Privacy Policy

Introduction and general information

This privacy policy (as of July 2025) gives you a transparent overview of which personal data we process as the controller and the processors commissioned by us.

We are subject to German data protection law and the provisions of the European General Data Protection Regulation (GDPR).

Further data protection notices and other legal documents may apply to individual or additional activities and operations.

Contact details of the person responsible

Responsible for data processing is:

Gabriele and Bernd Zimmermann
Hagmühle 2
88279 Amtzell

e-mail: info@gestuet-amurath.de


We explicitly point out at the appropriate place if there are other controllers for the processing of personal data in individual cases.

Area of application

This privacy policy applies to all online presences including all websites and also to our social media profiles on

Instagram and Facebook.

Terms and legal bases

Personal data is all data that can be used to directly or indirectly identify you personally („data subject“). In this context, we process in particular information that a data subject voluntarily and personally transmits to us when contacting us - for example by post, e-mail, contact form or telephone. We may store such information in an address book or with comparable electronic/digital tools, for example.

We only process personal data if at least one of the following legal bases applies.

•          Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of
§ 25 para. 1 TDDDG. Consent can be revoked at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

•          Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the fulfilment of a contract with the data subject and for the implementation of pre-contractual measures.

•          Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfil a legal obligation.

•          Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or of another natural person.

•          Art. 6 para. 1 lit. e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.

•          Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data in order to safeguard the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to carry out the activities and operations when visiting our website or in our joint business relationship in a permanent, user-friendly, secure and reliable manner. In addition, our interest in simple communication, ensuring information security, protection against misuse, the enforcement of our own legal claims and compliance with applicable law.

Type, scope, purpose and duration of data processing

The personal data processed by us may fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data, usage data and location data and payment data.

We process personal data for the duration required for the respective purpose(s) or as required by law. Personal data whose processing is no longer required is deleted or anonymised.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialised providers whose services we use. We also guarantee data protection for such third parties.

If you transmit personal data to us via third parties, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of the personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, if and to the extent that such processing is permitted by law.

Rights of data subjects

Data subjects whose personal data we process have so-called data subject rights in accordance with the GDPR. These include in particular the following rights in your favour:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to demand the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
  • pursuant to Art. 21 GDPR to object to the processing of your personal data if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and if there are reasons arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you object, your personal data will no longer be used for the purpose of direct advertising;
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future; and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

Note on data transfer to the USA and other third countries

Among other things, we also use tools from companies based in the USA or other third countries that are not secure under data protection law. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries.

With regard to data transfer to the USA, the USA is considered a safe third country on the basis of the „EU-US Data Privacy Framework“ if the recipient of the data based in the USA is certified under the EU-US Data Privacy Framework or other suitable guarantees (e.g. standard contractual clauses of the EU Commission) are in place.

Where possible, we endeavour to use tools from EU providers and, if not, to at least select server locations within the EU if this option is provided by the tool providers.

Security of data processing

We take suitable technical and organisational measures to ensure data security appropriate to the respective risk. Unfortunately, however, we cannot guarantee absolute data security.

Our website is accessed using transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Ninja Firewall

We use the firewall plug-in „Ninja Firewall“ to protect our website.

The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza 367 - 375 Queen's Road Central, Sheung Wan, Hong Kong.

Ninja Firewall protects our website from unauthorised access and cyber attacks. For this purpose, the IP address, time of page access and referrer of the website visitor are recorded.

The IP address is anonymised by removing the last 3 characters.

The data is stored on our own web server for 45 days and then automatically deleted. The data is not transferred to the provider of Ninja Firewall or to other third parties.

You can find more information in the privacy policy of the provider of Ninja Firewall at https://nintechnet.com/about/ and under https://blog.nintechnet.com/ninjafirewall-general-data-protection-regulation-compliance/ .

The use of Ninja Firewall is based on Art. 6 para. 1 lit. f GDPR (our legitimate interest in a secure website).

Cookies

We may use cookies. Our own cookies (first-party cookies), as well as cookies from third parties whose services we use (third-party cookies), are data that are stored in your browser. Cookies are not software programmes and do not contain viruses, Trojans or other „malware“. Cookies also cannot access information on your PC or end device.

Cookies can be stored temporarily in your browser as „session cookies“ or for a certain period of time as so-called permanent cookies. „Session cookies“ are automatically deleted when you close your browser. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognise your browser the next time you visit our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.

If we use cookies and to the extent necessary, we will obtain your express consent for the use of cookies. If consent to the storage of cookies has been requested, the processing takes place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time for the future.

Necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR (our legitimate interest in cookies for the technically error-free and optimised provision of our services) if no other legal basis is specified.

You can completely or partially deactivate or delete cookies in your browser settings at any time. Without cookies, our website and some functions may no longer be fully available.

We use Real Cookie Banner's cookie consent technology on our website to obtain and document your consent to the storage of certain cookies or the use of certain services.

The provider is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.

There is no connection to Real Cookie Banner servers. Real Cookie Banner sets a cookie in your browser to assign your consent or its revocation.

The data collected in the process will remain with us until you ask us to delete it, you delete the cookie yourself, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR (compliance with our statutory obligation to obtain and document consent).

You can find out more about the data processed through the use of Real Cookie Banner in devowl.io's privacy policy at https://devowl.io/de/datenschutzerklaerung/ .

Hosting

Our website is hosted by STRATO. The provider is STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany.

When you visit our website, STRATO collects various log files such as the browser type and version, the operating system used, the referrer URL, the date and time of the server request, the IP address and other data.

You can find out more about the data that STRATO processes when you visit our website at https://www.strato.de/blog/dsgvo-logfiles/ and in STRATO's privacy policy at https://www.strato.de/datenschutz/.

STRATO is used on the basis of Art. 6 para. 1 lit. f GDPR (our legitimate interest in a stable and reliable presentation of our website) or on the basis of Art. 6 para. 1 lit. a GDPR (your consent) and, if applicable, § 25 para. 1 TDDDG. Consent can be revoked at any time with effect for the future.

We have concluded an order processing contract (AVV) with the above-mentioned provider.

Contact via e-mail, telephone or contact form

If you contact us via e-mail, telephone or contact form, your enquiry including all personal data resulting from it (name, e-mail address, telephone number, etc.) will be processed for the purpose of handling your contact. The data will not be passed on without your consent.

The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (fulfilment of a contract or implementation of pre-contractual measures) or on the basis of Art. 6 para. 1 lit. f GDPR (our legitimate interest in processing enquiries addressed to us) or on the basis of Art. 6 para. 1 lit. a GDPR (your consent).

All data sent to us by you in connection with a contact enquiry or other communication will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Instagram

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If you are logged into your Instagram account during your visit to our Instagram profile, Meta can assign your visit directly to your user account. Even if you are not logged in, your personal data may be processed, e.g. your IP address.

The data collected enables Meta to create user profiles and thus display interest-based advertising to you, even outside of Instagram.

We have no further knowledge of and no influence on the data processing and analyses carried out by Meta.

The data collected from you will be transferred to the USA or possibly also to other third countries and processed there. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework (data protection framework between the EU and the USA). With this certification, Meta undertakes to comply with the data protection standards of the EU.

You can find more information on data transfer at

https://de-de.facebook.com/help/566994660333381/?helpref=uf_share

https://www.facebook.com/legal/terms/dataprocessing and

https://www.facebook.com/legal/EU_data_transfer_addendum

https://www.facebook.com/privacy/policies/data_privacy_framework

We are jointly responsible with Meta for the data processing (Art. 26 GDPR) that takes place during your visit to our Instagram profile. For you, this means that you can assert your data subject rights (see section 6) against us or against Meta. Please note, however, that despite our joint responsibility, we are limited and bound by Meta's obligations to cooperate and provide information. Unfortunately, we have no influence over this.

Our Instagram presence is intended to maximise our presence on social media and on the internet. The basis for this is Art. 6 para. 1 lit. f GDPR (our legitimate interest). The legal basis for the analysis activities carried out is based on Art. 6 para. 1 lit. a GDPR and, if applicable, § 25 para. 1 TDDDG (your consent).

Further information on Meta's data processing, in particular on the storage period of your data, can be found in Meta's privacy policy at

https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 or under https://privacycenter.instagram.com/policy.

Facebook

We have a profile on Facebook. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If you are logged into your Facebook account during your visit to our Facebook profile, Meta can assign your visit directly to your user account. Even if you are not logged in, your personal data may be processed, e.g. your IP address.

The data collected enables Meta to create user profiles and thus display interest-based advertising to you, including outside of Facebook.

We have no further knowledge of and no influence on the data processing and analyses carried out by Meta.

The data collected from you will be transferred to the USA or possibly also to other third countries and processed there. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework (data protection framework between the EU and the USA). With this certification, Meta undertakes to comply with the data protection standards of the EU.

You can find more information on data transfer at

https://de-de.facebook.com/help/566994660333381/?helpref=uf_share

https://www.facebook.com/legal/terms/dataprocessing and

https://www.facebook.com/legal/EU_data_transfer_addendum

https://www.facebook.com/privacy/policies/data_privacy_framework

We are jointly responsible with Meta for the data processing (Art. 26 GDPR) that takes place during your visit to our Facebook profile. This means that you can assert your data subject rights (see section 6) against us or against Meta. Please note, however, that despite our joint responsibility, we are limited and bound by Meta's obligations to cooperate and provide information. Unfortunately, we have no influence over this.

Our Facebook presence is intended to maximise our presence on social media and on the internet. The basis for this is Art. 6 para. 1 lit. f GDPR (our legitimate interest in the greatest possible visibility in social media). The legal basis for the analysis activities carried out is based on Art. 6 para. 1 lit. a GDPR and, if applicable, Section 25 para. 1 TDDDG (your consent). Consent can be revoked at any time with effect for the future.

Further information on Meta's data processing, in particular on the storage period of your data, can be found in Meta's privacy policy at

https://www.facebook.com/privacy/policy/ .

Matomo (self-hosted)

We use the web analysis service Matomo (formerly Piwik) for our website. The provider is InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. With Matomo, we can analyse the behaviour of visitors to our website and gain insight into various data such as page views, length of stay on individual pages, mouse clicks, operating system and access location. This data is anonymised and stored on our own server within the European Union, so that no transfer to third countries is necessary. Your IP address is anonymised so that your visit to our website can no longer be clearly assigned.

Matomo is used on the basis of Art. 6 para. 1 lit. a GDPR (your consent), if applicable together with § 25 para. 1 TDDDG, or Art. 6 para. 1 lit. f GDPR (our legitimate interest in analysing visitor behaviour on our website in order to optimise our offer and our website). You can revoke your consent at any time with effect for the future.

Further information on data processing by Matomo can be found in Matomo's privacy policy at: https://matomo.org/privacy-policy/

Matomo Opt Out

Google Fonts

We use „Google Fonts“ on our website for the appealing and uniform presentation of fonts. Google Fonts is a product of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google fonts are installed locally. This prevents a connection to Google's servers when you visit our website.

Further information on Google Fonts in general can be found at:

https://developers.google.com/fonts/faq/privacy?hl=de or in Google's privacy policy at: https://policies.google.com/privacy.

Google Fonts are used on the basis of Art. 6 para. 1 lit. f GDPR (our legitimate interest in an appealing and uniform presentation of the typeface on our website) or on the basis of Art. 6 para. 1 lit. a GDPR (your consent) and § 25 para. 1 TDDDG. Consent can be revoked at any time with effect for the future.

We may amend and supplement this privacy policy at any time. We will inform you of such amendments and additions in a suitable form, in particular by publishing the current data protection declaration on our website.