INFORMATION ABOUT WHAT WE DO WITH YOUR DATA ON OUR WEBSITE
We process your personal data in accordance with the requirements of the German Telemedia Act and the EU General Data Protection Regulation.
Our purpose here is to inform you about what is done with your data and your rights in this connection.
1. PRELIMINARY REMARK
The purpose of the following points is to provide you with information about your data. The law has determined which information is necessary in this connection.
Those interested to learn more can consult Articles 12 through 22 and 34 of the General Data Protection Regulation. The text of the General Data Protection Regulation (GDPR) can be found online here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 If you have any further questions about the General Data Protection Regulation, please feel free to contact the data protection officer and/or the administration at any time.
2. WHAT ARE PERSONAL DATA?
Any information relating to an identified or identifiable person. A person is deemed identifiable if he or she can be identified directly or indirectly. This can be done, for example, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors.
3. BASIC INFORMATION
3.1 Who is responsible for the processing of my data?
The party responsible for data processing is Häcker Küchen GmbH & Co. KG, Werkstr. 3, 32289 Rödinghausen, Germany
Telephone: +49 5746 / 940-0, firstname.lastname@example.org
3.2 Which authority is responsible for control and compliance with the laws governing data protection?
Responsible supervisory authority for data protection
The State Officer for Data Protection and Freedom of Information North Rhine-Westphalia
Postfach 200444, 40102 Düsseldorf, Germany
Telephone: +49 211 / 384240
3.3 How can I reach the company’s data protection officer?
Our company’s data protection officer is Martin Harbeke. The data protection officer can be reached as follows: e-mail: email@example.com
4. OTHER IMPORTANT INFORMATION
4.1 Why does the company process my data?
Our website provider generates anonymised data by default; this is a feature we cannot disable.
When you use our forms, the data are collected for contact purposes, and to clarify the concern involved.
4.2 Why does the company have the authority to process my data?
The applicable law on data protection (=EU General Data Protection Regulation) permits the processing of your data (=personal data) if we have a legitimate interest (see 4.1) and may assume that you have no serious objections to our doing so (Legitimate Interest Article 6 (1) (f) GDPR).
4.3. Which of my data are collected?
Our website provider collects these data by default. Although we cannot deactivate this data collection at this time, we neither use nor evaluate the following data:
- IP address in anonymised form is used to determine the location of access
- Referrer (the previously visited website)
- Requested website or file
- Browser type and browser version
- Operating system used
- Device type used
- Time of access
When you use our forms, the following data are collected:
- Your contractual partner (optional)
- First name (optional)
- Last name
- Street and no. (optional)
- Postal code
- City (optional)
- Telephone (optional)
- Topic selection
4.4. What statistics are my data used in?
Our website provider furnishes us with the anonymised statistics shown below. We neither use nor do we evaluate these statistics and cannot disable the generation of these statistics at this time:
- Visitor count: visitors, sessions, page views and search-engine robots.
- Visitor behaviour: duration per session, page views per session and bounce rate.
- Site analysis: entry pages, exit pages, error pages, pages most visited, pages with high bounce rate, and search terms.
- Referrer sites: all originating sites and referring sites.
- Visitor locations
- Browser & systems: browser, browser versions, operating systems and operating-system versions.
4.5 Who can receive data about me?
In the context of processing, your anonymised data may
- be subject to view by our website provider, which is bound by contract.
- Your data are not forwarded on beyond this.
When you use the Dealer Search Form, the data you submit can also be forwarded to appropriate dealers, provided you have submitted a declaration of consent to this effect.
4.6 Will you transmit my data to countries outside the European Union?
We have no plans to do so.
4.7 How long will you store my data?
No data are stored.
4.8 Am I required to provide my data?
In order to achieve the grounds set out in Item 4.1, you must make your personal data available to us.
This is mandatory and in some respects required by law to conclude and carry out the agreement with you. If you do not provide these personal data, we cannot conclude an agreement with you.
In the event of complaint, you may contact the relevant supervisory authority at any time. The supervisory authority referenced in Item 3.3. has jurisdiction over our company in these matters.
You have the right to have this judicially reviewed, against a supervisory authority pursuant to Article 78 GDPR, and against our company pursuant to Article 79 GDPR.
4.9 Automated decision-making / profiling
Automated decision-making / profiling does not occur.
5. WHAT RIGHTS DO I HAVE?
5.1 About your rights
As a data subject of data processing, under the General Data Protection Regulation you have the following rights, among others (hereinafter referred to as ‘rights of data subjects’).
5.2 Rights to information (under Article 15 GDPR)
You have the right to obtain information as to whether or not your personal data are being processed. If we process personal data about you, you are entitled to learn
- why we process your data (see also Item 4.1);
- the types of data we process about you;
- the type of recipients that receive or are to receive data about you (see also Item 4.3);
- how long we will store your data; if details about the storage period are not available,
we must indicate how the storage period is determined (e.g. following expiry of legal retention periods) (see also Item 4.5);
- that you have a right to rectification and erasure of the data relating to you, including the right to restrict processing and/or the option of objection (in this connection, see also Items 5.2, 5.3 and those that follow);
- that you have a right to lodge a complaint with a supervisory authority;
- where your data come from, if we have not collected them from you directly;
- whether your data are used for an automated decision-making, and, if this is the case, to learn which underlying decision-making logic is involved, along with the consequences and significance of automated decision-making for you;
- that, if data about you are transferred to a country outside the European Union, you are entitled to obtain information as to whether and, if so, which, appropriate levels of security are ensured on the part of the data recipient;
- that you have the right to request a copy of your personal data. Data copies are always provided in electronic form.
The first copy is free of charge; additional copies may be subject to a reasonable fee. A copy can be provided only if to do so does not impinge upon the rights of other persons.
5.3 Right to rectify data (under Article 16 GDPR)
You have the right to compel us to rectify your data if these are inaccurate and/or incomplete. This right also includes the right to have incomplete personal data completed by supplementary declarations or communications. A rectification and/or supplement must be forthcoming without undue delay.
5.4 Right to erasure of personal data (under Article 17 GDPR)
You have the right to obtain from us the erasure of your personal data if
- the personal data are no longer necessary in relation to the purposes for which they were collected and processed;
- the data processing is done on the basis of a consent you have granted, and you have withdrawn this consent; this does not apply, however, if there is another legal permission for processing these data;
- you have filed an objection to processing of the data the legal permission for which lies within the realm of so-called ‘legitimate interest’ (as set forth in Article 6 (1) (e) or (f)); there is no erasure requirement, however if overriding legitimate grounds for continued processing exist;
- you have objected to data processing for purposes of direct marketing;
- your personal data have been unlawfully processed;
- the data in question are those of a child and have been collected for information-society services (=electronic service) on the basis of the consent (pursuant to Article 8 (1) GDPR).
A right to erasure of personal data does not exist if
- the erasure request is in conflict with the right of freedom of expression and information;
- processing of personal data is required
- to comply with a legal obligation (e.g. statutory retention obligations),
- for the exercise of public functions and interests under applicable law (this also includes ‘public health’)
- for archiving and/or research purposes;
- the personal data are required for the establishment, exercise or defence of legal claims.
Erasure must be carried out immediately (without undue delay). If we have made personal data public (e.g. online), we must see to it, to the extent technically feasible and reasonable, that other data processors are also notified of the erasure request, including the deletion of links, copies and/or replications.
5.5 Right to restriction of data processing (under Article 18 GDPR)
You have the right to obtain a restriction on the processing of your personal data in the following cases:
- If you have disputed the accuracy of your personal data, you may request that we make no other use of your data for the duration of the review of the accuracy of the personal data, thereby restricting their processing.
- In the event of unlawful data processing, you may request restriction of data usage instead of data erasure;
- If you need your personal data to establish, exercise or defend legal claims, but we no longer have a need for your personal data, you may request us to restrict processing to the legal purposes involved;
- If you have objected to data processing (under Article 21 (1) GDPR) (see also Item 5.7), and it has not yet been determined whether our interests in processing these data override your interests, you may request that your data not be used for other purposes for the duration of the review, thereby restricting their processing.
Personal data the processing of which has been restricted at your request may, with the exception of storage, be processed only
- with your consent;
- for the establishment, exercise or defence of legal claims,
- for the protection of the rights of another natural or legal person, or
- for reasons of important public interest.
If a processing restriction is lifted, you will receive advance notification of this fact.
5.6 Right to data portability (under Article 20 GDPR)
You have the right to request that we furnish you, in a commonly used electronic format (e.g. as a PDF or Excel document), with the data that you provided to us.
You may also ask us to send these data directly to another company (specified by you), provided that it is technically feasible for us to do so.
The condition for your right in this regard is that the processing is done on the basis of consent, or for implementing a contract (see Item 4.2) and carried out with the aid of automated means.
The exercise of the right to data portability must not adversely affect the rights and freedoms of other persons.
If you exercise the right to data portability, you will continue to enjoy the right to data erasure pursuant to Article 17 GDPR.
5.7 Right to object to certain forms of data processing (under Article 21 GDPR)
If your data are processed for the performance of a task carried out in the public interest or for the exercise of legitimate interests (see Item 4.2), you may object to this processing. Your objection must be accompanied by the grounds relating to your particular situation. These grounds may include special family circumstances, for instance, or a legitimate interest in maintaining confidentiality.
In the event of an objection, we must refrain from all further processing of your data for the purposes set forth under Item 4.1, unless
- there are compelling, legitimate reasons for processing that outweigh your interests, rights and freedoms, or
- processing is required for the establishment, exercise or defence of legal claims.
You may object at any time to the use of your data for the purpose of direct marketing; this also applies to profiling in connection with direct marketing. In the case of an objection, we may no longer use your data for purposes of direct marketing.
-> Under no circumstances do we initiate or carry out direct marketing and/or profiling.
5.8 Prohibition of automated decision-making/profiling (under Article 22 GDPR)
You have the right not to be subject to a decision by us that is based solely on automated processing of personal data and produces legal effects concerning you or significantly affects you in similar ways. This also includes profiling. This prohibition does not apply where automated decision-making
- is necessary for entering into, or performance of, a contract with you,
- is authorised by provisions of law, where these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or is carried out with your express consent.
Decisions based solely on automated processing of special categories of personal data (=sensitive data) are permitted only if
- they are taken pursuant to your express consent or
- a significant public interest in their processing exists
and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
5.9 Exercise of the rights of data subjects
Please contact the entities listed in Item 3 for further information on the exercise of your rights as a data subject. Requests submitted electronically will usually be answered electronically. As a matter of principle, the information, communications and measures that must be provided under GDPR, including the exercise of the rights of data subjects, are provided free of charge. Only in the case of manifestly baseless or excessive applications are we entitled to charge an adequate fee for processing or to refrain from taking action (under Article 12 (5) GDPR).
If there are reasonable doubts as to your identity, we may require additional information from you for identification purposes. If identification is not possible, we are entitled to decline to process your request. Where possible, we will notify you separately of any impossibility of verifying your identity (see Article 12 (6) and Article 11 GDPR).
Disclosure and information requests are usually processed immediately within one month after receipt of the request. The period may be extended for another two months if this is necessary taking into account the complexity and/or the number of requests; if this period is extended, we will notify you of the grounds for the delay within a month of receiving your request. If we should fail or decline to act on a request, we will notify you immediately, within one month of receiving your request, of the grounds for this and inform you of the option of filing a complaint with a supervisory authority or pursuing judicial remedies (see Article 12 (3) and Article 4 GDPR).
Please bear in mind that you can only exercise your rights as a data subject within the framework of the limitations and restrictions as provided within the European Union or its Member States (Article 23 GDPR).
Cookies are set after you grant your express consent:
- Vimeo sets cookies for the videos you use on our website.
- Google Maps sets cookies when in use.
7. Integration of third-party services and content
We can integrate videos from the ‘Vimeo’ platform of provider Vimeo Inc., 555 West 18th Street New York, New York 10011, USA. Privacy statement:
https://vimeo.com/privacy. We advise that Vimeo can use Google Analytics, and in this connection we
refer to the privacy statement (https://policies.google.com/privacy) as well
as opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) or Google’s settings for the use of data for marketing purposes (https://support.google.com/ads/answer/2662856?visit_id=0-636652511604053585-3357461401&rd=1/).
7.2 Google Maps
We integrate the maps of the ‘Google Maps’ service of provider Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular,
users’ IP addresses and location data, although these are not collected without their consent (ordinarily completed through the settings on their mobile devices). Data may be processed in the USA. Privacy statement: https://policies.google.com/privacy/, opt-out: https://tools.google.com/dlpage/gaoptout.