DATA PROTECTION DECLARATION
We are happy to have you visit our homepage and thank you for your interest in our Company. We understand data protection as a customer oriented quality feature. Protection of your personal data and the defence of your personality rights are important to us. With this Data Protection Declaration we would like to inform all visitors to our homepage transparently about the nature, extent and purpose of personal data we collect, use and process and to advise you of the rights you are entitled to. Use of our homepage is basically possible without the indication of personal data. Should you however avail yourselves of our Company’s services via our homepage then processing of your personal data will be required. The data automatically collected when visiting our homepages as well as personal data you enter when using our services are processed in accordance with the currently applicable legal regulations for the protection of personal data. If any processing of your personal data is then required and if there is no statutory basis for such processing, then we basically obtain your consent for the required purpose of the processing. As a Company responsible for the processing we have set forth technical and organisational measures in order to ensure the highest possible level of protection for your personal data. However, we wish to point out that any data transmission via the World Wide Web can basically have security gaps. If you wish to avail yourself of the services of our Company and not wish to use the route of transmitting data over the World Wide Web, then you also have the option of telephone contact.
1. CONTACT DATA OF THE PARTY RESPONSIBLE FOR PROCESSING
Responsible in the terms of the General Data Protection Regulation is:
Company: Heinrich Obermeyer GmbH & Co KG
Street: Immenstädter Strasse 6-8
Postal code/town: 87534 Oberstaufen
Tel: +49 (0) 8386 / 916-0
Designated as data protection officer is:
Mr Stephan Hartinger
Telephone: 08232 80988-70
2. COLLECTION OF GENERAL ACCESS INFORMATION
With each call to our homepage server log file information which your browser transmits to us is automatically recorded. These information items are:
- IP address (internet protocol address) of the accessing computer
- The web page from which you are visiting us (referrer)
- The web page which you are visiting with us
- The date and the duration of your visit
- The browser type and the browser configuration
- The operating system
We draw your attention to the fact that this data cannot be attributed to a specific person. We use this technical data exclusively for the following purposes:
- In order to improve the attractiveness and serviceability of our web pages,
- In order to recognise technical problems on our website at an early stage,
- To deliver the contents of our website correctly,
- And to provide enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
This data is stored as a technical precaution for a maximum of seven days to protect the data processing systems against unauthorised access.
3. COLLECTION AND EXCHANGING OF PERSONAL DATA
We use your personal information only for the purposes listed on this information page for data protection. On our website there are the following entry templates for collection of personal data:
3.1 REGISTRATION ON OUR WEBSITE
- B2B-SHop (customer account)
The personal data you enter in connection with registration for shop access we use in order to set up for you your password protected direct access to your personal customer account. In order to set up your shop access, we need the following information from you:
- First name and last name
- Customer number
- Company name
- Email address.
After the registration is sent, you will receive from us for legal reasons a confirmation email, in order to complete your registration order for the set up of a customer account. The data listed here are exclusively used for setting up your customer account as well as for sending you the confirmation email. After confirmation of your customer account, you may inspect your contact and address data as well as your orders, bills and delivery slips. You must put yourself under an obligation to treat your personal access data confidentially and not to make it available to any unauthorised third party. After you have ended your communication with us, you should always exit (log off from) your customer account.
Data exchanging in fulfilment of the contract
For contract fulfilment, we pass your data on to the delivery company charged with delivery provided this is necessary to deliver the goods you have ordered.
Data exchanging for checking creditworthiness
If we make advance payments, e.g. when purchasing on account, we reserve the right to obtain identity and creditworthiness information from specialized service providers (credit agencies) in order to safeguard our legitimate interests.
We transmit personal data collected within the scope of this contractual relationship regarding the application for and execution of this business relationship as well as data on non-contractual behavior to CRIF Bürgel Ressmann Ulm GmbH & Co. KG, Bleichstr. 30, 89077 Ulm and CRIF GmbH, Leopoldstraße 244, 80807 Munich.
The legal basis for this transfer is Article 6(1) sentence 1(b) and (f) of the General Data Protection Regulation (GDPR). The exchange of data with CRIF Bürgel Ressmann Ulm GmbH & Co. KG and CRIF GmbH also serves to fulfill legal obligations to carry out creditworthiness checks (Sections 505a and 506 of the German Civil Code).
CRIF GmbH processes the data received and also uses it for the purpose of profiling (scoring) in order to provide its contractual partners in the European Economic Area and in Switzerland and, if applicable, other third countries with information, inter alia, to assess the creditworthiness of natural persons. The transfer of personal data to third countries takes place in accordance with Art. 44 et seq. GDPR. Further information on the activities of CRIF GmbH can be found in its information sheet or online at https://www.crif.de/en/privacy.
- Download zone
The personal data you enter in connection with registering for our download zone we use to set up password-protected direct access for you to our download zone. In order to set up download access for you, we need the following information from you:
- First name and last name
- Customer number
- Company name
- Email address
After sending off your registration, you will receive your password for access to our download zone. You must put yourself under an obligation to treat the personal access data confidentially and not to make it accessible to any unauthorised third party. After you have ended communication with us, you should always exit (log off from) your customer account.
- Registration for our newsletter
The personal data you enter in connection with registering for our newsletter we use in order to inform you about current news, offers and services of H. Obermeyer GmbH & Co KG. In order to send you the newsletter, we need the following information from you:
- Company name
- First and last name
- Customer number
- Email address
- Product groups
After sending off the registration, you will for legal reasons receive a confirmation email, in order to complete your registration application for our newsletter. The data described here are used exclusively for sending you our email newsletter. You are under an obligation to treat the contents made available to you confidentially and not to make it available to any unauthorised third party. For functions of our newsletter service, we contract with an external service provider, the firm of Tripicchio AG in Freiburg, for data processing. These service providers process the personal data used for this purpose exclusively according to our instructions. In particular, the service providers are with that also bound by this Data Protection Declaration. The service providers under no circumstances use the data for their own purposes.
4. WHAT ARE COOKIES USED FOR?
Our website uses so-called cookies in several places. You can find detailed information and see which cookies are used in our Cookie-Guidelines.
5. DEPLOYMENT AND USE OF TRACKING AND ANALYSIS TOOLS AND SOCIAL PLUGINS
5.1 GOOGLE ANALYTICS
We use Google Analytics. This is a web analysis service of Google Inc. The information generated by the cookies used about your use of our website (including your IP address) is transmitted to a Google server in the United States and stored there. IP addresses are anonymised so that any attribution to you is impossible (IP masking). The information is used to evaluate the use of our website, to compile reports on website activities for us and to perform additional services for us linked to use of websites and the internet. The data you entered while using our service are not combined with the data recorded by Google. Transfer of information by Google to third parties only occurs if this is legally mandated or if third parties process this data under contract. In addition, we also deploy Google Optimize. This is a web analysis service of Google Inc. which is integrated into Google Analytics. Google Optimize makes it possible for us to conduct A/B and multivariate tests. In that way we can find out which versions of our website users like. Further information on this service can be found here. You can prevent recording of the data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on. As an alternative to the browser add-on, in particular for browsers on mobile devices, you can additionally prevent recording by Google Analytics by clicking on this link. This sets an opt-out cookie that prevents the future recording on your data when visiting this website. The opt-out cookie only applies in this browser and only for this website and is deposited on your equipment. If you delete the cookies in that browser, you have to set the opt-out cookie once again. You can find further information on data protection in connection with Google Analytics in Google Analytics Help. You can find further information on data protection at Google at https://www.google.com/policies/privacy/.
5.2 Facebook tracking
On our website we do not use any social plugins from Facebook or other social networks. In connection with our Facebook advertising we use a pixel-based control mechanism. This is a network analysis service offered by Facebook Ireland Ltd. The information is used to track conversions coming from the Facebook platform. This service is offered by Facebook Ireland Ltd to which EU data protection law applies. We do not share any data with Facebook that you enter while using our service. For the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and configuration options to protect your private sphere, please see Facebook’s data protection pointers.
5.3 SOCIAL PLUGINS FROM INSTAGRAM
Use of Instagram social plugins
On our website so-called social plugins (“plugins”) are used coming from Instagram which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are labelled with an Instagram logo, for instance in the form of an “Instagram camera.” You can find a survey of Instagram plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. If you call up a page of our website containing such a plugin, your browser sets up a direct connection to Instagram’s servers. The contents of the plugin are transmitted directly from Instagram to your browser and integrated into the page. Via this integration Instagram directly receives the information that your browser has called up the corresponding page of our website even if you do not have any Instagram profile or are not presently logged into Instagram. This information (including your IP address) is transmitted directly from your browser to a server of Instagram in the United States and stored there. If you are logged in to Instagram, then Instagram can directly attribute your visit to the homepage of your Instagram account. When you interact with the plugins, for instance by activating the “Instagram” button, that information is likewise transmitted directly to an Instagram server and stored there. The information is additionally published on your Instagram account and shown there to your contacts. For the purpose and scope of data collection and further processing and use of your data by Instagram as well as your relevant rights and configuration options to protect your private sphere, please see Instagram’s data protection pointers: https://help.instagram.com/155833707900388/. If you do not wish to have Instagram attribute the data collected via our website directly to your Instagram account, you must log out of Instagram before you visit our website. You can also completely prevent the Instagram plugins from loading up on your browser with an addon such as the script blocker “NoScript” (http://noscript.net/).
6. DELETION, BLOCKING AND DURATION OF STORAGE OF PERSONAL DATA
We process and store your personal data only for the period of time required to achieve the specific purpose of storage or for the diverse retention periods provided by legislation. After the lapse of the storage purpose or at the end of the retention period provided by legislation, the personal data are routinely and in accordance with statutory regulations blocked from further processing or deleted.
7. DATA PROTECTION RIGHTS OF THE PERSON CONCERNED
If you have questions about your personal data, you can contact us in writing at any time. According to GDPR you have the following rights:
7.1 THE RIGHT TO INFORMATION (SUB-POINT ARTICLE 15 GDPR)
You have at any time the right to be given information on which categories of information on your personal data are processed by us and for what purposes and how long and according to what criteria this data is stored and whether in this connection any automatic decision making is applied, including profiling. In addition, you are entitled to know to which recipients or categories of recipients your data has been disclosed or is still being disclosed; in particular with recipients in third countries or international organisations. In that case, you also have the right to be informed of appropriate guarantees in connection with the transmittal of your personal data. Besides the right of appeal to the regulatory authority and the right to information about the origin of your data, you also have a right to deletion, correction as well as the right to restriction or objection to any processing of your personal data. In all of the cases cited above you are entitled to demand a free copy of your personal data from the data processor. For all additional copies that you apply for or which go beyond the right of information about the person concerned we are entitled to charge an appropriate administrative fee.
7.2 THE RIGHT TO CORRECTION (ARTICLE 16 GDPR)
You are entitled to demand immediate correction of your incorrect personal data and, given the purposes of processing, to completion of incomplete personal data, including by means of a supplemental statement. If you wish to avail yourself of your right to correction, you may at any time contact our data protection officer or the person in charge of processing.
7.3 THE RIGHT TO DELETION (ARTICLE 17 GDPR)
You are entitled to demand immediate deletion of your data (“right to be forgotten”), in particular if the storage of the data is no longer necessary, if you have revoked your consent to processing of the data, if your data was illegally processed or illegally collected or if there is a legal obligation to deletion under EU or national law.
However, the right to be forgotten does not apply if there is a predominant right to free speech or freedom of information, if the data storage is required for fulfilment of a legal obligation (e.g. retention obligations), for archive purposes, to prevent deletion or if the storage serves to assert, exercise or defend legal claims.
7.4 THE RIGHT TO RESTRICTION (ARTICLE 18 GDPR)
You have the right to restrict processing of your data by the party in charge of processing if you contest the correctness of the data, if the processing is illegal, if you reject the deletion of your personal data and instead demand restriction of its processing, if the requirement for the purpose of processing lapses or if you have objected to processing in accordance with article 21, paragraph 1, provided it is not yet clear if there are justified ground of ours which outweigh yours.
7.5 THE RIGHT TO DATA PORTABILITY (ARTICLE 20 GDPR)
You have a right to portability of your personal data which you have made available to our Company in the form of a customary format so that you can have your personal data forwarded to another party in charge if there is consent on your part and the processing occurs by means of an automatic procedure.
7.6 THE RIGHT TO OBJECT (ARTICLE 21 GPR)
You have the right at any time to object to collection, processing or use of your personal data for purposes of direct advertising or market or opinion research as well as to object to general business-related data processing unless we can show pressing grounds entitled to protection for processing which outweigh your interests, rights and freedoms. In addition, you may not exercise your right to object if a legal regulation provides for collection, processing or use of the data or an obligation to collect process or use the data.
7.7 RIGHT OF APPEAL TO THE DATA REGULATION AUTHORITY (ARTICLE 77 GDPR IN CONNECTION WITH § 19 OF THE FEDERAL DATA PROTECTION ACT)
You are granted the right to appeal to the regulatory authority with jurisdiction if you are of the opinion that there has been a violation in the processing of your personal data.
7.8 RIGHT TO REVOCATION OF A DATA PROTECTION LAW CONSENT (ARTICLE 7, PARAGRAPH 3 GDPR)
You may at any time revoke any consent given to processing of your personal data and without indicating any reasons. This also applies to the revocation of consent declarations issued in relation to us prior to the entry into force of the EU GDPR.
8. LEGAL BASIS FOR PROCESSING
In processing of personal data for which we obtain consent from the person concerned, article 6, paragraph 1, sentence 1 a) of the General Data Protection Regulation (GDPR) serves as the legal basis. In processing of personal data required in fulfilment of a contract to which the person concerned is a party, article 6, paragraph 1, sentence 1 b) (GDPR) serves as the legal basis. This provision also encompasses processing procedures required to carry out pre-contract measures. Where processing of personal data is required for fulfilment of a legal obligation to which our Company is subject, article 6, paragraph 1, sentence 1 c) (GDPR) serves as the legal basis.
If the processing is required for the exercise of a legitimate interest of our Company or a third party and are not outweighed by the former’s interests, fundamental rights and basic freedoms of the party concerned, then article 6, paragraph 1, sentence 1 f) (GDPR) serves as the legal basis. The legitimate interest of our Company lies in conducting our business operations as well as in the analysis, optimisation and maintenance of the security of our online programme.
9. TRANSMITTAL OF DATA TO THIRD PARTIES
We in general do not sell or rent any user data. Any transmittal to third parties going beyond the framework described in this Data Protection Declaration only occurs if this is required to wind up the particular requisitioned service. We only transmit data if there is a legal obligation to do so. That is the case if governmental bodies (such as law enforcement authorities) request information in writing or if there is a court order. No transmittal of personal data occurs to so-called third countries outside of the EU / EEA.
10. STATUTORY OR CONTRACTUAL PROVISIONS TO PROVIDE PERSONAL DATA AS WELL AS POTENTIAL CONSEQUENCES OF FAILURE TO PROVIDE
We draw attention to the fact that the provision of personal data in certain cases (e.g. tax regulations) is statutorily mandated or may derive from contractual provisions (e.g. information on the contract partner). For instance, it may be necessary for the signing of a contract that the party concerned / or the contract partner must provide its personal data so that its request (e.g. an order) can be processed by us at all. An obligation to provide personal data emerges especially when contracts are signed. Should in that case no personal data be provided then the contract may not be signed with the person concerned. Prior to any provision of personal data by the person concerned, the latter may contact our data protection officer or the party in charge of processing. The data protection officer or the party in charge of processing will then advise the party concerned whether provision of the required personal data is statutorily or contractually required or required for signing of the contract and whether from the requests of the person concerned there emerges any obligation to provide the personal data or what consequences failure to provide the requested data would have for the party concerned.
11. EXISTENCE OF AUTOMATIC DECISION MAKING
As a conscientious Company we abstain in our business relations from any automatic decision making or profiling. In addition to these web-specific privacy notices, it is possible to view the transparent information.