We are pleased to have you visit our internet sites and welcome your interest in our company and our products. The protection of your privacy in the processing of your personal data are an important concern to which we pay special attention during our business processes. We process personal data collected during your visit to our websites confidentially and solely in compliance with legal provisions. This Privacy Statement informs you about the processing of your personal data on our websites and your legal rights.
I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR) is
Effertz Tore GmbH
Am Gerstacker 190
II. Contact data of our data protection officer
For information, suggestions and complaints regarding the processing and the desire to correct or delete your personal data, you can contact our data protection officer.
The data protection officer of the controller is:
Mr. Hartmut Peglow
Telephone: +49 2166 5551361
III. Security and protection of your personal data
We take precautionary measures to protect your data from manipulation, loss, destruction or access by unauthorized persons or unauthorized disclosure. That's why we use the utmost care and state-of-the-art security standards to ensure maximum protection of your personal information. Our security measures are constantly being improved in line with technological developments.
We are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the rules on data protection are observed by both us and our external service providers.
Legislation requires that personal data be processed lawfully, in good faith and in a manner that is reasonable for the data subject ("lawfulness, fairness, transparency"). To ensure this, we inform you about the individual legal definitions that are also used in this privacy statement:
1. Personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is regarded as identifiable, who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any procedures or processes, with or without the help of automated procedures, related to personal data, such as collecting, collecting, organizing, sequencing, storing, adapting or modifying, reading, querying , the use, disclosure by transmission, dissemination or any other form of provision, matching or linking, restriction, erasure or destruction.
3. Restriction of processing
"Restriction of processing" is the marking of personal data stored with the aim of limiting its future processing.
"Profiling" means any kind of automated processing of personal data which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, to analyse or predict personal preferences, interests, reliability, behaviour, location or change of location of that natural person.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.
"Controller" means a natural or legal person, public authority, body or other entity that alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by European Union law or the law of the Member States, the controller or the specific criteria for his appointment may be provided for under European Union or national law.
"Processor" means a natural or legal person, public authority, body or other entity that processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients; the processing of such data by the said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing.
9. Third party
"Third party" means a personal or legal person, public authority, body or entity other than you (the data subject), the controller, the processor and the persons authorized to do so under the direct responsibility of the controller or contractor.
A "consent" from you (the data subject) is any expression of will voluntarily given in an informed and unequivocal manner in the form of a statement or other unambiguous confirmatory act, in which you indicate that you have consented to the processing of your personal data.
IV. Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for processing. The legal basis for the processing may be, in accordance with Article 6 (1) lit. a - f GDPR, in particular:
the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
V. General information about data processing
1. Extent of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR is the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR is the legal basis for processing.
3. Data erasure and storage duration
The personal data of you (the data subject) will be deleted or blocked if the purpose of the storage is omitted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
VI. Provision of the website, creation of log files and collection of personal data
Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you look at our website, we collect the following data, which are technically necessary for us to show you our website and to ensure the stability and security (legal basis is Art. 6 (1) sentence 1 GDPR):
– date and time of the request
– time zone difference to Greenwich Mean Time (GMT)
– content of the request (particular page)
– access status/http status code
– each transmitted amount of data
– website from which the request comes
– operation system and its surface
– language and version of the browser.
These data are not stored together with other personal data of the user.
When you contact us (for example, by e-mail), the personal information you provide (such as your e-mail address, name and, if applicable, your telephone number) will be stored by us to answer your questions. We delete the data in this connection after the storage is no longer required, or the processing is restricted, if legal storage obligations exist.
The legal basis for the processing of the data transmitted in the course of sending an e-mail or a fax is Article 6 (1) lit. f GDPR. If the e-mail or fax contact aims to conclude a contract, additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data transmitted to us is solely for processing the contact. If you contact us by e-mail, we have the necessary legitimate interest in processing the data.
The data will be erased if it is no longer necessary to achieve the purpose of its collection, unless mandatory retention periods or a legitimate interest from us require longer retention.
Our offer is strictly for adults only. Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians.
IX. Rights of the data subject
If you wish to exercise one of the rights described below, please contact us by e-mail: datenschutz(at)effertz(dot)de.
(1) Right to revoke the consent granted
If the processing of the personal data is based on a given consent, you have the right to revoke the consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
(2) Right to confirmation
You have the right to ask the controller for confirming whether we are processing personal data concerning you.
(3) Right to information
If personal data are processed, you can request information about this personal data and the following information at any time:
a. the purposes of the processing;
b. the categories of personal data concerned;
c. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f. the right to lodge a complaint with a supervisory authority;
g. where the personal data are not collected from the data subject, any available information as to their source;
h. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
We will provide a copy of the personal data undergoing processing. For any further copies you request, we may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. This right to obtain a copy shall not adversely affect the rights and freedoms of others.
(4) Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(5) Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of us override those of you.
Where the processing has been restricted in accordance with the above-mentioned conditions, such personal data will only be stored with your consent or for the purpose of establishment, exercise or defence of legal claims or protection of the rights of another natural or legal person or for reasons important public interest of the European Union or of a Member State.
(6) Right to erasure („right to be forgotten“)
(6.1) Erasure obligations
You have the right to request that your personal data be deleted immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) you withdraw consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
(c) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
(6.2) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to paragraph (6.1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data..
The right to erasure („right to be forgotten“) shall not apply to the extent that processing is necessary
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph (6.1) is likely to render impossible or seriously impair the achievement of the objectives of that processing;
(e) for the establishment, exercise or defence of legal claims.
(7) Right to be informed
If you have the right of rectification, erasure or restriction of processing to the controller, we are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to the controller to be informed about these recipients.
(8) Right to data portability
You have the right to receive the personal data you provide to us in a structured, common and machine-readable format, and you have the right to transfer that information to another controller without hindrance from the controller to which the personal data have been provided, where
the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
the processing is carried out by automated means.
In exercising the right to data portability, you have the right to obtain the personal data to be transmitted directly from one controller to another, as far as technically feasible. The exercise of the right to data portability is without prejudice to the right of cancellation (the right to be forgotten). This right does not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
(9) Right to object
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of you, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, in the context of the use of information society services you can exercise your right to opt-out by means of automated procedures that use technical specifications.
(10) Right to not exclusively automated individual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
a. is necessary for entering into, or performance of, a contract between you and us;
b. is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c. is based on your explicit consent.
We will take reasonable steps to safeguard your rights and freedoms, as well as your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express one's own position and to contest the decision.
(11) Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates legal provisions.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
X. Use of external links
Our websites contain links to third-party websites operated by providers that are not associated with us. After you click the link, we no longer have any influence over the collection, storage, or processing of any personal data transmitted by clicking the link (such as the IP address or URL of the page that contains the link), as the behaviour of third parties is, by nature, beyond our control. We are not responsible for the processing of such personal data by third parties.