We greatly appreciate your interest in our company. Data protection is very important to the company management of Schne-frost Ernst Schnetkamp GmbH & Co. KG. Use of the Internet pages of Schne-frost Ernst Schnetkamp GmbH & Co. KG is possible, in principle, without any disclosure of personal data. If a data subject would like to take advantage of special services offered by our business via our Internet site, however, processing of personal data may be necessary. If the processing of personal data is necessary and if no legal basis for such processing exists, we then seek the general consent of the data subject.
The processing of personal data, such as the name, address, e-mail address and telephone number of a data subject, is always undertaken in line with the regulation "Datenschutz-Grundverordnung" [General Data Protection Regulation] and in agreement with the national data-protection provisions applicable to Schne-frost Ernst Schnetkamp GmbH & Co. KG. By means of this data protection statement our business would like to inform the public about the type, extent and purpose of personal data collected, used and processed by us. Furthermore, by means of this data protection statement we will explain to data subjects what rights they have.
As the controller of the processing, Schne-frost Ernst Schnetkamp GmbH & Co. KG has implemented many technical and organizational measures in order to ensure the fullest level of protection for the personal data processed via this Internet site. Nevertheless, Internet-based data transfer can, in principle, have security shortcomings so that absolute protection cannot be guaranteed. For this reason each data subject is free to transfer personal data to us even in alternatives ways, such as by telephone.
The data protection statement made by Schne-frost Ernst Schnetkamp GmbH & Co. KG rests on the terms and concepts used by the European legislator for directives and regulations in issuing the regulation "Datenschutz-Grundverordnung" (DS-GVO [GDPR = General Data Protection Regulation]). Our data protection statement should be easy to read and easy to understand, both for the public and for our customers and business partners. To help ensure this we would therefore like to explain in advance the terms and concepts used.
In this data protection statement we use, amongst others, the following terms:
• a) personal data
Personal data refers to all information that relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is seen as being identifiable if he or she can be directly or indirectly identified, particularly by means of allocation to an identifying characteristic such as a name, an identity number, location data, an online identification or one or more special characteristics that give insight to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
• b) data subject
A data subject is each identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
• c) processing
The term "processing" refers to any procedure or series of procedures carried out, with or without the help of automated techniques, on personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, readout, questioning, use, disclosure by transmission, distribution or other form of provision, comparison or linking, limitation, deletion or destruction.
• d) limitation of processing
Limitation of processing is the marking of stored personal data with the aim of restricting its future processing.
• e) profiling
Profiling refers to all types of automated processing of personal data intended to use the personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.
• f) pseudonymization
Pseudonymization is the processing of personal data in a way in which, without the help of additional information, this personal data can no longer be assigned to a specific data subject, provided this additional information is kept separately and is subjected to technical and organizational measures that ensure that the personal data cannot be traced to an identified or identifiable natural person.
• g) controller / processing controller
The controller, or the processing controller, is the natural person or corporate body, public authority, organization or other body responsible for deciding, alone or together with others, the purposes and means of processing of personal data. If the purposes and means of processing are prescribed by Union law or by the law of the member states, the controller - or the specific criteria for the controller's appointment - can be provided for in keeping with Union law or the law of the member states.
• h) processor
The processor is a natural person, a corporate body, a public authority, an organization or some other body that processes personal data at the order of the controller.
• i) recipient
The recipient is a natural person or a corporate body, a public authority, an organization or some other body to whom or to which personal data is disclosed, regardless of whether or not the recipient is a third party. Public authorities that may take receipt of personal data in the context of a particular investigation order, in keeping with Union law or the law of the member states, are not regarded as recipients.
• j) third party
A third party is a natural person or a corporate body, a public authority, an organization or some other body, except for the data subject, the controller, the processor or persons under the direct responsibility of the controller or of the processor, authorized to process personal data.
• k) consent
The term "consent" applies to a voluntary indication of willingness on the part of the data subject, with respect to a specific case in point, by means of which the data subject conveys, in an informed and unmistakable way - in the form of a declaration or some other clearly affirmative act - that he or she accepts the processing of the personal data in question.
The controller, in the sense of the Datenschutz-Grundverordnung [General Data Protection Regulation], other data protection laws applicable in the member states of the European Union and other provisions of a data-protection-law nature, is:
Schne-frost Ernst Schnetkamp GmbH & Co. KG
Vinner Weg 3
49624 Löningen
Germany
Tel.: +49 5432 9481-0
E-Mail: info@schne-frost.de
Website: www.suedoldenburger-kartoffelhaus.com
The data protection officer responsible for the processing is:
Mr. Dennis Schwarz
Schne-frost Ernst Schnetkamp GmbH & Co. KG
Vinner Weg 3
49624 Löningen
Germany
Tel.: +49 5432 9481-0
E-Mail: datenschutz@schne-frost.de
Website: www.suedoldenburger-kartoffelhaus.com
Each data subject can contact our data security officer directly at any time with all questions and suggestions relating to data protection.
The Internet pages of Schne-frost Ernst Schnetkamp GmbH & Co. KG make use of cookies. Cookies are text files that are placed, via an Internet browser, on a computer system and are stored there.
Many Internet pages and server use cookies. Many cookies contain a so-called cookie ID. A "cookie ID" is an explicit identification of the cookie. It consists of a series of characters by means of which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows the visited Internet pages and servers to distinguish between the individual browser of the data subject and other Internet browsers, that contain other cookies. A specific Internet browser can be recognized again, via the explicit cookie ID, and identified.
Due to the use of cookies Schne-frost Ernst Schnetkamp GmbH & Co. KG can prepare more-user-friendly services for users of this Internet site than would be possible without the setting of cookies.
By means of cookies the information and offers available on our Internet site can be optimized from the user's standpoint. Cookies permit us, as already mentioned, to recognize the users of our Internet site. The purpose of this recognition is to make it easier for the user to use our Internet site. The user of an Internet site that makes use of cookies need not, for example, input his or her access data again with each visit to the site, because this is taken care of by the Internet site and by the cookie placed on the user's computer system. A further example is the cookie of a shopping basket in the online shop. The online shop notices the articles that a customer has placed in the virtual shopping basket, via a cookie.
The data subject can prevent the setting of cookies by our Internet site at any time by means of corresponding adjustment of the Internet browser used, and can thereby permanently reject the setting of cookies. Furthermore, already-set cookies can be deleted at any time via an Internet browser or other software program. This is possible in all standard Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it might not then be possible, under certain circumstances, to be able to use all of the functions of our Internet site in full.
The Internet site of Schne-frost Ernst Schnetkamp GmbH & Co. KG records, with each call-up of the Internet site by a data subject or by an automated system, a series of general data and information. This general data and information is stored in the server's log files. Data that may be recorded includes (1) the type of browser used and the version, (2) the operating system used by the accessing system, (3) the Internet site from which an accessing system came to our Internet site (the so-called referrer), (4) the sub-websites that are routed to our Internet site via an accessing system, (5) the date and the time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to ward away danger in the event of attacks on our information-technology systems.
In the use of this general data and information, Schne-frost Ernst Schnetkamp GmbH & Co. KG makes no inferences to the data subject. The information is instead needed, (1) to deliver the contents of our Internet site correctly, (2) to optimize the contents of our Internet site and the advertising used for this, (3) to ensure the lasting functional capacity of our information-technology systems and the techniques of our Internet site, and (4) in the event of a cyber attack, to provide the criminal prosecution authorities with the information necessary for the criminal prosecution. This anonymously collected data and information is therefore evaluated by Schne-frost Ernst Schnetkamp GmbH & Co. KG on the one hand statistically, but also with the aim of increasing the data protection and data security in our business in order to ensure, in the end, an optimal level of protection for the personal data processed by us. The anonymous data of the server log files is stored separate from all personal data given by a data subject.
The data subject has the possibility of registering on the Internet site of the processing controller, disclosure of personal data being required. Which personal data is thereby transferred to the processing controller can be seen from the respective input mask used for the registration. The personal data input by the data subject is collected and stored solely for internal use by the processing controller and for one's own purposes. The processing controller can arrange for the passing-on of the personal data to one or more processors, to a parcel service company for example, which may also use the data solely for internal purposes attributable to the processing controller.
On registering on the Internet site of the processing controller, furthermore, the data subject's IP address, given by the Internet service provider (ISP), the Date and the time of registration are stored. The storage of this data is undertaken against the background that, in this way only, misuse of our services can be prevented, and if necessary this data can also enable criminal offences to be solved. To this extent the storage of this data is necessary for securing the processing controller. On principle, a passing-on of this data to a third party does not take place, unless there is a statutory obligation to pass it on, or the passing-on serves towards criminal prosecution.
The registration of the data subject, with voluntary disclosure of personal data, helps to enable the processing controller to offer the data subject content or services that, due to the nature of the product, can only be offered to registered users. Registered persons have the option, at any time, to alter the personal data given during the registration, or to have it fully deleted from the data stock of the processing controller.
The processing controller gives each data subject, at any time upon request, information on which personal data is stored on the data subject. Furthermore, the processing controller corrects or deletes personal data at the request or notification of the data subject, unless this would be contrary to some statutory record-keeping obligation. All of the employees of the processing controller are available to the data subject, in this connection, as contact persons.
On the Internet site of Schne-frost Ernst Schnetkamp GmbH & Co. KG users have the possibility of subscribing to our company's newsletter. Which personal data is transferred to the processing controller, in connection with the ordering of the newsletter, can be seen from the input mask used for this purpose.
Schne-frost Ernst Schnetkamp GmbH & Co. KG informs its customers and business partners at regular intervals, via a newsletter, about offers made by the business. Our company's newsletter can in principle only be received by the data subject if (1) the data subject has a valid e-mail address, and (2) if the data subject has registered for the newsletter distribution. On legal grounds, the first time a data subject registers for the newsletter distribution, the registered e-mail address is sent a confirmation mail as part of the double-opt-in procedure. This confirmation mail serves to check whether the owner of the e-mail address, as the data subject, has authorized the receipt of the newsletter.
During registration for the newsletter we furthermore store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and the time of registration. The collection of this data is necessary in order to be able to detect (possible) misuse of the e-mail address of a data subject at some later point in time and therefore serves to provide legal protection for the processing controller.
The personal data collected in the context of registration for the newsletter is used solely for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this were to be necessary for the operation of the newsletter service or for registration for this, as in the event of changes in the newsletter offer, or in cases of alteration of the technical circumstances. No passing-on to a third party of the personal data collected in the context of the newsletter service takes place. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data given to us by the data subject for distribution of the newsletter can be revoked at any time. For purposes of revocation of consent, a corresponding link can be found in each newsletter. There is also the possibility of contacting, at any time, the processing controller of newsletter distribution - even directly on the Internet site - for cancellation, or of notifying the processing controller of this in some other way.
Due to statutory regulations, the Internet site of Schne-frost Ernst Schnetkamp GmbH & Co. KG contains details that permit fast electronic contact to our company, and enable direct communication with us, which also requires a general address for the so-called electronic post (e-mail address). If a data subject contacts the processing controller, by e-mail or via a contact form, the personal data of the data subject transferred by means of SSL encryption is automatically stored. Such personal data of a data subject transferred on a voluntary basis to the processing controller is stored for purposes of processing or for contacting the data subject. No passing-on of this personal data to a third party takes place. To protect your personal data against external access we have safeguarded our website with SSL and TLS certificates. "SSL" stands for "secure socket layer" and "TLS" stands for "transport layer security". They encrypt the data communication between a website and the user's terminal device. You can recognize the active secure socket layer or TLS encryption by a small lock-logo shown on the far left of the browser's address line.
The processing controller processes and stores the data subject's personal data only for the period necessary for achievement of the purpose of the storage, or if this is provided for by the European legislators of directives and regulations or in the laws or provisions of another legislator to the jurisdiction of which the processing controller is subject.
If the purpose of the storage ceases to apply or if a storage period prescribed by a European legislator of directives and regulations, or by another relevant legislator, expires, the personal data is routinely, and in accordance with the statutory provisions, blocked or deleted.
• a) Right to Confirmation
Each data subject has been accorded the right, by the European legislator of directives and regulations, to demand confirmation from the processing controller as to whether the data subject's personal data is processed. If a data subject wishes to exercise this right to confirmation, he or she can contact an employee of the processing controller in this connection at any time.
• b) Right to Information
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to free information from the processing controller at any time on the personal data relating to his or her person that is stored, as well as the right to a copy of this information. Furthermore, the European legislator of directives and regulations has accorded the data subject a right to information on the following:
Furthermore, the data subject has a right of information on whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be given information on the appropriate guarantees made in connection with the transfer.
If a data subject wishes to exercise this right to information, he or she can contact an employee of the processing controller in this connection at any time.
• c) Right to Correction
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to demand immediate correction of incorrect personal data relating to them. Furthermore, the data subject has the right, allowing for the purposes of the processing, to demand the completion of incomplete personal data — also by means of an additional explanation.
If a data subject wishes to exercise this right to correction, he or she can contact an employee of the processing controller in this connection at any time.
• d) Right to Deletion (Right to be Forgotten)
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to demand from the controller that the personal data in question be immediately deleted, if one of the following grounds applies and provided the processing is not necessary:
If one of the above-mentioned grounds applies and a data subject would like to arrange for the deletion of personal data that is stored by Schne-frost Ernst Schnetkamp GmbH & Co. KG, he or she can contact an employee of the processing controller in this connection at any time. The employee of Schne-frost Ernst Schnetkamp GmbH & Co. KG will arrange that the demand for deletion is complied with immediately.
If the personal data is made public by Schne-frost Ernst Schnetkamp GmbH & Co. KG and if our business, as a controller in accordance with article 17, paragraph 1 of DS-GVO [GDPR], is obliged to delete the personal data, Schne-frost Ernst Schnetkamp GmbH & Co. KG must also take appropriate measures, including technical measures, allowing for the available technology and the costs of implementation, to inform others processing the personal data published and controlling the data processing, that the data subject has demanded of these others controlling the data processing that all links to this personal data or to copies or replications of this personal data be deleted, if the processing is not necessary. The employees of Schne-frost Ernst Schnetkamp GmbH & Co. KG will arrange for the necessary steps to be taken in the individual cases.
• e) Right to Limitation of the Processing
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to demand that the controllers limit the processing, if one of the following preconditions exists:
If one of the above-mentioned preconditions applies and a data subject would like to demand limitation of the personal data stored by Schne-frost Ernst Schnetkamp GmbH & Co. KG, he or she can contact an employee of the processing controller in this connection at any time. The employees of Schne-frost Ernst Schnetkamp GmbH & Co. KG will arrange for limitation of the processing.
• f) Right to Data Portability
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to be sent the personal data in question, which was previously disclosed to a controller by the data subject, in a structured, commonly used and machine-readable format. He or she also has the right to transfer this data to another controller without hindrance from the controller to whom the personal data was already disclosed, provided the processing is based on consent, in accordance with article 6, paragraph 1, letter a of DS-GVO [GDPR] or article 9, paragraph 2, letter a of DS-GVO [GDPR] or on a contract in accordance with article 6, paragraph 1, letter b of DS-GVO [GDPR] and the processing can be undertaken with the help of automated procedures, provided the processing is not necessary for the discharging of a task that is in the public interest, or in the exercising of official authority vested in the controller.
Furthermore, in the exercising of his or her right to data portability, in accordance with article 20, paragraph 1 of DS-GVO [GDPR], the data subject has the right to have the personal data transferred directly from one controller to another, to the extent that this is technically feasible and provided no rights or freedoms of other persons are impeded by this.
For assertion of the right on data portability the data subject can contact an employee of Schne-frost Ernst Schnetkamp GmbH & Co. KG at any time.
• g) Right of Objection
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, for reasons associated with their particular situation, to object at any time to the processing of personal data relating to them, based on article 6, paragraph 1, letters e or f of DS-GVO [GDPR]. This also applies to profiling based on these provisions.
In cases of objection, Schne-frost Ernst Schnetkamp GmbH & Co. KG no longer processes the personal data, unless we can provide compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercising or defence of legal claims.
If Schne-frost Ernst Schnetkamp GmbH & Co. KG processes personal data in order to undertake direct marketing, the data subject has the right to object at any time to the processing of the personal data for purposes of such advertising. This also applies to profiling, when it is associated with of such direct marketing. If the data subject objects, vis-à-vis Schne-frost Ernst Schnetkamp GmbH & Co. KG, to the processing for purposes of direct marketing, Schne-frost Ernst Schnetkamp GmbH & Co. KG will no longer process the personal data for these purposes.
Furthermore, the data subject has the right, for reasons arising from his or her particular situation, to object to the processing of personal data relating to them, undertaken by Schne-frost Ernst Schnetkamp GmbH & Co. KG for scientific or historical research purposes, or for statistical purposes, in accordance with article 89, paragraph 1 of DS-GVO [GDPR], unless such processing is necessary for fulfilment of a task carried out in the public interest.
To exercise the right of objection the data subject can directly contact any employee of Schne-frost Ernst Schnetkamp GmbH & Co. KG, or can contact another employee. The data subject also has the possibility, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EC – to exercise his or her right of objection by means of automated procedures for which technical specifications are utilized.
• h) Automatic Decisions in Individual Cases, Including Profiling
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, not to be subjected to decisions based on solely automatic processing — including profiling — that can give rise, with respect to him or her, to legal consequences or similar, significant detrimental affects, provided the decision (1) is not necessary for the conclusion or the fulfilment of a contract between the data subject and the controller, or (2) is permissible on the basis of statutory regulations of the Union or of the member states to which the controller is subject, and these statutory regulations contain appropriate measures for safeguarding the rights and freedoms of the data subject and his/her legitimate interests, or (3) is undertaken with the explicit consent of the data subject.
If the decision (1) is necessary for the conclusion or the fulfilment of a contract between the data subject and the controller, or (2) if it is taken with the explicit consent of the data subject, Schne-frost Ernst Schnetkamp GmbH & Co. KG will take appropriate measures to safeguard the rights and freedoms of the data subject and his/her legitimate interests, whereby this includes at least the right to involvement of a person on behalf of the controller, to present one's own standpoint, and to contest the decision.
If the data subject wishes to enforce rights relating to automatic decisions, he or she can contact an employee of the processing controller, in this connection, at any time.
• i) Right to Revocation of Data-Protection-Law Consent
Each data subject whose personal data is processed has been accorded the right, by the European legislator of directives and regulations, to revoke, at any time, consent previously given for the processing of personal data.
If the data subject wishes to enforce his or her right to revoke consent, he or she can contact an employee of the processing controller, in this connection, at any time.
The processing controller collects and processes the personal data of applicants for purposes of transacting the application procedure. The processing can also take place electronically. This is particularly the case if an applicant sends corresponding application documents by electronic means, e.g. by e-mail or via a web form on the Internet site of the processing controller. If the processing controller concludes an employment contract with an applicant, the data sent for purposes of transacting the employment relationship is stored, in accordance with the statutory regulations. If no employment contract is concluded with the applicant by the processing controller, the application documents are automatically deleted two months after announcement of the negative decision, provided deletion does not conflict with other legitimate interests of the processing controller. An example of such legitimate interest, in this sense, is an onus of proof in a procedure in keeping with AGG [General Act on Equal Treatment].
The processing controller has integrated the component Google Analytics (with anonymization function) on this Internet site. Google Analytics is a web analysis service. Web analysis is the collection, storage and evaluation of data on the behaviour of visitors to Internet pages. A web analysis service records, amongst other things, data such as information as to which Internet site a data subject came to the current Internet site from (so-called referrers), which sub-pages of the Internet site were accessed, how often, and for which period of time a sub-page was looked at. Web analysis is mostly deployed for optimization of an Internet site and for cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analysis via Google Analytics the processing controller uses the addition "_gat._anonymizeIp". By means of this add-on the IP address of the internet connection of the data subject is shortened and anonymized by Google, if the access to our Internet pages comes from a member state of the European Union or from another contracting state of the agreement on the European Economic Area.
The purpose of the Google Analytics component is the analysis of the flow of visitors to our Internet site. Google uses the data and information obtained, amongst other things, to evaluate the use made of our Internet site, to prepare online reports for us which record and summarize the activities of our Internet pages, and to provide further services associated with the use of our Internet site.
Google Analytics sets a cookie on the information-technology system of the data subject. What cookies are has already been explained above. With the setting of the cookies, Google is able to conduct an analysis of the use made of our Internet site. With each call-up of the individual pages of this Internet site, which is operated by the processing controller and on which a Google Analytics component has been integrated, the Internet browser on the information-technology system of the data subject is automatically prompted by the respective Google Analytics component to transfer data to Google for the purpose of online analysis. In the context of this technical procedure Google receives knowledge of personal data, such as the IP address of the data subject, which serves Google, amongst other things, to identify the origins of the visitor and the clicks made and, as a consequence, to calculate commission.
By means of the cookies personal information, such as access time, the place from where an access came and the frequency of the visits to our Internet site by the data subject, is stored. On each visit to our Internet pages this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. In certain circumstances, Google passes on this personal data collected via the technical procedures to third parties.
As already outlined above, the data subject can prevent the setting of cookies by our Internet site at any time by means of corresponding adjustment of the Internet browser used, and can thereby permanently reject the setting of cookies. Any such setting of the used Internet browser would also prevent Google from setting a cookie on the information-technology system of the data subject. Furthermore, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
The data subject also has the possibility of objecting to and preventing the recording of the data relating to the use of this Internet site created by Google Analytics, and the processing of this data by Google. To this end the data subject must download and install a browser add-on to be found under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics, via JavaScript, that no data and information relating to visits to the Internet pages may be sent to Google Analytics. The installation of the browser add-on is evaluated by Google as an objection. If the information-technology system of the data subject is deleted, formatted or newly installed at some later date, the data subject must again install the browser add-on, in order to deactivate Google Analytics. If the browser add-on is de-installed or deactivated by the data subject or by another person with authority to do so, the possibility of newly installing or reactivating the browser add-on exists.
Further information and Google's applicable data-protection provisions can be called up under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained more precisely under this link: https://www.google.com/intl/de_de/analytics/.
Article 6 I, letter a of DS-GVO [GDPR] serves our business as the legal basis for processing procedures for which we seek consent for particular processing purposes. If the processing of personal data is necessary for fulfilment of a contract to which the data subject is a contracting party, as in the case of processing procedures required for the delivery of goods, or for the provision of some other performance or counter-performance, the processing is then based on article 6 I, letter b of DS-GVO [GDPR]. The same applies to processing procedures that are necessary for implementation of pre-contractual measures, as in cases of matters about our products or performance. If our business is subject to a legal obligation or which the processing of personal data is necessary, as in the case of taxation obligations, the processing is then based on article 6 I, letter c of DS-GVO [GDPR]. In rare cases the processing of personal data could be necessary to protect vital interests of the data subject, or of another natural person. This would be the case, for example, if a visitor to our works was injured and his or her name, age, health-insurance data or other vital information had to be passed on to a doctor, a hospital or some other third party. In this case the processing would be based on article 6 I, letter d of DS-GVO [GDPR]. In the end, processing procedures might be based on article 6 I, letter f of DS-GVO [GDPR]. This serves as a legal basis for processing procedures that are not covered by any of the above-mentioned bases, if the processing is necessary for safeguarding a legitimate interest of our business or of a third party, provided the interests, basic rights and basic freedoms of the data subject do not override this. Such processing procedures are permitted for us in particular because they were specially mentioned by the European legislator. To this extent the latter took the view that a legitimate interest can be assumed if the data subject is a customer of the controller (consideration treatise 47, sentence 2 of DS-GVO [GDPR]).
If the processing of personal data is based on article 6 I, letter f of DS-GVO [GDPR] our legitimate interest is the implementation of our business activities to the benefit of the well-being of all of our employees and shareholders.
The criterion for the period of storage of personal data is the respective statutory retention period. After expiry of the period the corresponding data is routinely deleted, provided it is no longer necessary for fulfilment of contract or preparation of contract.
We draw your attention to the fact that the provision of personal data is, in part, legally prescribed (e.g. tax regulations), or can be required by contractual regulations (e.g. disclosures to the contract partner). It can sometimes be necessary, for conclusion of contract, that a data subject provide us with personal data, that must then be processed by us. The data subject is, for example, obliged to provide us with personal data if our business is to conclude a contract with him or her.
Non-provision of the personal data can have the consequence that the contract with the data subject cannot be concluded. Before the provision of personal data by a data subject the data subject must contact one of our employees. Our employee explains to the data subject, in the context of the specific case in point, whether the provision of the personal data is prescribed by law or by contract, or whether it is necessary for conclusion of contract, whether an obligation to provide the personal data exists, and what consequences the non-provision of the personal data would have.
As a responsible business we renounce the option of an automatic decision-making process and of profiling.
This data protection statement was prepared by the data-protection-statement generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which operates as the external data protection officer (Externer Datenschutzbeauftragter Nürnberg), in cooperation with the lawyer for IT and data-security law (Anwalt für IT- und Datenschutzrecht) Christian Solmecke.
As on: 09.05.2018