INFORMATION ABOUT DATA PROTECTION
The use of this website may involve the processing of personal data. In order to make these processing operations comprehensible to you, we would like to provide you with an overview of these processing operations with the following information. To ensure fair processing, we would also like to inform you about your rights under the European Data Protection Regulation (GDPR) and applicable data protection regulations.
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
The controller of the data processing on this website is:
Georg Nordmann Holding Aktiengesellschaft
(hereinafter referred to as “we” or “us”).
If you have any questions about data protection, you can contact firstname.lastname@example.org.
You can contact our data protection officer via email@example.com or by using our postal address by adding “for the attention of the data protection officer”.
2. General information on data processing
Scope of the processing of personal data
When you use this website, your personal data is processed. As a matter of principle, we only process your personal data insofar as this is necessary for the provision of a functioning website as well as our contents and services. The collection and use of your personal data is generally only carried out with your consent. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.
Storage period and data deletion
Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after ninety days at the latest. Data is not stored beyond this period. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
3. Collection and storage of personal data
When visiting our website, personal data may be collected in various ways. Data may be collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.
a) When you visit the website
Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) in the browser of your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Technically necessary cookies are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 (1) lit. a GDPR. The consent can be withdrawn at any time for the future.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company. Insofar as cookies from third-party companies or for analysis or advertising purposes are used, we will inform you of this separately in advance and, if necessary, request your consent.
Server log files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser settings
- language and version of the browser software
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of server request
- Access status/HTTP status code
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, it will be deleted after 90 days at the latest. Storage beyond this period is possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
b) Inquiry by e-mail or telephone
If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not disclose on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent Art. 6 (1) lit. a GDPR and/or on our legitimate interests Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the effective processing of the requests addressed to us.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. A conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Mandatory legal provisions – in particular retention periods – remain unaffected by this.
You have the option to withdraw your consent to the processing of personal data at any time.
If you contact us by e-mail, you can object to the processing of your personal data at any time. In such a case, the conversation cannot be continued.
You can withdraw your consent and object to the storage of your data by sending an e-mail to firstname.lastname@example.org, for example. The personal data processed in the course of contacting you will be deleted in this case.
4. Hosting and content delivery networks (CDN)
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers Art. 6 (1) lit. b GDPR and in the interest of a secure, fast and efficient provision of our online offer by a professional provider Art. 6 (1) lit. f GDPR.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data.
We use the following hoster:
1&1 IONOS SE
Elgendorfer Str. 57
Details can be found in the data protection declaration of 1&1 IONOS SE at: https://www.ionos.de/terms-gtc/terms-privacy/.
In order to ensure data protection-compliant processing, we have concluded an data processing agreement (DPA) with our hoster.
This is a contract required by data protection law, which ensures that the hoster only processes the personal data of our website visitors in accordance with our instructions and in compliance with the Data Protection Regulation (GDPR).
5. Your rights
You have the right
- of access to personal data processed by us and information in accordance with Art. 15 GDPR. In particular, you can access information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to demand the immediate rectification of inaccurate or incomplete personal data stored by us;
- pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the establishment, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
- object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. You have the option of informally communicating the objection by telephone, e-mail, fax or to our postal address listed at the beginning of this data protection declaration.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
- Lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
The competent data protection supervisory authority in Hamburg is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig – Erhard – Str. 22, 7. OG
Before you make use of your right to complain to a data protection supervisory authority, we would like to ask you to contact us again first (for example, via email@example.com).
6. Data security
The provider of this website takes technical and organisational measures in accordance with the requirements of Art. 32 GDPR to protect the user’s personal data. All employees of the provider who are involved in the processing of personal data are bound to data secrecy. To ensure data security, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
7. Modification of the data protection declaration
It may become necessary for the provider to adapt and change the content of this data protection declaration. The provider therefore reserves the right to amend this data protection declaration and will make the amended data protection declaration available on the website and inform the data subjects of the amended data protection declaration in advance if the provider intends to further process the personal data for a different purpose.