Data Protection Declaration

Data Protection Declaration of commotion GmbH – Version of May 2018

1. Definitions

In this Data Protection Declaration, terms are used as outlined in Article 1 of the General Data Protection Regulation (GDPR). Within the meaning of this Regulation, the term

  • “Data Subject” shall mean a specific natural person or a natural person that may be identified directly or indirectly by means which the controller, who is responsible for the processing, or any other natural or legal person, would use at their general discretion and in all probability, e.g. by means of a reference to an identification number, to location data, to an online identifier, or to one or several special features that are specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person;
  • “Personal Data” shall mean all information relating to a Data Subject;
  • “Processing” shall mean any operation performed with or without the help of automated procedures or any series of operations in connection with personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of the provision, alignment or combination, restriction as well as erasure or destruction of the data;
  • “File” shall mean any structured collection of personal data which is accessible on the basis of specific criteria, regardless of whether this collection is performed in a centralised or decentralised manner or is organised on the basis of functional or geographical aspects;
  • “Controller responsible for the Processing” shall mean any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes, conditions, and means of the processing of personal data; if the purposes, conditions, and means of the processing of personal data are provided for in national or European Union law, the Controller responsible for the Processing or the modalities of the nomination of this Controller may be governed by national or European Union law;
  • “Processor” shall be a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Controller responsible for the Processing;
  • “Recipient” shall mean a natural or legal person, public authority, agency or any other body to which personal data is transmitted;
  • “Consent of the Data Subject“ shall mean any explicit expression of intent, in the form of a declaration or any other unambiguous action, submitted without coercion, for the specific case and with knowledge of the circumstances, by means of which the Data Subject indicates that he/she agrees with the processing of the personal data relating to him/her;
  • “Personal Data Breach“ shall mean any breach of security resulting in the destruction, loss, alteration, whether accidental or unlawful, or to the unauthorised transmission of or the unauthorised access to personal data that has been transferred, stored or processed in any other manner;
  • “Supervisory Authority” shall mean a governmental body established by a member state in accordance with Article 46 of the GDPR.


2. Name and Contact Details of the Controller responsible for the Processing

This Data Protection Declaration shall apply to the data processing carried out by   

commotion GmbH
Max-Keith-Str. 46 | Haus A

D-45136 Essen

Fon +49 (0)201 890607-0
Fax +49 (0)201 890607-40

info (please no spam) @ (please no spam)


3. Collection and Storage of Personal Data as well as Type and Purpose of its Use

a) If you contact us (e.g. by telephone, e-mail or in writing) and/or work with us, we will collect the following information:

  • form of address, name, surname;
  • company name (in the case of legal persons);
  • address;
  • telephone number (landline and/or mobile phone number), fax number;
  • a valid e-mail address;
  • commercial register number and registration court (in the case of legal persons);
  • turnover tax identification number (in the case of commercial customers);
  • information that we need for working on your specific projects.


We collect this data in order to

  • be able to identify you as our customer;
  • be able to provide specific services to you;
  • correspond with you;
  • issue invoices;
  • handle any possible liability claims as well as to assert any possible claims against you.


The data will processed as a result of your enquiry / on the basis of you commissioning us and is required and permitted in accordance with Article 6, subsection 1, sentence 1, lit. b of the GDPR for the indicated purposes and for the appropriate handling of the business relationship as well as for fulfilling of obligations which arise from the contractual relationship by both parties.

The personal data collected by us for the provision of services to you will be stored until the expiry of the statutory periods related to retention and documentation obligations (e.g. arising from the German Commercial Code [Handelsgesetzbuch, HGB] and the German Fiscal Code [Abgabenordnung, AO]) and will be deleted subsequently, unless you have granted your consent to a storage for a longer period of time in accordance with Article 6, subsection 1, sentence 1, lit. a of the GDPR.

In accordance with the statutory requirements in Germany, the data shall be retained for 6 years in accordance with Section 257, subsection 1 of the German Commercial Code if it is contained in commercial books, inventories, opening balance sheets, annual accounts, commercial letters, accounting records, etc., and for 10 years in accordance with Section 147, subsection 1 of the German Fiscal Code if it is contained in books, records, management reports, accounting records, commercial and business letters, taxation-relevant records, etc.


b) Any access to our website will be logged. Our website access provider / hosting service provider collects data related to each access to these domains (server logfiles).

The browser used on your end device will automatically send this information to the server of our website. It will be stored temporarily in a logfile. The following information will be collected automatically and will be stored until the automated erasure subsequent to the expiry of the applicable statutorily required periods (currently six weeks):

  • browser type and version;
  • operating system used;
  • referrer URL;
  • host name of the accessing computer;
  • time of the server request;
  • IP address.


This data will not be combined with other data sources. The basis of the data processing is Article 6, subsection 1, sentence 1, lit. b of the GDPR which permits the data processing for fulfilling a contract or taking pre-contractual measures.


The aforementioned data will be processed for the following purposes:

  • ensuring a smooth connection establishment of the website;
  • ensuring a comfortable use of our website;
  • analysis of the system security and stability as well as
  • for other administrative purposes.


The website provider / hosting services provider shall use the log data only for statistical analyses for the purpose of the operation, security, and optimisation of the services provided. However, they shall reserve the right to examine the log data subsequently if there is a justified suspicion of an unlawful use based on specific grounds.

The legal basis for the data processing is Article 6, subsection 1, sentence 1, lit. f of the GDPR. The justified interest results from the purposes for the data collection set out above. In no event shall the collected data be used to draw conclusions to your person.


4. Data Protection Declaration regarding Google Maps

We use the product Google Maps by Google Inc. to display the directions for finding our office. By using our website, you declare your consent to the collection, processing as well as use of the data which is collected in an automated manner by Google Inc., their representatives as well as third parties. The terms of use of Google Maps are available here:


5. Data Protection Declaration regarding Cookies

Our website uses cookies. These are small text files that are stored on your hard drive only for the duration of your visit to our website and that are erased depending on the setting of your browser programme when the browser is closed. These cookies will not retrieve any data about you that is stored on your hard drive and will not impair your PC or your files. Most of the browsers are configured in a way that they accept cookies automatically. However, you may disable the storage of cookies or configure your browser so that it makes you aware of the sending of cookies.

In the case that you do not agree with cookies being placed on your end device, you may object to that here:


Generally, normal browsers offer the option to not accept cookies. Please note that if you perform the described settings, we cannot ensure that you will be able to access all functions of our website.


6. Transmission of Data

We will not transmit your personal data defined in item 3 above to third parties.


7. Rights of Data Subjects

You have the right,

  • in accordance with Article 15 of the GDPR, to request information from us regarding your personal data processed by us. In particular, you may request information regarding the processing purposes, the categories of the personal data, the categories of recipients to which your personal data will be or has been disclosed, the intended storage time, the existence of a right to rectification, erasure, restriction of the processing or objection, the existence of a right to lodge complaints, the origin of your data (unless we have collected them) as well as the existence of automated decision-making including profiling and significant information regarding its details (if applicable);
  • in accordance with Article 16 of the GDPR, to request without delay the rectification of incorrect personal data or the completion of your personal data stored by us;
  • in accordance with Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless the processing is required for exercising the right to free expression and information, for complying with a statutory obligation, for reasons of the public interest or for asserting, exercising, or defending legal claims;
  • in accordance with Article 18 of the GDPR, to request the restriction of the processing of your personal data if you deny the correctness of the data, the processing is unlawful, but you object to its erasure or we no longer require the data, but you require them for asserting, exercising or defending legal claims, or you have objected to the processing in accordance with Article 21 of the GDPR;
  • in accordance with Article 20 of the GDPR, to receive your personal data that you provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller;
  • in accordance with Article 7, section 3 of the GDPR, to revoke at any time in relation to us your consent once granted. This shall result in the fact that we will no longer be permitted to continue the data processing that was based on this consent; and
  • in accordance with Article 77 of the GDPR, to lodge a complaint with a supervisory authority. Usually, you may approach for that purpose the supervisory authority of your usual place of residence or place of work or of the registered seat of our company.


8. Right to object

If your personal data is processed on the basis of justified interests in accordance with legitimate interests in accordance with Article 6, subsection 1, sentence 1, lit. f of the GDPR, you are entitled to object to the processing of your personal data in accordance with Article 21 of the GDPR if there are reasons for this arising from your specific situation or the objection is directed against direct advertising. In the latter case, you are entitled to a general right to object which will be implemented by us without stating a special situation. If you would like to exercise your right to revocation or objection, an email to info (please no spam) @ (please no spam) shall be sufficient.


9. Currentness and Changes to this Data Protection Declaration

This Data Protection Declaration is currently valid and is the version of May 2018. Due to the further development of our website and services offered through it or due to changed statutory requirements or requirements of authorities it may be required to change this Data Protection Declaration. The version of the Data Protection Declaration applicable in each case may be retrieved and printed at any time from the website at