Data protection declaration

I. Information regarding the collection of personal data

 

1. Personal data
In the following we provide information regarding the collection of personal data when you use our website. Personal data means all data that can be related to you personally, such as your name, address, e-mail addresses and user behaviour.

 

2. The data controller as defined in the GDPR
The data controller as per Art.4 para.7 of the EU General Data Protection Regulation (GDPR) is

 

B+S GmbH Logistik und Dienstleistungen
Am Teuto 12
D-33829 Borgholzhausen
Phone: +49 5425 2797 – 0
Fax: +49 5425 2797 – 311
E-mail: info@b-slogistik.de

 

(also see our legal notice).

You can contact our data protection officer under datenschutzbeauftragter@b-slogistik.de or at our postal address, addressed to the “Data Protection Officer”.

 

3. Notes on contacting us
When you contact us by e-mail or using a contact form, the data you provide (your e-mail address and, if applicable, your name and telephone number) will be stored by us so that we can answer your questions. Data collected for this purpose is deleted after storage is no longer necessary, or we restrict any processing of the data if legal storage obligations apply.

 

4. External service provider
If we wish to use commissioned service providers to perform specific functions relating to our offer, or if we wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria that determine the storage period.

 

5. SSL or TLS encryption
For security reasons and to protect the transfer of confidential content such as orders or enquiries that you send to us in our capacity as website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser switches from “http://” to “https://” and by the lock symbol in your browser line.

II. General information on data processing

 

1. Scope of the processing of personal data

As a matter of principle, we process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of our users’ personal data takes place only with the user’s consent. An exception is made in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject to process personal data, Art.6 para.1 lit.a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

 

Where personal data is processed that is necessary for the performance of a contract to which the data subject is a party, Art.6 para. 1 lit.b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the purpose of carrying out pre-contractual measures.

 

Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art.6 para.1 lit.c of the GDPR serves as the legal basis.

 

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art.6 para.1 lit.d of the GDPR serves as the legal basis.

 

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests and fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, then Art.6 para.1 lit.f of the GDPR serves as the legal basis for the processing.

 

3. Data deletion and storage period

The data subject’s personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Data may continue to be stored if this has been provided for by the European or national legislator in EU regulations, in laws or in other regulations to which the data controller is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

 

4. Data transmission upon conclusion of contract for services and digital content

We transfer personal data to third parties only if this is necessary for the execution of a contract, for example to the financial institution commissioned with processing payments.

 

No further transmission of the data takes place unless you have expressly agreed to this transmission. Your data will not be passed on to third parties, for example for advertising purposes, without your express consent.

 

The basis for this data processing is Art.6 para.1 lit.b of the GDPR, which permits the processing of data for the purpose of fulfilling a contract or implementing pre-contractual measures.

III. Provision of the website and creation of log files

 

1. Description and scope of data processing

Every time our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

 

(1) Information about the browser type and version used

(2) The user’s operating system

(3) The user’s Internet service provider

(4) The user’s IP address

(5) Date and time of access

(6) Websites from which the user’s system reaches our website

(7) Websites accessed by the user’s system via our website

 

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art.6 para.1 lit.f GDPR.

 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

 

The data is stored in log files to ensure the functionality of the website. In addition, the data allows us to optimise the website and to ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this connection.

 

Our legitimate interest in data processing pursuant to Art.6 para.1 lit.f GDPR also lies in these purposes.

 

4. Storage period

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. Where data is collected in order to enable the provision of the website, this will be the case as soon as the session has ended.

 

In the case of storage of the data in log files, this will be the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to reference the accessing client.

 

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

IV. Use of cookies

 

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user calls up a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows unambiguous identification of the browser when the website is called up again.

 

On our website we also use cookies that allow the analysis of the user’s surfing behaviour.

 

This makes it possible to transmit the following data:

 

1. Search terms entered

2. Frequency of page views

3. Utilisation of website functions

 

The users’ data collected in this way is pseudonymised by means of technical provisions. It is therefore no longer possible to match the data to the calling user. The data is not stored together with other personal data of the user.

 

When calling our website, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this data protection declaration. In this connection, advice is provided on how to work with the browser settings to prevent cookies from being stored.

 

2. Legal basis for data processing

The legal basis for the processing of personal data with the use of cookies is Art.6 para.1 lit.f GDPR.

 

3. Purpose of data processing

The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies allow us to find out how the website is used and thus to continuously optimise our offer.

 

Our legitimate interest in the processing of personal data pursuant to Art.6 para.1 lit.f GDPR also lies in these purposes.

 

Details of the analysis services used can be found in section VII.

 

4. Duration of storage; possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from this to our site. Therefore you as a user have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, the user may not be able to use all the functions of the website to their full extent.

 

This website uses the following types of cookies, the scope and functions of which are explained below:

 

(1) Transient cookies (see a)

(2) Persistent cookies (see b).

 

a) Persistent cookies (see b)Transient cookies are deleted automatically when you close the browser. Session cookies, in particular, belong in this category. These store a so-called session ID, which allows various queries from your browser to be assigned to the general session. This enables your computer to be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.

 

b) Persistent cookies are deleted automatically after a given period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

 

c) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

V. Newsletter

 

1. Description and scope of data processing

If you purchase goods or services from us and at the same time enter your e-mail address, we may subsequently use this address to send you a newsletter. In such cases, the newsletter will only be used to send direct advertising for our own similar goods or services.

 

The newsletter is sent by the provider CleverReach (see V.6 below). The data will not be passed on to third parties beyond this.

 

2. Legal basis for data processing

The legal basis for sending the newsletter as a result of a sale of goods or services is §7 para.3 of the German Act against Unfair Competition (UWG).

 

3. Purpose of data processing

The user’s e-mail address is collected for the purpose of sending the newsletter.

 

4. Storage period

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

 

5. Possibility of objection and removal

Users can cancel their subscription to the newsletter at any time. A corresponding link is provided in every newsletter for this purpose.

 

6. Use of CleverReach

We use CleverReach to send out the newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that is used to organise and analyse the sending of newsletters. The data entered by you for your subscription to the newsletter (e.g. e-mail address) is stored on the servers of CleverReach in Germany or Ireland.

 

The newsletters sent via CleverReach allow us to analyse the behaviour of our newsletter recipients. Among other things, it is possible to analyse how many recipients opened the newsletter message and how often they clicked on each individual link in the newsletter. With the help of so-called conversion tracking, it is also possible to analyse whether a previously defined action (e.g. the purchase of a product on our website) was carried out after clicking on the link in the newsletter. Further information about data analysis by the CleverReach newsletter service can be found at: www.cleverreach.com/de/funktionen/reporting-und-tracking/.

 

The data processing is based on your consent (Art.6 para.1 lit.a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose. You can also unsubscribe from the newsletter directly on the website.

 

The data provided by you for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data that has been saved for other purposes (e.g. e-mail addresses for the member area of the website) remain unaffected.

 

You can find more details in CleverReach’s data protection policy at: www.cleverreach.com/de/datenschutz

VI. Contact form and e-mail contact

 

1. Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user uses the form to contact us, the data entered in the input fields will be transmitted to us and stored. This data is:

 

Name, company, telephone number, address, message

 

At the time the message is sent, the following data is also stored:

 

A list of the corresponding data follows. Examples could be:

 

Date and time of registration

 

Your consent will be obtained during the sending process and reference will be made to this data protection declaration.

 

Alternatively, we can be contacted via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

 

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

 

2. Legal basis for data processing

If the user has given consent, the legal basis for the processing of the data is Art.6 para.1 lit.a GDPR.

 

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art.6 para.1 lit.f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art.6 para.1 lit.b GDPR.

 

3. Purpose of data processing

The personal data from the entry form is processed solely for the purpose of establishing contact. If contact is established via e-mail, the necessary legitimate interest in the processing of the data also lies here.

 

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. Storage period

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the personal data from the input fields of the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended once the circumstances make it possible to infer that the matter in question has been conclusively clarified.

 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

 

5. Possibility of objection and removal

Users have the option at all times of revoking their consent to the processing of their personal data. If users contact us by e-mail, they can object to the storage of their personal data at any time.

 

Notification by e-mail or by post/fax (no official form is required) using the contact details given at the beginning (section I.) is sufficient. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

 

Once permission to store the data has been withdrawn, the conversation cannot be continued.

 

In this case, all personal data stored in the course of making contact will be deleted.

VII. Analysis tools and advertising

 

 

1. Google Analytics

On our websites we use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; referred to hereinafter as “Google”). In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as

 

1. The browser type/version,

2. The operating system used,

3. The referrer URL (the previously visited page),

4. The host name of the accessing computer (IP address),

5. The time of the server request,

 

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purpose of market research and of the needs-based design of these website pages. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be linked to other data stored by Google. The IP addresses are made anonymous, so that identification is not possible (IP masking).

 

You may prevent the installation of cookies by selecting the appropriate settings in your browser, but please note that if you do so you may not be able to use all the functions of this website.

 

Google Analytics is used in the interest of the optimisation and needs-based design of our website. This represents a legitimate interest as described in Art.6 para.1 lit.f GDPR.

 

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google if you download and install a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

 

As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on the following link: Deactivate Google Analytics. An opt-out cookie is placed that prevents the acquisition of your data during future visits to this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

 

You can find further information on data protection in connection with Google Analytics in the Google Analytics Help section (https://support.google.com/analytics/answer/6004245?hl=de).

 

Demographics and interests data from Google Analytics

 

This website uses the “demographics and interests” function of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of the site’s visitors. This data originates from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be attributed to any specific person. You can disable this feature at any time by changing the advertisement settings in your Google Account, or you can prohibit Google Analytics in general from collecting your data, as described under “Opting out of data collection”.

 

2. Google AdSense

This website uses Google AdSense, which is a service for integrating advertisements from Google Ireland Limited (“Google”). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google AdSense uses “cookies”, which are text files placed on your computer to enable analysis of how the website is used. Google AdSense also uses “web beacons” (invisible graphics). These web beacons make it possible to evaluate information such as visitor traffic on these website pages.

 

The information (including your IP address) that is generated by cookies and web beacons about the use of this website and the delivery of advertising formats is transferred to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with your other stored data.

 

AdSense cookies are stored on the basis of Art.6 para.1 lit.f GDPR. The website operator has a legitimate interest in the analysis of user behaviour for the purpose of optimising both his website and his advertising.

 

You can prevent the installation of cookies by changing the relevant settings in your web browser software; we would point out, however, that you may then be unable to use certain features of this website to their full extent. By using this website, you agree to the data collected from you by Google being processed in the manner set out above and for the purpose set out above.

 

3. Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

This feature makes it possible to link the advertising target groups created with Google Analytics Remarketing to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been tailored to you on one device (e.g. your mobile phone) based on your previous usage and surfing behaviour on that device can also be displayed on another of your devices (e.g. your tablet or PC).

 

If you have already given your consent in this regard, Google will link your Internet and app browsing history to your Google Account for this purpose. In this way, the same personalised advertising messages can be displayed on any device on which you have signed into your Google Account.

 

To support this feature, Google Analytics collects the Google-authenticated IDs of users who are temporarily linked to our Google Analytics data and uses these to define and create target groups for the cross-device advertising.

 

You can opt-out of cross-device remarketing/targeting permanently if you deactivate personalised advertising in your Google Account by following this link: www.google.com/settings/ads/onweb/.

 

The aggregation of the collected data in your Google Account is based entirely on your consent, which you can give to Google or withdraw as you see fit (Art.6, para.1, lit.a, GDPR). In the case of data collection operations that are not merged with your Google Account (e.g. because you do not have a Google Account or because you have objected to the aggregation of the data), the collection of data is based on Art.6, para.1, lit.f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.

 

Further information and the data protection regulations can be found in Google’s data protection declaration at: www.google.com/policies/technologies/ads/.

 

4. Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

Within the framework of Google AdWords, we use what is known as conversion tracking. When you click on an advertisement placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can see that the user clicked on the advertisement and was forwarded to the page.

 

Each Google AdWords customer receives a different cookie. Cookies cannot be tracked via the websites of AdWords customers. The information obtained by the conversion cookie is acquired for generating conversion statistics for AdWords customers who have opted for conversion tracking. The customers are notified of the total number of users who clicked on their advertisement and were forwarded to a site that has a conversion tracking tag. However, they do not receive information by which users can be personally identified. If you do not want to participate in tracking, you can easily opt-out of this use by deactivating the Google conversion tracking cookie via your web browser under User Settings. Then you will not be included in the conversion tracking statistics.

 

The storage of “conversion cookies” is based on Art.6 para.1 lit.f GDPR. The website operator has a legitimate interest in the analysis of user behaviour for the purpose of optimising both his website and his advertising.

 

More information on Google AdWords and Google Conversion Tracking can be found in Google’s data protection policy: www.google.de/policies/privacy/.

 

You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to prevent the acceptance of cookies in certain cases or in general, and to automatically delete cookies each time you close the browser. If you deactivate cookies, the functions of this website may be limited.

 

 

5. AdRoll

This website uses AdRoll retargeting technology (AdRoll, 972 Mission St, 3rd Floor, San Francisco, CA 94103, United States). This allows us to aim advertisements at those Internet users who have already shown interest in our shop and our products. From studies, we know that Internet users find personalised, interest-based advertising more interesting than advertising that has no such personal reference. Retargeting involves inserting advertisements based on a cookie-based analysis of previous user behaviour. Naturally, no personal data is stored in this case either and it goes without saying that the retargeting technology is used in compliance with the applicable statutory data protection regulations. You can find out more about Adroll’s data protection policy and data protection guidelines in general and object to the anonymous analysis of your surfing behaviour (opt-out) at www.adroll.com/about/privacy.

 

6. rtbLAB

We use the online marketing tool rtbLab (from EASYmedia GmbH, Löhner Strasse 12d, 44652 Herne, Germany). rtbLab uses cookies to display advertisements that are relevant to the users, to improve campaign performance reports, or to prevent a user from seeing the same advertisements several times. By means of a cookie ID, rtbLab records which advertisements are shown in which browser and can thus prevent them from being shown repeatedly. In addition, rtbLab can use cookie IDs to record so-called conversions in relation to advertisement requests. This is the case, for example, where a user sees an rtbLab advertisement and later visits the advertiser’s website while still using the same browser and then calls up an offer or service and perhaps buys something on that website. The legal basis for the storage of the cookie is the consent given by the user (Art.6 para.1 lit.a GDPR). Further evaluation of the collected data over a period of up to two years is based on Art.6 para.1 lit.f GDPR.

 

When these tools are used, your browser automatically establishes a direct connection with the server of rtbLab. We have no influence over the handling and further use of the data by rtbLab. In this respect, rtbLab itself is responsible for ensuring compliance with the data protection regulations.

 

We also use the services of rtbLab for displaying personalised advertisements. For this purpose, a hashed value (ID) is exchanged with rtbLab. In addition to this ID, further statistical data about your company (such as company size or industry) can be passed on to rtbLab and used for advertisements. The encoded information helps us to display advertisements that may be of particular interest to you.

 

If you do not wish to receive interest-based advertising, you can prevent rtbLab from using cookies for these purposes by visiting login.rtbmarket.com/index/optout.

VIII. Plugins and tools

 

 

1. YouTube

Using YouTube in privacy-enhanced mode

 

We use the provider YouTube to integrate videos. The videos are embedded using the privacy-enhanced mode. Like most websites, however, YouTube also uses cookies to collect information about visitors to its website. YouTube uses the cookies to collect video statistics, prevent fraud and improve the user’s experience, for example. This also leads to a connection being made with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no control over this. For more information about YouTube’s data protection, please see their data protection declaration at: www.youtube.com/t/privacy_at_youtube

 

2. Google Web Fonts

This site uses so-called web fonts, which are provided by Google to ensure the uniform display of fonts. When you call up a website, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

 

To do this, the browser you are using has to connect to Google’s servers. This informs Google that our website has been accessed from your IP address. Google web fonts are used in the interest of ensuring that our online offering is presented in a uniform and attractive way. This represents a legitimate interest as described in Art.6 para.1 lit.f GDPR.

 

If your browser does not support web fonts, a standard font from your computer will be used.

 

Further information on Google web fonts can be found at developers.google.com/fonts/faq and in Google’s data protection declaration at www.google.com/policies/privacy/.

 

3. Google Maps

This site uses the Google Maps service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer.

 

The use of Google Maps is in the interest of making our online offering attractive and making it easier for users to find places that we refer to on the website. This represents a legitimate interest as described in Art.6 para.1 lit.f GDPR.

 

More information on the handling of user data can be found in Google’s data protection declaration at www.google.de/intl/de/policies/privacy/.

 

4. Google Tag Manager

This site uses Google Tag Manager, which is a cookie-less domain that does not collect personal data.

 

This tool allows “website tags” (i.e. keywords that are embedded in HTML elements) to be used and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have clicked on and can then record which contents of our website are of particular interest to you.

 

The tool also triggers other tags, which in turn could potentially collect data. Google Tag Manager does not access this data. If you have disabled this at domain or cookie level, it will remain disabled for all tracking tags implemented by Google Tag Manager.

 

The use of Google Tag Manager is in the interest of making our website easy and convenient to use. This represents a legitimate interest as described in Art.6 para.1 lit.f GDPR.

IX. Social media plugins

 

 

1. Shariff solution

We offer you the option of using so-called “social media buttons” on our website. In order to protect your data, we use the “Shariff” solution for this purpose. This means that these buttons are integrated on the website merely as an image that contains a link to the corresponding website of the button provider. By clicking on the image, you are forwarded to the services of the respective provider. Only then will your data be sent to the respective provider. If you do not click on the image, there will be no exchange at all between you and the social media button providers. Information on the collection and use of your data in the social networks can be found in the respective terms of use of each provider. You can find more information about the Shariff solution here: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

 

We have integrated the social media buttons of the following companies on our website:

 

• Facebook Plugin

• Twitter Plugin

• WhatsApp Plugin

 

The use of social media buttons is based on Art.6 para.1 sentence1 lit.f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

X. Rights of the data subject

 

 

If personal data of yours is processed, you are the “data subject” as defined in the GDPR and you have the following rights vis-a-vis the data controller:

 

1. Right of access to information

You can request confirmation from the data controller as to whether we are processing personal data that concerns you.

 

In the event of such processing, you may require the data controller to provide you with information regarding the following:

 

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if it is not possible to give specific details, the criteria used to determine the duration of storage;

(5) the existence of the right to rectification or erasure of personal data concerning you, the right to restriction of processing by the controller, or the right to object to this processing;

(6) the existence of the right to lodge a complaint with a supervisory authority;

(7) all the available information regarding the source of the data, if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Art.22 para.1 and para.4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

 

You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards provided pursuant to Art.46 GDPR in connection with the transfer.

 

This right of information can be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

 

2. Right to rectification

You have the right to require the data controller to rectify and/or complete the data if the processed personal data concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

 

Your right to rectification can be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

 

3. Right to restriction of processing

Under the following conditions, you may request the restriction of processing of personal data concerning you:

 

(1) if the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) if the controller no longer needs the personal data for the purposes of the processing, but the data is required by you for the establishment, exercise or defence of legal claims;

(4) if you have objected to processing pursuant to Art.21 para.1 GDPR and verification as to whether the legitimate grounds of the controller override yours is pending.

 

Where processing of personal data concerning you has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 

If you have obtained restriction of processing in accordance with the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

 

Your right to restriction of processing can be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

 

4. Right to erasure

a) Obligation to erase

 

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:

 

(1) the personal data in question is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2) you withdraw your consent on which the processing is based according to Art.6 para.1 lit.a or Art.9 para.2 lit.a GDPR, and where there is no other legal ground for the processing;

(3) you object to the processing pursuant to Art.21 para.1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art.21 para.2 GDPR;

(4) The personal data concerning you has been unlawfully processed;

(5) the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6) the personal data concerning you has been collected in relation to the offer of information society services referred to in Art.8, para.1 GDPR.

 

b) Information to third parties

 

Where the controller has made the personal data concerning you public and is obliged pursuant to Art.17, para.1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

 

c) Exceptions

 

The right to erasure shall not apply to the extent that processing is necessary

 

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art.9 para.2 lit.h and lit.i as well as Art.9 para.3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art.89 para.1 GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) the establishment, exercise or defence of legal claims.

 

5. Right to notification

If you have asserted the right to rectification, erasure or restriction of the processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or the restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.

 

You have the right to be informed about those recipients by the controller.

 

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

 

(1) the processing is based on consent pursuant to Art.6 para.1 lit.a GDPR or Art.9 para.2 lit.a GDPR or on a contract pursuant to Art.6 para.1 lit.b GDPR and

(2) the processing is carried out by automated means.

 

In exercising your right to data portability, you shall also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

 

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art.6 para.1 lit.e or lit.f GDPR, including profiling based on those provisions.

 

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

 

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

 

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

 

In the context of the use of information society services – and notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

 

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art.89 para.1 GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you.

 

This right to object can be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

 

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

 

(1) is necessary for entering into, or performance of, a contract between you and the data controller;

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

 

However, these decisions shall not be based on special categories of personal data referred to in Art.9 para.1 GDPR, unless Art.9 para.2 lit.a or lit.g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

 

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

 

10. Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia), Helga Block, Postfach 20 04 44, 40102 Düsseldorf, Kavalleriestrasse 2-4, 40213 Düsseldorf, Germany, telephone: 02 11/384 24-0, fax: 02 11/384 24-10, e-mail: poststelle@ldi.nrw.de

Date of issue of the data protection declaration: 10 February 2020