipient of the data: Meta Inc. (Meta Inc., 1601 Willow Road Menlo Park, California 94025, USA). Meta is based in the USA, which means a third-country transfer according to GDPR regulations. Therefore, it is necessary for us to obtain appropriate guarantees for compliance with a data protection level comparable to that of the EU. Such a guarantee in the case of a US company is the self-certification of this company under the Data Privacy Framework Program (https://www.dataprivacyframework.gov/s/participant-search). Meta is certified under the Data Privacy Framework, which guarantees a comparable level of data protection. - Purpose of Data Processing and Legal Basis
Visitors to the network should also be given the opportunity to contact us within the platform ecosystem – this increases presence among customers. Content can be placed more precisely on the platform by using data.
Legal basis for data processing: Art. 6 lit f GDPR – legitimate interest: We have a legitimate interest in presenting ourselves on social networks. - Duration of Data Storage/Blocking
The data will be deleted as soon as it is no longer needed to provide the services of our company page on Facebook. In addition, we are subject to various retention and documentation obligations. In Germany, these may arise from the Commercial Code (HGB) and the Tax Code (AO). The retention or documentation periods specified there are up to ten years. Furthermore, the storage duration is also determined by the statutory limitation periods, which according to §§ 195 ff. BGB can be up to thirty years, with the regular limitation period being three years.
Part 5: Legal Bases
Art. 6 para. 1 lit. a GDPR (in conjunction with § 15 para. 3 TMG) serves our company as a legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the provision of our services or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR.
The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third parties. Then the processing would be based on Art. 6 para. 1 lit. d GDPR.
Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the aforementioned legal grounds if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a client of our company (Recital 47 Sentence 2 GDPR).
Part 6: Use of Cookies
We use cookies. Cookies are small files that are sent from us to the browser of your end device and stored there during your visit to our website. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, allow us to perform various analyses. For example, some cookies can recognize the browser you used when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. For instance, cookies allow us to make our internet offer more user-friendly and effective for you by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly through your browser. Cookies do not cause any damage to your end device. They cannot run programs or contain viruses. Cookies can be distinguished according to their necessity or purpose of use (Necessary Cookies, Analysis and Marketing Cookies).
Most web browsers are preset to automatically accept cookies. However, you can configure your respective browser to accept only certain cookies or no cookies at all. Please note that you may then no longer be able to use all functions of our website.
You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since different browsers may differ in their respective functions, please use the help menu of your browser for the corresponding configuration options. Deactivating the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to deactivate it again.
Due to the described purposes of use, the legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR for all necessary cookies. If you have given us your consent to the use of cookies based on a notice provided by us on the website (“Cookie Banner”), the legal basis is additionally Art. 6(1)(a) GDPR. This is the case for all non-necessary cookies.
A complete overview of the individual cookies we use can be found below:
| Name | Expiration | Description | Category |
| Borlabs Cookie | Session | Recognition and storage of your privacy settings by Borlabs Cookie | Necessary |
| _ga* | 2 years | Used by Google Analytics to distinguish users. More information: https://privacy.google.com/take-control.html | Not Necessary / Analytics |
| _ga_<container-id> | 2 years | Used to store the session status. https://privacy.google.com/take-control.html | Not Necessary / Analytics |
| yt-player-headers-readable | session | Used by YouTube. It plays a role in storing user preferences and other non-personally identifiable information when videos are embedded from YouTube or watched directly on their platform. This cookie might, for example, store information about video quality, volume settings, or other interaction data to improve and customize the user experience. It is part of YouTube’s functionality to ensure that users’ video playback settings are retained across different visits. | Not Necessary |
| yt-remote-connected-devices | persistent | The cookie yt-remote-connected-devices is used by YouTube to store information about connected devices when you use the YouTube app or website. This cookie enables features such as seamless streaming or transferring YouTube content from one device to another, for example from a smartphone to a smart TV. It helps YouTube remember devices that were previously connected to your account to enable easier and faster connections in the future. This improves the user experience by, for instance, making it easier to continue watching a video on another device. | Not Necessary |
| yt-remote-device-id | persistent | The cookie yt-remote-device-id is also used by YouTube and serves similar purposes as the yt-remote-connected-devices cookie. It stores a unique identification number for each device that connects to the YouTube app or website. | Not Necessary |
| yt.innertube::nextId | persistent | The cookie yt.innertube::nextId is part of YouTube’s internal functionality, specifically in connection with their algorithm and user interface. This cookie plays a role, for example, in the automatic selection of the next video. | Not Necessary |
| yt.innertube::requests | persistent | The cookie yt.innertube::requests is a technical element used by YouTube to manage a user’s interactions and requests on their platform. This cookie is part of YouTube’s “Innertube” technology, an internal term for their backend architecture responsible for providing content and services. | Not Necessary |
| ytidb::LAST_RESULT_ENTRY_KEY | session | The ytidb::LAST_RESULT_ENTRY_KEY cookie is part of YouTube’s internal database management. It is related to the storage and management of settings in the browser’s local database. | Not Necessary |
| CONSENT | persistent | The “CONSENT” cookie from YouTube, which is also used by Google services, is an important cookie that essentially relates to compliance with data protection laws and user consent. | Not Necessary |
Part 7: Transfer of Data to Third Parties
Your personal data will not be transferred to third parties for purposes other than those listed. We will only disclose your personal data to third parties if: 1. You have given your express consent according to Art. 6 Para. 1 S. 1 lit. a GDPR, 2. The disclosure is permitted according to Art. 6 Para. 1 S. 1 lit. f GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data, 3. In the event that there is a legal obligation for the disclosure according to Art. 6 Para. 1 S. 1 lit. c GDPR, and 4. This is legally permissible and required according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.
Part 8: Technical and Organizational Measures
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. We use this technology to protect your transmitted data.
Part 9: Storage Duration and Deletion of your Data
We process and store your personal data only for the period necessary to achieve the purpose of storage or as far as this is granted by the legal regulations our company is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the regulations expires, the personal data is routinely deleted in accordance with legal requirements.
7-DSS_FB_PP_Datenschutzerklärung_WEB_2023
