Change cookie settings
In accordance with the legal specifications of data privacy legislation (particularly the latest version of the Federal Data Protection Act and the European General Data Protection Regulation “GDPR”), we will inform you of the type, scope and purpose for which our company processes your personal data below. This data privacy statement also applies to our websites and social media profiles. For the definitions of terms such as “personal data” or “processing”, see Article 4 of the GDPR.
Name contact data for the controller
Our controller (subsequently referred to as “controller”) as defined by Article 4, point 7 of the GDPR is:
IB Verfahrens- und Anlagentechnik GmbH & Co. KG
Großer Kamp 10-12
32791 Lage, Germany
Managing Director Frank Scholz
Companies’ register number: HRA 4518
Court of registry: Lemgo
E-mail address: firstname.lastname@example.org
Data types, purpose of processing and categories of data subjects
We will inform you of the type, scope and purpose of collecting, processing and using your personal data below.
1. Types of data that we process
Usage data (access time, websites visited, etc.),
2. Purpose of processing in accordance with Article 13, Paragraph 1 c) of the GDPR
Optimising the website technically and commercially, improving the user experience, marketing / sales / advertising, providing website with functions and contents,
3. Categories of data subject according to Article 13, Paragraph 1 e) of the GDPR
The data subjects will subsequently be referred to as “users”.
Legal bases for processing personal data
We will inform you of the legal bases for processing your personal data below:
- If we have obtained your consent to process your personal data, Article 6, Paragraph 1, Section 1 a) of the GDPR is the legal basis.
- If processing is performed to fulfil a contract or to take pre-contractual measures relating to your request, Article 6, Paragraph 1, Section 1 b) of the GDPR is the legal basis.
- If processing is required to meet a legal obligation to which we are subject (e.g. legal retention periods), Article 6, Paragraph 1, Section 1 c) of the GDPR is the legal basis.
- If processing is required to protect the vital interests of the data subject or another natural person, Article 6, Paragraph 1, Section 1 d) of the GDPR is the legal basis.
- If processing is required to protect our legitimate interests or those of a third party and these interests are not overridden by your interests or fundamental rights and freedoms, Article 6, Paragraph 1, Section 1 f) of the GDPR is the legal basis.
Transmitting personal data to third parties and processors
We will not transmit any data to third parties without your consent. If this is not the case, transmission is performed on the basis of the aforementioned legal bases, e.g. transmitting data to online payment providers to fulfil a contract, due to a judicial ordinance, due to a legal obligation to issue the data for the purposes of prosecution, hazard prevention or to assert rights to intellectual property.
Furthermore, we employ processors (external service providers, e.g. to host our website and databases) to process your personal data. If data is transferred to the processor as part of a processing agreement, this is always performed in accordance with Article 28 of the GDPR. We select our processors carefully, inspect them on a regular basis and have obtained an authority to give directives with regard to the data. Furthermore, the processors must have taken suitable technical and organisational measures, and adhere to the data protection regulations in accordance with the latest version of the Federal Data Protection Act and the GDPR
Transmitting data to third countries
The enactment of the European General Data Protection Regulation (GDPR) provided a standard basis for data protection in Europe. Your data will therefore be processed by companies that apply the GDPR. If processing is carried out by companies outside the European Union or the European Economic Area, they must fulfil the special requirements of Article 44 and the following articles in the GDPR. This means that processing is performed based on special guarantees such as the declaration of a data protection level that corresponds to that of the EU as recognised by the EU Commission or the observation of officially recognised special contractual obligations known as “standard contractual clauses”. For US companies, submission under the “Privacy Shield”, the data protection agreement between the EU and the USA, meets these requirements.
Deleting data and saving duration
Unless explicitly specified in this data privacy statement, your personal data will be deleted or blocked as soon as the purpose of saving no longer exists, unless further retention is required as proof or there are legal retention periods. This includes commercial retention obligations for business letters in accordance with Section 257, Paragraph 1 of the German Commercial Code (6 years) and tax-based retention obligations in accordance with Section 147, Paragraph 1 of the German fiscal code for documents (10 years). Once the aforementioned retention period elapses, your data will be blocked or deleted unless they have to continue to be saved to conclude or fulfil a contract.
Existence of automated decision-making
We do not use automated decision-making or profiling.
Provision of our website and creation of log files
If you only use our website for information purposes (i.e. you do not register or do not transfer information in any other way), we will only collect the personal data that your browser transfers to our server. If you wish to view our website, we will collect the following data:• IP address;
• User’s internet service provider;
• Date and time of visit;
• Browser type;
• Language and browser version;
• Visit contents;
• Time zone;
• Access status/HTTP status code;
• Data volume;
• Websites from which the request comes;
• Operating system.
This data is not saved together with your personal data.
This data is used to provide you with our website in a user-friendly, functional and safe manner, with functions and content, and to optimise and evaluate these statistically.
The legal basis for this is our legitimate interest in data processing according to Article 6, Paragraph 1, Section 1 f) of the GDPR as specified in the aforementioned purposes.
For security reasons, we save this data in server log files for 0 days. After this time elapses, this data will be deleted automatically unless we have to retain it as evidence in the event of attacks on our server infrastructure or other infringements.
• Persistent cookies: These are deleted automatically after a specified period which may differ according to the cookie. You can delete the cookies at any time in your browser’s security settings.
• Third-party cookies: You can configure your browser settings as you wish and reject third-party cookies or all cookies for example. However, we would like to inform you that you may not be able to use all website functions if you do so. For more information regarding these cookies, see the corresponding data privacy statements from the third parties.
The legal basis of this processing is Article 6, Paragraph 1, Point b) of the GDPR if the cookies are set to initiate a contract, e.g. for orders. Otherwise, we have a legitimate interest in effective functions on our website so that the legal basis is Article 6, Paragraph 1, Section 1 f) of the GDPR.
Rejection and “opt-out”: You can prevent cookies being saved on your hard disk in general by selecting “Do not accept cookies” in your browser settings. However, this may impair the functions of our website. You can reject the use of their-party cookies for advertising purposes by “opting out” using this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
Contacting us via the contact form / e-mail / fax / post
- If you make contact with us via the contact form, by fax, post or e-mail, your data will be used to process the contact request.
- The legal basis for processing your data is the presence of your consent in accordance with Article 6, Paragraph 1, Section 1 a) of the GDPR. The legal basis for processing the data that is transmitted as part of a contact request by e-mail, letter or fax is Article 6, Paragraph 1, Section 1 f) of the GDPR. The controller has a legitimate interest in processing and saving the data in order to be able to answer user queries, to preserve evidence for liability reasons and, if necessary, to be able to comply with their legal retention obligations for business letters. If the contact relates to concluding a contract, the additional legal basis for processing is Article 6, Paragraph 1, Section 1 b) of the GDPR.
- We may save your data and contact request in our customer relationship management system (CRM system) or a comparable system.
- The data is deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the contact form input screen and the data sent by e-mail, this is the case once the conversation with you has finished. The conversation is finished if the circumstances allow us to conclude that the applicable matter has been clarified completely. We will save requests from users who have an account or a contract with us for two years after the contract is completed. If there are legal archiving obligations, the data is deleted once they have expired: End of the commercial retention obligation (6 years) and the tax-based retention obligation (10 years).
- You have the right to revoke your consent to process your personal data at any time in accordance with Article 6, Paragraph 1, Section 1 a) of the GDPR. If you contact us by e-mail, you can withdraw consent to save your personal data at any time.
Contacting us by telephone
- When you contact us by telephone, your telephone number is used to process the contact and to handle it, and is saved temporarily or displayed in the RAM / cache on the telephone / display. It is saved for liability and security reasons in order to be able to prove the phone call and for commercial reasons in order to be able to call back. We will block phone numbers in the event of unauthorised advertising phone calls.
- The legal basis for processing your telephone number is Article 6, Paragraph 1, Section 1 f) of the GDPR. If the contact relates to concluding a contract, the additional legal basis for processing is Article 6, Paragraph 1 b) of the GDPR.
- The device’s cache saves the calls for 30 days and overwrites or successively deletes old data. When the device is disposed of, all data is deleted and the memory destroyed if necessary. Blocked telephone numbers are checked annually to establish whether blocking is necessary.
- You can prevent your telephone number being displayed by calling with your number withheld.
Google AdWords with conversion tracking
- We use the “AdWords with conversion tracking” service (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to our website by advertising on the websites of third parties. If you click a Google advertisement from us, a cookie is saved on your browser and remains valid for around 30 days. If you then visit our website, we and Google can use the cookie to evaluate whether you have visited our website and which pages you have visited on our website. Google uses this to create statistics. The full scope of data processing is not known to us. The data is also transferred to the USA and analysed there. If you are logged in with a Google account, AdWords can assign the data to your account. If you do not wish this to happen, you must log out before visiting our website. This conversion tracking is used for analysis, optimisation and commercial operation of our advertising and website.
- The legal basis for processing your data is our legitimate interest in analysis, optimisation and commercial operation of our website and advertising in accordance with Article 6, Paragraph 1, Section 1 f) of the GDPR. Google is certified in accordance with the EU-US privacy shield: https://www.privacyshield.gov/EU-US-Framework.
- You can reject installation of cookies by Google in various ways or prevent this:• You can disable cookies in your browser using the “Do not accept cookies” setting, which also includes third-party cookies;• You can use the direct Google link https://adssettings.google.com to deactivate conversion tracking, but this setting only remains active until you delete your cookies.• You can deactivate personalised advertisements from third parties that participate in the “About Ads” advertising self-regulation initiative via the link https://optout.aboutads.info for US websites or https://www.youronlinechoices.com/uk/your-ad-choices for EU websites, but this setting only remains active until you delete all of your cookies;• You can use a browser plug-in for Chrome, Firefox or Internet-Explorer at https://support.google.com/ads/answer/7395996 to deactivate cookies permanently. Deactivating mat result in you no longer being able to use the full scope of functions on our website.
- For more information, see the Google data privacy statement at https://policies.google.com/privacy?hl=en&gl=uk and https://services.google.com/sitestats/en.html.
- We have integrated the “Google Analytics” website analysis tool (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) into our website.
- When you visit our website, Google places a cookie on your computer in order to be able to analyse your use of our website. The data obtained is transferred to the USA and saved there. If personal data is to be transferred to the USA, Google’s certification according to the privacy shield agreement (https://www.privacyshield.gov/EU-US-Framework) provides the guarantee that the European data protection laws are complied with.
- We have activated “anonymizeIP” IP anonymisation, whereby IP addresses are abbreviated for further processing. On this website, your IP address will therefore be abbreviated in advance by Google within European Union Member States or in other signatories to the agreement regarding the European Economic Area. The full IP address will only be transferred in full to a Google server in the USA and abbreviated there in exceptional circumstances. On behalf of the owner of this website, Google will use this information to evaluate your use of the website, to compile reports regarding website activities and to provide the controller with further services associated with website usage and internet usage. Furthermore, we have activated cross-device analysis of website users, which is performed via a “User-ID”. The IP address transferred by your browser as part of Google Analytics is not merged with other data from Google. Google Analytics is used for analysis, optimisation and improvement of our website.
- The legal basis for this is our legitimate interest in data processing according to Article 6, Paragraph 1, Section 1 f) of the GDPR as specified in the aforementioned purposes.
- The data sent by us and linked with cookies, user identifications (such as User-ID) or advertising IDs is deleted automatically after 26 months. When data’s retention period is reached, it is deleted automatically once per month.
- For more information on data use by Google Analytics, see: https://marketingplatform.google.com/about/analytics/terms/gb/ (Google Analytics Terms of Service), https://support.google.com/analytics/answer/6004245?hl=en (information regarding data protection for Analytics) and Google’s data privacy statement https://policies.google.com/privacy.
- Rejection and “opt-out”: You can prevent cookies being saved on your hard disk in general by selecting “Do not accept cookies” in your browser settings. However, this may impair the functions of our website. Furthermore, you can prevent the data generated by the cookie and that relates to your use of the website being recorded by Google and processed by Google by downloading and installing the browser plug-in that is available at: https://tools.google.com/dlpage/gaoptout?hl=en
- As an alternative to the aforementioned browser plug-in, you can prevent Google Analytics recording your data by clicking Clicking sets an “opt-out” cookie that will prevent your data being recorded when you visit this website in the future. This cookie only applies to our website and your current browser and remains active until you delete your cookies. In this case, you must set the cookie again.
- You can deactivate cross-device user analysis in your Google account in “My Data -> Personal Info”.
Rights of the data subject
- Right to object or withdraw consent to process your dataIf processing requires your consent in accordance with Article 6, Paragraph 1 Section 1 a), Article 7 of the GDPR, you have the right to withdraw your consent at any time. The lawfulness of the processing that was performed due to the consent up to the time of withdrawal is not affected by this. If we base our processing of your personal data on balancing interests in accordance with Article 6, Paragraph 1, Section 1 f) of the GDPR, you can object to the processing. This is the case if processing is not specifically required to fulfil a contract with you, which is illustrated by the description of functions below. If you exercise this right of objection, we request that you specify the reasons why your personal data may not be processed by us. If you justify your objection, we will check the situation and will either stop or adjust data processing, your declare to you our compelling legitimate grounds for continuing processing. You can object to processing of your personal data for advertising and data analysis purposes at any time. You can avail of this right to object free of charge. You can inform us of your objection using the following contact data: IB Verfahrens- und Anlagentechnik GmbH & Co. KG
Großer Kamp 10-12
32791 Lage, Germany
Managing Director Frank Scholz
Companies’ register number: HRA 4518
Court of registry: Lemgo
E-mail address: email@example.com
- Right of access
You have the right of access to the personal data that we save about you in accordance with Article 15 of the GDPR. In particular, this includes access to the processing purposes, the category of personal data, the categories of recipients to which your data was or is published, the planned storage duration and the origin of your data if this was not collected from you.
- Right to rectification
You have the right to rectification of incorrect or completion of correct data in accordance with Article 16 of the GDPR.
- Right to erasure
You have the right to erasure of the data saved by us in accordance with Article 17 of the GDPR unless legal or contractual retention periods, or other legal obligations or rights to save the data override this.
- Right to restriction
You have the right to request a restriction to processing your personal data if the prerequisites in Article 18, Paragraph 1 a) to d) of the GDPR are met:
• If you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims• you have objected to processing pursuant to Article 21, Paragraph 1 of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Right to data portability
You have the right to data portability in accordance with Article 20 of the GDPR, which means that you can receive the personal data that we have stored about you in a structured, common, machine-readable format or request that this be transmitted to a different person responsible.
- Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. Generally, you can lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
In order to protect all personal data that is transmitted to us and to ensure that the data protection regulations are adhered to by us and our external service providers, we have taken suitable technical and organisational security measures. Therefore, all data between your browser and our sever is transmitted encrypted via a secure SSL connection for example.
Version dated: 30/10/2019
Source: Sample data privacy statement from JuraForum.de