This is an English translation of our German Datenschutzerklärung. In case of legal dispute the original German version is legally binding.
IEM Industrial Equipment and Machinery GmbH (hereinafter referred to as IEM) takes the protection of your data very seriously and maintains the IEM platform in accordance with the applicable legal provisions on data protection including the requirements of the EU Data Protection Basic Regulation (hereinafter referred to as GDPR). Below we inform you about the type and scope of processing of your personal data by IEM Industrial Equipment and Machinery GmbH.
1. General information
This data protection declaration is intended to inform you about data processing by IEM Industrial Equipment and Machinery GmbH (as the “responsible party”).
The person responsible in the sense of the data protection basic regulation, other data protection laws valid in the member states of the European Union and other regulations with data protection-juridical character is:
IEM Industrial Equipment and Machinery GmbH
IEM Industrial Equipment and Machinery GmbH
55129 Mainz, Germany
For further questions, which should not be answered by the data protection explanation, you reach us at firstname.lastname@example.org.
The responsible supervisory authority for IEM is:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz, Germany
2. Data processing when accessing our website
- When you visit our website, information such as
- the IP address,
- the date and time of the access,
- is the name and URL of the retrieved file,
- the website from which the access was made (referrer URL),
- the browser you are using and, if applicable, the operating system of your Internet-capable computer, as well as the name of your access provider
- to our server and temporarily stored by us. The legal basis for this processing is Art. 6 Para. 1 Letter f) GDPR. The legitimate interest is for the following purposes:
- Optimization of the connection setup,
- Guarantee and optimisation of the user-friendliness and handling of our website,
- Ensuring system security and stability
- and for security/punishment in the event of a cyber attack.
3. Data processing during registration
It is possible to register as a customer. A password-protected customer account will be created. The input mask that is filled out during registration determines which data is involved. These data are used exclusively for internal permanent storage of your personal data in a password-protected customer account. The IP address, the date as well as the time of the registration are stored.
4. User account administration
The account holder manages and organizes his user account himself. The Account Holder may have the following options:
- Add or remove address book entries
- View order history
- Change password
- Subscribe or unsubscribe newsletter
- Delete the user account
5. Data processing during the ordering process
Data processing within the framework of orders serves to process all processes within the order. The legal basis for this is Art. 6 Para. 1 Letter b) GDPR. The data concerned can be seen from the input mask that you fill in when placing an order.
The following data processing operations are required to process the purchase contract:
Your e-mail address will be used for electronic communication about your order and its processing. The legal basis for this processing is Art. 6 Para. 1 Letter c) GDPR.
In order to fulfil the contract, it may be necessary for the data to be forwarded to our payment service provider or to the commissioned credit institution. This depends on the selected method of payment.
The following payment methods can be used:
Possibility to contact us via the website
The data controller has integrated PayPal components into this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the person concerned selects “PayPal” as the payment option during the ordering process in our online shop, the data of the person concerned is automatically transferred to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, surname, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. For the completion of the sales contract such personal data are also necessary, which stand in connection with the respective order.
The transmission of the data is intended for payment processing and fraud prevention. The person responsible for the processing will transfer personal data to PayPal in particular if there is a justified interest in the transfer. The personal data exchanged between PayPal and the data controller may be transferred by PayPal to credit agencies. The purpose of this transfer is to check identity and creditworthiness.
PayPal may transfer the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of the customer.
The person concerned has the opportunity to revoke his or her consent to the handling of personal data at PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
The valid data protection regulations of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
6. Possibility to contact us via the website
The website of IEM Industrial Equipment and Machinery GmbH contains, due to legal regulations, information that allows a quick electronic contact to our company as well as a direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.
7. Further data processing
Furthermore, data that you explicitly communicate to us will be recorded and collected. For example, in the case of individual customer contact by e-mail, telephone or on the platform, if you use the opportunity to enter data (such as login registration, enquiry forms). The data intended for collection will be communicated to you in accordance with their nature prior to the respective process if they do not result from the nature of the pending process (e.g. name and password for login registration or in the “User data” mask: telephone and e-mail).
In addition, usage data is collected that you leave behind when using the platform that the respective Internet provider communicates when using the platform (including the IP address of your computer). Usage data can contain personal or company-related data or allow conclusions to be drawn about them.
Without your registration or login, anonymous usage data, such as the type of browser and operating system you use and which pages you have visited on the website, will be transmitted by your browser when you access the platform. The data obtained will not be used to identify you or your company.
The usage data is automatically stored in server log files. These are used to make the handling of the platform’s functions more attractive and to ensure and improve its performance.
This represents a legitimate interest for us and is therefore based on the legal basis Art. 6 Para. 1 Letter f) GDPR.
8. E-Mail campaigns ( newsletter )
We send e-mail campaigns (e.g. newsletters) only with the consent of the recipient in accordance with Art. 6 Para. 1 Letter a) GDPR. The data entered during registration for the IEM Newsletter will be used exclusively for this purpose. By registering for the IEM Newsletter you will receive information about new and/or interesting products/articles via various e-mail campaigns.
We pursue exclusively our own advertising purposes.
We record the receipt of the order of the newsletter.
The data will be used exclusively for the newsletter dispatch and will not be passed on to third parties.
The consent to receive e-mail newsletters can be revoked at any time. The link to the revocation is at the end of each e-mail and also in the customer account itself.
9. Websites of third parties
IEM has no influence on the current content of third-party websites that can be accessed via the platform and the way in which these websites are operated. IEM is not responsible for the privacy practices or the content of such Web sites.
10. Recipients outside the EU
With the exception of the following processing operations on our websites, we do not pass on your data to recipients based outside the European Union or the European Economic Area.
We also use security cookies to authenticate you as a user and to ensure that your user data is safe from unauthorised access by third parties. For example, we use the cookies “sid” and “jsessionid” to secure access to protected platform areas.
However, you can configure your browser so that no cookies are stored on your computer.
However, if you disable cookies completely, you may not be able to use all the features of our website.
The length of time cookies are stored depends on their purpose and is not the same for everyone.
IEM uses Google Analytics, a web analysis service provided by Google Inc. (“Google”), CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, for the purpose of designing and optimizing our website to meet your needs.
The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. The information that cookies generate is:
- Browser type,
- operating system,
- the website from which the access was made (referrer URL),
- IP address,
- Date and time of the server request.
This website uses Google Analytics with the IP anonymization function (“anonymizeIp”).
Google will shorten your IP address in advance within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of IEM, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing IEM with other services relating to website activity for market research purposes and tailoring content to meet IEM’s needs. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
On our website is the Google Conversion Tracking “Google AdWords”, the Google Inc., CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, integrated. Google AdWords is an analysis service for advertising on the Internet. When you click on a Google ad (Google search engine or third-party websites), a conversion cookie is placed on your computer.
The cookie loses its validity after 30 days. If it has not yet expired, Google and we can recognize which pages you call up on our website. This also includes whether you have completed or cancelled a shopping basket. Neither we nor other Google AdWords advertisers receive information about your identity.
In the cookie, personal data (such as the IP address, visited websites) of you are stored. These are transferred to Google in the USA and stored there.
The purpose of Google AdWords is to advertise our website by placing advertisements that reflect your interests on third-party websites and/or by placing third-party advertisements on our website.
Google uses the data to compile visitor statistics. These visitor statistics from Google AdWords to our website show us the success of our Google AdWords display. This allows us to further optimize our AdWords ads in the future.
For an optimal and lively presentation of articles, we also include videos in the article descriptions on our website. The integration takes place over third offerers. If you call up a video, a connection to the respective third-party server is established and certain use-related information is transmitted to it. For the handling of these data the respective data protection regulations of the third parties apply. IEM does not receive any knowledge of the content of the data collected by the respective third party provider and has no influence on their use.
On our website we include videos from the video portal YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
If you view videos on YouTube, you will be connected to YouTube’s servers in the USA. This transmits certain information to YouTube. It tells the YouTube server which website you have visited.
If you are logged into your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account. YouTube may also store cookies on your device. In particular, the tracker Google Analytics. This is a tracking of its own by YouTube, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. Users can also prevent Google from collecting the data generated by Google Analytics and related to their use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
It also enables YouTube to use certain other functions, such as rating or sharing videos. These features are provided solely by YouTube and its respective third parties and you should carefully review their privacy policies before using such features. IEM does not have any knowledge of the content of the data collected by YouTube or third parties and has no influence on their use.
On our website we use social media plug-ins according to Art. 6 Para. 1 Letter a), Letter f) GDPR in order to make us better known. The advertising purposes contained therein represent a legitimate interest for us.
Plug-ins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our website.
The Facebook plug-ins are identified by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plug-ins/.
When you visit our website, the plug-in establishes a direct connection between your browser and the Facebook server.
Data is transmitted and stored on Facebook.
Facebook receives the information that you have visited our website with your IP address. If you click the Facebook “Like-Button” while logged into your Facebook account, you can link the contents of our website to your Facebook profile. This allows Facebook to associate visiting our web site with your user account. IEM has no knowledge of the content of the transmitted data; as well as its use by Facebook.
You can also completely prevent the loading of Facebook plug-ins with add-ons for your browser, e.g. with the “Facebook Blocker”.
Plug-ins of the social network Google Plus, Google Inc., CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, are integrated on our website.
The plug-in can be recognized by the “+1” button. The Goole Plug-In is activated by one click, so your browser establishes a direct connection to Google’s servers. Google stores the IP address, information that you clicked “+1” for content, and information about the website you viewed when you clicked “+1”, even if you do not have a profile on Google+ or are not currently logged into your Google+ profile.
If you are logged in to Goolge+, the data will be directly associated with your profile. Furthermore, the information is published on Google+ (depending on the profile setting) and displayed to your contacts.
Google records information about your “+1” activities to improve Google services for you and others.
The information collected is used to the following extent:
In addition to the uses described above, the information you provide will be used in accordance with applicable Google privacy policies. Google may publish or share aggregated statistics about users’ “+1” activities with users and partners.
Plug-ins from Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA are integrated on our website. The Twitter plug-ins are recognizable by the Twitter logo (white bird on blue background) and the addition “Twitter”.
The Twitter plug-in is activated by one click, so your browser establishes a direct connection to the Twitter servers and to your Twitter account. This can also lead to an exchange of data with other Twitter users.
We do not receive any information about the data sent to Twitter.
We have no knowledge of the purpose and scope of the data collection and the further processing and use of the data by Twitter. You can find more information at https://twitter.com/privacy. You also have the option of configuring your own data protection settings in the settings for your Twitter account (https://twitter.com/account/settings).
Sites where the plug-in is integrated will cause your browser to download appropriate components from LinkedIn. This tells LinkedIn which specific page of our website you are visiting.
If you are logged in to LinkedIn at the same time, this can be associated with your LinkedIn account. If such an assignment to your LinkedIn account is not desired, you can prevent this by logging out of your LinkedIn account before accessing our website.
By clicking on the LinkedIn plug-in, the website you visited is linked to your LinkedIn account and made known to other users.
We do not receive any information about the data sent to LinkedIn. We have no knowledge of the purpose and scope of the data collection and the further processing and use of the data by LinkedIn. Information on data protection can be found at https://www.linkedin.com/legal/privacy-policy. You also have the possibility to change the settings of your LinkedIn account yourself.
Plug-ins of the network Xing (Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany) are integrated on our website.
Websites on which the “XING Share Button” function has been used establish a direct connection to XING servers via your browser at short notice.
We do not receive any information about the data sent to Xing.
Plug-ins of the online service Google Maps of Google Inc., CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, are integrated on our website. Through the use of Google Maps on our website, information about the use and your IP address is transmitted to Google and stored.
We have no knowledge of the purpose or scope of the data collection and the further processing and use of the data by Google. According to Google, this information is not linked to other Google services. The data collected by Google may be transferred to third parties.
By using our website, you consent to the processing of data by Google.
You can find further information about Google’s data protection at https://www.google.com/intl/de_de/help/terms_maps.html.
14. Deletion of personal data
Data which we store will be blocked for further use upon loss of the corresponding authorisation, in particular after the purpose has been achieved, and deleted after the expiry of the tax and commercial storage periods, unless you have expressly consented to the further use of your data or something else has been contractually agreed.
15. Data security
To protect your data against accidental or unlawful destruction, disclosure, access or against their manipulation or loss and against other misuse, appropriate technical and organizational measures are taken.
For your security, your data will be encrypted using an SSL (Secure Socket Layer) website certificate. This is an encryption standard that is also used, for example, in online banking. You can recognize a secure SSL connection by the s attached to the http (https://…) in the address bar of your browser or by the lock symbol at the bottom of your browser.
Please note that security when using the Internet depends on various circumstances and cannot be completely guaranteed at all times.
16. Overview of your rights
Rights of the data subject
a) Right to confirmation
Every data subject shall have the right, granted by the European directive and regulation maker, to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.
b) Right of access
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to obtain at any time, free of charge, from the controller, information on the personal data relating to him which have been stored and a copy of that information. Furthermore, the European Data Protection Supervisor has granted the data subject access to the following information:
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing carried out by the controller or of a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information on the origin of the data
- the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DS Block Exemption Regulation and, at least in these cases, meaningful information on the logic involved, the scope and the intended effects of such processing on the data subject
The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may at any time contact a member of staff of the controller.
c) Right of rectification
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to request the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.
d) Right to deletion (right to be forgotten)
Any person data subject to the processing of personal data shall have the right, granted by the European directive and regulation, to require the controller to erase without delay personal data concerning him which are subject to one of the following conditions and to the extent that the processing is not necessary:
- Personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws his consent on which the processing was based pursuant to Article 6(1)(a) DS Block Exemption Regulation or Article 9(2)(a) DS Block Exemption Regulation and there is no other legal basis for the processing.
- The data subject objects to the processing under Article 21(1) DS Block Exemption Regulation and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21(2) DS Block Exemption Regulation.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored at IEM Industrial Equipment and Machinery GmbH deleted, he or she can contact an employee of the data controller at any time. The employee of IEM Industrial Equipment and Machinery GmbH will arrange for the request for deletion to be complied with immediately.
If the personal data have been made public by IEM Industrial Equipment and Machinery GmbH and our company is responsible according to Art. 17 Abs. 1 GDPR, IEM Industrial Equipment and Machinery GmbH takes appropriate measures, also of a technical nature, to inform other persons responsible for data processing who process the published personal data that the person concerned has requested the deletion of all links to this personal data or copies or replications of this personal data from these other persons responsible for data processing, insofar as the processing is not necessary, taking into account the available technology and the implementation costs. The employee of IEM Industrial Equipment and Machinery GmbH will take the necessary steps in individual cases.
e) Right to limitation of processing
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation, to request the controller to limit the processing if one of the following conditions is met:
- The accuracy of the personal data shall be contested by the data subject for a period of time which allows the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject refuses to erase the personal data and instead requests that the use of the personal data be restricted.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal rights.
- The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If one of the above mentioned conditions is met and a data subject wishes to request the restriction of personal data stored at IEM Industrial Equipment and Machinery GmbH, he/she can contact an employee of the data controller at any time. The employee of IEM Industrial Equipment and Machinery GmbH will initiate the restriction of the processing.
f) Right to data transferability
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation, to obtain personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. It also has the right to communicate these data to another controller without being hindered by the controller to whom the personal data have been provided, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller.
Furthermore, when exercising his right to data transferability pursuant to Art. 20 (1) DS Block Exemption Regulation, the data subject shall have the right to obtain that the personal data be transferred directly from one data controller to another data controller insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.
In order to assert the right to data transfer, the person concerned can contact an employee of IEM Industrial Equipment and Machinery GmbH at any time.
g) Right of objection
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation maker, to object at any time, for reasons related to his/her particular situation, to the processing of personal data concerning him/her on the basis of Article 6(1)(e) or (f) of the DS Block Exemption Regulation. This also applies to profiling based on these provisions.
IEM Industrial Equipment and Machinery GmbH will no longer process personal data in the event of objection, unless we can prove compelling reasons for the processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defence of legal claims.
If IEM Industrial Equipment and Machinery GmbH processes personal data in order to carry out direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it is connected with such direct advertising. If the person concerned objects to IEM Industrial Equipment and Machinery GmbH processing the data for purposes of direct marketing, IEM Industrial Equipment and Machinery GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data concerning him/her by IEM Industrial Equipment and Machinery GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DS-GVO for reasons arising from his particular situation, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right to object, the person concerned may directly contact any employee of IEM Industrial Equipment and Machinery GmbH or another employee. The data subject is also free to exercise his/her right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h) Automated case-by-case decisions, including profiling
Any person data subject to the processing of personal data has the right under the European Directive and Regulation not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorised by Union or national law or by the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is made with the express consent of the data subject, IEM Industrial Equipment and Machinery GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data subject on the part of the data controller, to state his or her own position and to contest the decision.
If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact an employee of the data controller for this purpose.
i) Right to revoke consent under data protection law
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time do so by contacting an employee of the controller.
17. Legal or contractual provisions concerning the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a person concerned makes personal data available to us which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide personal data would mean that the contract could not be concluded with the data subject. The data subject must contact one of our employees before providing personal data. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.
18. Existence of automated decision-makin
As a responsible company, we refrain from automatic decision-making or profiling.
19. Legal basis for processing
Art. 6 I lit. a GDPR serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same shall apply to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our site were injured and his name, age, health insurance information or other vital information would have to be disclosed to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the data controller (recital 47 sentence 2 GDPR).
We use the following terms in this data protection declaration:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing” means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.
k) Third parties
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.