top of page
Logo of Adventure Fireworks from Dresden

PRIVACY POLICY

Privacy Policy

1. General Information
In accordance with the applicable data protection laws – in particular the German Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR) – we inform you below about the type, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For definitions of terms such as “personal data” or “processing,” please refer to Article 4 of the GDPR.

2. Name and Contact Details of the Controller
Adventure Fireworks
Christopher Gose
Seminarstr. 4a
01067 Dresden
Email: kontakt@adventure-fireworks.de

3. Categories of Data, Purposes of Processing, and Data Subjects
3.1 Categories of Data Processed
• Usage data (e.g. access times, visited websites, browser information)
• Master data (e.g. name, address)
• Contact data (e.g. phone number, email, fax)
• Communication data (e.g. IP address)

3.2 Purposes of Processing
• Technical and commercial optimization of the website
• Statistical analysis and evaluation of user behavior
• Improving usability and user experience
• Marketing, sales, and advertising
• Customer support and relationship management
• Processing contact inquiries

3.3 Categories of Data Subjects
Visitors and users of the website, customers, and prospective clients — collectively referred to as “users”.

4. Legal Basis for Processing
We process personal data based on the following legal bases:
• Consent (Article 6(1)(a) GDPR): when you have given explicit consent.
• Contract performance (Article 6(1)(b) GDPR): when necessary to fulfill a contract or pre-contractual measures.
• Legal obligation (Article 6(1)(c) GDPR): when required by law (e.g. retention obligations).
• Vital interests (Article 6(1)(d) GDPR): to protect vital interests of you or another person.
• Legitimate interests (Article 6(1)(f) GDPR): to pursue our legitimate business interests, provided your rights do not override them.

5. Disclosure of Personal Data to Third Parties and Data Processors
We do not share your personal data with third parties without your consent, except as permitted or required by law – for example, to payment providers for contract performance, under court orders, or to fulfill legal obligations such as law enforcement or protection of intellectual property.
We may engage external service providers (data processors) such as web hosting providers or database operators to process data on our behalf in accordance with Article 28 GDPR. We select our processors carefully, audit them regularly, and ensure they apply appropriate technical and organizational security measures.

6. Data Transfers to Third Countries
As a general rule, your data is processed within the European Union (EU) or the European Economic Area (EEA). If processing occurs in third countries, it is carried out in compliance with Articles 44 ff. GDPR, ensuring an adequate level of protection through mechanisms such as EU adequacy decisions or EU Standard Contractual Clauses. For U.S. providers, compliance with the EU–U.S. Data Privacy Framework ensures equivalent data protection standards.

7. Data Retention and Deletion
Unless otherwise stated in this privacy policy, personal data will be deleted or blocked once the purpose of processing no longer applies or consent is withdrawn, unless retention is required by law or for evidence purposes. Examples include commercial retention of correspondence (§257 HGB – 6 years) and tax retention of records (§147 AO – 10 years). Once these periods expire, data is deleted unless still required for contract performance.

8. Automated Decision-Making
We do not use automated decision-making or profiling.

9. Website Operation and Server Log Files
When visiting our website for informational purposes only, we collect only the data that your browser automatically transmits to our server:
• IP address
• Internet service provider
• Date and time of access
• Browser type, version, and language
• Accessed content and HTTP status
• Time zone
• Data volume transferred
• Referring website
These data are necessary to ensure the secure and efficient delivery of our website, analyze performance, and prevent misuse. The legal basis is our legitimate interest under Article 6(1)(f) GDPR. Server logs are stored for 300 days and then automatically deleted unless required for evidence in the event of security incidents.

10. Cookies
We use cookies when you visit our website. Cookies are small text files stored on your device by your browser. They allow us to recognize users upon revisiting our site. Cookies may contain pseudonymized user identifiers (“user IDs”).

Cookie Types
• Essential cookies: Required for core site functionality (e.g. logins, cart, language settings).
• Session cookies: Temporary cookies deleted when you close your browser; used to recognize repeat visits during a session.
• Persistent cookies: Remain after your session for functions such as login persistence, analytics, or marketing; automatically deleted after a set period.
• Third-party cookies: Set by external providers (e.g. advertisers). You can disable them in your browser settings, but this may limit functionality.

Purpose of Processing
To ensure technical functionality, enhance performance, and provide a secure and user-friendly experience.

Legal Basis
• Consent (Article 6(1)(a) GDPR) – when you opt in.
• Legitimate interest (Article 6(1)(f) GDPR) – for technically necessary cookies.
• Contract necessity (Article 6(1)(b) GDPR) – when cookies are required for orders or transactions.

Storage Duration / Deletion
Cookies are deleted once they are no longer needed for their purpose. You can delete cookies manually in your browser settings or block their storage at any time.

Opt-out links:
AboutAds (US): https://optout.aboutads.info
YourOnlineChoices (EU): http://www.youronlinechoices.com/de/praferenzmanagement/

11. Contact via Form, Email, Fax, or Mail
When contacting us by form, email, fax, or post, your information is processed to handle the inquiry. Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR) in responding to inquiries. If the inquiry relates to a contract, Art. 6(1)(b) GDPR applies. Data is deleted once the inquiry has been resolved, unless retention is required (e.g. commercial correspondence: 6 years; tax-related: 10 years). You may withdraw consent or object to data storage at any time by contacting us.

12. Contact by Telephone
When contacting us by phone, your phone number and related data may be processed for handling your inquiry, proof of communication, and potential callbacks. The data is stored temporarily in the device’s memory and deleted automatically in accordance with system routines. The legal basis is our legitimate interest under Art. 6(1)(f) GDPR, or contract performance under Art. 6(1)(b) GDPR.

13. Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Data processed: User ID, anonymized IP address, access times, device and browser data.
Google processes data within the EU with IP anonymization (“anonymizeIP”). Only in rare cases is the full IP sent to the U.S. and truncated there. Google evaluates usage, compiles reports, and provides insights to us as the website operator. Your data is not merged with other Google data.
Purpose: To analyze and improve our website and optimize user experience.
Legal Basis: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR). For contractual services, Art. 6(1)(b) GDPR applies.
Storage Duration: Data linked to cookies, user IDs, or advertising IDs are automatically deleted after 14 months.
Data Transfer: To Google servers in the U.S. under the EU–U.S. Data Privacy Framework.
Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=en

14. YouTube Videos
We embed YouTube videos (Google Ireland Limited, Dublin, Ireland) using the extended privacy mode. This prevents tracking cookies unless you actively play a video. By starting playback, you consent to YouTube processing your data for advertising purposes. If logged into Google, data may be associated with your account.
Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR).
Data transfer: To the U.S. under the EU–U.S. Data Privacy Framework.
More info: https://policies.google.com/privacy

15. Google Maps
We use Google Maps (Google Ireland Limited) to display interactive maps. When you access such pages, your IP and location data are transmitted to Google. If logged into your Google account, this may be linked to your profile.
Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR).
Data transfer: To the U.S. under the Data Privacy Framework.
More info: https://www.google.com/intl/en/help/terms_maps.html

16. Social Media Presence
We maintain profiles on social networks. When visiting our pages, the respective network’s privacy terms apply. Social networks may process user data for market research and advertising, creating usage profiles for personalized ads within and beyond the platform.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) or consent (Art. 6(1)(a) GDPR).
Data transfer: To networks such as Facebook, Instagram, or Twitter, certified under the EU–U.S. Data Privacy Framework.
Provider links:
Facebook: https://www.facebook.com/about/privacy/
Instagram: https://help.instagram.com/519522125107875
Twitter: https://twitter.com/privacy

17. Rights of Data Subjects
You have the following rights under the GDPR:
• Right to withdraw consent (Art. 7 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You may exercise these rights at any time by contacting:
Adventure Fireworks
Seminarstr. 4a
01067 Dresden
Email: kontakt@adventure-fireworks.de

18. Data Security
To protect all personal data transmitted to us, we implement appropriate technical and organizational measures. All data transmitted between your browser and our server is encrypted via SSL/TLS.

Last updated: December 28, 2019
Source (adapted): DSGVO Privacy Policy Template – Juraforum.de
 

bottom of page