Erich R. Vogl
Phone: +49 9104-825-0
Data protection officer:
Last revised: 12/05/2018
1. Basic information on data processing and legal bases
A. This data privacy statement informs you about the nature, scope, and purpose of the processing of personal data within our online presence and the websites, functions, and contents connected with it (hereinafter jointly referred to as "online presence" or "website"). The data privacy statement applies regardless of the used domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online presence is presented.
B. For the terms used such as "personal data" or their "processing" we refer to the definitions in Art. 4 General Data Protection Regulation (GDPR).
C. The following is included in the personal user data processed within the scope of this online presence:
usage data (interests, visited websites, access times)
meta/communication data (device IDs, IP addresses)
master data (names, addresses)
contact data (e-mail, phone numbers, address)
content data (text inputs, photos)
D. The term "user" covers all categories of persons affected by data processing. These include:
users, website visitors
recipients of advertising measures
suppliers, service providers, partner companies and their employees
The terms used such as "user" are to be understood as gender-neutral.
E. We process personal user data only in accordance with the relevant data protection provisions. This means that the user data are only processed if this is permitted by law. That is, in particular, if data processing is necessary to perform our contractual services (e.g., processing of orders) or online services or is required by law, the user consented to it, and due to our legitimate interests (i.e., interest in the analysis, optimisation, and economic operation and security of our online presence within the meaning of Art. 6 para. 1 lit. f. GDPR, especially in the case of reach measurement, the creation of profiles for advertising and marketing purposes, as well as the collection of access data and the use of third-party services).
F. We point out that the legal basis of the consents is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing to perform our services and to implement contractual measures is Art. 6 para. 1 lit. b. GDPR, the legal basis for the processing to comply with our legal obligations is Art. 6 para. 1 lit. c. GDPR, and the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f. GDPR.
2. User rights
You have the right:
A. in accordance with Art. 15 GDPR to obtain access to your personal data processed by us. In particular, you may request information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of the right to request rectification, erasure, restriction of processing or to object, the existence of the right to lodge a complaint, the source of your data provided they have not been obtained from us, and the existence of automated decision-making, including profiling and meaningful information about the particulars if applicable.
B. in accordance with Art. 16 GDPR to obtain without undue delay the rectification of inaccurate personal data or completion of incomplete personal data stored by us.
C. in accordance with Art. 17 GDPR to obtain the erasure of your personal data stored by us, provided the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.
D. in accordance with Art. 18 GDPR to request restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose their erasure and we do not require the data any longer but you require them for the establishment, exercise, or defence of legal claims or you have objected to processing in accordance with Art. 21 GDPR.
E. in accordance with Art. 20 GDPR to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller.
F. in accordance with Art. 7 para. 3 GDPR to withdraw your consent given to us at any time. As a result, we must not continue the data processing based on this consent in the future. G. in accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. Usually, you may approach the supervisory authority at your habitual residence or place of work or law office for this.
3. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 s. 1 lit. f. GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation or to the extent that it is related to direct marketing. In the latter case, you have a general right to object, which we will implement without you having to state a particular situation.
4. Security measures
A. We take organisational, contractual, and technical security measures taking into account the state of the art to ensure that the data protection provisions are adhered to and to thus protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.
B. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
5. Transfer of data to third parties and third-party suppliers
A. Data are transferred to third parties only in accordance with the statutory provisions. We only transfer user data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b. GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in the economic and effective operation of our business.
B. If we use subcontractors to provide our services, we take suitable legal precautions as well as corresponding technical and organisational measures to ensure protection of the personal data in accordance with the relevant statutory regulations.
C. If any contents, tools, or other means by other suppliers (hereinafter jointly referred to as "third-party suppliers") are used within the scope of this data privacy statement and their office referred to is located in a third country, it is to be assumed that data transfer to the third countries of the third-party suppliers takes place. To be understood as third countries are countries in which the GDPR is no directly applicable law, i.e., basically countries outside the EU or the European Economic Area. Data are transferred to third countries if either an adequate level of data protection exists, the users consented to it or this is permitted by any other law.
6. Performance of contractual services
A. We process master data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) to fulfil our contractual obligations and render our services in accordance with Art. 6 para. 1 lit b. GDPR.
A. When contacting us (via the contact form or by e-mail), the user's data are processed in order to process and handle the contact inquiry in accordance with Art. 6 Abs. 1 lit. b. GDPR.
B. The users' data can be stored in our Customer Relationship Management System ("CRM System") or in a comparable inquiries organisation.
8. Collection of access data and log files
A. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data relating to every access to the server on which this service is located (so-called server log files). The access data include the name of the called website, file, date and time of the call, transferred amount of data, report on successful retrieval, browser type incl. the version, the user's operating system, referral URL (previously visited page), IP address, and accessing provider.
B. Log file information is stored for 14 days maximum for security reasons (e.g., to investigate acts of abuse or fraud) and then erased. Data the further storage of which is necessary for evidence purposes are excluded from erasure until final clarification of the respective incident.
9. Cookies & reach measurement
A. Cookies are information that is transferred by our web server or third-party web servers to the users' web browsers and stored there for later retrieval. Cookies can be small files or other kinds of information storage.
B. We use "session cookies", which are created on our online presence for the duration of the current visit only (e.g., to allow storage of your login status or the shopping cart function and thus the use of our online presence in the first place). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. Moreover, a cookie contains information on its source and the storage period. These cookies cannot store any other data. Session cookies are deleted once you have ended using our online presence and, for example, logged off or closed the browser.
D. If the users do not want any cookies be stored on their computers, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. If cookies are deactivated, this might lead to function restrictions of this online presence.
A. With the following notes we inform you about the contents of our newsletter and the subscription, dispatch, and statistical evaluation procedures as well as your right to object. By subscribing our newsletter, you agree with the receipt and the described procedures.
B. Content of the newsletter: We send newsletters, e-mails, and other electronic notifications with advertising information (hereinafter referred to as "newsletter") with the recipients' consent or with legal permission only. If the contents of the newsletter are concretely described within the scope of its subscription, they are relevant to the users' consent. Other than that, our newsletters contain information on our products, offers, campaigns, and our company.
C. Double opt-in and logging: Subscription of our newsletter takes place with a so-called double opt-in procedure. That is, after subscription you will receive an e-mail in which you are asked to confirm your subscription. This confirmation is required to make sure that nobody can subscribe with someone else's e-mail address. Subscriptions of the newsletter are logged in order to be able to prove the subscription process pursuant to the legal requirements. This includes storage of the time of subscription and confirmation as well as the IP address. Any changes of your data stored with the dispatch service provider will be stored, too.
D. Furthermore, according to own information, the dispatch service provider may use these data in a pseudonymous form, i.e., without allocation to a user, to optimise or improve its own services, e.g., for technical optimisation of the dispatch and representation of the newsletter or for statistical purposes, to determine from which countries the recipients are. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to transfer them to third parties.
E. Subscription data: To subscribe our newsletter, it is sufficient that you state your e-mail address. We optionally ask you to state a name so we can address you personally in the newsletter.
F. Statistical survey and analyses - The newsletters contain a so-called web beacon, i.e., a pixel-sized file that is retrieved from the dispatch service provider's server when the newsletter is opened. Within this retrieval, technical information is collected first of all, e.g., on the browser and your system, as well as your IP address and the time of retrieval. This information is used for technical improvement of the services by means of the technical data or the target groups and their reading behaviour by means of their retrieval locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include the determination whether the newsletters are opened, when they are opened and which links are clicked.
This information can, indeed, be allocated to the individual newsletter recipients for technical reasons. However, we do not aim to monitor individual users and neither does our dispatch service provider. The evaluations rather serve to recognise our users' reading habits and adapt our contents to that or to send different contents corresponding to our users' interests.
G. The deployment of the dispatch service provider, implementation of statistical surveys and analyses as well as logging of the subscription procedure take place on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR. Our interest is aimed at the application of a user-friendly and secure newsletter system, which serves our commercial interests and meets our users' expectations.
H. Unsubscription/revocation - You may unsubscribe our newsletter, i.e., revoke your consents, at any time. Thus, your consents to its dispatch through the dispatch service provider and the statistical analyses are revoked as well. Separate revocation of the dispatch through the dispatch service provider or the statistical evaluation is unfortunately impossible. A link for unsubscribing the newsletter can be found at the end of every newsletter. If users only subscribed the newsletter and have unsubscribed it again, their personal data will be erased.
12. Erasure of data
A. The data stored with us will be erased as soon as they are no longer required for their purpose and the erasure does not oppose to any legal obligation to retain data. If the users' data are not erased because they are required for other and legal purposes, their processing will be restricted. That is, the data will be made unavailable and not processed for other purposes. This applies, e.g., for user data that have to be retained on grounds of commercial or tax law.
B. In accordance with statutory provisions, data have to be retained for 6 years pursuant to Section 257 Subsection 1 HGB (German Commercial Code – account books, inventories, opening balances, annual financial statements, commercial letters, accounting records, etc.) and for 10 years pursuant to Section 147 Subsection 1 AO (German Fiscal Code – accounts, records, management reports, accounting records, commercial and business letters, documents relevant to taxation, etc.).
13. Changes to the data privacy statement
A. We reserve the right to change the data privacy statement in order to adapt it to changed legal situations or if the service or data processing is changed. However, this only applies with regard to statements relating to data processing. If consents by the users are required or parts of the data privacy statement contain regulations of the contractual relationship with the users, changes will only be implemented with the users' consent.
B. The users are kindly asked to inform themselves regularly about the content of the data privacy statement.