Data Privacy

Information on the EU General Data Protection Regulation

We take the protection of your personal data very seriously.
Your privacy is an important concern for us.

The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR). In particular, taking into account the information obligations under Art. 12 to 14 GDPR, as well as to inform you about the existing data subject rights under the GDPR in accordance with Art. 15 to 22 and Art. 34 GDPR.

Information about the responsible party

Responsible for the processing of your personal data

Data protection officer
Last name, first name
XXXXXXX GmbH, XXXXXXX Str.XX, XXXXXX XXXXXXX
Phone: +49 (0) XXXXX,
Fax:+ 49 (0) XXXXXX,
E-mail: kundenservice(at)XXXXXXX.de

Information for website users

We process your personal data in accordance with the applicable legal data protection requirements for the purposes listed below:

Scope

This privacy policy applies to this website.

Purpose of data collection

The purpose of the data collection is the optimization of the website, the error analysis, the individual tailoring to your needs, the offer to contact you and, if applicable, the sale of goods and services.

General information on data processing

As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of your data:

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art.6 para.1 lit.a EU Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art.6 para.1 lit.b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art.6 para.1 lit.c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art.6 para.1 lit.d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art.6 para.1 lit.f GDPR serves as the legal basis for the processing.

Legitimate interests may include, in particular:

the answering of inquiries;the implementation of direct marketing measures;
the provision of services and/or information intended for you;
the processing and transfer of personal data for internal or administrative purposes;
the operation and management of our website;the technical support of users;
the prevention and detection of fraud and crime;
the protection against payment defaults when obtaining credit reports for requests for supplies and services; and/or
ensuring network and data security, to the extent that these interests are in each case consistent with applicable law and with the rights and freedom of the user;

Categories of recipients

Service providers for website optimization, online marketing service providers and tools, service companies for information and communication technology, companies for software and equipment maintenance, some described in more detail below
Social networks and communities as described in more detail below
internal recipients according to the "need to know" principle

Usage data/server log files

Each time our website is called up, our systems automatically collect data and information from the computer system of the calling computer.

The following types of data are collected: Browser type, version used, user's operating system, Internet service provider, user's IP address, date and time of retrieval, websites from which the user's system has accessed our website or to which the user has accessed from our website.

The legal basis for the temporary storage of the data and the log files is Art.6 para.1 lit. f GDPR with the above-mentioned legitimate interests.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Use of cookies

We use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all website functions to their full extent. You can manage cookies from some US companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.

Content from external providers

On our website, we use active JavaScript content that may also come from external providers such as Google. By calling up our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin 'NoScript' or disabling JavaScript in your browser. However, this may lead to functional restrictions.

Some of our websites integrate third-party content within the offer, such as videos from YouTube, map material from Google Maps, images, texts and multi-media files, RSS feeds or other services from other websites. This always requires a transmission of your IP address to the providers of this content. We cannot make any statement about the use of your data by these providers and also have no influence on the further processing. In particular, not about whether the data is used for other purposes, such as profiling. Please refer to the relevant data protection notices of the respective third-party providers. Among other things, you can protect yourself against further tracking by tracking pixels of these providers by disabling the acceptance for third-party cookies in your browser settings.

General statements about WebBeacons / tracking pixels

WebBeacons are invisible graphics with the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user across various websites for profiling for use in advertising tailored to the user (targeting). A pixel embedded in the website is loaded from the partner's server when the website is called up. This provides the partner with your IP address, as well as information about your browser and its version, as well as browser plug-ins used (browser fingerprint), your operating system and your network operator

Contact form and e-mail contact

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are: Name, address, mail address, telephone number, etc. At the time the message is sent, the following data is also stored: IP address, date and time. For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing is:

For the processing of data after registration for the newsletter by the user, if the user has given consent, Art.6 para.1 lit. a GDPR.
For the processing of data transmitted in the course of sending an e-mail, Art.6 para.1 lit.f GDPR with the above-mentioned legitimate interests.
If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art.6 para.1 lit.b GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Data transfer

If you provide us with personal data, this will only be passed on to third parties if this is necessary to process the contractual relationship or if another legal reason legitimizes this transfer.

However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.

Storage periods

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Some of the aforementioned processes or services are performed by carefully selected and contracted service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, a third country transfer takes place. Data protection agreements in accordance with the legal requirements are contractually stipulated with these service providers to establish an appropriate level of data protection and corresponding guarantees are agreed.

Information about your rights

You have the right,

to request confirmation from us as to whether personal data relating to you is being processed by us; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
to demand the surrender of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes the handover (as far as possible) to another data controller directly designated by you.
to demand that we correct your data if it is incorrect, inaccurate and/or incomplete. Correction also includes completion through explanations or notification.
to demand from us that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies. Unfortunately, we may not delete data that is subject to a statutory retention period. If you would like us to stop contacting you by newsletter or other means, we will store your contact data in this regard on a blacklist.
revoke any consent given by you with effect for the future without any disadvantages for you.
to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies.
object to the processing of personal data relating to you at any time on grounds relating to your very specific situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
without prejudice to any other administrative or judicial remedy and if you consider that the processing of personal data concerning you infringes the GDPR, complain to
- our data protection officer
- a supervisory authority in the member state of your residence, workplace or the place of the alleged infringement. The following supervisory authority is responsible for us: The Hessian Commissioner for Data Protection and Freedom of Information.

If you have any questions or comments about data protection (for example, about accessing and updating your personal data), please contact us under the heading "Data protection".

Responsible for the processing of your personal data

Data protection officer
Last name, first name
XXXXXXX GmbH, XXXXXXX Str.XX, XXXXXX XXXXXXX
Phone: +49 (0) XXXXX,
Fax:+ 49 (0) XXXXXX,
E-mail: kundenservice(at)XXXXXXX.de

Deletion of your data

Unless otherwise regulated in the more detailed data protection declarations, we will delete your personal data when the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been fulfilled and there are no other statutory retention obligations or statutory justification bases for storage.

Definitions

For the purposes of this general information, the term:

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.
Controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Recipient means a natural or legal person, public authority, agency or other body to whom Personal Data is disclosed, whether or not a third party.
Third party means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Changes to the privacy policy

We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. The updated statement will become effective upon publication, subject to applicable law. If we have already collected data about you that is affected by the change and/or is subject to a legal duty to inform, we will additionally inform you about significant changes to our privacy policy.