Data Privacy Statement
We take the protection of your data seriously and make every effort to collect and store as little data as possible. Nevertheless, a certain degree of storage and evaluation of user data is necessary in order to guarantee and improve the operation of this website. The use of this website is basically possible without having to provide any personal data. Also an allocation of data to a certain person does not take place – unless you tell us your name, for example in an email, via one of our forms or in the context of an order. If you use any of the services offered on this website or if this regularly requires the collection, processing and storage of personal data, such as your name, address, e-mail address or telephone number. This collection, processing and storage takes place in principle either on the basis of your explicit consent obtained beforehand or on the basis of a corresponding legal authorisation and on the basis of the provisions of the European Basic Data Protection Regulation and the German Federal Data Protection Act. We would like to inform you here about the type, scope and purpose of the data collected, processed, stored and used by us via this website as well as about your rights existing in this context. We use SSL transport encryption on this site. This serves, among other things, to protect confidential content, for example when we receive enquiries. You can see that the connection is actually encrypted in the address line of your browser, which always begins with “https://” and confirms the existing Trasport encryption with a green lock symbol.
NAME AND APPLICATION OF RESPONSIBILITY FOR PROCESSING
The person responsible in the sense of the data protection basic regulation and the other data protection-juridical regulations is: Marc A. Bonsels Blast Furnace Route 8 35688 Dillenburg, Germany Phone: +49 (0) 2771 84 86 36 email: firstname.lastname@example.org
The data protection law knows special terms which we also use in this data protection declaration in accordance with the legal definitions of the European data protection basic regulation. Therefore, in this data protection declaration the following terms are used “personal data” any information relating to an identified or identifiable natural person (“data subject”); “data subject” means the data subject any identified or identifiable natural person whose personal data are processed; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on-line identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person; “processing any operation or set of operations which is performed with or without the aid of automated means relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction; “Restriction of processing the marking of stored personal data with a view to limiting their future processing; “Profiling any automated processing of personal data consisting in the use of such personal data for the purpose of evaluating certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movement of that natural person; as a company committed to data protection, we refrain from any form of profiling; “Pseudonymization the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person; “File system” any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised according to functional or geographical criteria; “controller” (or: “controller”) means the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his designation may be laid down by Union law or by the law of the Member States; “processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; “Recipient a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing; “third party a natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor; the “consent” of the data subject any voluntary, specific, informed and unambiguous expression of will in the form of a statement or other unambiguous confirmatory act by which the data subject indicates his or her consent to the processing of his or her personal data; “Infringement of the protection of personal data”. a breach of security resulting in the destruction, loss or alteration, whether unintentional or unlawful, of, or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; “cross-border processing processing of personal data carried out in the course of the activities of establishments of a controller or of a processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State, or processing of personal data carried out in the course of the activities of an individual establishment of a controller or of a processor in the Union, but which has or may have a significant effect on data subjects in more than one Member State; “relevant and substantiated objection” means an objection as to whether or not there has been an infringement of this Regulation or whether the proposed action against the controller or the processor is in accordance with this Regulation, stating clearly the scope of the risks posed by the draft decision with regard to the fundamental rights and freedoms of the data subjects and, where appropriate, the free movement of personal data within the Union
LEGAL BASIS OF DATA PROCESSING
The processing of personal data by us takes place on the basis of the provisions of the European Basic Data Protection Regulation and the German Federal Data Protection Act: For processing operations for which we have obtained the consent for a the processing shall be carried out on the basis of Article 6(1)(a) of the basic Regulation on data protection. To the extent that the processing of personal data for the performance of a contract, where the contracting party is the data subject (e.g. for the supply of goods or the rendering of any other service or consideration) or for the implementation of pre-contractual measures (e.g. for inquiries regarding our products or services), the processing is based on Article 6 paragraph 1 letter b of the Basic Data Protection Regulation. Insofar as the processing of personal data is required on the basis of a legal obligation to which we are subject, such as the fulfilment of tax obligations or storage regulations under commercial law, the processing shall be carried out on the basis of Article 6 paragraph 1 letter c of the Basic Data Protection Regulation. Where, exceptionally, the processing of personal data should be necessary to protect the vital interests of the data subject or of another natural person, the processing would be carried out on the basis of Article 6(1)(d) of the basic Regulation. The processing of personal data necessary for the safeguarding of a legitimate The protection of personal data which is necessary in the interests of our company or a third party is based on Article 6(1)(f) of the Basic Data Protection Regulation, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. Such a legitimate interest is also the conduct of our business for the benefit of all our employees and shareholders.
On our Internet server, as on other web servers, a log file is kept. Data records are stored in this log file in which the IP address with which you are travelling on the Internet and the Internet service provider you are using Date and time of each access to our website, the exact URL of each web page you visit the data you requested from the server, general information about the web browser (in particular the browser type and version) and operating system you use to access the website, and partly the website from which you came to our Internet offer (the so-called “referrer”) can be recorded. This information will be for the correct delivery of the respective website for statistical purposes, to further improve our Internet offering to permanently guarantee the functionality and integrity of our information technology systems, including hazard prevention in the event of attacks on our information technology systems, and in the event of an attack on our information technology systems, to provide the necessary information to law enforcement authorities. This data is collected anonymously by us and stored separately from all personal data provided to us by the person concerned. The IP address is stored in a form shortened by the last octet.
COOKIES AND USE PROFILES
INTERN VISITOR STATISTICS
This website uses the open source software “Matomo (formerly Piwik)” for statistical analysis of visitor access (web analysis). Cookies are used for this purpose. The information generated by the cookies about the use of this website is stored exclusively on our servers hosted in Germany or the European Union. Within the scope of web analysis, the IP address used by visitors to our website is also used for the purposes of geographical user statistics. However, the IP address is shortened by the last octet immediately after processing and before storage, so that a regional allocation is still possible, but no conclusion on the actual user is possible. Important for you: You can generally prevent the installation of cookies by setting your browser software accordingly. Alternatively, you can object to the storage of our web analysis cookie:
The information obtained via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google will possibly pass on this collected information to third parties if this is legally required or if Google commissions data processing to third parties. However, Google will merge your IP address with the other stored data.
You can prevent the aforementioned cookies from being stored on your PC by making the appropriate settings in your Internet browser. However, this may result in the possibility that the contents of this website can no longer be used to the same extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
EMAIL AND CONTACT FORMS
If you send us an e-mail or contact us via a contact form, the personal data voluntarily transmitted to us will automatically be stored and, if necessary, processed for the purpose of processing or establishing contact. This includes – as far as indicated by you – in particular the name, address and email address you have given us. or e-mail address, your telephone number and any other information you voluntarily provide. If you contact us via a form provided on this website, the IP address you used will also be saved. As a matter of principle, we only use the personal data collected here to the extent necessary to process your enquiries and orders. In no case will this data be passed on to third parties unless we are legally obliged to do so.
DURATION OF SAVING, CLEARANCE AND LOCKING PERSONAL DATA
Personal data of the data subjects shall be processed or stored by the data controller only for the period of time necessary to achieve the storage purpose, subject to other statutory provisions. A further determining criterion for the duration of the storage of personal data is the respective legal retention period. Once the storage purposes have ceased to apply and existing legal storage periods have expired, the personal data shall be blocked or deleted by the data controller in accordance with the statutory provisions and requirements even without a corresponding request from the data subject.
YOUR RIGHTS AS PERSON
Below we describe the rights which each person affected by the processing of personal data has vis-à-vis the person responsible for the processing. If you wish to exercise any of these rights, you can contact our data protection officer or the data controller at any time. We recommend that you inform us of your wish either in writing or by e-mail to the address mentioned above. Every person affected by the processing of personal data must inform the data controller of the following the right to confirmation, i.e. the right to obtain from the data controller confirmation as to whether personal data relating to him will be processed; the right of access, i.e. in the case of the processing of personal data, a right of access to such personal data and to the following information: a) the purposes of the processing; (b) the categories of personal data to be processed; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) if possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration; (e) the existence of a right of rectification or erasure of personal data relating to them or of a right of limitation or of opposition to the processing by the controller; (f) the existence of a right of appeal to a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to the source of the data; (h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the basic Regulation on data protection and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. where personal data are transferred to a third country or to an international organisation, the right to be informed of the appropriate safeguards in accordance with Article 46 of the basic Regulation on data protection in connection with the transfer; the right to make available a copy of the personal data subject to the processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. Where the data subject submits the request by electronic means, the information shall be made available in a common electronic format, unless the data subject indicates otherwise. This right to receive a copy shall not prejudice the rights and freedoms of others; the right of rectification i.e. the right to ask the data controller immediately to rectify any inaccurate personal data concerning him. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement; the right to cancellation (“right to be forgotten”) i.e. the right to require the controller to delete personal data concerning him without delay and the controller is obliged to delete personal data without delay if one of the following reasons applies: (a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed. (b) The data subject shall withdraw the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the basic Regulation and there is no other legal basis for the processing. (c) the data subject objects to the processing pursuant to Article 21(1) of the basic Regulation and there are no overriding legitimate reasons for the processing or the data subject objects to the processing pursuant to Article 21(2) of the basic Regulation. (d) the personal data have been unlawfully processed. (e) The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject. (f) The personal data have been collected in relation to information society services offered in accordance with Article 8(1). Where the controller has made the personal data public and is obliged to delete them in accordance with paragraph 1, he shall take reasonable measures, including technical measures, to inform data controllers processing the personal data that a data subject has requested them to delete all links to or copies or replications of those personal data, taking into account available technology and implementation costs. This does not apply if the processing is necessary. (a) the exercise of freedom of expression and information; (b) to fulfil a legal obligation which processing is subject to under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller; (c) on grounds of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the basic Regulation on data protection; (d) for archival, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Article 89(1) of the basic Regulation on data protection, in so far as the said right is likely to make it impossible or seriously prejudicial to the attainment of the objectives of such processing; or e) to assert, exercise or defend legal claims. the right to limit the processing i.e. the right of a data subject involved in the processing of personal data to require the controller to erase personal data concerning him without delay and the controller is obliged to erase personal data without delay if one of the following reasons applies: (a) the accuracy of the personal data is contested by the data subject for a period of time which enables the controller to verify the accuracy of the personal data, (b) the processing is unlawful and the data subject refuses to erase the personal data and instead requests that the use of the personal data be restricted; (c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the exercise, exercise or defence of legal rights; or (d) the data subject has objected to the processing pursuant to Article 21(1) of the basic Regulation until it is established whether the legitimate reasons of the controller outweigh those of the data subject. Where processing has been limited as a result, such personal data shall not be processed, except with the consent of the data subject or for the exercise, exercise or defence of rights or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State, except where the data are stored. A data subject who has obtained a restriction on processing shall be informed by the controller before the restriction is lifted. The right to data portability i.e. the right of the data subject processing personal data to obtain the personal data concerning him which he has provided to a controller, in a structured, common and machine-readable format, and the right to communicate such data to another controller without interference from the controller to whom the personal data have been provided, provided that (a) the processing is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the basic data protection Regulation or on a contract pursuant to Article 6(1)(b) of the basic data protection Regulation; and (b) the processing is carried out by automated means. In exercising his right to data transfer, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller, in so far as this is technically feasible, without prejudice to the rights and freedoms of others. The exercise of this right to data transfer does not affect the right to cancellation (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The right to appeal, i.e. the right of the data subject to the processing of personal data to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her carried out pursuant to Article 6(1)(e) or (f) of the basic Regulation on data protection, including profiling based on those provisions. The controller shall no longer process the personal data unless he can prove compelling legitimate reasons for the processing outweighing the interests, rights and freedoms of the data subject or the processing is for the exercise, exercise or defence of legal rights. Where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him for the purposes of such advertising, including profiling, in so far as it is linked to such direct marketing. Where the data subject objects to processing for the purposes of direct marketing, personal data shall no longer be processed for those purposes. Notwithstanding Directive 2002/58/EC, the data subject may exercise his right of objection in relation to the use of information society services by means of automated procedures using technical specifications. The data subject shall have the right to object to the processing of his personal data concerning him for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the basic Regulation on data protection, on grounds relating to his particular situation, unless such processing is necessary for the performance of a task in the public interest. the right not to be the subject of an automated decision in a particular case (including profiling) which has legal effect in relation to it or which similarly significantly affects it. This shall not apply where the decision (a) necessary for the conclusion or performance of a contract between the data subject and the person responsible, (b) is authorised by legislation of the Union or of the Member States to which the data controller is subject and contains appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject; or (c) with the express consent of the data subject. In the cases referred to in points (a) and (c) above, the controller shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to obtain the intervention of a person from the controller, to present his or her views and to contest the decision. Automated decisions shall not be based on special categories of personal data unless the data subject has given his consent or processing based on Union law or the law of a Member State which is proportionate to the objective pursued, respects the nature of the right to data protection and provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject is necessary for reasons of substantial public interest.