Last modified: May 24th, 2018
This privacy statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as the “data”) within our online service and its associated websites, features and contents as well as external online presence such as our social media profile (hereinafter referred to jointly as the “online service”). With regard to the terminology used, such as “personal data” or their “processing”, we refer to the definitions set out in Art. 4 of the General Data Protection Regulation (GDPR).
Person in charge:
Lotzer & Mühlenbruch GmbH
Diepholzer Str. 5
Postcode, town, country:
27751, Delmenhorst, Deutschland
Data protection officer:
Diepholzer Str. 5
Postcode, town, country:
27751, Delmenhorst, Deutschland
Nature of the data to be processed:
Inventory data (e.g., names, addresses).
Contact details (e.g., email, phone numbers).
Contractual data (e.g., contractual object, duration, customer category).
Payment details (e.g., bank details, payment history).
Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9 Para. 1 of the GDPR):
- There is no processing of special categories of data.
Categories of persons affected by the processing:
customers / prospects / suppliers
visitors to and users of the online service
Purpose of the processing:
Provision of contractual performance, services and customer care.
Replying to contact enquiries and communication with users.
1. Relevant legal bases
In accordance with Art. 13 of the GDPR, we inform you of the legal bases for our data processing. If the legal basis is not mentioned in the privacy statement, the following shall apply: the legal basis for the obtaining of consent is Art. 6 Para. 1 lit. a and Art. 7 of the GDPR, the legal basis for processing in the performance of our services and execution of contractual measures as well as for replying to enquiries is Art. 6 Para. 1 lit. b of the GDPR, the legal basis for processing in the performance of our legal obligations is Art. 6 Para. 1 lit. c of the GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f of the GDPR. In the event that the vital interests of the person concerned or any natural person require the processing of personal data, the legal basis used is Art. 6 Para. 1 lit. d of the GDPR.
2. Changes and updates to the privacy statement
We recommend you check regularly on the contents of our privacy statement. We adjust the privacy statement as soon as changes to the data processing we perform require it. We will inform you as soon as the changes require your collaboration (e.g. consent) or another individual notification.
3. Safety measures
3.1. In accordance with Art. 32 of the GDPR and taking into account the latest technology, the implementation costs and the type, scope and purpose of the processing as well as the various probability of occurrence and severity of the risks for the rights and freedom of natural persons, we take appropriate technical and organisational measures in order to ensure a level of protection adapted to the risk; these measures include in particular the protection of the confidentiality, integrity and availability of the data by controlling the physical access to the data, as well as their digital access, entry, transfer, ensured availability and separation. Furthermore, we have put procedures in place to ensure the exercise of the rights of the persons concerned, data deletion and response to data threats. We also take into account the protection of personal data at the time of development or selection of the hardware, software and processes in accordance with the principle of data protection using technology development and privacy by default settings (Art. 25 of the GDPR).
3.2. The safety measures include in particular the encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit data to them or otherwise grant them access to the data, this occurs only on the basis of a legal authorisation you have granted (e.g. if for the execution of the contract, it is necessary to transmit the data to third parties, such as to a payment service provider, in accordance with Art. 6 Para. 1 lit. b of the GDPR), or on the basis of a legal obligation or our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “order processing contract”, this occurs on the basis of Art. 28 of the GDPR.
5. Transmissions to third countries
If we process the data in a third country (i.e. outside the European Union (EU) or outside the European Economic Area (EEA)) or this occurs as part of the use of the services of a third party or disclosure, or transmission of data to a third party, this happens only if it is for the fulfilment of our (pre)contractual obligations , on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we process, or have the data processed, in a third country only if the special provisions of Art. 44 et seq. of the GDPR are met. That means that the processing occurs on the basis of special guarantees, such as the officially recognised assessment of data protection level corresponding to that of the EU (e.g. for the USA though the “Privacy Shield”) or compliance with officially recognised contractual obligations (so-called “standard contractual clause”).
6. Rights of the persons concerned
6.1. You have the right to request confirmation concerning the processing of the data in question and to ask for information about this data as well as other information and a copy of the data in accordance with Art. 15 of the GDPR.
6.2. In accordance with Art. 16 of the GDPR, you have the right to request the completion of the data that concern you or the correction of incorrect data that concern you.
6.3. In accordance with Art. 17 of the GDPR, you have the right to request that the data concerning you be immediately deleted, or alternatively in accordance with Art. 18 of the GDPR, you may ask for the restriction of the data processing.
6.4. You have the right to request that the data concerning you that you have provided us with be received in accordance with Art. 20 of the GDPR and be transmitted to other responsible persons.
6.5. Furthermore, in accordance with Art. 77 of the GDPR, you also have the right to file a complaint with the competent supervisory authority.
7. Right of revocation
In accordance with Art. 7 Para. 3 of the GDPR, you have the right to revoke any consent you may have given with future effect.
8. Right of objection
You can object at any time the future processing of the data concerning you, in accordance with Art. 21 of the GDPR. The objection can apply in particular in case of processing for direct marketing purposes.
9. Cookies and right of objection to direct marketing
We set temporary and permanent cookies, i.e. small files that are stored on the devices of the user (explanation of term and function, see last section of this privacy statement). Some of the cookies are used for safety or are needed to operate our online service (e.g. for the presentation of the website) or to save user decision when confirming the cookie banner. Additionally, we, or our technology partner, set cookies for audience measurement and marketing purposes, which will be notified to the user as part of the privacy statement.
10. Deletion of data
10.1. The data processed by us are deleted or restricted in their processing in accordance with Art. 17 and 18 of the GDPR. Unless expressly stated in this privacy statement, the data saved by us will be deleted as soon as it is no longer required for its intended purpose and its deletion is not prevented by any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. That means that the data will be locked and not processed for other purposes. This applies for data that must be kept for commercial or tax reasons.
10.2. In keeping with the legal requirements, the storage period is 6 years in accordance with § 257 Para. 1 of the German Commercial Code (trading books, inventories, opening balances, annual accounts, commercial letters, accounting documents, etc.) and 10 years according to § 147 Para. 1 of the Fiscal Code (books, records, status reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
11. Provision of contractual services
11.1. We process inventory data (e.g., names and addresses as well as contact details of users), contractual data (e.g., in connection with services received, names of contact persons, payment information) to execute our contractual obligations and perform our services in accordance with Art. 6 Para. 1 lit b. of the GDPR. The entries marked as compulsory on the online form are required for the conclusion of the contract.
11.2. As part of the registration and renewed application, as well as the use of our online service, we store the IP address and time of the respective user action. Storage occurs on the basis of our legitimate interests as well as to protect the user against misuse and other unauthorised use. This data will not be transmitted to third parties, unless it is required in the pursuance of our claims or it is subject to a statutory obligation in accordance with Art. 6 Para. 1 lit. c of the GDPR.
11.3. Deletion occurs after expiry of the statutory warranty obligations and comparable obligations, the necessity to store data will be reviewed every three years; in the event of statutory archiving obligations, deletion will occur after their expiry (end of the statutory commercial (6 years) and fiscal (10 years) retention obligation); information remains in the customer account until its deletion.
12.1. When contacting us (using the contact form or by email), the user’s data will be processed for addressing the contact request and settle it in accordance with Art. 6 Para. 1 lit. b) of the GDPR.
13. Collection of access data and log files
13.1. On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. of the GDPR, we collect data about every access to the server, on which this service is located (so-called server log files). The access data includes the name of the website clicked, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, operating system of the user, referrer URL (page visited previously), IP address and the requesting provider.
13.2. For security reasons (e.g. to investigate misuse or fraudulent action), log file information will be stored for a maximum of seven days before being deleted. The data whose further storage is required for evidence purposes is excluded from deletion until final clarification of the incident in question.
14. Online presence on social media
14.1. On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. of the GDPR, we maintain an online presence on social networks and platforms in order to communicate with customers, prospects and users that are active there, and in order to be able to inform them of our services that way. The terms and conditions as well as the data handling guidelines of the operators of the respective networks and platforms called into apply.
14.2. Unless otherwise stated in our privacy statement, we process user data if the data has been communicated to us on social networks and platforms, e.g. making contributions to our online presence or sending us messages.
15. Cookies & audience measurement
15.1. Cookies are information that is transmitted from our web server or third-party web server to the web browser of the user, and it is stored there for later retrieval. Cookies can be small files or other types of information storage.
15.2. We use “session cookies” that are stored only for the duration of the actual visit on our online presence (e.g. in order to enable the storage of your login status or the shopping cart feature, and as such mainly the use of our online service). A randomly produced unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains some information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our online service and have logged out or closed the browser.
15.3. If users do not wish for cookies to be stored on their computer, they are given the option to deactivate them in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies may lead to some restrictions in the features of this online service.
© 2018 Lotzer & Mühlenbruch GmbH