Privacy policy

We are very de­lighted that you have shown in­ter­est in our en­ter­prise. Data pro­tec­tion is of a par­tic­u­larly high pri­or­ity for the man­age­ment of the Zanders Pa­per GmbH. The use of the In­ter­net pages of the Zanders Pa­per GmbH is pos­si­ble with­out any in­di­ca­tion of per­sonal data; how­ever, if a data sub­ject wants to use spe­cial en­ter­prise ser­vices via our web­site, pro­cess­ing of per­sonal data could be­come nec­es­sary. If the pro­cess­ing of per­sonal data is nec­es­sary and there is no statu­tory ba­sis for such pro­cess­ing, we gen­er­ally ob­tain con­sent from the data sub­ject.

The pro­cess­ing of per­sonal data, such as the name, ad­dress, e-mail ad­dress, or tele­phone num­ber of a data sub­ject shall al­ways be in line with the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), and in ac­cor­dance with the coun­try-spe­cific data pro­tec­tion reg­u­la­tions ap­plic­a­ble to the Zanders Pa­per GmbH. By means of this data pro­tec­tion de­c­la­ra­tion, our en­ter­prise would like to in­form the gen­eral pub­lic of the na­ture, scope, and pur­pose of the per­sonal data we col­lect, use and process. Fur­ther­more, data sub­jects are in­formed, by means of this data pro­tec­tion de­c­la­ra­tion, of the rights to which they are en­ti­tled.

As the con­troller, the Zanders Pa­per GmbH has im­ple­mented nu­mer­ous tech­ni­cal and or­ga­ni­za­tional mea­sures to en­sure the most com­plete pro­tec­tion of per­sonal data processed through this web­site. How­ever, In­ter­net-based data trans­mis­sions may in prin­ci­ple have se­cu­rity gaps, so ab­solute pro­tec­tion may not be guar­an­teed. For this rea­son, every data sub­ject is free to trans­fer per­sonal data to us via al­ter­na­tive means, e.g. by tele­phone.

 

1. Definitions

The data pro­tec­tion de­c­la­ra­tion of the Zanders Pa­per GmbH is based on the terms used by the Eu­ro­pean leg­is­la­tor for the adop­tion of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR). Our data pro­tec­tion de­c­la­ra­tion should be leg­i­ble and un­der­stand­able for the gen­eral pub­lic, as well as our cus­tomers and busi­ness part­ners. To en­sure this, we would like to first ex­plain the ter­mi­nol­ogy used.

In this data protection declaration, we use, inter alia, the following terms:

a) Per­sonal data
Per­sonal data means any in­for­ma­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able nat­ural per­son (“data sub­ject”). An iden­ti­fi­able nat­ural per­son is one who can be iden­ti­fied, di­rectly or in­di­rectly, in par­tic­u­lar by ref­er­ence to an iden­ti­fier such as a name, an iden­ti­fi­ca­tion num­ber, lo­ca­tion data, an on­line iden­ti­fier or to one or more fac­tors spe­cific to the phys­i­cal, phys­i­o­log­i­cal, ge­netic, men­tal, eco­nomic, cul­tural or so­cial iden­tity of that nat­ural per­son.

b) Data sub­ject
Data sub­ject is any iden­ti­fied or iden­ti­fi­able nat­ural per­son, whose per­sonal data is processed by the con­troller re­spon­si­ble for the pro­cess­ing.

c) Pro­cess­ing
Pro­cess­ing is any op­er­a­tion or set of op­er­a­tions which is per­formed on per­sonal data or on sets of per­sonal data, whether or not by au­to­mated means, such as col­lec­tion, record­ing, or­gan­i­sa­tion, struc­tur­ing, stor­age, adap­ta­tion or al­ter­ation, re­trieval, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­sem­i­na­tion or oth­er­wise mak­ing avail­able, align­ment or com­bi­na­tion, re­stric­tion, era­sure or de­struc­tion.

d) Re­stric­tion of pro­cess­ing
Re­stric­tion of pro­cess­ing is the mark­ing of stored per­sonal data with the aim of lim­it­ing their pro­cess­ing in the fu­ture.

e) Pro­fil­ing
Pro­fil­ing means any form of au­to­mated pro­cess­ing of per­sonal data con­sist­ing of the use of per­sonal data to eval­u­ate cer­tain per­sonal as­pects re­lat­ing to a nat­ural per­son, in par­tic­u­lar to analyse or pre­dict as­pects con­cern­ing that nat­ural per­son’s per­for­mance at work, eco­nomic sit­u­a­tion, health, per­sonal pref­er­ences, in­ter­ests, re­li­a­bil­ity, be­hav­iour, lo­ca­tion or move­ments.

f) Pseu­do­nymi­sa­tion
Pseu­do­nymi­sa­tion is the pro­cess­ing of per­sonal data in such a man­ner that the per­sonal data can no longer be at­trib­uted to a spe­cific data sub­ject with­out the use of ad­di­tional in­for­ma­tion, pro­vided that such ad­di­tional in­for­ma­tion is kept sep­a­rately and is sub­ject to tech­ni­cal and or­gan­i­sa­tional mea­sures to en­sure that the per­sonal data are not at­trib­uted to an iden­ti­fied or iden­ti­fi­able nat­ural per­son.

g) Con­troller or con­troller re­spon­si­ble for the pro­cess­ing
Con­troller or con­troller re­spon­si­ble for the pro­cess­ing is the nat­ural or le­gal per­son, pub­lic au­thor­ity, agency or other body which, alone or jointly with oth­ers, de­ter­mines the pur­poses and means of the pro­cess­ing of per­sonal data; where the pur­poses and means of such pro­cess­ing are de­ter­mined by Union or Mem­ber State law, the con­troller or the spe­cific cri­te­ria for its nom­i­na­tion may be pro­vided for by Union or Mem­ber State law.

h) Proces­sor
Proces­sor is a nat­ural or le­gal per­son, pub­lic au­thor­ity, agency or other body which processes per­sonal data on be­half of the con­troller.

i) Re­cip­i­ent
Re­cip­i­ent is a nat­ural or le­gal per­son, pub­lic au­thor­ity, agency or an­other body, to which the per­sonal data are dis­closed, whether a third party or not. How­ever, pub­lic au­thor­i­ties which may re­ceive per­sonal data in the frame­work of a par­tic­u­lar in­quiry in ac­cor­dance with Union or Mem­ber State law shall not be re­garded as re­cip­i­ents; the pro­cess­ing of those data by those pub­lic au­thor­i­ties shall be in com­pli­ance with the ap­plic­a­ble data pro­tec­tion rules ac­cord­ing to the pur­poses of the pro­cess­ing.

j) Third party
Third party is a nat­ural or le­gal per­son, pub­lic au­thor­ity, agency or body other than the data sub­ject, con­troller, proces­sor and per­sons who, un­der the di­rect au­thor­ity of the con­troller or proces­sor, are au­tho­rised to process per­sonal data.

k) Con­sent
Con­sent of the data sub­ject is any freely given, spe­cific, in­formed and un­am­bigu­ous in­di­ca­tion of the data sub­jec­t’s wishes by which he or she, by a state­ment or by a clear af­fir­ma­tive ac­tion, sig­ni­fies agree­ment to the pro­cess­ing of per­sonal data re­lat­ing to him or her.

 

2. Name and Address of the controller

Con­troller for the pur­poses of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), other data pro­tec­tion laws ap­plic­a­ble in Mem­ber states of the Eu­ro­pean Union and other pro­vi­sions re­lated to data pro­tec­tion is:

Zanders Pa­per GmbH
An der Gohrsmühle
51465 Ber­gisch Glad­bach
Ger­many

Phone: +49 2202 15-0
Email:
Web­site: www.zanders.com

 

3. Name and Address of the Data Protection Officer

The Data Pro­tec­tion Of­fi­cer of the con­troller is:

Alexan­der von Hel­dre­ich
Zanders Pa­per GmbH
An der Gohrsmühle
51465 Ber­gisch Glad­bach
Ger­many

Phone: +49 2202 15-4900
Email: Web­site: zanders.com

Any data sub­ject may, at any time, con­tact our Data Pro­tec­tion Of­fi­cer di­rectly with all ques­tions and sug­ges­tions con­cern­ing data pro­tec­tion.

 

4. Cookies

The In­ter­net pages of the Zanders Pa­per GmbH use cook­ies. Cook­ies are text files that are stored in a com­puter sys­tem via an In­ter­net browser. Many In­ter­net sites and servers use cook­ies. Many cook­ies con­tain a so-called cookie ID. A cookie ID is a unique iden­ti­fier of the cookie. It con­sists of a char­ac­ter string through which In­ter­net pages and servers can be as­signed to the spe­cific In­ter­net browser in which the cookie was stored. This al­lows vis­ited In­ter­net sites and servers to dif­fer­en­ti­ate the in­di­vid­ual browser of the dats sub­ject from other In­ter­net browsers that con­tain other cook­ies. A spe­cific In­ter­net browser can be rec­og­nized and iden­ti­fied us­ing the unique cookie ID.

Through the use of cook­ies, the Zanders Pa­per GmbH can pro­vide the users of this web­site with more user-friendly ser­vices that would not be pos­si­ble with­out the cookie set­ting. By means of a cookie, the in­for­ma­tion and of­fers on our web­site can be op­ti­mized with the user in mind. Cook­ies al­low us, as pre­vi­ously men­tioned, to rec­og­nize our web­site users. The pur­pose of this recog­ni­tion is to make it eas­ier for users to uti­lize our web­site. The web­site user that uses cook­ies, e.g. does not have to en­ter ac­cess data each time the web­site is ac­cessed, be­cause this is taken over by the web­site, and the cookie is thus stored on the user’s com­puter sys­tem. An­other ex­am­ple is the cookie of a shop­ping cart in an on­line shop. The on­line store re­mem­bers the ar­ti­cles that a cus­tomer has placed in the vir­tual shop­ping cart via a cookie.

The data sub­ject may, at any time, pre­vent the set­ting of cook­ies through our web­site by means of a cor­re­spond­ing set­ting of the In­ter­net browser used, and may thus per­ma­nently deny the set­ting of cook­ies. Fur­ther­more, al­ready set cook­ies may be deleted at any time via an In­ter­net browser or other soft­ware pro­grams. This is pos­si­ble in all pop­u­lar In­ter­net browsers. If the data sub­ject de­ac­ti­vates the set­ting of cook­ies in the In­ter­net browser used, not all func­tions of our web­site may be en­tirely us­able.

 

5. Collection of general data and information

The web­site of the Zanders Pa­per GmbH col­lects a se­ries of gen­eral data and in­for­ma­tion when a data sub­ject or au­to­mated sys­tem calls up the web­site. This gen­eral data and in­for­ma­tion are stored in the server log files. Col­lected may be (1) the browser types and ver­sions used, (2) the op­er­at­ing sys­tem used by the ac­cess­ing sys­tem, (3) the web­site from which an ac­cess­ing sys­tem reaches our web­site (so-called re­fer­rers), (4) the sub-web­sites, (5) the date and time of ac­cess to the In­ter­net site, (6) an In­ter­net pro­to­col ad­dress (IP ad­dress), (7) the In­ter­net ser­vice provider of the ac­cess­ing sys­tem, and (8) any other sim­i­lar data and in­for­ma­tion that may be used in the event of at­tacks on our in­for­ma­tion tech­nol­ogy sys­tems.

When us­ing these gen­eral data and in­for­ma­tion, the Zanders Pa­per GmbH does not draw any con­clu­sions about the data sub­ject. Rather, this in­for­ma­tion is needed to (1) de­liver the con­tent of our web­site cor­rectly, (2) op­ti­mize the con­tent of our web­site as well as its ad­ver­tise­ment, (3) en­sure the long-term vi­a­bil­ity of our in­for­ma­tion tech­nol­ogy sys­tems and web­site tech­nol­ogy, and (4) pro­vide law en­force­ment au­thor­i­ties with the in­for­ma­tion nec­es­sary for crim­i­nal pros­e­cu­tion in case of a cy­ber-at­tack. There­fore, the Zanders Pa­per GmbH an­a­lyzes anony­mously col­lected data and in­for­ma­tion sta­tis­ti­cally, with the aim of in­creas­ing the data pro­tec­tion and data se­cu­rity of our en­ter­prise, and to en­sure an op­ti­mal level of pro­tec­tion for the per­sonal data we process. The anony­mous data of the server log files are stored sep­a­rately from all per­sonal data pro­vided by a data sub­ject.

 

6. Registration on our website

The data sub­ject has the pos­si­bil­ity to reg­is­ter on the web­site of the con­troller with the in­di­ca­tion of per­sonal data. Which per­sonal data are trans­mit­ted to the con­troller is de­ter­mined by the re­spec­tive in­put mask used for the reg­is­tra­tion. The per­sonal data en­tered by the data sub­ject are col­lected and stored ex­clu­sively for in­ter­nal use by the con­troller, and for his own pur­poses. The con­troller may re­quest trans­fer to one or more proces­sors (e.g. a par­cel ser­vice) that also uses per­sonal data for an in­ter­nal pur­pose which is at­trib­ut­able to the con­troller.

By reg­is­ter­ing on the web­site of the con­troller, the IP ad­dress—as­signed by the In­ter­net ser­vice provider (ISP) and used by the data sub­ject—date, and time of the reg­is­tra­tion are also stored. The stor­age of this data takes place against the back­ground that this is the only way to pre­vent the mis­use of our ser­vices, and, if nec­es­sary, to make it pos­si­ble to in­ves­ti­gate com­mit­ted of­fenses. In­so­far, the stor­age of this data is nec­es­sary to se­cure the con­troller. This data is not passed on to third par­ties un­less there is a statu­tory oblig­a­tion to pass on the data, or if the trans­fer serves the aim of crim­i­nal pros­e­cu­tion.

The reg­is­tra­tion of the data sub­ject, with the vol­un­tary in­di­ca­tion of per­sonal data, is in­tended to en­able the con­troller to of­fer the data sub­ject con­tents or ser­vices that may only be of­fered to reg­is­tered users due to the na­ture of the mat­ter in ques­tion. Reg­is­tered per­sons are free to change the per­sonal data spec­i­fied dur­ing the reg­is­tra­tion at any time, or to have them com­pletely deleted from the data stock of the con­troller.

The data con­troller shall, at any time, pro­vide in­for­ma­tion upon re­quest to each data sub­ject as to what per­sonal data are stored about the data sub­ject. In ad­di­tion, the data con­troller shall cor­rect or erase per­sonal data at the re­quest or in­di­ca­tion of the data sub­ject, in­so­far as there are no statu­tory stor­age oblig­a­tions. The en­tirety of the con­troller’s em­ploy­ees are avail­able to the data sub­ject in this re­spect as con­tact per­sons.

 

7. Subscription to our newsletters

On the web­site of the Zanders Pa­per GmbH, users are given the op­por­tu­nity to sub­scribe to our en­ter­prise’s newslet­ter. The in­put mask used for this pur­pose de­ter­mines what per­sonal data are trans­mit­ted, as well as when the newslet­ter is or­dered from the con­troller.

The Zanders Pa­per GmbH in­forms its cus­tomers and busi­ness part­ners reg­u­larly by means of a newslet­ter about en­ter­prise news and of­fers. The en­ter­prise’s newslet­ter may only be re­ceived by the data sub­ject if (1) the data sub­ject has a valid e-mail ad­dress and (2) the data sub­ject reg­is­ters for the newslet­ter ship­ping. A con­fir­ma­tion e-mail will be sent to the e-mail ad­dress reg­is­tered by a data sub­ject for the first time for newslet­ter ship­ping, for le­gal rea­sons, in the dou­ble opt-in pro­ce­dure. This con­fir­ma­tion e-mail is used to prove whether the owner of the e-mail ad­dress as the data sub­ject is au­tho­rized to re­ceive the newslet­ter.

Dur­ing the reg­is­tra­tion for the newslet­ter, we also store the IP ad­dress of the com­puter sys­tem as­signed by the In­ter­net ser­vice provider (ISP) and used by the data sub­ject at the time of the reg­is­tra­tion, as well as the date and time of the reg­is­tra­tion. The col­lec­tion of this data is nec­es­sary in or­der to un­der­stand the (pos­si­ble) mis­use of the e-mail ad­dress of a data sub­ject at a later date, and it there­fore serves the aim of the le­gal pro­tec­tion of the con­troller.

The per­sonal data col­lected as part of a reg­is­tra­tion for the newslet­ter will only be used to send our newslet­ter. In ad­di­tion, sub­scribers to the newslet­ter may be in­formed by e-mail, as long as this is nec­es­sary for the op­er­a­tion of the newslet­ter ser­vice or a reg­is­tra­tion in ques­tion, as this could be the case in the event of mod­i­fi­ca­tions to the newslet­ter of­fer, or in the event of a change in tech­ni­cal cir­cum­stances. There will be no trans­fer of per­sonal data col­lected by the newslet­ter ser­vice to third par­ties. The sub­scrip­tion to our newslet­ter may be ter­mi­nated by the data sub­ject at any time. The con­sent to the stor­age of per­sonal data, which the data sub­ject has given for ship­ping the newslet­ter, may be re­voked at any time. For the pur­pose of re­vo­ca­tion of con­sent, a cor­re­spond­ing link is found in each newslet­ter. It is also pos­si­ble to un­sub­scribe from the newslet­ter at any time di­rectly on the web­site of the con­troller, or to com­mu­ni­cate this to the con­troller in a dif­fer­ent way.

 

8. Newsletter-Tracking

The newslet­ter of the Zanders Pa­per GmbH con­tains so-called track­ing pix­els. A track­ing pixel is a minia­ture graphic em­bed­ded in such e-mails, which are sent in HTML for­mat to en­able log file record­ing and analy­sis. This al­lows a sta­tis­ti­cal analy­sis of the suc­cess or fail­ure of on­line mar­ket­ing cam­paigns. Based on the em­bed­ded track­ing pixel, the Zanders Pa­per GmbH may see if and when an e-mail was opened by a data sub­ject, and which links in the e-mail were called up by data sub­jects.

Such per­sonal data col­lected in the track­ing pix­els con­tained in the newslet­ters are stored and an­a­lyzed by the con­troller in or­der to op­ti­mize the ship­ping of the newslet­ter, as well as to adapt the con­tent of fu­ture newslet­ters even bet­ter to the in­ter­ests of the data sub­ject. These per­sonal data will not be passed on to third par­ties. Data sub­jects are at any time en­ti­tled to re­voke the re­spec­tive sep­a­rate de­c­la­ra­tion of con­sent is­sued by means of the dou­ble-opt-in pro­ce­dure. Af­ter a re­vo­ca­tion, these per­sonal data will be deleted by the con­troller. The Zanders Pa­per GmbH au­to­mat­i­cally re­gards a with­drawal from the re­ceipt of the newslet­ter as a re­vo­ca­tion.

 

9. Contact possibility via the website

The web­site of the Zanders Pa­per GmbH con­tains in­for­ma­tion that en­ables a quick elec­tronic con­tact to our en­ter­prise, as well as di­rect com­mu­ni­ca­tion with us, which also in­cludes a gen­eral ad­dress of the so-called elec­tronic mail (e-mail ad­dress). If a data sub­ject con­tacts the con­troller by e-mail or via a con­tact form, the per­sonal data trans­mit­ted by the data sub­ject are au­to­mat­i­cally stored. Such per­sonal data trans­mit­ted on a vol­un­tary ba­sis by a data sub­ject to the data con­troller are stored for the pur­pose of pro­cess­ing or con­tact­ing the data sub­ject. There is no trans­fer of this per­sonal data to third par­ties.

 

10. Routine erasure and blocking of personal data

The data con­troller shall process and store the per­sonal data of the data sub­ject only for the pe­riod nec­es­sary to achieve the pur­pose of stor­age, or as far as this is granted by the Eu­ro­pean leg­is­la­tor or other leg­is­la­tors in laws or reg­u­la­tions to which the con­troller is sub­ject to.

If the stor­age pur­pose is not ap­plic­a­ble, or if a stor­age pe­riod pre­scribed by the Eu­ro­pean leg­is­la­tor or an­other com­pe­tent leg­is­la­tor ex­pires, the per­sonal data are rou­tinely blocked or erased in ac­cor­dance with le­gal re­quire­ments.

 

11. Rights of the data subject

a) Right of con­fir­ma­tion
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to ob­tain from the con­troller the con­fir­ma­tion as to whether or not per­sonal data con­cern­ing him or her are be­ing processed. If a data sub­ject wishes to avail him­self of this right of con­fir­ma­tion, he or she may, at any time, con­tact any em­ployee of the con­troller.

b) Right of ac­cess
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to ob­tain from the con­troller free in­for­ma­tion about his or her per­sonal data stored at any time and a copy of this in­for­ma­tion. Fur­ther­more, the Eu­ro­pean di­rec­tives and reg­u­la­tions grant the data sub­ject ac­cess to the fol­low­ing in­for­ma­tion:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Fur­ther­more, the data sub­ject shall have a right to ob­tain in­for­ma­tion as to whether per­sonal data are trans­ferred to a third coun­try or to an in­ter­na­tional or­gan­i­sa­tion. Where this is the case, the data sub­ject shall have the right to be in­formed of the ap­pro­pri­ate safe­guards re­lat­ing to the trans­fer.

If a data sub­ject wishes to avail him­self of this right of ac­cess, he or she may, at any time, con­tact any em­ployee of the con­troller.

c) Right to rec­ti­fi­ca­tion
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to ob­tain from the con­troller with­out un­due de­lay the rec­ti­fi­ca­tion of in­ac­cu­rate per­sonal data con­cern­ing him or her. Tak­ing into ac­count the pur­poses of the pro­cess­ing, the data sub­ject shall have the right to have in­com­plete per­sonal data com­pleted, in­clud­ing by means of pro­vid­ing a sup­ple­men­tary state­ment.

If a data sub­ject wishes to ex­er­cise this right to rec­ti­fi­ca­tion, he or she may, at any time, con­tact any em­ployee of the con­troller.

d) Right to era­sure (Right to be for­got­ten)
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to ob­tain from the con­troller the era­sure of per­sonal data con­cern­ing him or her with­out un­due de­lay, and the con­troller shall have the oblig­a­tion to erase per­sonal data with­out un­due de­lay where one of the fol­low­ing grounds ap­plies, as long as the pro­cess­ing is not nec­es­sary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the afore­men­tioned rea­sons ap­plies, and a data sub­ject wishes to re­quest the era­sure of per­sonal data stored by the Zanders Pa­per GmbH, he or she may, at any time, con­tact any em­ployee of the con­troller. An em­ployee of Zanders Pa­per GmbH shall promptly en­sure that the era­sure re­quest is com­plied with im­me­di­ately.

Where the con­troller has made per­sonal data pub­lic and is obliged pur­suant to Ar­ti­cle 17(1) to erase the per­sonal data, the con­troller, tak­ing ac­count of avail­able tech­nol­ogy and the cost of im­ple­men­ta­tion, shall take rea­son­able steps, in­clud­ing tech­ni­cal mea­sures, to in­form other con­trollers pro­cess­ing the per­sonal data that the data sub­ject has re­quested era­sure by such con­trollers of any links to, or copy or repli­ca­tion of, those per­sonal data, as far as pro­cess­ing is not re­quired. An em­ploy­ees of the Zanders Pa­per GmbH will arrange the nec­es­sary mea­sures in in­di­vid­ual cases.

e) Right of re­stric­tion of pro­cess­ing
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to ob­tain from the con­troller re­stric­tion of pro­cess­ing where one of the fol­low­ing ap­plies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the afore­men­tioned con­di­tions is met, and a data sub­ject wishes to re­quest the re­stric­tion of the pro­cess­ing of per­sonal data stored by the Zanders Pa­per GmbH, he or she may at any time con­tact any em­ployee of the con­troller. The em­ployee of the Zanders Pa­per GmbH will arrange the re­stric­tion of the pro­cess­ing.

f) Right to data porta­bil­ity
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor, to re­ceive the per­sonal data con­cern­ing him or her, which was pro­vided to a con­troller, in a struc­tured, com­monly used and ma­chine-read­able for­mat. He or she shall have the right to trans­mit those data to an­other con­troller with­out hin­drance from the con­troller to which the per­sonal data have been pro­vided, as long as the pro­cess­ing is based on con­sent pur­suant to point (a) of Ar­ti­cle 6(1) of the GDPR or point (a) of Ar­ti­cle 9(2) of the GDPR, or on a con­tract pur­suant to point (b) of Ar­ti­cle 6(1) of the GDPR, and the pro­cess­ing is car­ried out by au­to­mated means, as long as the pro­cess­ing is not nec­es­sary for the per­for­mance of a task car­ried out in the pub­lic in­ter­est or in the ex­er­cise of of­fi­cial au­thor­ity vested in the con­troller.

Fur­ther­more, in ex­er­cis­ing his or her right to data porta­bil­ity pur­suant to Ar­ti­cle 20(1) of the GDPR, the data sub­ject shall have the right to have per­sonal data trans­mit­ted di­rectly from one con­troller to an­other, where tech­ni­cally fea­si­ble and when do­ing so does not ad­versely af­fect the rights and free­doms of oth­ers.

In or­der to as­sert the right to data porta­bil­ity, the data sub­ject may at any time con­tact any em­ployee of the Zanders Pa­per GmbH.

g) Right to ob­ject
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to ob­ject, on grounds re­lat­ing to his or her par­tic­u­lar sit­u­a­tion, at any time, to pro­cess­ing of per­sonal data con­cern­ing him or her, which is based on point (e) or (f) of Ar­ti­cle 6(1) of the GDPR. This also ap­plies to profil­ing based on these pro­vi­sions.

The Zanders Pa­per GmbH shall no longer process the per­sonal data in the event of the ob­jec­tion, un­less we can demon­strate com­pelling le­git­i­mate grounds for the pro­cess­ing which over­ride the in­ter­ests, rights and free­doms of the data sub­ject, or for the es­tab­lish­ment, ex­er­cise or de­fence of le­gal claims.

If the Zanders Pa­per GmbH processes per­sonal data for di­rect mar­ket­ing pur­poses, the data sub­ject shall have the right to ob­ject at any time to pro­cess­ing of per­sonal data con­cern­ing him or her for such mar­ket­ing. This ap­plies to pro­fil­ing to the ex­tent that it is re­lated to such di­rect mar­ket­ing. If the data sub­ject ob­jects to the Zanders Pa­per GmbH to the pro­cess­ing for di­rect mar­ket­ing pur­poses, the Zanders Pa­per GmbH will no longer process the per­sonal data for these pur­poses. In ad­di­tion, the data sub­ject has the right, on grounds re­lat­ing to his or her par­tic­u­lar sit­u­a­tion, to ob­ject to pro­cess­ing of per­sonal data con­cern­ing him or her by the Zanders Pa­per GmbH for sci­en­tific or his­tor­i­cal re­search pur­poses, or for sta­tis­ti­cal pur­poses pur­suant to Ar­ti­cle 89(1) of the GDPR, un­less the pro­cess­ing is nec­es­sary for the per­for­mance of a task car­ried out for rea­sons of pub­lic in­ter­est. In or­der to ex­er­cise the right to ob­ject, the data sub­ject may con­tact any em­ployee of the Zanders Pa­per GmbH. In ad­di­tion, the data sub­ject is free in the con­text of the use of in­for­ma­tion so­ci­ety ser­vices, and notwith­stand­ing Di­rec­tive 2002/​58/​EC, to use his or her right to ob­ject by au­to­mated means us­ing tech­ni­cal spec­i­fi­ca­tions.

h) Au­to­mated in­di­vid­ual de­ci­sion-mak­ing, in­clud­ing pro­fil­ing
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor not to be sub­ject to a de­ci­sion based solely on au­to­mated pro­cess­ing, in­clud­ing pro­fil­ing, which pro­duces le­gal ef­fects con­cern­ing him or her, or sim­i­larly sig­nif­i­cantly af­fects him or her, as long as the de­ci­sion (1) is not is nec­es­sary for en­ter­ing into, or the per­for­mance of, a con­tract be­tween the data sub­ject and a data con­troller, or (2) is not au­tho­rised by Union or Mem­ber State law to which the con­troller is sub­ject and which also lays down suit­able mea­sures to safe­guard the data sub­jec­t’s rights and free­doms and le­git­i­mate in­ter­ests, or (3) is not based on the data sub­jec­t’s ex­plicit con­sent.

If the de­ci­sion (1) is nec­es­sary for en­ter­ing into, or the per­for­mance of, a con­tract be­tween the data sub­ject and a data con­troller, or (2) it is based on the data sub­jec­t’s ex­plicit con­sent, the Zanders Pa­per GmbH shall im­ple­ment suit­able mea­sures to safe­guard the data sub­jec­t’s rights and free­doms and le­git­i­mate in­ter­ests, at least the right to ob­tain hu­man in­ter­ven­tion on the part of the con­troller, to ex­press his or her point of view and con­test the de­ci­sion. If the data sub­ject wishes to ex­er­cise the rights con­cern­ing au­to­mated in­di­vid­ual de­ci­sion-mak­ing, he or she may, at any time, con­tact any em­ployee of the Zanders Pa­per GmbH.

i) Right to with­draw data pro­tec­tion con­sent
Each data sub­ject shall have the right granted by the Eu­ro­pean leg­is­la­tor to with­draw his or her con­sent to pro­cess­ing of his or her per­sonal data at any time. If the data sub­ject wishes to ex­er­cise the right to with­draw the con­sent, he or she may, at any time, con­tact any em­ployee of the Zanders Pa­per GmbH.

 

12. Data protection for applications and the application procedures

The data con­troller shall col­lect and process the per­sonal data of ap­pli­cants for the pur­pose of the pro­cess­ing of the ap­pli­ca­tion pro­ce­dure. The pro­cess­ing may also be car­ried out elec­tron­i­cally. This is the case, in par­tic­u­lar, if an ap­pli­cant sub­mits cor­re­spond­ing ap­pli­ca­tion doc­u­ments by e-mail or by means of a web form on the web­site to the con­troller. If the data con­troller con­cludes an em­ploy­ment con­tract with an ap­pli­cant, the sub­mit­ted data will be stored for the pur­pose of pro­cess­ing the em­ploy­ment re­la­tion­ship in com­pli­ance with le­gal re­quire­ments. If no em­ploy­ment con­tract is con­cluded with the ap­pli­cant by the con­troller, the ap­pli­ca­tion doc­u­ments shall be au­to­mat­i­cally erased two months af­ter no­ti­fi­ca­tion of the re­fusal de­ci­sion, pro­vided that no other le­git­i­mate in­ter­ests of the con­troller are op­posed to the era­sure. Other le­git­i­mate in­ter­est in this re­la­tion is, e.g. a bur­den of proof in a pro­ce­dure un­der the Gen­eral Equal Treat­ment Act (AGG).

 

 

13. Data protection provisions about the application and use of Facebook

On this web­site, the con­troller has in­te­grated com­po­nents of the en­ter­prise Face­book. Face­book is a so­cial net­work.

A so­cial net­work is a place for so­cial meet­ings on the In­ter­net, an on­line com­mu­nity, which usu­ally al­lows users to com­mu­ni­cate with each other and in­ter­act in a vir­tual space. A so­cial net­work may serve as a plat­form for the ex­change of opin­ions and ex­pe­ri­ences, or en­able the In­ter­net com­mu­nity to pro­vide per­sonal or busi­ness-re­lated in­for­ma­tion. Face­book al­lows so­cial net­work users to in­clude the cre­ation of pri­vate pro­files, up­load pho­tos, and net­work through friend re­quests.

The op­er­at­ing com­pany of Face­book is Face­book, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a per­son lives out­side of the United States or Canada, the con­troller is the Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Ire­land.

With each call-up to one of the in­di­vid­ual pages of this In­ter­net web­site, which is op­er­ated by the con­troller and into which a Face­book com­po­nent (Face­book plug-ins) was in­te­grated, the web browser on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject is au­to­mat­i­cally prompted to down­load dis­play of the cor­re­spond­ing Face­book com­po­nent from Face­book through the Face­book com­po­nent. An overview of all the Face­book Plug-ins may be ac­cessed un­der https://​de­vel­op­ers.face­book.com/​docs/​plu­g­ins/. ​Dur­ing the course of this tech­ni­cal pro­ce­dure, Face­book is made aware of what spe­cific sub-site of our web­site was vis­ited by the data sub­ject.

If the data sub­ject is logged in at the same time on Face­book, Face­book de­tects with every call-up to our web­site by the data sub­ject—and for the en­tire du­ra­tion of their stay on our In­ter­net site—which spe­cific sub-site of our In­ter­net page was vis­ited by the data sub­ject. This in­for­ma­tion is col­lected through the Face­book com­po­nent and as­so­ci­ated with the re­spec­tive Face­book ac­count of the data sub­ject. If the data sub­ject clicks on one of the Face­book but­tons in­te­grated into our web­site, e.g. the “Like” but­ton, or if the data sub­ject sub­mits a com­ment, then Face­book matches this in­for­ma­tion with the per­sonal Face­book user ac­count of the data sub­ject and stores the per­sonal data.

 Face­book al­ways re­ceives, through the Face­book com­po­nent, in­for­ma­tion about a visit to our web­site by the data sub­ject, when­ever the data sub­ject is logged in at the same time on Face­book dur­ing the time of the call-up to our web­site. This oc­curs re­gard­less of whether the data sub­ject clicks on the Face­book com­po­nent or not. If such a trans­mis­sion of in­for­ma­tion to Face­book is not de­sir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Face­book ac­count be­fore a call-up to our web­site is made.

The data pro­tec­tion guide­line pub­lished by Face­book, which is avail­able at https://facebook.com/about/privacy/, pro­vides in­for­ma­tion about the col­lec­tion, pro­cess­ing and use of per­sonal data by Face­book. In ad­di­tion, it is ex­plained there what set­ting op­tions Face­book of­fers to pro­tect the pri­vacy of the data sub­ject. In ad­di­tion, dif­fer­ent con­fig­u­ra­tion op­tions are made avail­able to al­low the elim­i­na­tion of data trans­mis­sion to Face­book. These ap­pli­ca­tions may be used by the data sub­ject to elim­i­nate a data trans­mis­sion to Face­book.

14. Data protection provisions about the application and use of Google Analytics (with anonymization function)

On this web­site, the con­troller has in­te­grated the com­po­nent of Google An­a­lyt­ics (with the anonymizer func­tion). Google An­a­lyt­ics is a web an­a­lyt­ics ser­vice. Web an­a­lyt­ics is the col­lec­tion, gath­er­ing, and analy­sis of data about the be­hav­ior of vis­i­tors to web­sites. A web analy­sis ser­vice col­lects, in­ter alia, data about the web­site from which a per­son has come (the so-called re­fer­rer), which sub-pages were vis­ited, or how of­ten and for what du­ra­tion a sub-page was viewed. Web an­a­lyt­ics are mainly used for the op­ti­miza­tion of a web­site and in or­der to carry out a cost-ben­e­fit analy­sis of In­ter­net ad­ver­tis­ing.

The op­er­a­tor of the Google An­a­lyt­ics com­po­nent is Google Inc., 1600 Am­phithe­atre Pkwy, Moun­tain View, CA 94043-1351, United States.  

For the web an­a­lyt­ics through Google An­a­lyt­ics the con­troller uses the ap­pli­ca­tion “_gat. _anonymizeIp”. By means of this ap­pli­ca­tion the IP ad­dress of the In­ter­net con­nec­tion of the data sub­ject is abridged by Google and anonymised when ac­cess­ing our web­sites from a Mem­ber State of the Eu­ro­pean Union or an­other Con­tract­ing State to the Agree­ment on the Eu­ro­pean Eco­nomic Area. The pur­pose of the Google An­a­lyt­ics com­po­nent is to an­a­lyze the traf­fic on our web­site. Google uses the col­lected data and in­for­ma­tion, in­ter alia, to eval­u­ate the use of our web­site and to pro­vide on­line re­ports, which show the ac­tiv­i­ties on our web­sites, and to pro­vide other ser­vices con­cern­ing the use of our In­ter­net site for us.

Google An­a­lyt­ics places a cookie on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject. The de­f­i­n­i­tion of cook­ies is ex­plained above. With the set­ting of the cookie, Google is en­abled to an­a­lyze the use of our web­site. With each call-up to one of the in­di­vid­ual pages of this In­ter­net site, which is op­er­ated by the con­troller and into which a Google An­a­lyt­ics com­po­nent was in­te­grated, the In­ter­net browser on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject will au­to­mat­i­cally sub­mit data through the Google An­a­lyt­ics com­po­nent for the pur­pose of on­line ad­ver­tis­ing and the set­tle­ment of com­mis­sions to Google. Dur­ing the course of this tech­ni­cal pro­ce­dure, the en­ter­prise Google gains knowl­edge of per­sonal in­for­ma­tion, such as the IP ad­dress of the data sub­ject, which serves Google, in­ter alia, to un­der­stand the ori­gin of vis­i­tors and clicks, and sub­se­quently cre­ate com­mis­sion set­tle­ments. The cookie is used to store per­sonal in­for­ma­tion, such as the ac­cess time, the lo­ca­tion from which the ac­cess was made, and the fre­quency of vis­its of our web­site by the data sub­ject. With each visit to our In­ter­net site, such per­sonal data, in­clud­ing the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, will be trans­mit­ted to Google in the United States of Amer­ica. These per­sonal data are stored by Google in the United States of Amer­ica. Google may pass these per­sonal data col­lected through the tech­ni­cal pro­ce­dure to third par­ties. The data sub­ject may, as stated above, pre­vent the set­ting of cook­ies through our web­site at any time by means of a cor­re­spond­ing ad­just­ment of the web browser used and thus per­ma­nently deny the set­ting of cook­ies. Such an ad­just­ment to the In­ter­net browser used would also pre­vent Google An­a­lyt­ics from set­ting a cookie on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject. In ad­di­tion, cook­ies al­ready in use by Google An­a­lyt­ics may be deleted at any time via a web browser or other soft­ware pro­grams.

In ad­di­tion, the data sub­ject has the pos­si­bil­ity of ob­ject­ing to a col­lec­tion of data that are gen­er­ated by Google An­a­lyt­ics, which is re­lated to the use of this web­site, as well as the pro­cess­ing of this data by Google and the chance to pre­clude any such. For this pur­pose, the data sub­ject must down­load a browser add-on un­der the link https://​tools.google.com/​dl­page/​gaoptout and in­stall it. This browser add-on tells Google An­a­lyt­ics through a JavaScript, that any data and in­for­ma­tion about the vis­its of In­ter­net pages may not be trans­mit­ted to Google An­a­lyt­ics. The in­stal­la­tion of the browser add-ons is con­sid­ered an ob­jec­tion by Google. If the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject is later deleted, for­mat­ted, or newly in­stalled, then the data sub­ject must re­in­stall the browser add-ons to dis­able Google An­a­lyt­ics. If the browser add-on was unin­stalled by the data sub­ject or any other per­son who is at­trib­ut­able to their sphere of com­pe­tence, or is dis­abled, it is pos­si­ble to ex­e­cute the re­in­stal­la­tion or re­ac­ti­va­tion of the browser add-ons.  

Fur­ther in­for­ma­tion and the ap­plic­a­ble data pro­tec­tion pro­vi­sions of Google may be re­trieved un­der https://www.google.com/intl/en/policies/privacy/ and un­der http://www.google.com/analytics/terms/us.html. Google An­a­lyt­ics is fur­ther ex­plained un­der the fol­low­ing Link https://www.google.com/analytics/.

 

15. Data protection provisions about the application and use of LinkedIn

The con­troller has in­te­grated com­po­nents of the LinkedIn Cor­po­ra­tion on this web­site. LinkedIn is a web-based so­cial net­work that en­ables users with ex­ist­ing busi­ness con­tacts to con­nect and to make new busi­ness con­tacts. Over 400 mil­lion reg­is­tered peo­ple in more than 200 coun­tries use LinkedIn. Thus, LinkedIn is cur­rently the largest plat­form for busi­ness con­tacts and one of the most vis­ited web­sites in the world. The op­er­at­ing com­pany of LinkedIn is LinkedIn Cor­po­ra­tion, 2029 Stier­lin Court Moun­tain View, CA 94043, UNITED STATES. For pri­vacy mat­ters out­side of the UNITED STATES LinkedIn Ire­land, Pri­vacy Pol­icy Is­sues, Wilton Plaza, Wilton Place, Dublin 2, Ire­land, is re­spon­si­ble.

With each call-up to one of the in­di­vid­ual pages of this In­ter­net site, which is op­er­ated by the con­troller and on which a LinkedIn com­po­nent (LinkedIn plug-in) was in­te­grated, the In­ter­net browser on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject is au­to­mat­i­cally prompted to the down­load of a dis­play of the cor­re­spond­ing LinkedIn com­po­nent of LinkedIn. Fur­ther in­for­ma­tion about the LinkedIn plug-in may be ac­cessed un­der https://developer.linkedin.com/plugins. Dur­ing the course of this tech­ni­cal pro­ce­dure, LinkedIn gains knowl­edge of what spe­cific sub-page of our web­site was vis­ited by the data sub­ject. If the data sub­ject is logged in at the same time on LinkedIn, LinkedIn de­tects with every call-up to our web­site by the data sub­ject—and for the en­tire du­ra­tion of their stay on our In­ter­net site—which spe­cific sub-page of our In­ter­net page was vis­ited by the data sub­ject. This in­for­ma­tion is col­lected through the LinkedIn com­po­nent and as­so­ci­ated with the re­spec­tive LinkedIn ac­count of the data sub­ject. If the data sub­ject clicks on one of the LinkedIn but­tons in­te­grated on our web­site, then LinkedIn as­signs this in­for­ma­tion to the per­sonal LinkedIn user ac­count of the data sub­ject and stores the per­sonal data. LinkedIn re­ceives in­for­ma­tion via the LinkedIn com­po­nent that the data sub­ject has vis­ited our web­site, pro­vided that the data sub­ject is logged in at LinkedIn at the time of the call-up to our web­site. This oc­curs re­gard­less of whether the per­son clicks on the LinkedIn but­ton or not. If such a trans­mis­sion of in­for­ma­tion to LinkedIn is not de­sir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their LinkedIn ac­count be­fore a call-up to our web­site is made.  

LinkedIn pro­vides un­der https://www.linkedin.com/psettings/guest-controls the pos­si­bil­ity to un­sub­scribe from e-mail mes­sages, SMS mes­sages and tar­geted ads, as well as the abil­ity to man­age ad set­tings. LinkedIn also uses af­fil­i­ates such as Eire, Google An­a­lyt­ics, BlueKai, Dou­bleClick, Nielsen, Com­score, Elo­qua, and Lotame. The set­ting of such cook­ies may be de­nied un­der https://​www.linkedin.com/​le­gal/​cookie-pol­icy. The ap­plic­a­ble pri­vacy pol­icy for LinkedIn is avail­able un­der https://​www.linkedin.com/​le­gal/​pri­vacy-pol­icy. The LinkedIn Cookie Pol­icy is avail­able un­der https://www.linkedin.com/legal/cookie-policy.

 

16. Data protection provisions about the application and use of Twitter  

On this web­site, the con­troller has in­te­grated com­po­nents of Twit­ter. Twit­ter is a mul­ti­lin­gual, pub­licly-ac­ces­si­ble mi­croblog­ging ser­vice on which users may pub­lish and spread so-called ‘tweets,’ e.g. short mes­sages, which are lim­ited to 280 char­ac­ters. These short mes­sages are avail­able for every­one, in­clud­ing those who are not logged on to Twit­ter. The tweets are also dis­played to so-called fol­low­ers of the re­spec­tive user. Fol­low­ers are other Twit­ter users who fol­low a user’s tweets. Fur­ther­more, Twit­ter al­lows you to ad­dress a wide au­di­ence via hash­tags, links or retweets. The op­er­at­ing com­pany of Twit­ter is Twit­ter, Inc., 1355 Mar­ket Street, Suite 900, San Fran­cisco, CA 94103, UNITED STATES.

With each call-up to one of the in­di­vid­ual pages of this In­ter­net site, which is op­er­ated by the con­troller and on which a Twit­ter com­po­nent (Twit­ter but­ton) was in­te­grated, the In­ter­net browser on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject is au­to­mat­i­cally prompted to down­load a dis­play of the cor­re­spond­ing Twit­ter com­po­nent of Twit­ter. Fur­ther in­for­ma­tion about the Twit­ter but­tons is avail­able un­der https://about.twitter.com/de/resources/buttons. Dur­ing the course of this tech­ni­cal pro­ce­dure, Twit­ter gains knowl­edge of what spe­cific sub-page of our web­site was vis­ited by the data sub­ject. The pur­pose of the in­te­gra­tion of the Twit­ter com­po­nent is a re­trans­mis­sion of the con­tents of this web­site to al­low our users to in­tro­duce this web page to the digital world and in­crease our vis­i­tor num­bers.

If the data sub­ject is logged in at the same time on Twit­ter, Twit­ter de­tects with every call-up to our web­site by the data sub­ject and for the en­tire du­ra­tion of their stay on our In­ter­net site which spe­cific sub-page of our In­ter­net page was vis­ited by the data sub­ject. This in­for­ma­tion is col­lected through the Twit­ter com­po­nent and as­so­ci­ated with the re­spec­tive Twit­ter ac­count of the data sub­ject. If the data sub­ject clicks on one of the Twit­ter but­tons in­te­grated on our web­site, then Twit­ter as­signs this in­for­ma­tion to the per­sonal Twit­ter user ac­count of the data sub­ject and stores the per­sonal data.

Twit­ter re­ceives in­for­ma­tion via the Twit­ter com­po­nent that the data sub­ject has vis­ited our web­site, pro­vided that the data sub­ject is logged in on Twit­ter at the time of the call-up to our web­site. This oc­curs re­gard­less of whether the per­son clicks on the Twit­ter com­po­nent or not. If such a trans­mis­sion of in­for­ma­tion to Twit­ter is not de­sir­able for the data sub­ject, then he or she may pre­vent this by log­ging off from their Twit­ter ac­count be­fore a call-up to our web­site is made. The ap­plic­a­ble data pro­tec­tion pro­vi­sions of Twit­ter may be ac­cessed un­der https://twitter.com/privacy?lang=en.

 

17. Data protection provisions about the application and use of YouTube 

On this web­site, the con­troller has in­te­grated com­po­nents of YouTube. YouTube is an In­ter­net video por­tal that en­ables video pub­lish­ers to set video clips and other users free of charge, which also pro­vides free view­ing, re­view and com­ment­ing on them. YouTube al­lows you to pub­lish all kinds of videos, so you can ac­cess both full movies and TV broad­casts, as well as mu­sic videos, trail­ers, and videos made by users via the In­ter­net por­tal.

The op­er­at­ing com­pany of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a sub­sidiary of Google Inc., 1600 Am­phithe­atre Pkwy, Moun­tain View, CA 94043-1351, UNITED STATES.

With each call-up to one of the in­di­vid­ual pages of this In­ter­net site, which is op­er­ated by the con­troller and on which a YouTube com­po­nent (YouTube video) was in­te­grated, the In­ter­net browser on the in­for­ma­tion tech­nol­ogy sys­tem of the data sub­ject is au­to­mat­i­cally prompted to down­load a dis­play of the cor­re­spond­ing YouTube com­po­nent. Fur­ther in­for­ma­tion about YouTube may be ob­tained un­der https://www.youtube.com/yt/about/en/. Dur­ing the course of this tech­ni­cal pro­ce­dure, YouTube and Google gain knowl­edge of what spe­cific sub-page of our web­site was vis­ited by the data sub­ject.

If the data sub­ject is logged in on YouTube, YouTube rec­og­nizes with each call-up to a sub-page that con­tains a YouTube video, which spe­cific sub-page of our In­ter­net site was vis­ited by the data sub­ject. This in­for­ma­tion is col­lected by YouTube and Google and as­signed to the re­spec­tive YouTube ac­count of the data sub­ject. YouTube and Google will re­ceive in­for­ma­tion through the YouTube com­po­nent that the data sub­ject has vis­ited our web­site, if the data sub­ject at the time of the call to our web­site is logged in on YouTube; this oc­curs re­gard­less of whether the per­son clicks on a YouTube video or not. If such a trans­mis­sion of this in­for­ma­tion to YouTube and Google is not de­sir­able for the data sub­ject, the de­liv­ery may be pre­vented if the data sub­ject logs off from their own YouTube ac­count be­fore a call-up to our web­site is made.

YouTube’s data pro­tec­tion pro­vi­sions, avail­able athttps://www.google.com/intl/en/policies/privacy/, pro­vide in­for­ma­tion about the col­lec­tion, pro­cess­ing and use of per­sonal data by YouTube and Google.

 

18. Legal basis for the processing 

Art. 6(1) lit. a GDPR serves as the le­gal ba­sis for pro­cess­ing op­er­a­tions for which we ob­tain con­sent for a spe­cific pro­cess­ing pur­pose. If the pro­cess­ing of per­sonal data is nec­es­sary for the per­for­mance of a con­tract to which the data sub­ject is party, as is the case, for ex­am­ple, when pro­cess­ing op­er­a­tions are nec­es­sary for the sup­ply of goods or to pro­vide any other ser­vice, the pro­cess­ing is based on Ar­ti­cle 6(1) lit. b GDPR. The same ap­plies to such pro­cess­ing op­er­a­tions which are nec­es­sary for car­ry­ing out pre-con­trac­tual mea­sures, for ex­am­ple in the case of in­quiries con­cern­ing our prod­ucts or ser­vices. Is our com­pany sub­ject to a le­gal oblig­a­tion by which pro­cess­ing of per­sonal data is re­quired, such as for the ful­fill­ment of tax oblig­a­tions, the pro­cess­ing is based on Art. 6(1) lit. c GDPR. In rare cases, the pro­cess­ing of per­sonal data may be nec­es­sary to pro­tect the vi­tal in­ter­ests of the data sub­ject or of an­other nat­ural per­son. This would be the case, for ex­am­ple, if a vis­i­tor were in­jured in our com­pany and his name, age, health in­sur­ance data or other vi­tal in­for­ma­tion would have to be passed on to a doc­tor, hos­pi­tal or other third party. Then the pro­cess­ing would be based on Art. 6(1) lit. d GDPR. Fi­nally, pro­cess­ing op­er­a­tions could be based on Ar­ti­cle 6(1) lit. f GDPR. This le­gal ba­sis is used for pro­cess­ing op­er­a­tions which are not cov­ered by any of the above­men­tioned le­gal grounds, if pro­cess­ing is nec­es­sary for the pur­poses of the le­git­i­mate in­ter­ests pur­sued by our com­pany or by a third party, ex­cept where such in­ter­ests are over­rid­den by the in­ter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which re­quire pro­tec­tion of per­sonal data. Such pro­cess­ing op­er­a­tions are par­tic­u­larly per­mis­si­ble be­cause they have been specif­i­cally men­tioned by the Eu­ro­pean leg­is­la­tor. He con­sid­ered that a le­git­i­mate in­ter­est could be as­sumed if the data sub­ject is a client of the con­troller (Recital 47 Sen­tence 2 GDPR).

 

19. The legitimate interests pursued by the controller or by a third party

Where the pro­cess­ing of per­sonal data is based on Ar­ti­cle 6(1) lit. f GDPR our le­git­i­mate in­ter­est is to carry out our busi­ness in fa­vor of the well-be­ing of all our em­ploy­ees and the share­hold­ers.

 

20. Period for which the personal data will be stored

The cri­te­ria used to de­ter­mine the pe­riod of stor­age of per­sonal data is the re­spec­tive statu­tory re­ten­tion pe­riod. Af­ter ex­pi­ra­tion of that pe­riod, the cor­re­spond­ing data is rou­tinely deleted, as long as it is no longer nec­es­sary for the ful­fill­ment of the con­tract or the ini­ti­a­tion of a con­tract.

 

21. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clar­ify that the pro­vi­sion of per­sonal data is partly re­quired by law (e.g. tax reg­u­la­tions) or can also re­sult from con­trac­tual pro­vi­sions (e.g. in­for­ma­tion on the con­trac­tual part­ner). Some­times it may be nec­es­sary to con­clude a con­tract that the data sub­ject pro­vides us with per­sonal data, which must sub­se­quently be processed by us. The data sub­ject is, for ex­am­ple, obliged to pro­vide us with per­sonal data when our com­pany signs a con­tract with him or her. The non-pro­vi­sion of the per­sonal data would have the con­se­quence that the con­tract with the data sub­ject could not be con­cluded. Be­fore per­sonal data is pro­vided by the data sub­ject, the data sub­ject must con­tact any em­ployee. The em­ployee clar­i­fies to the data sub­ject whether the pro­vi­sion of the per­sonal data is re­quired by law or con­tract or is nec­es­sary for the con­clu­sion of the con­tract, whether there is an oblig­a­tion to pro­vide the per­sonal data and the con­se­quences of non-pro­vi­sion of the per­sonal data.

 

22. Existence of automated decision-making

As a re­spon­si­ble com­pany, we do not use au­to­matic de­ci­sion-mak­ing or pro­fil­ing.

This Pri­vacy Pol­icy has been gen­er­ated by the Pri­vacy Pol­icy Gen­er­a­tor of the DGD – Your Ex­ter­nal DPO that was de­vel­oped in co­op­er­a­tion with Ger­man Lawyers from WILDE BEUGER SOLMECKE, Cologne.

0