Data Protection

Data Protection Declaration

We are pleased about your interest in our company. The management of Albert Ponsel GmbH & Co. KG gives particular priority to data protection. In principle, you may use the webpages of Albert Ponsel GmbH & Co. KG without indicating any Personal Data. However, if a Data Subject would like to use particular services of our company through our website, the processing of Personal Data may be required. If the processing of Personal Data is necessary and there is no legal basis for such a processing, we generally obtain the consent of the relevant Data Subject.

Personal Data such as name, address, email address or telephone number of a Data Subject will be processed at all times in accordance with the GDPR and the country-specific data protection provisions applicable to Albert Ponsel GmbH & Co. KG. By means of this Data Protection Declaration, our company would like to inform the public about the type, scope, and purpose of the Personal Data collected, used, and processed by us. Furthermore, the Data Subjects will be informed by means of this Data Protection Declaration about the rights that they are entitled to.

Albert Ponsel GmbH & Co. KG as controller of the processing has implemented numerous technical and organisational measures in order to ensure that the protection of the Personal Data, which is processed after having been obtained through this website, is as complete as possible. Nevertheless, internet-based data transmissions may, in principle, show security gaps so that absolute protection may not be ensured. For that reason, each Data Subject is free to transfer data to us also through alternative channels, e.g. by telephone.

1. Definitions

The Data Protection Declaration of Albert Ponsel GmbH & Co. KG is based on the terms that have been used by the European authority issuing directives and regulations when they issued the General Data Protection Regulation (GDPR). Our Data Protection Declaration is meant to be easily readable and understandable both for the public and for our customers as well as for business partners. In order to ensure this, we would like to explain in advance the terms we have used.

In this Data Protection Declaration, we use, among others, the following terms:

a) Personal Data
“Personal Data” shall be any information that relate to an identified or identifiable natural person (hereinafter referred to as “Data Subject”). A natural person is considered as identifiable if this person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data Subject
The “Data Subject” shall be any identified or identifiable natural person the Personal Data of whom is processed by the Controller of the Processing.

c) Processing
“Processing” shall mean any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of Processing
“Restriction of Processing” shall mean the marking of stored Personal Data with the aim of restricting its Processing in the future.

e) Profiling
“Profiling” shall mean any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular in order to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation
“Pseudonymisation” shall mean the Processing of Personal Data in a manner in which the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures that ensure that the Personal Data is not attributed to an identified or identifiable natural person.

g) Controller or Controller of the Processing
The “Controller” or “Controller of the Processing” shall mean the natural or legal person, public authority, entity or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. If the purposes and means of such Processing are determined by Union or member state law, the Controller or the specific criteria for the nomination of the Controller may be provided for by Union or Member State law.

h) Processor
“Processor” shall mean a natural or legal person, public authority, entity or other body that processes Personal Data on behalf of the Controller.

i) Recipient
“Recipient” shall mean any natural or legal person, public authority, entity or another body, to which Personal Data is disclosed, whether the Recipient is a Third Party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as Recipients.

j) Third Party
“Third Party” shall mean any natural or legal person, public authority, entity or other body except the Data Subject, Controller, Processor, and the persons who, under the direct responsibility of the Controller or Processor, are authorised to process Personal Data.

k) Consent
“Consent” shall mean any declaration of intent by the Data Subject that has been given freely for a specific case in an informed manner and unambiguously in the form of a declaration or any other unequivocal affirmative action by means of which the Data Subject indicates that he/she agrees to the Processing of the Personal Data relating to him/her.

2. Name and Address of the Controller of the Processing

The Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature shall be:

Albert Ponsel GmbH & Co. KG

Trübenbacher Str. 12

96279 Weidhausen

Germany

Telephone: +49 (0) 9562 788 0

Email: info@ponsel.de

Website: www.ponsel.de

3. Name and Address of the Data Protection Officer

The Data Protection Officer of the Controller of the Processing shall be:

Werner Dieter

eSourceONE GmbH

Kronacher Straße 60

96052 Bamberg

Germany

Telephone: 0951/70086-0

Email: d.werner@esourceone.de

Website: www.esourceone.de

Each Data Subject may directly contact our Data Protection Officer at any time regarding all issues and suggestions relating to data protection.

4. Cookies

The webpages of Albert Ponsel GmbH & Co. KG use cookies. Cookies are small text files that are placed through an internet browser on a computer system and stored there.

Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string by means of which websites and servers may be associated with the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the distinct browser of the Data Subject from other internet browsers that contain other cookies. A specific internet browser may be recognised and identified by means of the unique cookie ID.

By using cookies, Albert Ponsel GmbH & Co. KG may provide services to users of this website that are more user-friendly and would not be realisable without placing cookies.

By means of a cookie, information and offers on our website may be optimised in the interests of the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to facilitate the utilisation of our website by the users. For example, the user of a website that uses cookies does not have to re-enter his/her access data when visiting the website again because this data will be taken over from the website and the cookie placed on the user’s computer system. Another example is the cookie of a shopping cart at online shops. The online shop remembers by means of a cookie the items that a customer has placed in the virtual shopping cart.

The Data Subject may, at any time, prevent cookies being placed by our website by means of a corresponding setting of the internet browser used and may in this way permanently object to cookies being placed. Furthermore, cookies that have already been placed may be deleted at any time through an internet browser or other software programmes. This is possible in all common internet browsers. If the Data Subject disables the placement of cookies on the internet browser used, in some circumstances, not all functions of our website may be used to their full extent.

5. Recording of general Data and Information

The website of Albert Ponsel GmbH & Co. KG records a number of general data and information whenever the Data Subject or an automated system visits the website. This general data and information is stored in the logfiles of the server. The following data may be recorded: (1) the used browser types and versions, the (2) operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-websites to which an accessing system navigates on our website, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serves for averting danger in cases of attacks on our information technology systems.

When using this general data and information, Albert Ponsel GmbH & Co. KG does not draw any conclusion to the Data Subject. Furthermore, the information is required for (1) displaying the content of our website correctly, (2) optimising the content of our website as well as the advertisement for it, (3) ensuring the permanent operability of our information technology systems and the technology of our website, and (4) in order to provide prosecuting authorities with the necessary information for the prosecution in the case of a cyber attack. Albert Ponsel GmbH & Co. KG therefore analyses this data and information, which is collected anonymously, on the one hand for statistical reasons and on the other hand with the aim of increasing the data protection and data security in our company for the purpose of ultimately ensuring an optimum level of protection regarding the Personal Data processed by us. The anonymous data of the server logfiles will be stored separately from all Personal Data submitted by any Data Subject.

6. Contact via the Website

Due to statutory provisions, the website of Albert Ponsel GmbH & Co. KG contains information that allows customers to contact our company quickly and electronically as well as to contact us directly, which also includes a general electronic mail address (email address). If a Data Subject contacts the Controller of the Processing by email or via a contact form, the Personal Data submitted by the Data Subject will be stored automatically. Such Personal Data that has been submitted by a Data Subject to the Controller of the Processing on a voluntary basis will be stored for the purpose of handling the issue or contacting the Data Subject. This Personal Data will not be passed on to Third Parties.

7. Routine Erasure and Blocking of Personal Data

The Controller of the Processing will process and store Personal Data of the Data Subject only for the time that is necessary for fulfilling the purpose of the storage or if this is provided for by the European authority issuing directives and regulations or by another legislator in laws and provisions that are applicable to the Controller of the Processing.

If the purpose of the storage does no longer exist or a storage period required by the European authority issuing directives and regulations or another competent legislator expires, the Personal Data will be blocked or erased as a matter of routine and in accordance with the statutory provisions.

8. Rights of the Data Subject

a) Right to a Confirmation
Each Data Subject has the right granted by the European authority issuing directives and regulations to require from the Controller of the Processing a confirmation of whether Personal Data concerning the Data Subject is processed. If a Data Subject would like to exercise this right to a confirmation, the Data Subject may contact for that purpose, at any time, a staff member of the Controller of the Processing.

b) Right of Access
Each Data Subject concerned by the Processing of Personal Data shall have the right granted by the European authority issuing directives and regulations to obtain at any time and free of charge from the Controller of the Processing information about the Personal Data stored with regard to the person of the Data Subject and a copy of this information. Furthermore, the European authority issuing directives and regulations has granted to the Data Subject the right to information about the following issues:

the purposes of the Processing;
the categories of Personal Data processed;
the Recipients or categories of Recipients in relation to which the Personal Data has been or will be disclosed, in particular in the case of Recipients in third countries or at international organisations; if possible, the intended periods during which the Personal Data will be stored or, if that is not possible, the criteria for determining this period;
the existence of a right to rectification or erasure of the Personal Data concerning the Data Subject or to a restriction of the Processing by the Controller of the Processing or a right to object to this Processing; the existence of a right to lodge a complaint with a supervisory authority;
if the Personal Data is not collected from the Data Subject: any information available about the origin of the data;
the existence of an automated decision-making including Profiling in accordance with Article 22, sections 1 and 4 of the GDPR and – at least in these cases – substantial information about the logic involved as well as the consequences and the intended results of such a Processing for the Data Subject;
Furthermore, the Data Subject has a right to information on whether Personal Data has been transferred to a third country or an international organisation. If this is the case, the Data Subject shall furthermore have the right to obtain information on this and on the appropriate safeguards in connection with the transfer.

If a Data Subject would like to exercise this right of access, the Data Subject may contact for that purpose, at any time, a staff member of the Controller of the Processing.

c) Right to Rectification
Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to request the immediate rectification of incorrect Personal Data relating to the Data Subject. Furthermore, the Data Subject shall have the right to request the completion of incomplete Personal Data – also by means of a supplementary statement – whereby the purposes of the Processing shall be taken into account.

If a Data Subject would like to exercise this right to rectification, the Data Subject may contact for that purpose, at any time, a staff member of the Controller of the Processing.

d) Right to Erasure (“Right to be forgotten”)
Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to request the Controller to erase the Personal Data relating to the Data Subject without delay if one of the following reasons applies and if the Processing is not necessary:

The Personal Data has been collected or processed in any other manner for purposes for which is no longer required;
The Data Subject revokes his/her Consent on which the Processing in accordance with Article 6, section 1, item (a) of the GDPR or Article 9, section 2, item (a) of the GDPR was based, and there is no other legal basis for the Processing;
the Data Subject objects to the Processing in accordance with Article 21, section 1 of the GDPR and there are no other overriding legitimate reasons for the Processing or the Data Subject objects to the Processing in accordance with Article 21, section 2 of the GDPR;
The Personal Data has been processed unlawfully;
The erasure of the Personal Data is required for fulfilling a legal obligation in accordance with the laws of the European Union or the member states that govern the Data Subject;
The Personal Data has been collected in relation to offered information society services in accordance with Article 8, section 1 of the GDPR.
If one of the aforementioned reasons applies and a Data Subject would like to cause the erasure of Personal Data stored at Albert Ponsel GmbH & Co. KG, the Data Subject may contact for that purpose, at any time, a staff member of the Controller of the Processing. The staff member of Albert Ponsel GmbH & Co. KG will make sure that we will comply with the request for erasure without delay.

If Albert Ponsel GmbH & Co. KG has made the Personal Data publicly available and if our company is obliged to erase the Personal Data as Controller in accordance with Article 17, section 1 of the GDPR, Albert Ponsel GmbH & Co. KG shall take appropriate – including technical – measures (whereby the technology available and the implementation costs shall be taken into account) in order to inform other controllers of the data Processing, which process the published Personal Data, of the fact that the Data Subject has requested these other Controllers of the data Processing to delete all links to this Personal Data or copies or replications of this Personal Data, as far as Processing is not required. The staff member of Albert Ponsel GmbH & Co. KG will cause the necessary measures to be taken in individual cases.

e) Right to the Restriction of the Processing
Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to request the Controller to restrict the Processing if one of the following conditions is met:

The Data Subject contests the accuracy of the Personal Data for a period enabling the Controller to verify the accuracy of the Personal Data;
The Processing is unlawful and the Data Subject opposes the erasure of the Personal Data and instead requests the restriction of its use;
The Controller no longer requires the Personal Data for the purposes of the Processing, but the Data Subject requires it for asserting, exercising or defending legal claims;
The Data Subject has objected to the Processing in accordance with Article 21, section 1 of the GDPR and it is still uncertain whether the legitimate reasons of the Controller override those of the Data Subject.
If one of the aforementioned conditions is met and a Data Subject would like to request the restriction of the Processing[E1]  of Personal Data that is stored with Albert Ponsel GmbH & Co. KG, the Data Subject may contact for that purpose, at any time, a staff member of the Controller of the Processing. The staff member of Albert Ponsel GmbH & Co. KG will cause the restriction of the Processing.

f) Right to Data Portability
Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to receive the Personal Data related to the Data Subject, which has been provided by the Data Subject to a Controller, in a structured, commonly used and machine-readable format. The Data Subject shall also have the right to transmit this data to another controller without hindrance on the part of the Controller to which the Personal Data has been provided if the Processing is based on the Consent in accordance with Article 6, section 1, item (a) of the GDPR or Article 9, section 2, item (a) of the GDPR or on a contract in accordance with Article 6, section 1, item (b) of the GDPR and if the Processing is carried out by automated means, unless the Processing is necessary for the performance of a task in the public interest or it is carried out in the exercise of official authority vested in the Controller.

Furthermore, in exercising his/her right to data portability in accordance with Article 20, section 1 of the GDPR, the Data Subject has the right to have the Personal Data transmitted directly from one Controller to another, where this is technically feasible and if this does not adversely affect the rights and freedoms of other persons.

For the purpose of exercising the right to data portability, the Data Subject may contact, at any time, a staff member of Albert Ponsel GmbH & Co. KG.

g) Right to Object

Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to object on grounds relating to his/her particular situation at any time to the Processing of Personal Data concerning him/her that is based on Article 6, section (1), item (e) or (f) of the GDPR. This shall also apply to any Profiling based on those provisions.

Albert Ponsel GmbH & Co. KG will no longer process the Personal Data in the case of an objection, unless we may furnish proof of compelling reasons for the processing that are worth of protection and that override the interests, rights and freedoms of the Data Subject or the Processing serves for the assertion, exercise or defence of legal claims.

If Albert Ponsel GmbH & Co. KG processes Personal Data in order to perform direct advertising, the Data Subject shall have the right to object at any time to the Processing of the Personal Data for the purpose of such advertising. This shall also apply to the Profiling as far as it is related to such direct advertising. If the Data Subject objects to the Processing for direct advertising purposes vis-à-vis Albert Ponsel GmbH & Co. KG, Albert Ponsel GmbH & Co. KG will no longer process the Personal Data for these purposes.

In addition, the Data Subject shall have the right in accordance with Article 89, section 1 of the GDPR to object on grounds relating to his/her particular situation to the Processing of Personal Data concerning him/her that is performed at Albert Ponsel GmbH & Co. KG for scientific or historical research purposes or statistical purposes, unless such Processing is necessary for fulfilling a task that is in the public interest.

For the purpose of exercising the right to object, the Data Subject may submit a message at any time directly to info@ponsel.de. The Data Subject shall furthermore be free to exercise his/her right to object – in connection with the use of information society services, and regardless of the Directive 2002/58/EC – using automated means in which technical specifications are applied.

h) Automated decisions in individual cases, including Profiling
Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to not to be subject to a decision based solely on automated Processing, including Profiling, which produces legal effects concerning him/her or similarly significantly affects him/her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the Data Subject and the Controller or (2) is permitted by legal provisions of the Union or the member states which the Controller is subject to and these legal provisions set out suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests; or (3) is based on the Data Subject’s explicit Consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the Data Subject and the Controller or (2) is based on the Data Subject’s explicit Consent, Albert Ponsel GmbH & Co. KG shall take suitable measures in order to safeguard the rights and freedoms and legitimate interests of the Data Subject, which shall include at least the right to obtain human intervention on the part of the Controller, to express his/her point of view, and to contest the decision.

If the Data Subject would like to exercise rights in regards to automated decisions, the Data Subject may contact directly at any time any staff member of the Controller of the Processing.

i) Right of Revocation of a Consent under Data Protection Law
Each Data Subject concerned by the Processing of Personal Data has the right granted by the European authority issuing directives and regulations to revoke at any time a Consent to the Processing of Personal Data.

If the Data Subject would like to exercise his/her right of revocation of a Consent, the Data Subject may contact directly, at any time, any staff member of the Controller of the Processing.

9. Data Protection Provisions for the Integration and Utilisation of Google Analytics (with Anonymisation Function)

The Controller of the Processing has integrated on this website the component Google Analytics (with anonymisation function). Google Analytics is a web analysis service. “Web analysis” means the collection, compilation, and analysis of data regarding the behaviour of users of websites. A web analysis service records data such as the information from which website the Data Subject reached a website (referrer), which subpages of a website have been accessed or how often and during which period any subpage has been visited. Web analysis is mainly used for optimising a website and performing a cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For the web analysis by means of Google Analytics, the Controller of the Processing uses the add-on “_gat._anonymizeIp”. By means of this add-on, the IP address of the internet connection of the Data Subject will be shortened and anonymised by Google if our webpages are accessed from a member state of the European Union or another contracting member state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is analysing the streams of visitors on our website. Google uses the obtained data and information for example for analysing the use of our website in order to prepare for us online reports, which show the activities on our webpages, and in order to render further services related to the use of our website.

Google Analytics places a cookie on the information technology system of the Data Subject. A description of what a cookie is can be found above. Placing the cookie enables Google to analyse the use of our website. Upon each access of one of the individual pages of this website, which is operated by the Controller of the Processing and on which a Google Analytics component has been integrated, the relevant Google Analytics component causes the internet browser on the information technology system of the Data Subject automatically to transmit data to Google for online analysis purposes. Within the scope of this technical procedure, Google gains knowledge about Personal Data such as the IP address of the Data Subject, on the basis of which Google may for example track the origin of the visitors and clicks and, as a result, prepare commission settlements.

By means of the cookies, Personal Data such as the time of an access, the location from which a system was accessed, and the frequency of the accesses of our website by the Data Subject will be stored. Whenever our website is visited, this Personal Data, including the IP address of the internet connection used by the Data Subject, will be transmitted to Google in the United States of America. This Personal Data will be stored by Google in the United States of America. In some circumstances, Google may pass this Personal Data collected by means of the technical procedure on to Third Parties.

The Data Subject may, at any time, prevent the placement of cookies by our website (as already described above) by using a corresponding setting in his/her internet browser and may in this way permanently object to the placement of cookies. Such a setting in the internet browser used would also prevent Google from placing a cookie on the information technology system of the Data Subject. In addition, a cookie already placed by Google Analytics may at any time be deleted using the internet browser or other software programmes.

Furthermore, the Data Subject may object to – and prevent – the recording of data that is generated by Google analytics and related to the use of this website and the Processing of this data by Google. For that purpose, the Data Subject must download a browser add-on using the link https://tools.google.com/dlpage/gaoptout[EM2]  and install it. This browser add-on notifies Google Analytics through JavaScript that no data and information concerning the visits of websites may be transmitted to Google Analytics. Google considers the installation of the browser add-on as objection. If the information technology system of the Data Subject will be deleted, formatted or re-installed at a later time, the Data Subject will need to re-install the browser add-on in order to disable Google Analytics. If the browser add-on will be deinstalled or disabled by the Data Subject or another person attributable to the Data Subject’s sphere of control, the browser add-on may be re-installed or reactivated.

For further information and the applicable data protection policy of Google, see h[EM3] ttps://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. For further explanations regarding Google Analytics, see https://www.google.com/intl/de_de/analytics/.

10. Data Protection Provisions regarding the Integration and Utilisation of YouTube

The Controller of the Processing has integrated components of YouTube into this website. YouTube is an internet video portal that enables video publishers to upload video clips free of charge and other users to – also free of charge – view, evaluate, and comment on these video clips. YouTube permits the publication of all kinds of videos and therefore even complete movies and television programmes but also music videos, trailers or videos created by the users themselves are accessible through the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

In the event of any access of one of the individual pages of this website, which is operated by the Controller of the Processing and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the Data Subject is caused automatically by the relevant YouTube component to download a presentation of the relevant YouTube component from YouTube. For more information on YouTube, see https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google gain knowledge of the fact which specific subpage of our website is visited by the Data Subject.

If the Data Subject is logged into his/her YouTube account at the same time, YouTube recognises, when a sub page is accessed that contains a YouTube video, which specific subpage of our website is being visited by the Data Subject. YouTube and Google collect this information and associate it with the relevant YouTube account of the Data Subject.

Through the YouTube component, YouTube and Google receive information of the fact that the Data Subject has visited our website every time if the Data Subject is logged into his/her YouTube account at the same time at which he/she visits our website; this happens irrespective of whether the Data Subject clicks on a YouTube video or not. If the Data Subject does not intend such a transmission of information to YouTube and Google, he/she may prevent the transmission by logging out of his/her YouTube account before accessing our website.

The Data Protection Policy published by YouTube, which may be read at https://www.google.de/intl/de/policies/privacy/, contains more information on the collection, Processing, and use of Personal Data by YouTube and Google.

11. Legal Bases of the Processing

For our company, Article 6, section 1, item (a) of the GDPR serves as a legal basis for Processing operations for which we obtain Consent for a specific Processing purpose. If the Processing of Personal Data is necessary for fulfilling a contract of which the Data Subject is a contracting party (e.g. in the case of Processing operations that are necessary for any delivery of goods or the provision of other services or a counter-performance), the Processing is based on Article 6, section 1, item (b) of the GDPR. The same shall apply to Processing operations that are necessary for taking steps prior to entering into a contract, e.g. in cases of enquiries concerning our products or services. If our company is subject to a legal obligation that requires the Processing of Personal Data, e.g. for fulfilling obligations under tax law, the Processing is based on Article 6, section 1, item (c) of the GDPR. In rare cases, the Processing of Personal Data could become necessary in order to protect vital interests of the Data Subject or another natural person. That would be e.g. the case if a visitor would be injured in our company and subsequently his/her name, age, health insurance data or other vital information would have to be passed on to a medical doctor, hospital or other third parties. The Processing would then be based on Article 6, section 1, item (d) of the GDPR.
Ultimately, the Processing operations may be based on Article 6, section 1, item (f) of the GDPR. Processing operations that are governed by none of the aforementioned legal bases are based on this legal basis if the Processing is necessary for safeguarding a legitimate interest of our company or a Third Party, unless there are overriding interests, fundamental rights and fundamental freedoms of the Data Subject. We are permitted to perform such Processing operations in particular because they have been specifically mentioned by the European legislator. In that regard, the legislator held the opinion that a legitimate interest could be assumed if the Data Subject is a customer of the Controller (Recital 47, sentence 2 of the GDPR).

12. Legitimate Interests in the Processing pursued by the Controller or a Third Party

If the Processing of Personal Data is based on Article 6, section 1, item (f) of the GDPR, our legitimate interest is the performance of our business activities for the benefit of the prosperity of all of our employees and our shareholders.

13. Term during which the Personal Data is stored

The criterion for the term of the storage of Personal Data is the relevant statutory retention period. When that period expires, the relevant data will be deleted as a matter of routine, unless it is no longer necessary for fulfilling or initiating a contract.

14. Statutory or contractual Provisions for providing the Personal Data; Requirement for the Conclusion of Contracts; Obligation of the Data Subject to provide the Personal Data; possible Consequences of the Failure to provide this Data

We advise you of the fact that the provision of Personal Data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner).
In some cases it may be necessary for entering into a contract that a Data Subject provides us with Personal Data which need to be processed by us subsequently. For example, the Data Subject is obliged to provide to us Personal Data if our company enters into a contract with the Data Subject. A failure to provide the Personal Data would result in the fact that the contract with the Data Subject could not be concluded.
Prior to any provision of Personal Data by the Data Subject, the Data Subject needs to contact one of our members of staff. Our members of staff will advise the Data Subject in each case of whether the provision of the Personal Data is required by law or contract or is necessary for the conclusion of the contract and whether there is an obligation to provide this Personal Data, and which consequences the failure to provide this Personal Data would have.

15. Existence of an automated Decision-Making

As a responsible company, we refrain from an automated decision-making or Profiling.

This Data Protection Declaration is based on the sample data protection declaration that has been prepared by the generator for data protection declarations of DGD Deutsche Gesellschaft für Datenschutz GmbH, which performs Data Protection Audits , in cooperation with the law firm Medienrechtskanzlei WILDE BEUGER SOLMECKE.