Our data protection policy

1. General information and principles of data processing


We are glad that you visit our website. The protection of your privacy and the protection of your personal data, the so-called personal data, when using our website is very important to us.

According to Art. 4 No. 1 GDPR, personal data are all information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your e-mail address, but also your IP address.

Data that cannot be linked to your person, for example through anonymisation, are not personal data. The processing (e.g. the collection, storage, reading, retrieval, use, transmission, deletion or destruction) according to Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and no legally prescribed retention obligations are to be preserved.


Here you will find information about the handling of your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary that we collect personal data about you.


We also explain to you the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.

This privacy policy applies only to this website. It does not apply to other websites to which we merely refer via a hyperlink. We cannot assume any responsibility for the confidential handling of your personal data on these third party websites, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself about the handling of your personal data by these companies directly on these websites.


Below you will find the contact details of the responsible controller and the data protection officer.


2. Controller


Controller for the processing of personal data on this website (see imprint):


Serviceplan Kampagne 3 GmbH & Co. KG

Haus der Kommunikation

Brienner Straße 45 a-d

80333 München


Tel: +49 89 2050 30

Fax: +49 89 2050 3611

E-Mail: info@serviceplan.com


Represented by the managing directors: Christoph Everke, Michael Jaeger, Alexander Nagel


3. Data Protection Officer


If you have any questions about data protection, you can also contact our data protection officer at any time:

Dr. Georg F. Schröder, LL.M.
Data protection officer
HEUSSEN Rechtsanwaltsgesellschaft mbH c/o
Brienner Straße 9 / Amiraplatz
80333 München (Munich)/ Germany
Telephone: +49 89 29 09 70
Telefax: +49 89 290 97 200
E-mail: georg.schroeder@heussen-law.de


4. Provision and use of the website/ log files


a) Type and scope of data processing

If you use this website without otherwise transmitting data to us, we collect following technically necessary data via log files, which are automatically transmitted to our server:

– IP address

– Date and time of the request

– Name and URL of the retrieved file

– Website from which access is made (referrer URL)

– Access status/HTTP status code

– Browser type

– Language and version of the browser software

– Operating system


b) Purpose and legal basis

This processing is technically necessary in order to be able to display our website to you. We also use the data to ensure the security and stability of our website. This processing is also necessary to prevent the misuse of our website.

The legal basis for this processing is Art. 6(1) lit. f) GDPR. The processing of the mentioned data is necessary for the running of the website and protection against misuse of the website and thus serves the protection of a legitimate interest of our company.


c) Storage period

As soon as the personal data mentioned are no longer required to display the website, the data will be deleted. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Further storage may take place in individual cases if this is required by law.



5. Use of cookies


a) Type, scope and purpose of data processing

We use cookies. Cookies are small files that are sent by us to the browser of your device during your visit to our website and stored there.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, allow us to perform various analyses.
For example, some cookies can recognize the browser you are using when you return to our website and transmit various informations to us. We use cookies to facilitate and improve the use of our website. For example, we can use cookies to make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, the third parties collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot run programs or contain viruses. Various types of cookies are used on our website and their type and function are explained below.

Transient/ Session cookies

Our website uses transient/session cookies, which are automatically deleted when you close your browser. This type of cookie allows us to collect your session ID. This makes it possible to assign different requests of your browser to a common session and it is possible to recognize your device during subsequent visits to websites.

Persistent cookies

Persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can delete persistent cookies independently using your browser settings.

Third-party cookies

We use analytical cookies to track the user behavior on our website.

Configuring the browser settings

Most web browsers are pre-set to automatically accept cookies. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use all the functions of our website.


You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the corresponding configuration options.


Disabling the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you must activate it again.


b) Legal basis

Due to the described purposes of use, the legal basis for the processing of personal data using cookies is Art. 6(1) lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a reference (“cookie banner”), the legal basis is additionally Art. 6(1) lit. a) GDPR.


c) Storage period

As soon as the data transmitted to us via cookies is no longer required for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.


6. Data transmission


We will only pass on your personal data to third parties if:


a) you have given your explicit consent in accordance with Art. 6(1) lit. a) GDPR

b) this is legally permissible and is necessary according to Art. 6(1) lit. b) GDPR for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures

c) according to Art. 6(1) lit. c) GDPR there is a legal obligation for the transfer.


We are legally obliged to transmit data to state authorities, e.g. tax authorities, social insurance carriers, health insurance funds, supervisory authorities and law enforcement authorities.


d) the disclosure according to Art. 6(1) lit. f) GDPR is necessary for the protection of legitimate company interests, as well as for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.


e) in accordance with Art. 28 GDPR, we use external service providers, so-called processors, who are obliged to handle your data with care.


We use such service providers in the following areas:

– IT


When transferring your personal data to external bodies in third countries, i.e. outside the EU or the EEA, we ensure that these bodies treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries for which the EU Commission has confirmed an appropriate level of protection or if we ensure the careful handling of personal data through contractual agreements or other suitable guarantees.



7. Contact options by e-mail


On our website you can contact us by e-mail.


a) Type and scope of data processing

You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us and to any personal data you make available when contacting us.


b) Purpose and legal basis

The purpose of data processing is to enable us to respond appropriately to your request.
The legal basis for this is Art. 6(1) f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request properly.


c) Storage period

The duration of the storage of the above data depends on the background of your contact. Your personal data is regularly deleted if the purpose of the communication no longer applies and storage is no longer necessary. This may result, for example, from the processing of your request.


8. Tracking and analysis tools


Google Analytics


a) Type and scope of data processing

We use the tracking tool Google Analytics. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 (“Google”).

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

On behalf of the operator of this website, Google will use this information for the purpose of systematically evaluating your use of the website, compiling reports on website activity and providing other services to website operators relating to website activity and internet usage.

If individual pages of our website are accessed, the following data is stored:


– Three bytes of the IP address of the calling system of the user (anonymized IP address)

– The website accessed

– The website from which the user accessed the page of our website (referrer)

– The subpages that are called from the called page

– The time spent on the website

– Frequency of a call of a site


We use Google Analytics with IP anonymization enabled. With the IP anonymization the IP addresses are shortened by the last octet (e.g. 192.168.79.***; so-called IP masking). It is no longer possible to assign the abbreviated IP address to the user’s computer or terminal device.


b) Purpose and legal basis

The Google Analytics service is used to analyze the usage behavior of our Internet presence. The legal basis is Art. 6(1) lit. f) GDPR. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.


c) Storage period

The stored data are deleted as soon as they are no longer needed for our recording purposes.


d) Right to object

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en


Learn more about the terms of use of Google Analytics:



For more information see the Google Analytics’ data practices: https://support.google.com/analytics/answer/6004245?hl=en


Integration of YouTube videos


a) Type and scope of data processing

We have included YouTube videos in our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660 (“Google”).

We use YouTube in conjunction with the privacy-enhanced mode feature to display videos to you.

Due to the privacy-enhanced mode feature, the data explained in more detail below will only be transmitted to YouTube’s server if you actually start a video.

YouTube collects your IP address, the date and time as well as the website you visited.

This takes place regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account.

If you are logged into YouTube at the same time, YouTube assigns the connection information to your YouTube account and uses it for purposes of advertising, market research and/or tailoring its website to suit your needs.


b) Purpose and legal basis

The legal basis is Art. 6(1) lit. f) GDPR. Our legitimate interest lies in improving the quality of our internet presence.


c) Storage period

The stored data will be deleted as soon as they are no longer needed for our purposes.


d) Right to object

YouTube permanently stores cookies on your terminal device via your Internet browser for the purpose of functionality and analysis of user behaviour.

If you do not agree with this processing, you can prevent the storage of cookies by changing the settings in your Internet browser.

If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

If you do not wish your profile to be assigned to YouTube, you must log out before activating the button.


Further information about the purpose and scope of data collection and processing by YouTube, please see Google’s privacy policy. There you will also find further information about your rights and setting options to protect your privacy:



9. Data security and security measures


We are committed to protecting your privacy and keeping your personal information confidential. For this purpose, we take extensive technical and organizational security measures, which are regularly reviewed and adapted to technological progress.
Among other things, this includes the use of recognized encryption methods (SSL or TLS). Unencrypted disclosed data, for example unencrypted e-mails, could possibly be read by third parties. We have no influence on that. It is the responsibility of the respective user to protect the data.


10. Changes to this data protection policy

We reserve the right to update this statement at any time if necessary.


11. Your rights


Here you will find your rights regarding your personal data. Details can be found in articles 7, 15-22 and 77 GDPR. In this regard, you can contact the controller (item 2) or the data protection officer (item 3).


a) Right to withdraw your data protection consent according to Art. 7(3) s. 1 GDPR

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing until revocation.


b) Right of access according to Art. 15 GDPR

You have the right to request confirmation whether we obtain personal data concerning you.

In this case you have the right to get information about your personal data as well as further information, e.g. the purposes of processing, categories of personal data concerned, the recipients and the planed period of storage or the criteria used to determine that period.


c) Right to obtain rectification and completion according to Art. 16 GDPR

You have the right to obtain the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to obtain the completion of incomplete data.


d) Right to erasure (“right to be forgotten”) according to Art. 17 GDPR

You have a right of erasure, as far as the processing is not necessary. This is the case, if your data is no longer necessary for the original purposes, for example if you have withdrawn your consent or if the data was processed unlawfully.


e) Right restriction of processing according to Art. 18 GDPR

You have the right to obtain processing, e.g. if you believe that the personal data is incorrect.


f) Right to data portability according to Art. 20 GDPR

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.


g) Right to object according to Art. 21 GDPR

You have the right to object at any time to the processing of certain personal data concerning you for reasons arising from your particular situation.

In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of advertising; this also applies to profiling, insofar as it is associated with direct marketing.


h) Automated individual decision-making, including profiling according to 22 GDPR

You have the right not to be subject to a decision based solely on automated processing – including profiling – except in the exceptional circumstances mentioned in Art. 22 GDPR.

A decision based solely on automated processing – including profiling – does not take place.


i) Right to lodge a complaint with a data protection supervisory authority according to 77 GDPR

You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.


Competent supervisory authority:


Bavarian State Office for Data Protection Supervision

PO Box 606

91511 Ansbach



Telephone: +49 (0) 981 53 1300

Telefax: +49 (0) 981 53 98 1300

E-mail: poststelle@lda.bayern.de