Privacy policy

Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data with which you can be personally identified. Detailed information on data protection can be found in the privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section “Information on the Responsible Entity” in this privacy policy.

How do we collect your data?

Some data is collected when you provide it to us. This may include, for example, data entered into a contact form.

Other data is collected automatically or after your consent when you visit the website through our IT systems. This primarily includes technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors.

Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. Furthermore, you have the right to request restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

You may contact us at any time regarding this or any other questions on data protection.

2. Hosting

We host the content of our website with the following provider: Firebase Hosting

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Firebase”). Firebase Hosting is a tool for creating and hosting websites. When you visit our website, Firebase Hosting analyzes user behavior, visitor sources, the region of website visitors, and visitor numbers. Firebase Hosting stores cookies on your browser that are required to display the website and ensure security (essential cookies). The data collected via Firebase Hosting may be stored on servers worldwide, including servers in the USA.

Details can be found in Firebase Hosting’s privacy policy:
https://firebase.google.com/support/privacy

Data transfers to the USA and other third countries are based on the European Commission’s Standard Contractual Clauses or comparable safeguards pursuant to Art. 46 GDPR. Details can be found here:
https://firebase.google.com/support/privacy

Firebase Hosting is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting). Consent can be revoked at any time.

The company is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these standards. Further information is available at:
https://www.dataprivacyframework.gov/s/participantsearch/participantdetail?contact=true&id=a2zt0000000GnbGAAS&status=Active

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a legally required contract that ensures the provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data that can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this occurs.

Please note that data transmission over the Internet (e.g. communication by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Information on the Responsible Entity

The responsible entity for data processing on this website is:

An den Pappeln 4a
21521 Wohltorf
Germany
Phone: +49 (0)4104 9621236
Email: info@sojuhalle.com

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, deletion will take place once these reasons no longer apply.

Legal Bases for Data Processing

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed. In the case of explicit consent to the transfer of personal data to third countries, processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device, processing is also based on § 25(1) TTDSG. Consent can be revoked at any time.

If data is required for contract fulfillment or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. If data is required to fulfill a legal obligation, processing is based on Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal basis is explained in the respective sections of this privacy policy.

Recipients of Personal Data

As part of our business activities, we cooperate with various external parties. In some cases, this requires the transfer of personal data.

We only transfer personal data to external parties if this is necessary for contract fulfillment, if we are legally obliged to do so, if we have a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits the transfer. When using processors, personal data is transferred only on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent

Many data processing operations are only possible with your explicit consent. You can revoke consent at any time. The legality of data processing carried out prior to the revocation remains unaffected.

Right to Object (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time. After objection, your personal data will no longer be used for direct marketing purposes.

Right to Lodge a Complaint

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format, or to have it transmitted to a third party, insofar as technically feasible.

Access, Rectification, and Erasure

Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of processing, as well as the right to rectification or deletion.

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data, particularly if:

you contest the accuracy of your data,
the processing is unlawful,
the data is no longer required but needed for legal claims,
you have objected under Art. 21(1) GDPR and interests have not yet been balanced.

Restricted data may only be processed with your consent or for legal claims or important public interest reasons.

4. Social Media

Social Media Elements with Shariff

This website uses social media elements (e.g. Facebook, X, Instagram, Pinterest, XING, LinkedIn, Tumblr). To ensure data protection, we use the “Shariff” solution, which prevents automatic transmission of personal data to social media providers upon page load.

Only when you activate a social media element by clicking it is a direct connection established (consent). Once activated, the provider receives your IP address and information about your visit.

Facebook

This website integrates elements of Facebook, provided by Meta Platforms Ireland Limited, Dublin, Ireland. Data may also be transferred to the USA and other third countries.

Use is based on consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR). We and Meta Platforms Ireland Limited are jointly responsible for data collection and transfer (Art. 26 GDPR). Further details and agreements are available at:
https://www.facebook.com/legal/controller_addendum

Instagram

This website uses Instagram features provided by Meta Platforms Ireland Limited. When activated, a direct connection is established. If logged into Instagram, the visit may be linked to your account.

Data transfers are based on Standard Contractual Clauses and the EU–US Data Privacy Framework.

5. Newsletter

Newsletter Data

If you subscribe to our newsletter, we require your email address and confirmation that you are the owner and consent to receiving the newsletter. Data is processed solely on the basis of your consent (Art. 6(1)(a) GDPR). You may unsubscribe at any time via the link in the newsletter.

After unsubscribing, your data will be deleted unless stored in a blacklist to prevent future mailings. This serves compliance with legal requirements and is based on legitimate interest (Art. 6(1)(f) GDPR).

6. Plugins and Tools

Google Maps

This website uses Google Maps, provided by Google Ireland Limited. Use of Google Maps requires storage of your IP address, which is usually transferred to servers in the USA.

Use is based on legitimate interest (Art. 6(1)(f) GDPR) or consent where required. Data transfers are based on Standard Contractual Clauses and the EU–US Data Privacy Framework.

Item added to your cart