II. Introduction
This data protection declaration is intended to provide you as a customer or interested party with a detailed overview of how and to what extent your data is collected, stored, processed, passed on and transmitted by us when you visit our pages or use our services. It is also intended to give you an overview of the data protection measures we have in place and the options available to you when you visit our site and use our services.
In order to be able to ensure the protection of your data in the future, in particular in accordance with new legal requirements and technical developments, it is essential to adapt this data protection declaration from time to time. We therefore recommend that you read our information and notes on data processing again at regular intervals.
1. Object of protection
The object of protection is your personal data. In the GDPR, this is defined in Art. 4 No.1 as information relating to an identified or identifiable person. This means all data that has a reference (whether direct or indirect) to you, e.g. first name, surname, addresses, e-mail addresses, user behaviour, etc.. Data related to online websites or services that do not belong to us or that we do not control are not part of this privacy policy.
2. When and to what extent do we process personal data?
Below is an overview of all the ways in which we process your personal data.
2.1 For the provision of contractual services/registration
We process inventory data and contractual data in order to be able to fulfil our contractual obligations and services. (Art. 6 Para. 1 lit. b GDPR)
2.2 Establishing contact
If contact is made by e-mail or by contact form, the information is processed to the extent necessary to answer your questions.
2.3 Visiting our website
When you visit our website, we or our authorised service providers may use cookies or similar technologies. The information collected in this way helps us to better adapt our services to the needs of our customers, to make them better and faster and, above all, to make them even more secure. They also serve advertising purposes. You can find more information on this in the “In-depth” section.
3 Legal basis for the processing of personal data
If your consent is obtained for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis. This legal basis also applies to processes that are necessary for the implementation of pre-contractual measures.
If the processing serves the fulfilment of a legal obligation, Art. 6 para. 1 lit. c GDPR is the legal basis.
If the processing serves vital interests of data subjects or other natural persons, Art. 6 (1) (d) GDPR is the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests and rights of the data subject do not outweigh the company’s interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
4. Data deletion and storage period
The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law. According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
5. How do we protect personal data?
We implement physical, technical and administrative security measures to adequately protect your personal data from loss, misuse, unauthorised access, disclosure and alteration. These security measures include firewalls, data encryption, permission controls for access to data and we choose our server locations very carefully. We are committed to securing our systems and services.
In addition, it is your responsibility to check that the personal data we hold about you is accurate and up to date.
6.When do we share data?
Firstly, we would like to assure you that we do not sell, lend or rent your personal data. Data will only be passed on if, for example, this is indispensable for the fulfilment of our contractual obligations, we have a legitimate interest or we have your consent. Every contractual partner of ours is conscientiously and carefully selected and we oblige them to protect all data in accordance with legal regulations. For this reason, we also conclude a Data processing contract with the processor in accordance with Art. 28 of the GDPR.
7. Links
Our website may contain links to websites of other providers for whose content we are not responsible and to which this data protection declaration does not extend.
8. your rights
As soon as personal data of yours is processed, you are a data subject within the meaning of the GDPR. You therefore have the following rights vis-à-vis the data controller (i.e. us):
– Right to information,
– Right to correction or deletion,
– right to restriction of processing,
– the right to object to processing,
– right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.