1. General Explanations
2. Definition of Terms and FAQ
a) What is the GDPR?
GDPR or, as it is also called, EU GDPR, is the abbreviation for General Data Protection Regulation. It is a regulation by the European Union, by means of which the rules for processing personal data by private companies and public bodies shall be standardised throughout the EU. On the one hand, this is to ensure the protection of personal data within the European Union. On the other hand, free data communications within the European Single Market shall be guaranteed at the same time.
b) What are personal data?
Personal data is defined as any information, which relates to a natural person, or which at least can be related to a natural person and therefore can be used to draw conclusions about the specific person.
Such information can be for example the name, address, date of birth or the e-mail address, but also the IP address assigned to the particular user when using the internet.
c) What is meant by (data) processing?
In accordance with Article 4 GDPR, data processing is every operation that is carried out with or without the assistance of automated procedures, or each such series of operations in connection with personal data. This term is to be understood in a very broad sense, so that it includes virtually all handling of data.
d) Who captures the data, or who is responsible for the data capture on this website?
In accordance with Article 4 GDPR, “Responsible Party” is the natural or legal person, authority, institution or other body which, jointly with others or by itself, makes decisions on the purpose and means of the processing of personal data. On this website, data is processed by us as operator of this website. The relevant contacts can be found in the legal notice of this website.
e) How do we capture your data?
Your data is collected by virtue of the fact that you are providing us with such data. This can be, for example, data you enter in a contact form or provide to us via telephone or via e-mail.
Data can also be collected automatically by our IT systems when our website is visited, namely as soon as you enter it. The data collected on this occasion are mostly of technical nature (f. ex. information about the operating system you are using, the internet browser you are using to enter the website, or the time the website was called up).
f) For what purpose are we using your data?
Some of the data is collected to ensure a faultless operation of our website. Other data, however, can be used to analyse your user behaviour.
g) What is job processing?
Job processing enables the transfer of the authorisation to process personal data to a service provider (contractor). For this purpose, the principal and the contractor enter into a job processing agreement, to ensure that the security of the data processed by contractors is guaranteed to the same extent in these circumstances.
h) What are your rights regarding your data?
You have the right, at any time, to obtain information on the origins, recipients and purpose of your stored personal data. You also have the right to demand the correction, blocking or deletion of this data. Further information about this can be found under II. 4. of this statement. In case of further queries regarding data protection, please contact us at any time at the address provided in the legal notice or at email@example.com. You also have the right to submit an appeal at the competent supervisory authority (for this, please see II.4 of this statement).
3. Analysis and Third-Party Tools
II. Mandatory and General Information
1. Data Protection
We would like to draw to your attention that, where data is transmitted via the internet (f. ex. via e-mail) it is not possible to provide complete protection of the data against access by third-parties, as security breaches can never be ruled out completely.
2. Reference to the Controller in accordance with Art. 4, para. 7 GDPR
“Controller” in accordance with Art. 4, para. 7 EU General Data Protection Regulation (GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Controller” in accordance with Art. 4, para. 7 GDPR for data processing on this website is:
represented by the Managing Director Dr. Stefan Siebrecht
Telephone: +49 2336 9150 216
Fax: +49 2336 9150 223
3. Withdrawal of Your Consent to Data Processing
Some data processing operations can only be carried out with your prior express consent. You may at any time withdraw your consent that you have previously given. To do this, an informal notice via e-mail to us is sufficient (firstname.lastname@example.org). The withdrawal does not affect the lawfulness of the data processing up to the withdrawal.
4. Your Rights
You have the following rights against us, with respect to the personal data concerning you:
a) Right of access
b) Right to rectification and erasure
c) Right to restriction of processing
d) Right to object to processing
Within the scope of the applicable statutory provisions, you have the right at any time, to obtain, free of charge, access to your stored personal data, their origins, and recipients as well as the purpose of the data processing. Where appropriate, you have a right to rectification, blocking or erasure of such data, as well as a right to restriction of processing and a right to object to the processing.
e) Right to Data Portability
You also have the right for data, which we have automatically processed on the basis of your consent, in order to implement a contract, to be passed to you or to a third party, in a structured, commonly used and machine-readable format. If you request the direct transfer of the data to another Controller, this will only be done where technically feasible.
Regarding the above-mentioned rights as well as all other queries relating to personal data, you may contact us at any time at the address provided in the legal notice or via email@example.com.
f) Right to lodge a complaint with the responsible supervisory authority
In the event of a data protection breach, as the data subject, you have the right to lodge a complaint with the responsible supervisory authority. The responsible supervisory authority in data protection issues is the commissioner for data protection in the federal state, in which the company’s registered office is located, therefore
the Commissioner for Data Protection and Freedom of Information Nordrhein-Westfalen
5. SSL or TLS Encryption
For security reasons and to protect the transmission of confidential contents, such as f. ex. enquiries and orders, which you are sending to us as website operator, our website uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of your browser, which changes from “http://” to “https://” and the padlock symbol in your browser line. If the SSL or TLS encryption is activated, third parties will not be able to read the data you are transmitting to us.
III. Data Capture on our Website
When you are using our website, cookies are stored on your computer. Cookies are small text files, which are stored on your hard drive, attached to the browser you are using, and by means of which certain information is fed to the entity setting the cookie (in this case, us). Cookies cannot run programmes or deliver viruses to your computer. They are used to make the internet offering as a whole more user-friendly and more effective.
a) This website uses the following types of cookies, whose scope and functioning are explained below:
– Transient cookies (see also b.)
– Persistent cookies (see also c.)
b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. They store a so-called session ID, enabling the attachment of various browser requests to the joint session. This means that your computer can be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified time which can differ depending on the cookie. You can delete the cookies at any time in the safety settings of your browser.
d) You can configure your browser setting according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
2. Server Log Files
Our hosting provider automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser.
Such information is:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific site)
- Access status/HTTP status code
- The quantity of data transferred in each case
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software
The above data are not combined with other data sources.
The collection of this data is required for technical reasons, to display our website to you and to ensure stability and security. The legal basis for this is Art. 6 para. 1, sentence 1 f GDPR.
For security reasons, in particular for the investigation of fraud and abuse cases, information in log files are stored for a maximum of 7 days and then deleted. Exempt from erasure as specified above is the continued storage of data, which is required for evidence purposes. Such data is stored until the respective matter has been concluded.
3. Use of Contact Form
When you are using our contact form to submit your enquiries to us, your details and contact data that you have entered on the form are stored for the processing of your query and to use in case of follow-up questions. We will not share this data without your permission.
The data you have provided in the contact form is thus processed solely on the basis of your consent and therefore on the legal basis of Art. 6, para. 1 a GDPR. You have the option at any time to withdraw this consent. To do this, an informal notice via e-mail to firstname.lastname@example.org is sufficient. The withdrawal does not affect the lawfulness of the data processing operations that were carried out up to the withdrawal.
The data you enter on the contact form and send to us will remain with us until you request us to delete it, you withdraw your consent for the storage of this data or the purpose for the storage of this data no longer exists (e.g. after your request has been processed). Mandatory statutory provisions – especially those related to retention periods – shall remain unaffected.
4. Form for Confirmation of Arrival (Entry Certificate)
Our website also offers the option to confirm the receipt of deliveries that we have sent to your company, via the so-called Entry Certificate form on our website.
We store the data you provide in the form as verification of the correct delivery of our goods.
The processing of this data is required to comply with our obligation to provide proof for tax purposes and is carried out in accordance with Art. 6, para. 1 f GDPR (Protection of legitimate interests).
The data that you provide and send to us remain with us until the purpose of the storage of such data no longer exists (f. ex. final completion of the business transaction). Mandatory statutory provisions – especially those related to retention periods for tax purposes – shall remain unaffected.
IV. Analyse Tools
1. Use of WordPress Statistics (WP Statistics)
We use the internal WordPress plugin “WP Statistics” on our website. This is used by us to evaluate user access. The evaluation is anonymous and purely for statistical purposes. The provider of this plugin is VeronaLabs (https://veronalabs.com/).
For anonymisation, we use an option of the plugin, which replaces the IP addresses in the database with hash values. A subsequent restoration of such anonymised IP addresses is not possible.
We have a legitimate interest in the anonymised analysis of the user behaviour, to enable us to continuously optimise our web offer. The legal basis for the use of WP Statistics is therefore Art. 6, para. 1 f GDPR.
The statistics are deleted after 365 days.
V. Plugins und Tools
1. Integration of YouTube Videos
We have integrated YouTube Videos into our online offering. These videos are stored at http://www.YouTube.com and can be played directly from our website. The videos are all integrated in the “expanded data protection mode”, which means that no date concerning you as user is transmitted to YouTube, if you do not play the videos. Only when you play the videos by pressing the play button, the data specified in the following paragraph 2 are transmitted. We have no influence on this data transmission.
As a result of the website visit, YouTube receives the information that you have called up the corresponding subpage of our website. In addition, the data specified in III. 3 of this policy are transmitted. This is done regardless of whether YouTube offers a user account and you are logged in, or whether there is no user account. If you are logged in to a YouTube account, your data will be assigned directly to your account. If you prefer that your profile is not assigned with YouTube, you must log out before you activate the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or appropriate presentation of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network of your activities on our website. You have the right to object to the formation of these user profiles, whereby you need to contact YouTube if you wish to exercise this right.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. You Tube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, which in turn is a subsidiary of Google LLC.
The integration of YouTube or their videos is in the interest of an appealing presentation of our online offerings, which in turn is a legitimate interest within the meaning of Art. 6, para. 1 f GDPR
VI. Links to our Social Media Sites
As a modern company, we are also represented on various social media channels. On our website, these channels are merely integrated as links to the corresponding services and not as plugins. After you click on each of the graphics integrated into our website, you are transferred to the site of the respective provider, so that user information is transmitted to the respective provider only at that point. Information on the handling of your personal data when you use the respective websites of the provider can be found in the respective privacy policies of the providers. These are:
The operator of Google + is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To ensure that our offers and our website remain up-to-date, further technical development is required occasionally, along with further or other procedures related to data protection, and which necessitate the amendment of the above Privacy Statement from time to time. The same applies in the event of new or amended legal and/or official requirements.