1. Definition of terms
a. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the “affected person”). A natural person is considered to be identifiable when the physical, physiological, genetic, mental, economic, cultural or social identity of this person can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features.
b. Affected person
The affected person (or “data subject”) is any identified or identifiable natural person whose personal data is processed by the controller.
Processing refers to any process or series of operations related to personal data (such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures, disclosure by submission, dissemination or other form of provisioning, comparing or linking, restriction, erasure or destruction).
d. Restriction of processing
Restriction of processing refers to the marking of stored personal data with the intent to limit its processing.
Profiling refers to any kind of automated processing of personal data which evaluates that personal information to analyse or predict personal aspects relating to a natural person, in particular relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocations of that natural person.
Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific affected person without additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
g. Controller (responsible for the processing)
The controller is the natural or legal person, public authority or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by the laws of the Member States, the controller or the specific criteria for his designation may already be specified under Union or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, agency or other entity to whom personal data is disclosed (regardless of whether it is a third party). However, authorities which may receive personal data under Union or national laws in connection with a particular mission are not considered as recipients.
j. Third party
A third party is a natural or legal person, public authority or body other than the data subject, the controller, the processor or the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent is any permission voluntarily issued and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the affected person for the particular case, by which the affected person indicates that they consent to the processing of the personal data concerning them.
2. Name and contact details of the controller and the company’s data protection officer
Controller: Gefertec GmbH, Schwarze-Pumpe-Weg 16,12681 Berlin
E-mail: firstname.lastname@example.org Phone: +49 (0) 30 – 912 074 360
The operational data protection officer of Gefertec GmbH can be reached at the above address (Attn: Ms. Sandra Grittke) or at email@example.com.
3. Collection and storage of personal data, and the nature and purpose of the data usage
a) When visiting the website
When you visit our website www.gefertec.de, your web browser automatically sends information to the server hosting our website. This information is temporarily stored in a log file. The following information will be collected without your intervention and stored until it is automatically deleted:
– IP address of the calling computer,
– The date and time of access,
– Name and URL of the retrieved file,
– Website from which the access is made (referrer URL),
– Browser used and, if applicable, the operating system of your computer and the name of your access provider.
These data are processed by us for the following purposes:
– To ensure a smooth connection to the website,
– To ensure convenient use of our website,
– To evaluate the system’s security and stability,
– For further administrative purposes.
The legal basis for this data processing is article 6 para. 1 s. 1 of the GDPR. Our legitimate interest stems from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you.
b) When registering for our newsletter
If, pursuant to article 6 para. 1 s. 1 of the GDPR, you have expressly consented, we may use your e-mail address to regularly send you our newsletter. It is sufficient to specify an e-mail address to receive the newsletter.
Unsubscribing is possible at any time (e.g. by using the link at the end of each newsletter).
c) When using our contact form
If you have questions, you may contact us using the form provided on our website. You must provide a valid e-mail address so that we know who the request came from and can answer. Further information may be provided voluntarily.
The data processing for the purpose of this contact is carried out in accordance with article 6 para. 1 s. 1 of the GDPR, based on your voluntarily consent.
The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.
d) Applying for a customer login
When applying for a customer login, we collect your e-mail address, the company that you work for and your name. We use this data to assign you a customer login which we then e-mail to you. We will use your telephone number only for subsequent queries. The legal basis for this data processing is article 6 para. (b) of the General Data Protection Regulation.
4. Transfer of data
There is no transfer of your personal data to third parties for purposes other than those listed below.
We shall only share your personal information with third parties if:
– According to article 6 para. 1 s. 1 of the GDPR, you have given your express consent,
– The transfer, pursuant to article 6 para. 1 s. 1 of the GDPR, is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
– In the event that transfer of the data, pursuant to article 6 para. 1 s. 1 of the GDPR, is a legal obligation,
– This is legally permissible and, according to article 6 para. 1 s. 1 of the GDPR, is required for the settlement of contractual relationships with you.
Information is stored in the cookie which is used for each subsequent connection with the specific device. However, this does not mean that we are immediately aware of your identity.
These cookies are used to make our website more pleasant for you to use. For example, we use session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our website.
To improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, the system will automatically recognize that you have already been with us; inputs and settings you have made do not need to be re-entered.
The data processed by cookies are required for the purposes mentioned (in order to safeguard our legitimate interests as well as third parties) according to article 6 para. 1 s. 1 of the GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notice appears before a new cookie is created. If you disable cookies completely, you may not be able to use all features of our website.
6. Analysis tools
The tracking measures that we use (listed below) are justified pursuant to article 6 para. 1 s. 1 of the GDPR. With the tracking measures in use, we want to ensure a needs-based website design and the continuous optimization of our website. We also use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our services for you. These interests are justified within the meaning of the aforementioned provision.
The associated data processing purposes and data categories can be found in the corresponding tracking tools.
For the purposes of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereafter referred to as “Google”). Anonymous usage profiles are created and cookies are used (refer to section 4) for this purpose. Information generated by the cookie about your use of this website (such as
– browser type and version,
– operating system being used,
– referrer URL (the previously visited page),
– host name of the accessing computer (IP address),
– and time of server request)
is transmitted to a Google server in the US and stored there. This information is used to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties are required to process this data. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that user-specific assignment is not possible (using IP masking).
You can prevent the installation of cookies by setting your browser software accordingly; however, in this case, not all features of this website may be functional.
You can prevent the collection of data generated by the cookies related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to this browser add-on (especially for browsers on mobile devices), you can prevent collection by Google Analytics by clicking on this link. An opt-out cookie will be set that will prevent any future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website; it is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
Google Adwords Conversion Tracking
To statistically record the use of our website and to evaluate it for the purpose of optimizing our website, we also use Google conversion tracking. For this, Google Adwords sets a cookie (as described in section 4) on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Thus, cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn about the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.
7. Affected rights
You have the following rights:
– Pursuant to article 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you can receive information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a right to complain, the source of your data (if not collected from us), and the existence of any automated decision-making (including profiling) and, where appropriate, meaningful information about further details.
– Pursuant to article 16 of the GDPR, you have the right to demand the immediate correction of incorrect data or the completion of personal data stored by us.
– Pursuant to article 17 of the GDPR, you have the right to demand the deletion of your personal data stored by us, except where it is required for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
– Pursuant to article 18 of the GDPR, you have the right to demand the restriction of the processing of your personal data, when the accuracy of the data is disputed by you, the processing is unlawful, and whereby you reject their deletion and we no longer need the data; you must assert this exercise or defence of legal claims or you have objected to processing in accordance with article 21 of the GDPR.
– Pursuant to article 20 of the GDPR, you have the right to obtain the personal data that you provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person.
– Pursuant to article 7 para. 3 of the GDPR, you have the right to revoke any consent that you once granted to us at any time. As a result, we may not continue the data processing based on this consent.
– Pursuant to article 77 of the GDPR, you have the right to complain to a supervisory authority. You may normally contact the supervisory authority of your usual place of residence or work, or of our law office.
8. Right of objection
If your personal data are being processed based on legitimate interests in accordance with article 6 para. 1 s. 1 of the GDPR, you have the right to file an objection against the processing of your personal data in accordance with article 21 of the GDPR, provided that there are reasons for this arising from your particular situation or that your objection is directed against direct mail. In the latter case, you have a general right of objection, which shall be acted upon by us without specifying any particular situation.
If you would like to exercise your right of revocation or objection, please send us an e-mail at firstname.lastname@example.org
9. Data security
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, third parties cannot read the data you transfer to us.
We take the appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously being improved to keep pace with technological developments.