This post is also available in: Deutsch
Name and contact details of the person responsible
Our responsible person (hereinafter “responsible”) in accordance with Art. 4 Zif. 7 GDPR is:
Data Protection Officer
Types of data, purposes of processing and categories of data subjects
In the following, we inform you about the nature, scope and purpose of the collection, processing and use of personal data.
1. Types of data we process
Inventory data (name, address, etc.), contact data (telephone number, e-mail, fax, etc.), payment data (bank data, account data, payment history, etc.), contract data (subject of the contract, term, etc.), content data (text entries, videos, photos, etc.),
2. Purposes of processing in accordance with Article 13(1) 1 (c) GDPR
processing of contracts, fulfilment of contractual obligations, customer service and customer care,
3. Categories of data subjects under Article 13(1) 1 (e) GDPR
The persons concerned are collectively referred to as “users”.
Legal bases for the processing of personal data
In the following we inform you about the legal bases for the processing of personal data:
- If we have obtained your consent for the processing of personal data, Art. 1 p. 1 lit. (a) GDPR legal basis.
- If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, which are carried out at your request, Article 6(4) is 1 p. 1 lit. (b) GDPR legal basis.
- If the processing is necessary for the fulfilment of a legal obligation to which we are subject (e.g. statutory retention obligations), Article 6(4) is 1 p. 1 lit. c) GDPR legal basis.
- Where the processing is necessary to protect the vital interests of the data subject or of another natural person, Article 6(4) is required. 1 p. 1 lit. d) GDPR legal basis.
- If the processing is necessary to safeguard our or the legitimate interests of a third party and in this respect your interests or fundamental rights and freedoms do not prevail, article 6(4) shall be 1 p. 1 lit. (f) GDPR legal basis.
Disclosure of personal data to third parties and processors
Without your consent, we do not pass on any data to third parties. If this is the case, the transfer will take place on the basis of the aforementioned legal bases, e.g. in the transfer of data to online payment providers for the performance of the contract or on the basis of a court order or due to a legal Obligation to release the data for the purpose of law enforcement, security or enforcement of intellectual property rights.
We also use processors (external service providers e.g. for web hosting our websites and databases) to process your data. If data is passed on to processors as part of an agreement on contract processing, this is always done in accordance with Article 28 GDPR. We carefully select our processors, check them regularly and have given us the right of instruction with regard to the data. In addition, processors must have taken appropriate technical and organisational measures and comply with the data protection rules in accordance with the Comply with BDSG n.F. and GDPR
Transfer of data to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a single basis for data protection in Europe. Your data is therefore mainly processed by companies for which GDPR applies. Should the processing take place by third-party services outside the European Union or the European Economic Area, they must meet the specific conditions of Article 44 et seq. GDPR. This means that the processing is carried out on the basis of specific guarantees, such as the eu Commission’s officially recognised finding of an EU-compliant level of data protection or compliance with officially recognised specific contractual obligations; so-called ‘standard contractual clauses’. In the case of US companies, submission to the so-called “Privacy Shield”, the EU-US data protection agreement, fulfils these requirements.
Deletion of data and storage time
Passing automated decision-making
We do not use automatic decision-making or profiling.
Providing our website and creating log files
- If you only use our website in an informative way (i.e. no registration or other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data: • IP address;
• User’s Internet service provider;
• the date and time of the call;
• Browser type;
• Language and browser version;
• Content of the retrieval;
• Time zone;
• Access status/HTTP status code;
• Amount of data;
• Websites from which the request originates;
• Operating system.
This data, together with other personal data, will not be stored by you.
- This data serves the purpose of the user-friendly, functional and secure delivery of our website to you with functions and contents as well as their optimization and statistical evaluation.
- The legal basis for this is our legitimate interest in data processing in accordance with Art. 1 P.1 lit. (f) GDPR.
- For security reasons, we store this data in server log files for a storage period of 70 days. After this period, these will be automatically deleted unless we need to retain them for evidence in the event of attacks on the server infrastructure or other infringements.
• Persistent cookies: These are automatically deleted after a predetermined duration, which may vary depending on the cookie. In the security settings of your browser, you can delete the cookies at any time.
• Third-party cookies: According to your wishes, you can configure your browser setting and, for example, Reject the acceptance of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all the functions of this website. Read more about these cookies in the respective third-party privacy statements.
- The legal basis for that processing is Article 6(4) of the 1 s. lit. b) GDPR, if the cookies are set for inauguging the contract, e.g. when placing orders and otherwise we have a legitimate interest in the effective functionality of the website, so that in the case of Art. 1 p. 1 lit. (f) GDPR is the legal basis.
- Opposition and opt-out: You can generally prevent cookies from being stored on your hard drive by selecting “Do not accept cookies” in your browser settings. However, this may result in a functional limitation of our offers. You may object to the use of third-party cookies for advertising purposes via a so-called “opt-out” via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
Execution of contracts
- We process inventory data (e.g. company, title/academic degree, names and addresses as well as contact details of users, e-mail), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) in order to fulfil our contractual obligations (knowledge of who is a contractual partner; the structure, content and execution of the contract; Checking for the plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 1 p. 1 lit (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
- In principle, this data is not passed on to third parties, unless it is necessary for the prosecution of our claims (e.g. handover to a lawyer for collection) or for the fulfilment of the contract (e.g. handing over of the data to payment providers) or it exists for this purpose. there is a legal obligation in accordance with Art. 1 p. 1 lit. (c) GDPR.
- We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
- The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for the inventory and contract data if the data are no longer necessary for the execution of the contract and no claims can be asserted from the contract because these are time-barred (guarantee: two years / rule limitation: three years). Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, when the contract is terminated after three years, we make a restriction of processing, i.e. Your data will only be used to comply with legal obligations. Information in the user account remains until its deletion.
Online payment provider
- Billing is made when paying by “Paypal” via PayPal (Europe) S.R.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Web: paypal.de, https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Billing is made upon payment via “Sofort.com” via Klarna GmbH, Theresienhöhe 12, 80339 Munich, https://www.klarna.com/sofort/datenschutz/.
The following is called “Online Calculator”. The online calculators collect, store and process the usage and billing data from you for the purpose of determining and billing the service you use. The data entered at the online computers is only processed by them and stored by them. If the online calculators are unable to collect the usage fees or only partially, or if the online calculators do not collect this due to a complaint from you, the usage data will be passed on by the online calculators to the controller and it will be if necessary, a blocking by the responsible person. The same applies if, for example, a credit card company reverses a transaction from you at the expense of the controller.
- The legal basis is Article 6(6) of the p. 1 lit. b) GDPR, as the processing is necessary for the performance of a contract by the controller. In addition, external online calculators are used on the basis of Art. 1 p. 1 lit. f) GDPR based on legitimate interests of the controller in order to offer you as secure, simple and diverse payment options as possible.
- With regard to the storage period, rights of withdrawal, information and data subject, we refer to the above data protection declarations of the online computers.
Contact by contact form / e-mail / fax / post
- When contacting us via contact form, fax, post or e-mail, your details will be processed for the purpose of processing the contact request.
- The legal basis for the processing of the data is Art. 1 p. 1 lit. (a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is Article 6(4) of the 1 p. 1 lit. (f) GDPR. The controller has a legitimate interest in the processing and storage of the data in order to be able to answer questions from the users, to safeguard evidence for reasons of liability and, if necessary, to comply with his statutory retention obligations in the case of business letters. Can. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing shall be Article 6(6). 1 p. 1 lit. (b) GDPR.
- We may store your information and contact request in our Customer Relationship Management System (“CRM System”) or a similar system.
- The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the entry form of the contact form and those sent by e-mail, this is the case when the respective conversation with you is finished. The conversation ends if it can be inferred from the circumstances that the facts in question have been finally clarified. We store requests from users who have an account or contract with us until the end of two years after the termination of the contract. In the case of statutory archiving obligations, the deletion takes place after its expiry: end of commercial law (6 years) and tax (10 years) retention obligation.
- You have the option of obtaining consent in accordance with Article 6(6) at any time. 1 p. 1 lit. (a) withdraw GDPR for the processing of personal data. If you contact us by e-mail, you can object to the storage of personal data at any time.
Social media presence
- We process your data that you send us over these networks in order to communicate with you and to respond to your messages there.
- The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external representation for advertising in accordance with Art. 1 p. 1 lit. (f) GDPR. Insofar as you have given the person responsible for the social network consent to the processing of your personal data, the legal basis is Art. 1 p. 1 lit. (a) and Article 7 GDPR.
Social media plug-ins
- We use social media plug-ins from social networks on our website. We use the so-called “two-click solution” shariff from c’t and heise.de. When retrieving our website, no personal data will be transmitted to the providers of the plug-ins. In addition to the logo or brand of the social network, you will find a slider with which you can activate the plug-in by clicking. After activation, the provider of the social network receives the information that you have accessed our website and that your personal data will be transmitted to the provider of the plug-in and stored there. These are so-called thirdparty cookies. For some providers such as Facebook and XING, your IP will be anonymized immediately after the survey.
- The plug-in provider stores the data collected about the user as user profiles. These are used for the purposes of advertising, market research and/or customisation of its website. Such an evaluation is carried out in particular (also for unlogged users) for the presentation of demand-oriented advertising and in order to inform other users of the social network about the activities of the user on our website. The user has the right to object to the creation of these user profiles, whereby one must contact the respective plug-in provider in order to exercise this right.
- The legal basis for the use of the plug-ins is our legitimate interest in improving and optimizing our website by increasing our awareness through social networks as well as the possibility of interacting with you and the users with each other via social networks in accordance with Article 6(6) of the 1 P.1 lit. (f) GDPR.
- We have no influence on the data collected and data processing operations. We also have no knowledge of the scope of the data collection, the purpose of the processing and the storage periods. We also do not have any information on the deletion of the collected data by the plug-in provider.
- We refer to the respective data protection declarations of the social networks with regard to the purpose and scope of the data collection and processing. You will also find information about your rights and setting options for protecting your personal data.
- We have integrated plug-ins from the social network Facebook.com (headquarters in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) as part of Shariff’s so-called “two-click solution”. You can recognize them by the Facebook logo “f” or the addition “Like”, “Like” or “Share”.
- As soon as you willingly activate the Facebook plug-in, a connection is made from your browser to the Facebook servers. In doing so, Facebook receives the information, including your IP, that you have accessed our website and transmits this information to Facebook servers in the USA, where this information is stored. If you are logged into your account on Facebook, Facebook can assign this information to your account. When using the functions of the plug-in, e.g. pressing the “Like” button, this information is also transmitted from your browser to the servers of Facebook in the USA and stored there as well as displayed in your Facebook profile and, if necessary, with your friends.
- If you log out of Facebook before visiting our website and delete your cookies, no data about visiting our website will be assigned to your profile on Facebook when you activate the plug-in.
- You can also prevent the Loading of the Facebook plug-in through so-called “Facebook Blocker”, which you can install as an add-on for your browser: Facebook Blocker for Firefox, Chrome and Opera or 1blocker for Safari, iPad and iPhone.
- Facebook has submitted to the Privacy Shield, ensuring that European data protection law is respected: https://www.privacyshield.gov/EU-US-Framework.
Rights of the data subject
- Objection or revocation against the processing of your data Insofar as the processing on your consent in accordance with Art. 1 p. 1 lit. a) Article 7 GDPR, you have the right to withdraw your consent at any time. This does not affect the legality of the processing carried out on the basis of consent until the revocation.
Insofar as we use the processing of your personal data to weigh up the interests in accordance with Art. 1 p. 1 lit. (f) YOU can object to the processing. This is the case if the processing is not required in particular for the performance of a contract with you, which is shown by us in the following description of the functions. In exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your reasoned objection, we will examine the situation and will either discontinue or adjust the data processing or show you our compelling reasons for continuing the processing.
You may object to the processing of your personal data for the purposes of advertising and data analysis at any time. The right of objection can be exercised free of charge. You can inform us about your advertising objection at the following contact details:
- Right to information
You have the right to request confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Article 15 GDPR. This includes, in particular, information on the purposes for processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of their data, provided that they are have not been collected directly from you.
- Right to rectification
You have a right to rectification of incorrect or to complete correct data in accordance with Article 16 GDPR.
- Right to erasure
You have a right to erase your data stored by us in accordance with Article 17 GDPR, unless statutory or contractual retention periods or other legal obligations or rights for further storage are contrary to this.
- Right to restriction
You have the right to request a restriction on the processing of your personal data if one of the conditions set out in Article 18(4) of the 1 lit. (a) until d) GDPR is met:
• If you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;• the processing is unlawful and you have the deletion of the personal data and instead request the restriction of the use of personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
• if you object to the processing in accordance with Art. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
- Right to data portability
You have a right to data portability under Article 20 GDPR, which means that you can obtain the personal data stored by us about you in a structured, common and machine-readable format or the transfer to another responsible persons.
- Right to appeal
You have a right to complain to a supervisory authority. As a general rule, you may contact the supervisory authority, in particular in the Member State of your place of residence, place of work or the place of alleged infringement.
In order to protect all personal data that is transmitted to us and to ensure that the data protection regulations are complied with by us, but also by our external service providers, we have appropriate technical and organisational security measures taken. Therefore, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.
As of: 08/28/2018