1. General Explanations
2. Definition of Terms and FAQ
a) What is the GDPR?
GDPR or, as it is also called, EU GDPR, is the abbreviation for General Data Protection Regulation. It is a regulation by the European Union, by means of which the rules for processing personal data by private companies and public bodies shall be standardised throughout the EU. On the one hand, this is to ensure the protection of personal data within the European Union. On the other hand, free data communications within the European Single Market shall be guaranteed at the same time.
b) What are personal data?
Personal data is defined as any information, which relates to a natural person, or which at least can be related to a natural person and therefore can be used to draw conclusions about the specific person.
Such information can be for example the name, address, date of birth or the e-mail address, but also the IP address assigned to the particular user when using the internet.
c) What is meant by (data) processing?
In accordance with Article 4 GDPR, data processing is every operation that is carried out with or without the assistance of automated procedures, or each such series of operations in connection with personal data. This term is to be understood in a very broad sense, so that it includes virtually all handling of data.
d) Who captures the data, or who is responsible for the data capture on this website?
In accordance with Article 4 GDPR, “Responsible Party” is the natural or legal person, authority, institution or other body which, jointly with others or by itself, makes decisions on the purpose and means of the processing of personal data. On this website, data is processed by us as operator of this website. The relevant contacts can be found in the legal notice of this website.
e) How do we capture your data?
Your data is collected by virtue of the fact that you are providing us with such data. This can be, for example, data you enter in a contact form or provide to us via telephone or via e-mail.
Data can also be collected automatically by our IT systems when our website is visited, namely as soon as you enter it. The data collected on this occasion are mostly of technical nature (f. ex. information about the operating system you are using, the internet browser you are using to enter the website, or the time the website was called up).
f) For what purpose are we using your data?
Some of the data is collected to ensure a faultless operation of our website. Other data, however, can be used to analyse your user behaviour.
g) What is job processing?
Job processing enables the transfer of the authorisation to process personal data to a service provider (contractor). For this purpose, the principal and the contractor enter into a job processing agreement, to ensure that the security of the data processed by contractors is guaranteed to the same extent in these circumstances.
h) What are your rights regarding your data?
You have the right, at any time, to obtain information on the origins, recipients and purpose of your stored personal data. You also have the right to demand the correction, blocking or deletion of this data. Further information about this can be found under II. 4. of this statement. In case of further queries regarding data protection, please contact us at any time at the address provided in the legal notice or at firstname.lastname@example.org. You also have the right to submit an appeal at the competent supervisory authority (for this, please see II.4 of this statement).
3. Analysis and Third-Party Tools
II. Mandatory and General Information
1. Data Protection
We would like to draw to your attention that, where data is transmitted via the internet (f. ex. via e-mail) it is not possible to provide complete protection of the data against access by third-parties, as security breaches can never be ruled out completely.
2. Reference to the Controller in accordance with Art. 4, para. 7 GDPR
“Controller” in accordance with Art. 4, para. 7 EU General Data Protection Regulation (GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Controller” in accordance with Art. 4, para. 7 GDPR for data processing on this website is:
represented by the Managing Director Dr. Stefan Siebrecht
Telephone: +49 2336 9150 216
Fax: +49 2336 9150 223
3. Withdrawal of Your Consent to Data Processing
Some data processing operations can only be carried out with your prior express consent. You may at any time withdraw your consent that you have previously given. To do this, an informal notice via e-mail to us is sufficient (email@example.com). The withdrawal does not affect the lawfulness of the data processing up to the withdrawal.
4. Your Rights
You have the following rights against us in respect of the personal data concerning you:
a) Right to information according to Art. 15 of GDPR
b) right to correction according to Art. 16 of GDPR or deletion according to Art. 17 of GDPR
In the context of valid legal regulations, you have the right at any time to receive free information about your stored personal data, their origin and recipients as well as the purpose of the data processing. If applicable, you have the right to correction, blocking or deletion of these data.
c) Right to restrict the processing according to Art. 18 of GDPR
You have also the right according to Art. 18 of GDPR to restrict the processing of your personal data, if one of the following situations arise:
- You question the accuracy of your personal data stored with us. You will have the right to demand a restricted processing of your personal data by us for the period of review to be conducted by us concerning any inaccuracy.
- The processing of your personal data by us is/was unlawful, but you do not want the deletion of the relevant data, and instead demand a restricted use of your personal data by us.
- We no longer need your personal data for the purposes of processing, but you want to exercise, defend or assert legal claims, and you need these data for that purpose. Even then you can demand a restricted processing of these data by us instead of their deletion.
- When you file an objection according to Art. 21, paragraph 1 of GDPR (see also under 4(e)), you have the right to demand a restricted processing of your personal data in the period of consideration of mutual interests between us.
If processing has been restricted due to one of the above situations, then these personal data, apart from their storage, can be processed only with your consent, or for the assertion, exercise or defence of legal claims, for the protection of rights of another natural or legal person, or for reasons of substantial public interest of the European Union or a Member State.
If you have enforced restriction of processing in accordance with the above, then you will be informed by us, before the restriction is lifted.
d) Right to data portability according to Art. 20 of GDPR
You also have the right to let us use for ourselves or to provide to a third party data, which we process automatically when executing a contract on the basis of your consent, and in a structured, latest and machine-readable format. If you require the direct transfer of data to anyone else responsible, it will be done only if it is technically feasible.
e) Right to object to the processing in special cases, as well as to the processing for the purpose of direct advertising according to Art. 21 of GDPR
If the legal admissibility of our processing of your personal data is based on Art. 6 para. 1 letter e) or f) of GDPR, you can refer to the data processing activities explained below for the appropriate legal basis. At any time you have the right to file objection to the processing of your personal data for reasons related to their particular situation;
this also applies to profiling (= an automated form of processing of personal data, the aim of which is to evaluate certain personal aspects of a natural person, in order to predict his behaviour and take appropriate decisions) based on these provisions.
Objection according to Art. 21, para. 1 of GDPR:
In the event of your objection, we will no longer process your personal data concerned, unless we can provide compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or the data processing is used for the assertion, exercise or defence of legal claims.
Objection according to Art. 21, para. 2 of GDPR:
If your personal data is processed for direct advertising, then you will have the right to file objection at any time to the processing of your personal data for the purpose of such advertising; this also applies to the profiling, provided it is related to such direct advertising. If, as the affected person, you object to the processing of your personal data for purposes of direct marketing, then the personal data will no longer be processed for these purposes.
With regard to the above rights explained in 4. a)- e), in particular, their exercise as well as all other questions related to personal data, you can contact us at any time at the address given in the imprint or via firstname.lastname@example.org.
f) Right to appeal to the competent supervisory authority according to Art. 77 of GDPR
In the event of a breach of the data protection regulation, as one of the affected party, you will have a right to appeal to the competent supervisory authority. In general, for this you may contact the supervisory authority of your place of usual residence or workplace, or contact our company headquarters.
The competent supervisory authority at our company headquarters for questions on data protection regulation is:
die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen [The state representative for data protection and freedom of information, North Rhine-Westphalia]
5. SSL or TLS Encryption
For security reasons and to protect the transmission of confidential contents, such as f. ex. enquiries and orders, which you are sending to us as website operator, our website uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of your browser, which changes from “http://” to “https://” and the padlock symbol in your browser line. If the SSL or TLS encryption is activated, third parties will not be able to read the data you are transmitting to us.
III. Data Capture on our Website
When you are using our website, cookies are stored on your computer. Cookies are small text files, which are stored on your hard drive, attached to the browser you are using, and by means of which certain information is fed to the entity setting the cookie (in this case, us). Cookies cannot run programmes or deliver viruses to your computer. They are used to make the internet offering as a whole more user-friendly and more effective.
a) This website uses the following types of cookies, whose scope and functioning are explained below:
– Transient cookies (see also b.)
– Persistent cookies (see also c.)
b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. They store a so-called session ID, enabling the attachment of various browser requests to the joint session. This means that your computer can be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified time which can differ depending on the cookie. You can delete the cookies at any time in the safety settings of your browser.
d) You can configure your browser setting according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
2. Server Log Files
Our hosting provider automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser.
Such information is:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific site)
- Access status/HTTP status code
- The quantity of data transferred in each case
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software
The above data are not combined with other data sources.
The collection of this data is required for technical reasons, to display our website to you and to ensure stability and security. The legal basis for this is Art. 6 para. 1, sentence 1 f GDPR.
For security reasons, in particular for the investigation of fraud and abuse cases, information in log files are stored for a maximum of 7 days and then deleted. Exempt from erasure as specified above is the continued storage of data, which is required for evidence purposes. Such data is stored until the respective matter has been concluded.
3. Use of Contact Form
When you are using our contact form to submit your enquiries to us, your details and contact data that you have entered on the form are stored for the processing of your query and to use in case of follow-up questions. We will not share this data without your permission.
The data you have provided in the contact form is thus processed solely on the basis of your consent and therefore on the legal basis of Art. 6, para. 1 a GDPR. You have the option at any time to withdraw this consent. To do this, an informal notice via e-mail to email@example.com is sufficient. The withdrawal does not affect the lawfulness of the data processing operations that were carried out up to the withdrawal.
The data you enter on the contact form and send to us will remain with us until you request us to delete it, you withdraw your consent for the storage of this data or the purpose for the storage of this data no longer exists (e.g. after your request has been processed). Mandatory statutory provisions – especially those related to retention periods – shall remain unaffected.
4. Form for Confirmation of Arrival (Entry Certificate)
Our website also offers the option to confirm the receipt of deliveries that we have sent to your company, via the so-called Entry Certificate form on our website.
We store the data you provide in the form as verification of the correct delivery of our goods.
The processing of this data is required to comply with our obligation to provide proof for tax purposes and is carried out in accordance with Art. 6, para. 1 f GDPR (Protection of legitimate interests).
The data that you provide and send to us remain with us until the purpose of the storage of such data no longer exists (f. ex. final completion of the business transaction). Mandatory statutory provisions – especially those related to retention periods for tax purposes – shall remain unaffected.
IV. Analyse Tools
1. Use of WordPress Statistics (WP Statistics)
We use the internal WordPress plugin “WP Statistics” on our website. This is used by us to evaluate user access. The evaluation is anonymous and purely for statistical purposes. The provider of this plugin is VeronaLabs (https://veronalabs.com/).
For anonymisation, we use an option of the plugin, which replaces the IP addresses in the database with hash values. A subsequent restoration of such anonymised IP addresses is not possible.
We have a legitimate interest in the anonymised analysis of the user behaviour, to enable us to continuously optimise our web offer. The legal basis for the use of WP Statistics is therefore Art. 6, para. 1 f GDPR.
The statistics are deleted after 365 days.
V. Plugins und Tools
1. Integration of YouTube Videos
We have integrated YouTube Videos into our online offering. These videos are stored at http://www.YouTube.com and can be played directly from our website. The videos are all integrated in the “expanded data protection mode”, which means that no date concerning you as user is transmitted to YouTube, if you do not play the videos. Only when you play the videos by pressing the play button, the data specified in the following paragraph 2 are transmitted. We have no influence on this data transmission.
As a result of the website visit, YouTube receives the information that you have called up the corresponding subpage of our website. In addition, the data specified in III. 3 of this policy are transmitted. This is done regardless of whether YouTube offers a user account and you are logged in, or whether there is no user account. If you are logged in to a YouTube account, your data will be assigned directly to your account. If you prefer that your profile is not assigned with YouTube, you must log out before you activate the button. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or appropriate presentation of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network of your activities on our website. You have the right to object to the formation of these user profiles, whereby you need to contact YouTube if you wish to exercise this right.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. You Tube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, which in turn is a subsidiary of Google LLC.
The integration of YouTube or their videos is in the interest of an appealing presentation of our online offerings, which in turn is a legitimate interest within the meaning of Art. 6, para. 1 f GDPR
VI. Links to our Social Media Sites
As a modern company, we are also represented on various social media channels. On our website, these channels are merely integrated as links to the corresponding services and not as plugins. After you click on each of the graphics integrated into our website, you are transferred to the site of the respective provider, so that user information is transmitted to the respective provider only at that point. Information on the handling of your personal data when you use the respective websites of the provider can be found in the respective privacy policies of the providers. These are:
The operator of Google + is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To ensure that our offers and our website remain up-to-date, further technical development is required occasionally, along with further or other procedures related to data protection, and which necessitate the amendment of the above Privacy Statement from time to time. The same applies in the event of new or amended legal and/or official requirements.