The purpose of this policy is to inform you about the type and scope, as well as the purpose and legal basis of the processing of personal data on this website and on possible online presences in social networks. In addition, we specify here our information and notification commitments for the use of personal data in our company.
Name and address of the data controller
The company named in the imprint is the controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations.
Contact with the external data protection officer
The data protection officer of the data controller is:
Basic information on the processing of personal data
We collect and process personal data of our users only as far as this is necessary for the provision of a functional website or the provision of services of our company. Processing takes place only with your consent, or if a statutory provision obliges or permits us to process.
The security of your personal data has a high priority for us. We therefore protect your data by technical and organisational measures to prevent misuse. We regularly review the measures taken and adapt them to current technical conditions. In addition, we oblige all employees to maintain confidentiality in accordance with §28 GDPR.
Purposes and legal basis of processing, transfer to third parties and abroad
We process your data for the following purposes:
- Fulfilment of new or existing contractual relationships or for the implementation of pre-contractual measures, e.g. the preparation of offers
- Processing of inquiries, e.g. in the context of our core activity or for letters of application
- Provision of telemedia, e.g. our website or email
We process the data on the statutory basis of Art. 6 para. 1 GDPR:
- Art. 6 para. 1 lit. a GDPR: processing operations based on your consent
- Art. 6 para. 1 lit. b GDPR: processing procedures for the fulfilment of a contract or pre-contractual measures, e.g. a purchase or service contract or the solicitation of an offer
- Art. 6 para. 1 lit. c GDPR: processing procedures to which we are legally bound, e.g. storage for tax reasons
- Art. 6 para. 1 lit. f GDPR: processing operations that we carry out on the basis of our legitimate interests, e.g. passing on your data to postal service providers for the purpose of sending mail or to a tax consultant. This also includes storing information about website usage for the purpose of optimising our website.
The disclosure of your data to third parties is also based on the above permissions and only takes place within the context of an order processing contract or if other confidentiality obligations exist, including professional secrets or shipping service providers. If a transfer to third countries outside the European Economic Area takes place, a corresponding adequacy decision in accordance with Art. 45 GDPR of the respective third country must be present (e.g. for Switzerland) or corresponding guarantees of the recipients according to Art. 46 GDPR, e.g. certification within the scope of the Privacy Shield for companies in the USA.
Duration of storage, deletion of personal data
Personal data will only be processed and stored for the period necessary to fulfil the processing purposes. After fulfilment of the purpose, your data will be deleted or blocked by us, provided that we are no longer subject to any legal storage obligation.
Embedding of Font Awesome
We use external fonts to make our website look better. The legal basis for this is the protection of our legitimate interest under Art. 6 para. 1 lit. c GDPR.
By using Fonticons, Inc. fonts, this company collects and may store information about the use of fonts.
Embedding Google Maps, Google Fonts and YouTube
To improve our online offer by cartographic maps we, in order to exercise our legitimate interest according to art. 6 para. 1 lit. c GDPR, integrate Google Maps of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Through the use of Google Maps, Google also collects and may save data about the use of map functions.
In order to improve our online offering and for the exercise of our legitimate interest according to art. 6 para. 1 lit. c GDPR, we use fonts (“Google Fonts”) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Through the use of Google Fonts, Google also collects and may save data about the use of fonts.
In order to improve our online offering, and to exercise our legitimate interest according to art. 6 para. 1 lit. c GDPR, we use videos of the video platform YouTube of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Through the use of YouTube, Google also collects and may save data about the use of the videos.
Google is certified under the Privacy Shield Agreement, thereby guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Collection of access data and log files
We collect access data (log files) about every server access on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR. This includes the name of the accessed website, date and time of access, transferred file and data volume, notification of successful or unsuccessful access, browser type and browser version, the operating system, referrer URL (the previously visited page) and its IP address.
Log files are collected for security reasons (e.g. to investigate criminal offences), stored for a period of 7 days and subsequently deleted. If data are still required for evidence purposes, they will be excluded from deletion until the respective incident has been definitively resolved.
In order to guarantee a rapid and stable connection, we have outsourced hosting to an external service provider. It processes the above log data according to our specifications. The disclosure is made on the basis of our legitimate interest under Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR.
Cookies are files that are stored by the Internet browser on the user’s computer system. When this website is accessed, cookies are stored in the browser memory of the data subject.
We use technical cookies, as this is technically necessary for the operation of the service offered in accordance with Art 6 para. 1 letter f GDPR, i.e. to protect our legitimate interest.
Technical cookies are used to recognise a user when the website is called up again and thus, for example, to save language settings made, a shopping basket or similar beyond a single surfing session.
When contact is made (e.g. by contact form, email, telephone or social networks), the user’s personal data is processed to process the contact request in accordance with Art. 6 para. 1 lit. b GDPR, i.e. to fulfil a contract or pre-contractual measures. For this purpose, your data may be transferred to a client management program (CRM system). Please note that we are required to archive e-mails in accordance with the GoBD; complete deletion of e-mails sent to us (from our archive system) is therefore not possible.
Reference to the rights of the data subjects
If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information and data transfer
You have the right to request information about your personal data stored.
You have the right to receive the requested data in a common, machine-readable format.
Right to correction
You have the right to ask the data controller to correct any inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
Right of restriction
Under the following conditions, you may request that the processing of your personal data concerning you be restricted:
1) The accuracy of the personal data is disputed by the data subject for a period which enables the data controller to verify the accuracy of the personal data.
2) The processing is unlawful and the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
3) The data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims, or if
4) the data subject opposes the processing until it has been established whether the data subject’s legitimate reasons outweigh those of the data subject.
If processing has been restricted, such personal data may not be processed except with the data subject’s consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. We will inform you before the restriction is lifted.
Right to deletion
They may request the processing of their personal data to be deleted under the following conditions:
1) Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2) The data subject withdraws his consent and there is no other legal basis for the processing.
3) The data subject objects to the processing and there are no overriding legitimate grounds for processing.
4) The personal data have been processed unlawfully.
5) The deletion of personal data is necessary to fulfil a legal obligation under European law or the law of the Member States to which the data controller is subject.
6) The personal data was collected in relation to the use of web services.
Right to revoke a declaration of consent
You have the right to revoke your consent to the processing of personal data at any time. The revocation of consent will not affect the legality of the processing carried out on the basis of the consent until revocation.
Right to information
If you have exercised your right to correct, delete or limit the processing, we are required to inform all recipients to whom this data has been passed on, unless this involves a disproportionate effort or is impossible.
Right of objection
You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation, including profiling based on these provisions. The data controller no longer processes the personal data unless he can prove compelling grounds for protection for the processing which outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising, including profiling in so far as it is related to such direct marketing.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has a legal effect against you or significantly harms you in a similar manner. This does not apply if the decision
1) is necessary for the conclusion or performance of a contract between you and the data controller,
2) is admissible under European or Member State law to which the data controller is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
3) with your express consent.
Decisions under paragraph 2 may not be based on special categories of personal data under Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights, freedoms and legitimate interests of the data subject.
In the cases referred to in (1) and (3), the data controller will take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person from the data controller, to state your own position and to challenge the decision.
Right of appeal to a regulator
You have the right of appeal to a regulator, without prejudice to any other administrative or judicial recourse, in particular in the Member State of your habitual residence or place of work or the place of the suspected infringement, if you consider that the processing of personal data concerning you is contrary to the GDPR.
The regulator with which the complaint has been lodged will inform the complainant of the status and results of the complaint, including the possibility of judicial recourse under Article 78 GDPR.
Non-provision of personal data
If you do not provide us with personal data that we require for contractual purposes, this non-disclosure generally means that the contract cannot be concluded. We can clarify in individual cases whether a provision is legally obligatory or contractually prescribed and what consequences the non-provision would have in individual cases.