The following regulations concern the information about the processing of personal data as per the provisions of the General Data Protection Regulation (GDPR) and particularly focus on the informational duties according to Art 12 to 14 GDPR and to inform the persons concerned about their rights according to Art 15 to 22 and Art 34 GDPR.
In the following, frequently used terms in this privacy statement are defined and explained.
- “Personal data”: All information concerning an identified or identifiable natural person (hereafter “Concerned Party”). A natural person becomes identifiable if it can be directly or indirectly identified, particularly by assignment of a label such as a name, a code, a location, an online alias or by any one or several particular characteristics which serve to express the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
- “Responsible Party” is the natural or legal entity, authority, institution or other body which decides - alone or collectively - about the purpose and the means of personal data. If the purpose(s) and means of personal data processing are specified by laws of the European Union or national laws of its member states, the Responsible Party may be appointed by or certain criteria of the appointment may be determined in accordance with EU law or member state laws.
- “Data Processor” is a natural or legal entity, authority, institution or other body that processes the personal data on behalf of the responsible party.
- “Recipient” is a natural or legal entity, authority, institution or other body to which personal data is disclosed. The Recipient may be part of the already mentioned parties or another, third party. Authorities who receive personal data within the scope of a certain inquiry in accordance with EU law or member state law are not Recipients in the sense of this statement. These authorities process personal data in compliance with the current data protection regulations and in accordance with the purpose(s) or processing.
- “Third party” is a natural or legal entity, authority, institution or other body authorised to process personal data apart from the Concerned Party, the Responsible Party, the Data Processor and all persons within the direct area of responsibility of the Responsible Party or the Data Processor.
- “Processing” is any automated or manual process or any such sequence of processes in any way related to personal data, e.g. its collection, input, organisation, sorting, saving, updating or modification, reading, retrieval, disclosure by transfer, proliferation or any other form of publication, its restriction, deletion or destruction.
- “Profiling” is any way of automated personal data processing intended to use said data to evaluate certain personal aspects of a natural person, in particular in order to analyse or predict aspects touching work performance, economic situation, health, personal preferences, interests, reliability, behaviour, current location or change of location of this natural person.
- “Restriction of processing” is defined as the flagging of saved personal data in order to restrict their further processing.
General Data Protection Regulation
The full text of the General Data Protection Regulation on the Internet can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=EN. If you have any further questions concerning the General Data Protection Regulation, please contact our Data Protection Officer.
Information concerning the Responsible Party
Responsible Party in all contractual relationships with Battermann & Tillery GmbH is:Battermann & Tillery GmbH Lloydstraße 1
Phone: +49 (0) 421 / 38 98 642
Fax: +49 (0) 421 / 38 98 666
Email address: email@example.com
Registration: Bremen HRB 14958
Manager / CEO: Mr Percy Tillery, Mr Patrick Tillery
Responsible regulatory authority
The responsible regulatory authority is:The Federal Commissioner for Data Protection and Informational Freedom of the Free Hanseatic City of Germany
Dr. Imke Sommer (Ms)
Phone: +49 471 596 2010 or +49 421 361 2010
Fax: +49 421 496 18495
Email address: firstname.lastname@example.org
Data Protection Officer
The Data Protection Officer of the Responsible Party is Mr Ralf Bingel. The Data Protection Officer can be contact as follows:
Telephone: + 49 (0) 421 38 98 6-43
Information about the collection, processing and usage of data
We only process your personal data for the purpose of providing and improving the services we offer. This purpose includes:
- Provision of requested products and services: We use the data provided by you in order to render the services you requested by appointing us.
- Notification in case of an update on or cancellation of the contractual relationship: We will send information about the services you requested and update you concerning any changes of these services. Such notifications are not sent for marketing purposes, and you cannot opt-out.
- Administrative or legal purposes: We use your data for statistics, marketing analyses, system tests, customer surveys, maintenance and development, or in the handling of legal disputes or legal claims. Please note that we may create a data profile based on the data we collect from you for the purpose of statistics or marketing analyses. Such profiles are created only with your prior consent, and we take the utmost care to ensure that the data such profiles is based upon are correct. By providing us with personal data, you authorise us to use them to create data profiles in accordance with this Privacy Statement.
- Safety, health, administration, crime prevention and detection: It is possible that we will have to forward your data to federal authorities or law enforcement agencies in order to fulfil legal requirements.
- Communication with customer care: We use your data in order to organise our communication with you as our customers and in order to improve on our services as well as on your experience with us.
- Marketing: Every now and then, we will send you informational emails. In every such email from us, you will be able to opt out of future direct mailings of that kind.
We will process your personal data only if there is a legal base for doing so. The legal base is defined by the purposes for which we collected your personal data and for which we are to use them.
We will store your data no longer than is required for the purpose for which it was processed. In order to determine the appropriate storage period, we take into account the volume of the personal data, the kind and sensitivity as well as the purpose for which we have been processing your personal data. We will also consider whether we would be able to fulfil this purpose by other means.
Furthermore, we will have to consider certain periods during which we might be obligated to retain your personal data. This may be necessary in order to fulfil legal requirements, in order to be able to handle complaints and enquiries, or to protect our legal interests should a claim be raised against us.
If your personal data is no longer required, it will be irretrievably deleted order destroyed. We will moreover consider reducing the personal data we use to a minimum and whether it is possible to anonymise your personal data, thus disassociating it from you and preventing identification. In this case, we may use this data without your prior consent.
Rights of the Concerned Party
As the Concerned Party of the data processing operation, you have the following rights according to the General Data Protection Regulation(hereafter “rights of the concerned party”):
- You have the right to request information about whether we process your personal data. If we process your personal data, you are entitled to request information concerning:
- the purpose of processing;
- the category/type of personal data processed;
- the Recipients or categories of Recipients to whom your data has been disclosed or will be disclosed. This applies in particular if data was/is to be disclosed to Recipients in third countries beyond the jurisdiction of the GDPR.
- the planned period of storage, if possible; if this cannot yet be determined, the criteria to determine the storage period (e.g. legal storage periods and similar) are to be stated.
- to exercise your right to have your personal data corrected or deleted, to restricting its processing and/or to object to its collection (see also the following clauses in this regard);
- the existence of the right to lodge a complaint with a regulatory authority;
- the origin of the data in case the personal date was not directly collected from you. Furthermore, you may request information whether your data is used in automated decision-making in the sense of Art 22 GDPR. If this is the case, you may request information about the criteria on which such automated decisions are based (logic) and what can be the effects and the significance of such an automated decision for you.
If personal data is transferred in to a third country beyond the jurisdiction of the General Data Protection Regulation, you may request information about whether there are any guarantees in place at the Recipient’s for an ample level of data protection in the third country in the sense of Art 45 and 46 GDPR.
You have the right of requesting a copy of your personal data. Such copies will be provided in electronic form unless you request otherwise. The first copy will be free of charge, any further copies may be provided against an appropriate fee. Copies will be provided without prejudice for the rights and liberties of other persons who might be affected by the provision of a copy of your personal data.
- You have right to request us to correct your data if same is incorrect, inaccurate and/or incomplete; the right of correction includes the right of completion by means of additional statements or messages. Any correction and/or amendment is to be made immediately, that is without any undue delay.
- You have the right to request us to delete your personal data if
- the personal data is no longer required for the purpose(s) for which they were collected and processed;
- the personal data is processed based upon your explicit consent and you have withdrawn said consent, unless there is another legal basis for continued processing of the data;
- you objected to the processing of your data according to Art 21 GDPR and no overriding, justified reasons for continued processing can be stated;
- you object to the processing of your data for the purpose of direct marketing in accordance with Art 21 Para 2 GDPR;
- your personal data was processed illegally;
- the data concerns an offspring and was collected with regard to information society services in accordance with Art 8 Para 1 GDPR.
- You may not exercise your right to have personal data deleted if
- your request would oppose the right of free speech and the right to freedom of information;
- your data is processed in order to (i) fulfil legal requirements (e.g. legal storage periods), (ii) be able to observe public duties and interests in accordance with EU law and/or member state laws (this includes public health interests), or (iii) if your data is required for purposes of public records and/or research;
- your personal data is required to assert, exercise or defend legal entitlements.
Personal data has to be deleted immediately, i.e. without any undue delay. If personal data has been published by us (e.g. on the Internet), we have to ensure, insofar as technically possible and reasonable, that third-party Data Processors are also informed about the request to delete the data including the deletion of links, copies and/or replications.
- You have the right to have the processing of your personal data restricted in the following cases:
- If you contested the correctness of your personal data, you can request that your data may not be processed for other purposes while the data is verified, thus restricting its processing.
- If your data is processed illegally, you can, instead of requesting deletion of the data in accordance with Art 17 Para 1 lit. d GDPR, request that their usage be restricted in accordance with Art 18 GDPR:
- If you require your personal data to assert, exercise or defend legal entitlements and they are otherwise no longer required, you can request that their processing/usage be restricted to the aforementioned legal purposes;
- If you objected to the processing of your data in accordance with Art 21 Para 1 GDPR and it has not yet been determined whether our interest of processing outweigh your own interests, you can request that your personal data not be processed for other purposes until such a determination is made, thus effectively restricting their usage.
Personal data the processing of which was restricted as per your request - their storage notwithstanding - must only be processed (i) with your consent, (ii) to assert, exercise or defend legal entitlements, (iii) to protect the rights of other natural or legal entities, or (iv) for reasons of a substantial public interest. If the processing restrictions are lifted, you will be notified accordingly in advance.
- You have the right - subject to the following provisions - to request that your personal data be surrendered in a common, electronic and machine-readable format. The right of data transfer includes the right to transfer it to another Responsible Party; upon request, we will, insofar technically possible, transfer your data directly to a Responsible Party of your choosing. The right of data transfer only concerns the data provided by your and requires your consent or must be performed within a scope of a contractual agreement and is to be executed using automated processes. The right of data transfer in accordance with Art 20 GDPR will leave the right of data deletion in accordance with Art 17 GDPR unaffected. Any data transfer is performed without prejudice for the rights and liberties of other persons who might be affected by the data transfer.
- If your data is processed to fulfil responsibilities in the public interest (Art 6 Para 1 lit. e GDPR) or to observe legitimate interests (Art 6 Para 1 lit. f GDPR), you are entitled to object to the processing of the respective data any time with effect for the future. If you object to the processing of your data, we have to cease any further processing, unless
- there are compelling legitimate grounds for processing which outweigh your own rights and liberties, or
- the processing is necessary to assert, exercise or defend legal entitlements.
Usage of your personal data for the purpose of direct marketing can be objected to at any time with effect for the future; this also includes profiling as long as it is related to direct marketing. If you object, we have to cease to process any of your personal data for the purpose of direct marketing.
- Decisions of legal or other significant consequence for you may not be based solely on automated processing of personal data and/or profiling. This does not apply if the automated decision
- is necessary in order to enter into or fulfil a contractual agreement with you,
- is permissible by the laws of the EU or its member states, provided these laws include appropriate measures to safeguard your rights and liberties and the legitimate interest of your natural person, or
- is made with your express consent.
- In case of data breaches which carry a high risk for your personal rights and liberties, we will notify your immediately. If cases in accordance with Art 34 Para 3 GDPR are concerned, such a notification may be waived. The notification will contain the following information, among other:
- Description of the data breach,
- Name and contact data of the Data Protection Officer or any other contact person for further information,
- Description of the likely consequences of the data breach,
- Description of the measures implemented or suggested by us in order to repair the data breach and to alleviate negative consequences.
- In order to exercise the rights of the Concerned Party, please contact the bodies mentioned in § 5 and § 6. Enquiries received in electronic form will normally be answered in electronic form unless you have requested otherwise in your enquiry.
Information, messages and measures in accordance with the GDPR including exercising the rights of the Concerned Party are generally provided free of charge. Only if applications/enquiries are obviously unfounded or excessive, we are entitled to demand an appropriate fee or to deny the application/request (Art 12 Para 5 GDPR).If there is reasonable doubt about your identity, we are entitled to request additional information from you in order to positively verify your identity. If we are not able to positively verify your identity, we are entitled to deny your request. If it is not possible for us to identify you, we will notify you explicitly, if at all possible. (Art 12 Para 6, Art 11 GDPR).
Any enquiries and requests for information will normally be processed immediately within one month from the date of the enquiry. This period can be extended by another two months if so required in light of the complexity and/or the volume of individual enquiries; if the period needs to be extended, we will inform you about the reasons for the delay within one month from the date of your enquiry. If we will not process your enquiry, we will notify your immediately within one month from your enquiry stating the reasons. We will furthermore inform you about your options of lodging a complaint with a regulatory authority or of taking legal action. (Art 12 Para 3 and 4 GDPR)
- Please note that you may exercise your rights as Concerned Party only within the limitations possibly imposed by the EU or its member states. (Art 23 GDPR)
- You have the right to request information about whether we process your personal data. If we process your personal data, you are entitled to request information concerning:
Using the website
- If you access our website, we will automatically collect general information. This information (server logfiles) includes, for instance, your type of browser, your type of operating system, the domain name of your internet service provider and similar data. It is not possible to identify you using any of this information. Collecting this information is technically necessary in order to be able to display the content of the website correctly. Information of this kind is collected everywhere on the Internet. Anonymous information such as this will be used by us for statistics in order to improve our on-line presence and the underlying technology.
- If you contact us by email or via the contact form on the website, the information you provide will be stored to enable us to process your enquiry and to be able to answer potential follow-up questions. The only personal data collected by us, if you contact us in the above-mentioned manner, is the data you voluntarily provide in the contact form or in your email. Your data will only be used to process your enquiry, for potential follow-up questions and, if applicable, to fulfil and handle any contractual relationship entered by you and us.
After the contract has been fulfilled, your data will of course be blocked from further processing.
After expiry of the legal fiscal and commercial storage periods, your data will be deleted unless you did not expressly consent to our using your data further, or if we reserve our legal right of using your data further. In this case, we will notify you accordingly.
- This website uses Piwik, an open-source software for the statistical analysis of visits. Piwik deploys so-called “cookies”, i.e. small text files which will be stored on your computer and which allow us to analyse your visit to our website. The cookies generate information about your usage of our website and will be stored on a server located in Germany.
Immediately after processing and prior to storing the information, you IP address will be anonymised. You can prevent the installation of cookies on your computer by changing the appropriate settings of your browser software. Please note that it may be possible that you will no longer be able to use all the features of our website if you activate the aforementioned settings.
- You can decide if you would like a unique web analytics cookie installed on your computer in order to allow the host of the website to collect and analyse various statistics data.
Cookies cannot be hijacked to execute programs or infest a computer with a virus. Based on the information collected by cookies, we are able to ease your navigation on our website and ensure that it is displayed correctly.
We will not disclose the data collected by cookies to any third party or associate it to any personal information without your consent.
- In order to protect your data during transfer, we implemented state-of-the-art encryption methods such as SSL and HTTPS.
- Our website uses Google (Universal) Analytics, a web analysis service of Google, Inc. (www.google.de). Google (Universal) Analytics employs various methods of analysing how you use this website, among them installing the aforementioned cookies.
The information collected by the Google (Universal) Analytics cookie are normally transferred to and stored on a Google server located in the USA. Prior to the transfer and still on EU territory, respectively the territories of the member states of this regulation, your IP address is shortened and thus anonymised. Only in exceptional cases will your full IP transferred to the Google server in the USA before it is shortened there. The anonymised IP address transmitted from your browser via Google Analytics will not be associated or merged with any other data stored by Google.
What can you do if you do not wish the Google cookie to transmit data?
- You can prevent the Google cookie from collecting and transmitting the data concerning the usage of our website (including your IP address) to Google by installing the appropriate browser plug-in available here: http://tools.google.com/dlpage/gaoptout?hl=de.
- Instead of installing the plug-in, you can just click on the above link in order to prevent Google Analytics from collecting any data from your browser while you are visiting this website. Through your click, an opt-out cookie will be generated and stored on your computer. If you delete your cookies, you will have to click on the link again.
- The transfer of personal data to third parties is permitted only based on legal allowance or the Concerned Party’s consent.
- If required to deliver ordered goods, we will transfer your data to the contracted forwarding company so the contract can be fulfilled.
- If the Recipient of personal data is located outside of the European Union or the European Economic Area, special measures are to be taken in order to safeguard the rights and interests of the Concerned Parties. Data must not be transferred if the Recipient cannot provide an adequate level of data protection, e.g. due to specific contractual clauses.
- If you apply for a job with us, your personal data will be processed by us for the purpose of the employment relationship as far as they are necessary for the decision to hire you. The legal basis for data processing is laid down in Art 6 Para 1 GDPR and § 6 Bundesdatenschutzgesetz (BDSG) [Federal Data Protection Act]. If your application contains special categories of personal data (such as information on your marital status, your sex life, your sexual orientation, your health, a photo which may intimate your ethnic background, your vision and/or your religion, or similarly sensitive data as defined in Art 9 GDPR), we must only process this data upon your express written consent. For this purpose, please fill in, sign, and submit the form “Supplementary Statement Regarding Special Categories of Data”.
- Your personal data will not be disclosed to third parties by us.
- All the data submitted by you will be stored for up to 6 months after rejection of your application. Only upon your express written consent will we store your data for a longer period of time after rejection of your application.
- You are entitled to request information on whether we process your personal data or not. If our company processes your personal data, you have the right to access the same (Art 15 GDPR).
- You have the right of requesting a copy of your personal data. In general, we will provide a copy of your personal data in electronic form unless you request otherwise. The first copy will be free of charge, any further copies may be provided against an appropriate fee. Copies will be provided without prejudice for the rights and liberties of other persons who might be affected by the provision of a copy of your personal data.
- You are entitled to demand that your personal data be corrected if it should be incorrect, inaccurate and/or incomplete. This right of correction entails the right of completion by supplementary statements or messages. Any correction and/or amendment must be made immediately, i.e. without undue delay (Art 16 GDPR).
- In accordance with the circumstances listed in Art 17 GDPR, you are entitled to request us to delete your personal data.
- Personal data has to be deleted immediately, i.e. without any undue delay.
- In accordance with Art 20 GDPR - limited by the exceptions laid down in the following regulations - you are entitled to request issuance of your personal data in a common electronic and machine-readable format. The right of data transfer includes the right to transfer it to another Responsible Party; upon request, we will, insofar technically possible, transfer your data directly to a Responsible Party of your choosing. The right of data transfer only concerns the data provided by your and requires your consent or must be performed within a scope of a contractual agreement and is to be executed using automated processes. The right of data transfer in accordance with Art 20 GDPR will leave the right of data deletion in accordance with Art 17 GDPR unaffected. Any data transfer is performed without prejudice for the rights and liberties of other persons who might be affected by the data transfer.
- If you have any complaints, please do not hesitate to contact the responsible supervisory authority of the European Union or its member states. Our company is within the area of responsibility of the supervisory authority stated in § 5.
Amendment of the Privacy Statement
We reserve the right to amend this Privacy Statement from time to time in order to adapt it to the current legal requirements or to add updates concerning any changes of our services, e.g. the introduction of new services. If you visit our website after such amendments have been made, the new Privacy Statement applies.
If you have any complaints, please do not hesitate to contact the responsible supervisory authority of the European Union or its member states. Our company is within the area of responsibility of the supervisory authority stated in § 5.