Information according to Art. 13, 14 and 21 of the General Data Protection Regulation (DS-GVO)

Dear visitors,
In the following, we inform you about the processing of your personal data (Art. 4 No. 2 DS-GVO) in connection with your visit to our Facebook presence. In this statement, you will receive information on the handling of your
personal data and the claims and rights to which you are entitled under the data protection regulations.

1. Who is responsible for data processing and whom can I contact?
Jointly responsible for the processing of your personal data are:
Poulten & Graf GmbH, Karl-Carstens-Str. 10, 97877 Wertheim, Germany.
You can reach the external data protection officer at:
Data Protection Officer, c/o Poulten & Graf GmbH, Karl-Carstens-Str. 10, 97877 Wertheim or
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
General information on data protection:
You can reach the data protection officer via the online contact form provided by Facebook at:

What data is processed and from which sources does it originate?
We would like to point out that when you use our Facebook presence, among other things, your IP address and possibly other information (cookies present on your PC) are collected by Facebook. This information is used to provide us, as the operator of the Facebook presence, with anonymized statistical information about the use of our Facebook presence (Facebook “Insights”). The legal basis for this processing is our legitimate interest justified by the above-mentioned purpose pursuant to Art. 6 (1) sentence 1 lit. f DS-GVO. Facebook provides more detailed information on this at the following link:
If you are currently logged in to Facebook as a visitor, a cookie with your Facebook ID is located on your end device. This enables Facebook to track that you have visited our Facebook presence and how you have used it. This also applies to all other Facebook pages. Via Facebook buttons embedded in websites, it is also possible to record your visits to these websites and assign them to your Facebook profile. Based on the data, content or advertising tailored to you can be offered. If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, as well as delete the cookies present on your device and exit and restart your browser. This will delete Facebook information through which you can be directly identified. This allows you to use our Facebook presence without revealing your Facebook identifier. When you access interactive features of the site (“Like”, “Comment”, “Share”, “News”, etc.), a Facebook login screen will appear. After any login, you will again be recognizable to Facebook as an identifiable user. After any login, you will again be recognizable to Facebook as an identifiable user.

3. How can I control the use of Facebook cookies and tracking?
a) Information about the use of cookies and how you can manage or delete information Facebook has about you can be found at or at Another way to disable and (re)enable Facebook cookies is through the following preference managers:
b) You can prevent tracking on mobile devices by selecting “Reset advertising ID” or “Reset ad ID” in the “Settings” menu area of your device. The advertising ID is linked to your user account, so it applies to every device with which you log in to Google or Apple, for example.

4. How are the responsibilities regulated with Facebook “Insights”
Facebook stellt uns für unsere Präsenz eine Funktion namens „Insights“ zur Verfügung ( Bei „Insights“ handelt es sich um zusammengefasste Daten, durch die wir Aufschluss darüber er-langen können, wie die Nutzer mit unserer Facebook-Präsenz interagieren. “Insights” may be based on personal data collected in connection with a visit or interaction of persons on or with our presence and its content.
In a judgment dated 05.06.2018 (Case C-210/16), the European Court of Justice (ECJ) ruled that the operator of a Face-book presence (Fanpage) is jointly responsible with Facebook for the processing of personal data. In the case of joint responsibility, it must be determined between the controllers who fulfills which obligation under the GDPR in accordance with Article 26 of the GDPR. In the context of an “Insights” supplement from Facebook, the following is agreed in this regard:
Facebook Ireland will assume primary responsibility under the GDPR for the processing of “Insights” data and will fulfill all obligations under the GDPR with respect to the processing of “Insights” data (including, but not limited to, Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR – see item 6.). Facebook Ireland will provide the essence of the “Insights” supplement to data subjects. Please see Facebook’s privacy policy at
We process “Insights” data exclusively for the purpose described under point 2 on the basis of our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DS-GVO. 1 Satz 1 lit. f DS-GVO.

Decisions regarding the processing of “Insights” data can only be made and implemented by Facebook Ireland. In doing so, Facebook Ireland decides at its sole discretion how to fulfill its obligations under the “Insights” Supplement. For the processing of “Insights” data, Facebook Ireland is the main establishment in the EU for all responsible parties. The lead supervisory authority is the Irish Data Protection Commission.
Facebook Ireland remains solely responsible for the processing of such personal data in connection with “Insights” that is not covered by the “Insights” Supplement. The “Insights” Supplement does not grant us any right to request disclosure of personal data of Facebook users processed in connection with Facebook products, including for “Insights” provided to us by Facebook Ireland.
If a data subject or a supervisory authority under the GDPR contacts us regarding the processing of “Insights” data and the obligations assumed by Facebook Ireland under the “Insights” Supplement, we are required to promptly, but no later than within 7 calendar days, provide all relevant information to Face-book Ireland, as well as make timely reasonable efforts to cooperate with Facebook Ireland in responding to any such request. Facebook Ireland will respond to requests in accordance with its obligations under the Insights Supplement. We ourselves are not authorized to act or respond on behalf of Facebook Ireland.

5. Is data transferred to a third country or international organization?
The data collected about you in this context will be processed by Facebook and may be transferred outside the European Union in the process. Facebook describes what information it receives and how it is used in its privacy policy (“Data Policy”). There you will also find information on the settings options for advertisements ( Facebook’s data protection declaration is available at the following link:

6. what data protection rights do i have?
Every data subject has the right to
– Information according to Art. 15 DS-GVO
– Correction according to Art. 16 DS-GVO
– Deletion according to Art. 17 DS-GVO
– Restriction of processing according to Art. 18 DS-GVO as well as
– – Data portability under Art. 20 DS-GVO.

To exercise the aforementioned rights, you can contact the offices listed under point 1 (“Who is responsible for data processing and whom can I contact?”). Since only Facebook has full access to user data, we recommend that you contact Facebook directly if you wish to make requests for information or ask other questions about your rights as a user.
Insofar as the processing of your personal data is carried out to safeguard our legitimate interests pursuant to Art. 6 1 lit. (f) DS-GVO, you may object to this processing in accordance with the legal requirements in Art. 21 DS-GVO. Further information on your right to object can be found at the end of this data protection notice in the “Information on your right to object pursuant to Article 21 DS-GVO”.
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 DS-GVO) if you are of the opinion that the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy. The data protection supervisory authority responsible for our company is:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart.