Data protection policy

Data protection notice

The v. Nordeck Holding GmbH & Co. KG (hereinafter referred to as “we” or “data controller”) takes the protection of personal data seriously and observes the relevant provisions of data protection law, in particular the provisions of the EU General Data Protection Regulation (GDPR). In the following, we provide you with information about what data we process and when, in particular during the use of our website www.vonnordeck-holding.com.

I. General information

1. Scope of data processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website with our content and services. Collection and use of the personal data of our users only occurs if the processing of the data is permitted by legal regulations or if the user has given consent.

2. Legal basis for data processing

If we obtain the user’s consent for the processing of personal data on our website, Art. 6 (1) (a) GDPR serves as the legal basis for the processing of personal data.

If the processing of personal data is required for the performance of a contract to which the user is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing tasks that are necessary for the performance of a contractual obligation or pre-contractual measures.

If the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the user concerned do not outweigh the aforementioned interests, Art. 6 (1) (f) GDPR serves as the legal basis for data processing (“weighing of interests”).

In addition, there are other legal bases for the processing of personal data, which we list below in detail — if relevant.

3. Storage period

Users’ personal data will be deleted or blocked as soon as the purpose for storage ceases to apply. Furthermore, data may be stored if this has been stipulated by European or national legislators in EU regulations, laws or other regulations to which our company is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. Transmission of personal data

If we transmit personal data, we do so exclusively to service companies that support us in fulfilling the aforementioned purposes. These companies may use your personal data as so-called contracted processors only for the fulfillment of their tasks on our behalf and are obliged to comply with the relevant data protection regulations. The processors we use are:

domainfactory GmbH

Oskar-Messter-Str. 33

85737 Ismaning, Germany

Apart from this, however, no personal data is passed on to third parties.

5. Place of data processing

The processing of the personal data collected from you takes place in countries of the European Economic Area.

II. Processing of personal data

1. Provision of the website and creation of log files

a) Description of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the visiting computer.

The following data is collected:

This data is then temporarily stored in log files. This data is not stored together with other personal data of the user.

b) Legal basis for data processing

The legal basis for the temporary storage of this data is Art. 6 (1) (f) GDPR.

c) Purpose of data processing

The temporary storage takes place in order to ensure the functionality of the website. In addition, the data allows us to optimize our website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR is also based in these purposes.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If the data is stored in log files, this is the case no later than three days after our website was accessed.

e) Possibility to object and request removal

The collection of data for the provision of the website is imperative for the operation of the website. As a consequence, there is no option for the user to object.

2. Contact form and e-mail contact

a) Description of data processing

There is a contact form on our website that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

Alternatively, you may contact us via the e-mail address provided by us. In this case, the user’s personal data transmitted with the e-mail will be stored.

The data in this context will not be passed on to third parties but will instead be used exclusively for processing the conversation.

b) Legal basis for data processing

The legal basis for the processing of this data is Art. 6 (1) (f) GDPR. If the aim of the e-mail contact is the conclusion of a contract or contract-like obligation, then the additional legal basis for the processing is Art. 6 (1) (b).

c) Purpose of data processing

The processing of the personal data from the input mask is used by us only to process the establishment of contact. When contact is established, this also constitutes the necessary legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. With respect to personal data from the contact form input mask and data sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the matter has been conclusively resolved.

e) Possibility to object and request removal

If the user contacts us via contact form or e-mail, he or she may object to the storage of his or her personal data at any time. The objection can be made by sending a message to the contact information below (see section 7 of our data protection policy). In the event of an objection, the conversation with the user cannot be continued, and all personal data stored in the course of contacting the user will be deleted by us.

III. Use of cookies

1. Description of data processing

We use “cookies” to make visiting our website an enjoyable experience and to enable the use of certain functions. Cookies are small text files that are stored in a browser or by the browser on a mobile device. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again.

a) Technically necessary cookies

We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser be identifiable even after a change of website. The following data is stored and transmitted in the cookies:

b) Note regarding changing browser settings

Most browsers are set to automatically accept cookies. Users can prevent the storage of cookies on their computers by means of appropriate browser settings, but this may limit the scope of functions of our website.

2. Legal basis for data processing

In all other cases, the legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser be recognized even after navigating to another website. The user data collected by cookies on our website are not used to create user profiles.

The aforementioned purposes are also the basis of our legitimate interest in the processing of personal data pursuant to Art. 6 (1) (f) GDPR.

4. Duration of storage, possibility to object and request removal

Cookies are stored on users’ computers and transmitted from there to our website. You as a user therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to make full use of all the functions of the website.

IV. Rights of the data subject

If your personal data are processed, you are affected within the meaning of the GDPR and you have the following rights with respect to the data controller:

1. Right to information

You may ask the data controller to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you may request the following information from the data controller:

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. Right to correction

If the processed personal data concerning you are incorrect or incomplete, you have a right to correction and/or completion with respect to the data controller. The data controller shall make the correction without delay.

3. Right to restrict processing

You may request that the processing of personal data concerning you be restricted if:

If the processing of personal data concerning you has been restricted, such data may only be processed — apart from being stored — with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person, or on grounds of an important public interest of the European Union or a member state.

If the processing has been restricted according to the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You may request that the data controller erase the personal data concerning you without delay and the data controller is obliged to promptly erase these data if one of the following applies:

b) Information to third parties

If the data controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the data controller shall, while taking into account the available technology and implementation costs, take appropriate measures including those of a technical nature to inform the data processors who process the personal data that you as the data subject have requested erasure of all links to this personal data or of copies or replications of this personal data.

c) Exceptions to the erasure obligation

The right to erasure does not exist if the processing is necessary

5. Right to information

If you have exercised your right to have the data controller correct, erase or limit processing, the data controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction, erasure or restriction on processing of the data, unless this proves impossible or requires excessive effort.

You have the right with respect to the data controller to be informed of such recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to pass this data on to another data controller without being obstructed by the data controller to whom the personal data was given, provided that

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, if this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you, unless the data controller can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. Revocation of consent shall not affect the legality of the processing carried out on the basis of the consent prior to revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing — including profiling — that has legal effect against you or that significantly impacts you in a similar manner. This does not apply if the decision

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in points (1) and (3) above, the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at minimum the right to obtain human intervention on the part of the controller, to state your own position and to challenge the decision.

10. Right of appeal to a supervisory authority

Irrespective of any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the member state where you reside or work, or where the infringement is suspected, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The responsible supervisory authority in North Rhine-Westphalia is: State Data Protection and Freedom of Information Officer for North Rhine-Westphalia, Kavalleriestr. 2 – 4, 40213 Düsseldorf, Germany.

11. Other

Please contact us to assert the above rights (see contact information at the end of the data protection notice). Enquiries submitted to us electronically will generally be answered electronically, unless you have specified otherwise in your enquiry.

V. External links

Our website may contain links to third party sites. If this is not clearly identifiable in any particular case, we point out to you that the link is to an external site. We have no influence over the content and design of the pages of external providers. This data protection notice is therefore not applicable to those sites.

VI. Changes to this data protection notice

The constant development of the Internet and the changes in applicable legal standards that often result from that occasionally make it necessary to adapt our data protection notice. We will inform you here when there are any changes of this kind.

VII. Responsible body

The data controller within the meaning of the GDPR and other national data protection laws of the EU Member States and other data protection regulations is:

Nordeck Holding GmbH & Co. KG
Königsbrügge 8
33604 Bielefeld, Germany
Tel.: +49 521 58 32 85 11
E-mail: info@vonnordeck-holding.com
Website: www.vonnordeck-holding.com

You can find our complete legal notice here:
http://www.vonnordeck-holding.com/de/impressum.html

Last updated: May 2018