Data protection declaration (particularly in accordance with the GDPR)
1. Name and address of the responsible party:
The responsible party, as defined by the General Data Protection Regulation, other national data protection laws of the member states and other data protection regulations is:
Tel.: +49 (0) 212 - 3808128 - 0
2. General points
We only process the personal data of our users when necessary to provide a functional website and facilitate our contents and services. Users’ personal data is regularly only processed after users’ consent has been received. An exception applies in cases where prior consent cannot be obtained for genuine reasons and the processing of such data is permitted by law.
3. Legal basis for the processing of personal data
Personal data is processed on the basis of the EU General Data Protection Regulation (GDPR). More specifically:
- Insofar as we obtain the consent of the data subject to proceed with the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
- When processing personal data required to execute a contract which applies to the data subject as the relevant party, Article 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to the processing operations required to initiate pre-contractual measures.
- Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
- In the event that vital circumstances involving the data subject or another individual require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
- If processing is necessary to safeguard a legitimate interest of our company or a third party and provided the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
4. Deletion of data and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore, data may also be stored if scope to do so is provided for by the European or national legislator in EU regulations, laws or other provisions which apply to the person responsible. The data will also be blocked or deleted if the storage period stipulated pursuant to the aforementioned standards expires, unless there is a need for continued storage the data to conclude or fulfil a contract.
5. Description and scope of data processing when visiting the website
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is acquired:
- The web page accessed
- The IP address
- Time difference relative to UTC
- HTTP query
- HTTP status
- The website from which you came to our site
- The quantity of data transmitted in bytes
- Browser identification (name/version of the browser and operating system)
The data in question needs to be temporarily stored by the system to allow the website to be delivered to the user's computer. In particular, the IP address of the user must remain stored for the duration of the session. Our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR is also reflected in this purpose. The data will be deleted as soon as no longer needed to achieve the purpose for which it was collected. When data is collected to allow the website to be delivered, this applies when the respective session has ended. The collection of data to provide the website and storage of data in log files is crucial for the operation of the website. Accordingly, the user is not accorded a right of rejection in this case. In line with data economy requirements, the maximum storage period for the server log files is 14 days.
- Items in a shopping cart
- Log-in information
- Session ID
On our website, we offer users the opportunity to register by providing personal data. This involves the data being entered via an input mask, transmitted to us and saved. The data is not passed on to any third party. The following data is collected during the registration process:
- First name
- Company (optional)
- Street & house number
- Postcode & town/city
At the time of registration, the following data is also stored:
- IP address of the user
- Date and time of registration
As part of the registration process, user consent for the processing of this data is obtained. The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, provided the user has given consent. If the registration facilitates the fulfilment of a contract of which the user is party or the execution of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR. The user must complete registration to fulfil the contractual requirements imposed on him/her or carry out pre-contractual measures. The data will be deleted as soon as no longer needed to achieve the purpose for which it was collected. This applies during the registration process to fulfil a contract or implement pre-contractual measures when the data is no longer required to execute the contract. Even after concluding the contract, it may be necessary to store personal data of the contractual partner to meet contractual or legal obligations. As a user, you have scope to cancel the registration at any time. You can also amend the data stored about you at any time. If the data is required to fulfil a contract or carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.
8. Contact form and email contact
There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. These data include:
- First name (optional)
- Surname (optional)
At the time of sending the message, the following data is also stored:
- IP address of the user
- Date and time of registration
In the context of the sender process, your consent is obtained to process the data and reference is made to this data protection declaration. Alternatively, you can contact us via the email address provided. In this case, the personal data of the users transmitted with the email will be stored. This process will not involve transmission of any data to third parties. The data is used solely for processing the conversation. The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR, provided the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is initiated with the aim of concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The personal data from the input mask is only processed to facilitate the establishment of contact. In the event of receiving contact by email, this also constitutes a legitimate interest in the processing of data. The other personal data processed during the transmission process helps prevent misuse of the contact form and ensure the security of our IT systems. The data will be deleted as soon as no longer needed to achieve the purpose for which it was collected. This is done for personal data from the input mask of the contact forms and that sent by email when dialogue with the user is finished. This dialogue is deemed to be terminated when it can be inferred from the circumstances that any outstanding issues have finally been clarified. The additional personal data collected during the transmission process will be deleted after no more than 14 days. The user can revoke consent for the processing of personal data at any time. If the user contacts us by email, he/she can object to the storage of personal data at any time. Doing so, however, precludes any scope for further dialogue.
9. Rights of the affected party
If personal data concerning you is processed, you are defined within the scope of the GDPR as an affected party and entitled to the following rights vis-ŕ-vis the relevant responsible party:
a. Right of access
You can ask the relevant party to confirm whether personal data concerning you will be processed by us. If such processing has taken place, you can request the following information from the person responsible:
- the purposes for which the personal data is processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned storage duration of the personal data concerning you or, if specific details thereof are not possible, criteria for determining said storage period;
- the existence of a right to have personal data concerning you corrected or deleted, the right to have processing restricted by the responsible party in charge or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data, if personal data is not collected from the affected party;
- the existence of automated decision-making, including profiling as defined by Art. 22 paras. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the affected persons.
You have the right to request clarification as to whether personal data concerning you is transferred to a third country or an international organisation. In this context, you may request to be informed of appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
b. Right of rectification
You have a right of rectification and/or completion vis-ŕ-vis the relevant party responsible if the personal data processed concerning you is incorrect or incomplete. The responsible party shall implement any correction promptly.
c. Right to limitation of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the responsible party no longer needs the personal data for processing purposes, but you do need them to assert, exercise or defend legal claims; or
- if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the persons responsible outweigh your own reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another individual or legal entity or on the grounds of an important public interest of the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
d. Right to deletion
- Deletion obligation
You can demand that the responsible party delete the personal data concerning you promptly and the responsible party is obliged to delete this data promptly if one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you has been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the responsible party is subject.
- The personal data concerning you was collected in relation to Information Society services offered in accordance with Art. 8 para. 1 GDPR.
- Information to third parties
If the responsible party has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking the available technology and the implementation costs into account, to inform those responsible for data processing and who process the personal data, that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of the same.
The right to deletion does not exist if the processing is necessary:
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation required for processing under the law of the Union or of the Member States, to which the responsible party is subject, or to carry out a task in the public interest or in the exercise of official authority conferred on the responsible party;
- for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to preclude or seriously hinder the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
e. Right to information
If you have exercised your right of rectification, deletion or restriction of processing vis-ŕ-vis the responsible party, the responsible party is obliged to inform all recipients to whom the personal data concerning you has been disclosed of said rectification or deletion of the data or restriction on processing of the same, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients vis-ŕ-vis the responsible party.
f. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the responsible party in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible party, unhindered by the relevant responsible party to whom the personal data was provided, provided that
- processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is conducted via automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible party to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this process.
The right to data portability does not apply to the processing of personal data necessary to perform a task in the public interest or in the exercise of official authority entrusted to the responsible party.
g. Right to object
You have the right to object at any time, for reasons arising from your own specific circumstances, to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on these provisions. The responsible party shall then refrain from any further processing of personal data concerning you, unless it can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You may exercise your right to object in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, via automated procedures using technical specifications.
h. Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
i. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has a legal impact on you or significantly impairs you in a similar manner. This shall not apply where the decision to conclude or perform a contract between you and the responsible party is necessary, is admissible under Union or Member State law to which the responsible party is subject and where such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or is taken with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
If the cases mentioned in (1) and (3) apply, the responsible party shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to elicit the intervention of a person by the relevant responsible party, state their own position and challenge the decision.
j. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, particularly in the Member State where you reside, work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the scope for a judicial remedy in accordance with Art. 78 GDPR.