Data protection declaration according to DSGVO

Status: 31.05.2023

I. Name and Address of the Responsible Party and the Sphere of Applicability

This Data Protection Declaration shall clarify users regarding the type, the scope and the purposes of the collection and usage of personal data by the responsible provider. The legal foundation for the data protection can be found in the EU General Data Protection Regulation (EU-GDPR).

The responsible party in accordance with the General Data Protection Regulation and other national data protection laws of the member countries as well as other provisions under data protection law shall be:

Jungmann Systemtechnik [System Technology] GmbH & Co. KG

Bahnhofstr. 48/50
21614 Buxtehude
Germany

Tel.: +49 4161 540440
E-Mail: info@jungmann.de
Website: www.jungmann.de

II. Name and Address of the Data Protection Officer

The responsible party’s Data Protection Officer shall be:

Protekto Data Fuse GmbH
Mr. Kent Schwirz

Wendenstr. 279
20537 Hamburg
Germany

E-Mail: datenschutz@protekto.group
Website: protekto.group

III. General Information regarding Data Processing

1. Definition of “Personal Data” in Accordance with the EU-GDPR

Data shall be considered to be personal only if they refer to an identified (specific) or identifiable (specifiable) natural person.

A person shall be considered to be “identified” if the data are directly associated with the affected person or if such a correlation can be directly created. Examples of a specific person: “Mr. Schmidt works at Company XY” or “The IT Director at Company XY has his birthday on 22/3”.
Alternatively, it suffices if the affected person is at least “identifiable”. In this context, it is indeed not immediately obvious to whom the data refer, but the person can be identified by using supplemental information.

Example of an identifiable person: “The employee with personnel No. 1234 has accumulated ten hours of overtime in the last month”. At least for the employees of the personnel division, it is possible to assign the personnel number and thus the entire statement to a concrete person.

Supplemental Information:

The critical question is then namely whether one oneself must possess the supplemental information in order to identify a person or whether it suffices if someone else has it. The European Court of Justice has stated for clarification purposes: A piece of data (a singular piece of data) shall be considered to be personal if an office “possesses the legal means which permit [it] to identify the affected person based upon the supplemental information […]” (EuGH [European Court of Justice], Ruling of 19/10/2016, Rs. [Legal Case] C-582/14, Rn. [Paragraph] 49). The “legal means” shall also be considered to exist if one can commission third parties and they are legally compelled to disclose information regarding identity (BGH, Ruling of 16/05/2017, Az. [File No.] VI ZR 135/13).

Thus, a personal correlation shall only then be considered to not exist if the identification of the affected person is practically not implementable or banned by law.

Example: IP addresses

The issue regarding supplemental information had been ruled on based upon IP addresses by the European Court of Justice and the German Supreme Court.

For the telecommunications provider, the IP address which it assigns to an Internet user (customer) shall constitute a piece of personal data. It possesses the actual possibility of creating a correlation between the IP address and the user’s name.
For a website operator, the IP address entails a personal correlation because it can use either its own supplemental knowledge (e.g. if a website user uses the Contact Form and enters personal data there) or because it possesses the legal possibilities of requesting the disclosure of such information from the telecommunications provider. This is in principle always the case, in the German Supreme Court’s opinion, because it can contact the competent government agency, for example, in the case of cyberattacks. Thus, it always possesses the legal possibility of being able to identify the user. For this reason, the IP address constitutes a piece of personal data for a website operator.

2. Scope of the Processing of Personal Data

We shall process the personal data of our website users in principle only insofar as this is required in order to provide a functional website as well as our content and services. The processing of personal data shall be done upon a regular basis only subject to the affected party’s consent. An exception shall be made in such cases in which the prior obtaining of consent is not possible owing to actual reasons and/or the processing of the data is permitted by the statutory directives.

3. Legal Basis for the Processing of Personal Data

Insofar as we obtain consent from the affected person for processing procedures for personal data, Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) shall serve as the legal basis.

During the processing of personal data which is required for the fulfilment of an agreement whose contractual party is the affected person, Art. 6 Para. 1 lit. b GDPR shall serve as the legal basis. This shall also be valid for processing procedures which are required for the implementation of pre-contractual measures.

Insofar as a processing of personal data is required in order to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR shall serve as the legal basis.

For the case that vital interests of the affected person or of another natural person make a processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR shall serve as the legal basis.

Is the processing is required in order to safeguard an entitled interest of our company or of a third party and the interests, basic rights and fundamental freedoms of the affected party do not outweigh the aforementioned interest, then Art. 6 Para. 1 lit. f GDPR shall serve as the legal basis for the processing.

4. Data Deletion and Storage Timeframe

The personal data of the affected person shall be deleted or blocked as soon as the purpose for the storage ceases to be valid. Moreover, storage may be undertaken if this has been prescribed by the European or national lawmakers in EU directives, laws or any other guidelines to which the responsible party is subject. A blocking or deletion of the data shall also then be undertaken if a storage timeframe prescribed by the aforementioned norms lapses unless the continued storage of the data is required for a conclusion or a fulfilment of a contractual agreement.

IV. Supplying the Website and Creating Log Files

1. Description and Scope of the Data Processing

During every visit to our Internet site, our system shall automatically collect data and information from the computer system of the accessing computer.

The following data shall be collected in this regard:

Information regarding the browser type and the version being used
The user’s operating system
The user’s Internet Service Provider
The user’s IP address
Date and time of day of the access
Websites from which the user’s system reaches our Internet site
Websites which are accessed by the user’s system via our website

The data shall likewise be stored in our web hoster’s log files. No storage of these data with other personal data from the user shall be undertaken.

The hosting services which we use shall serve to provide the following services: Infrastructure and platform services, computing capacity, memory and database services, security services as well as technical maintenance services which we use in order to operate this website.

We have concluded a Contracted Data Processing Agreement in accordance with EU GDPR § 28 with our webhoster (1und1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany).

2. Legal Basis for the Data Processing

The legal basis for the temporary storage of the data and the log files shall be Art. 6 Para. 1 lit. f GDPR.

3. Purpose of the Data Processing

The temporary storage of the IP address by the system shall be required in order to enable a supplying of the website to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session.

The storage in log files is undertaken in order to ensure the website’s functionality. In addition, the data serve us in order to optimise the website and ensure the security of the information technology systems. No evaluation of the data is undertaken for marketing purposes in this context.

In these purposes also lies our entitled interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR.

4. Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose for their collection. In the case that the data are collected in order to supply the website, this shall be the case when the respective session has ended.

In the case that the data are stored in log files, this is the latest after 31 days. A more extensive storage shall be possible. In this case, the users’ addresses shall be deleted or distorted so that an assignment to the accessing client is no longer possible.

5. Rights to Object and Demand Deletion

The collection of the data is mandatorily required in order to supply the website and the storage of the data in log files is likewise mandatorily required in order to operate the Internet site. Consequently, the user has no right to object in this regard.

V. Usage of Cookies

1. Description and Scope of the Data Processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser and/or by the Internet browser on the user’s computer system. If a user visits a website, then a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters which enables a clear identification of the browser during the next visit to the website.

We use cookies in order to design our website to be user-friendlier. Some elements of our Internet site require that the accessing browser also be able to be identified after moving between webpages.

The following data, for example, as stored and transmitted in the cookies:

Language/country settings
Log-in information
Identification of the display medium being used (PC, Smartphone, and the like) for correct displaying

Moreover, we use cookies which enable an analysis of the users’ surfing behaviour on our website.

In this manner, for example, the following data can be transmitted:

Inputting search terms and their frequency
Frequency of page visits
Utilisation of website functions and their frequency

The users’ data which are collected in this manner are pseudonymised by means of technical preventative measure. Thus, an assignment of the data to the accessing user is no longer possible. The data are not stored together with any other personal data of the users.

When visiting our website, the users are notified via an info-banner of the usage of cookies for analytical purposes and reference is also made to this Data Protection Declaration.

2. Legal Basis for the Data Processing

The legal basis for the processing of personal data while using technically-required cookies shall be Art. 6 Para. 1 lit. f GDPR.

If the user has granted his consent in this regard, the legal basis for the continued processing of personal data while using cookies shall be Art. 6 Para. 1 lit. a GDPR.

3. Purpose of the Data Processing

The purpose of the usage of technically-required cookies shall be namely to simplify the usage of websites for the users. Some functions of our Internet site cannot be offered without the usage of cookies. For them, it is required that the browser also be recognised after moving between pages.

We require cookies, for example, for the following applications:

Integration of language settings
Recording search terms
Saving log-in data

The user data collected via the technically-required cookies shall not be used in order to create user profiles.

The usage of analytical cookies is undertaken for the purpose of improving the quality of our website and its contents. Through the analytical cookies, we find out how the website is being used and can thus be constantly optimising our website. In these purposes also lies our entitled interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR.

4. Duration of the Storage, Rights to Object and Delete

Cookies are stored on the user’s computer and transmitted from his computer to our website. Thus, as the user, you also have full control over the duration of the storage and usage of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Any cookies already stored can be deleted at any time. This can also be done in automated fashion. If cookies have been deactivated for our website, then it may be possibly the case that all functions of the website may not be able to be used anymore in their full scope.

VI. Newsletter

1. Description and Scope of the Data Processing

On our Internet site, the option exists of subscribing to a free-of-charge newsletter. In this context, during the registration for the newsletter, the data from the input mask is transmitted to us.

Form of address
Forename
Surname
Email address
Company

In addition, the following data are collected during the registration:

IP address of the accessing computer
Date and time of day of the registration

For the processing of the data, during the registration process, your consent shall be obtained and reference shall be made to this Data Protection Declaration.

If you purchase goods or services from us and save your e-mail address when so doing, it can subsequently be used by us for the sending of a newsletter. In such a case, via the newsletter, exclusively direct advertising shall be sent for our own similar goods or services.

The newsletter shall be drafted and sent by our mailing service provider (dskom GmbH, Reginhardtstr. 34, 13409 Berlin, Germany). In order to do this, the aforementioned data shall be transmitted to our business partner and stored there. A Contracted Data Processing Agreement has been concluded with our business partner in accordance with EU GDPR § 28.

No further dissemination of data to third parties shall be undertaken in conjunction with the data processing for the sending of newsletters. The data shall be used exclusively for the sending and follow-up controlling of the newsletter.

2. Legal Basis for the Data Processing

The legal basis for the processing of data after the user’s registration for the newsletter with the user´s consent is Art. 6 Para. 1 lit. a GDPR.

The legal basis for the sending of the newsletter owing to the sale of goods or services shall be § 7 Para. 3 German Fair Trade Practices Act.

Otherwise, the legal basis shall be Art. 6 Para. 1 lit. f GDPR for the purpose of direct advertising.

3. Purpose of the Data Processing

The collection of the user’s e-mail address shall serve the purpose of sending the newsletter.

The collection of any other personal data during the registration process shall serve the purpose of preventing misuse of the services or the e-mail address being used.

4. Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose for their collection. The user’s e-mail address shall therefore be stored as long as the subscription to the newsletter is active.

As a rule, the other personal data collected during the registration process shall be deleted after a timeframe of 31 days.

5. Rights to Object and Delete

The subscription to the newsletter may be terminated at any time by the affected user. A corresponding link shall be provided in each newsletter for this purpose.

VII. Registrations

Currently, on our website, there is no offer for registration or account usage.

VIII Contact Form and E-Mail Contact

1. Description and Scope of the Data Processing

On our Internet site, a Contact Form has been provided which can be used for making contact electronically. If a user utilises this option, then the personal data entered into the input mask shall be transmitted to us and stored.

These data are:

Company
E-mail address
Forename
Surname
Division/Position
Website
Street/house no.
Postal code
City
State/country
Telephone no.
Selection of interests in the product portfolio
Description/message to us

At the time that the form’s data are submitted, the following data shall also be stored:

The user’s IP address
Date and time of day of the registration

For the processing of the data during the sending processing, your consent shall be obtained and reference shall be made to this Data Protection Declaration.

Alternatively, it is possible to make contact and communicate with us via our e-mail addresses that have been provided. In this case, the sender’s personal data transmitted with the e-mail shall also be stored.

Your data shall be stored in our CRM/ERP system. This encompasses a cloud-based software so that the data can be processed and stored on the provider’s premises. A Contracted Data Processing Agreement has been concluded with the provider (weclapp GmbH, Frauenbergstraße 31 – 33, 35039 Marburg, Germany) in accordance with EU GDPR § 28.

In this context, no further dissemination of data shall be undertaken to third parties. The data shall be used exclusively for the processing of the conversation.

2. Legal Basis for the Data Processing

If the user has granted his consent in this regard, the legal basis for the processing of data shall be Art. 6 Para. 1 lit. a GDPR.

The legal basis for the processing of the data that are transmitted during the sending of an e-mail shall be Art. 6 Para. 1 lit. f GDPR. If the e-mail contact is intended for the conclusion of an agreement, then the supplemental legal basis for the processing shall be Art. 6 Para. 1 lit. b GDPR.

3. Purpose of the Data Processing

The processing of the personal data from the input mask shall enable us to process the enquiry and any resulting additional tasks. In the case that contact is initiated via e-mail, herein also lies the required entitled interest in the processing of data.

The other personal data processed during the sending process shall serve the purpose of preventing misuse of the Contact Form and ensuring the security of our information technology systems.

4. Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose for their collection. For the personal data from the input mask of the Contact Form and those data which have been sent via e-mail, this shall then be the case when the respective conversation with the user has ended or all follow-up tasks have been completed. The conversation shall be considered to have then ended when it can be inferred based upon the circumstances that the affected issue has been definitively clarified. If the initiation of contact should result in the conclusion of contractual agreements with us or the documents from the follow-up tasks are subject to statutorily-prescribed retention timeframes, the data shall be stored in accordance with the statutorily-prescribed retention timeframes.

The personal data also collected during the sending process shall be deleted by no later than a timeframe of 31 days.

5. Rights to Object and Delete

The user shall have the right at any time to revoke his consent for the processing of the personal data. If the user contacts us via e-mail, then he may at any time object to the storage of his personal data. In such a case, the conversation may not be continued.

All personal data that have been stored for the initiation of contact shall be deleted in this case.

IX. Third-Party Web Analysis and Services

Facebook, Google+, Google Conversion, Google AdServices, Twitter, YouTube, Xing

1. Description and Scope of the Data Processing

“social plug-ins” and/or plug-ins from Internet service providers (third parties) are used on our website. This shall be as follows:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany

In this context, the service provider’s server creates a direct connection with your browser.

Thus, the service provider receives, among other things, the notification that you have visited our website together with your IP address and/or device identifier. This occurs regardless of whether you are currently logged-in or even registered at all with this service provider. Insofar as you are logged-in at the same time with the respective service provider, this page visit of yours shall automatically be assigned to your profile. Moreover, whenever you press the respective “social plug-in” buttons (e.g. Facebook like button) and, for example, recommend/share articles and content, the respective service provider can assign this information to your profile.

The plug-ins are recognisable based upon their respective logos:

Facebook: A white “f” on a blue tile, the phrases “like”, “I like that” or a “thumbs-up” sign. The list and the visual appearance of the Facebook plug-ins can be viewed here: https://developers.facebook.com/docs/plugins/.
Google: The symbol “G+” on a coloured background, a stylised map (Google Maps)
Twitter: A stylised blue bird.
YouTube: The lettering “YouTube” on one line and/or two lines or the “play button” symbol.
Xing: The lettering “Xing” or a stylised “X”

We would like to notify you and/or inform you, based upon the extent of our knowledge, that the data collected in conjunction with the plug-ins are exchanged exclusively between your browser and the service provider. We have no knowledge whatsoever of the content of the collected and transmitted data. Before this backdrop, we recommend that you read the respectively-current Data Protection Guidelines of the below-mentioned operators.

Facebook: https://www.facebook.com/policy.php
Google+: https://policies.google.com/privacy?hl=de
Twitter: https://help.twitter.com/de/rules-and-policies/update-privacy-policy
YouTube (Google): https://policies.google.com/privacy?hl=de&gl=de
Xing: https://privacy.xing.com/de/datenschutzerklaerung

2. Legal Basis for the Data Processing

For the processing of the data when visiting pages of our website, your consent shall be obtained via an info-banner and reference shall be made to this Data Protection Declaration.

If the user has granted his consent in this regard, the legal basis for the processing of personal data while using “social plug-ins” and/or plug-ins shall be Art. 6 Para. 1 lit. a GDPR.

The usage of third-party services shall be undertaken in the interest of attaining an appealing displaying of our online website and the optimisation of our marketing activities. This shall constitute an entitled interest in accordance with Art. 6 Para. 1 lit. f GDPR.

3. Legal Basis for the Data Processing

Purpose of the Data Processing

We use the various plug-ins in order to

a) display the advertisements which we insert on the Internet Service Providers’ platforms only to such users which have also shown an interest in our product and service portfolio or which, for example, display an interest in receiving information regarding specific products and themes which we send to the respective service providers.

b) track the users’ actions after they have seen or clicked on an advertisement. Thus, we can determine the effectiveness of our advertisements for statistical and market research purposes.

c) enable the integration of maps and geo-data.

d) enable the integration of videos.

4. Duration of the Storage

Because the data collected in connection with the plugins is exchanged exclusively between your browser and the service provider, we have no knowledge about the duration of the storage of the collected and transferred data. Before this backdrop, we recommend that you read the respectively-current Data Protection Guidelines of the below-mentioned operators.

Facebook: https://www.facebook.com/policy.php
Google+: https://policies.google.com/privacy?hl=de
Twitter: https://help.twitter.com/de/rules-and-policies/update-privacy-policy
YouTube (Google): https://policies.google.com/privacy?hl=de&gl=de
Xing: https://privacy.xing.com/de/datenschutzerklaerung

5. Rights to Object and Delete

Via info-banners, your consent shall be obtained and reference shall be made to this Data Protection Declaration. In this context, a “reject” button shall likewise be offered via which the plug-ins can be deactivated.

If a user is registered on a platform of one of the aforementioned service providers and would not like that the respective service provider collect data about him via our website and link them to his stored member’s data, before visiting the Internet site, he must log out of the service provider. Any additional settings and objections to the usage of data for advertising purposes shall be possible within the profile settings of the respective service providers.

Google Web Fonts

Our website uses only a uniform displaying of fonts, so-called Web Fonts, which are provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When visiting our site, your browser loads the required Web Fonts into your browser cache in order to correctly display texts and fonts.

These fonts are loaded from our web server. There is no connection to the Google server. Google Web Fonts are used in the interest of a uniform and appealing displaying of our online website. This constitutes an entitled interest in accordance with Art. 6 Para. 1 lit. f GDPR.

Because the data collected in connection with this function is exchanged exclusively between your browser and the service provider, we have no knowledge of the duration of the storage of the data collected and transferred. In light of this, we recommend that you read the current data protection notices of the operators listed below. Here is the link to it: https://www.google.com/intl/de/policies/privacy/.

If your browser does not support Web Fonts, then a standard font shall be used by your computer.

For the processing of the data, your consent will be obtained when you visit our website via an information banner and you will be referred to this data protection declaration. In this context, a “Reject” button is also offered, via which this function can be deactivated.

Google Maps

1. Description and Scope of the Data Processing

The Google Maps API service is used on our website. The service provider is:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

We use this service primarily in order to realise the function of the reference search by postal code and/or location on our reference page. In order to do this, upon confirming the search entry, the service provider’s server creates a direct connection to your browser. Thus, the service provider receives, among other things, the notification that you have visited our website together with your IP address and/or device identifier.

The service provider is recognisable from the logo:

Google Maps: A stylised map

We have no knowledge whatsoever of the content of the data that are collected and transmitted. Before this backdrop, we recommend that you read the respectively-current Data Protection Guidelines of the below-mentioned operators.

Google: https://policies.google.com/privacy?hl=de

2. Legal Basis for the Data Processing

For the processing of the data during the visit to one of the pages of our website your consent shall be obtained via an info-banner and reference shall be made to this Data Protection Declaration.

If the user’s consent has been obtained in this regard, the legal basis for the processing of personal data shall be Art. 6 Para. 1 lit. a GDPR.

The usage of third-party services shall be undertaken in the interest of attaining an appealing displaying of our website and the optimisation of our marketing activities. This shall constitute an entitled interest in accordance with Art. 6 Para. 1 lit. f GDPR.

By confirming the search entry on the webpage, a mandatory processing of data shall be undertaken. This shall be legal in accordance with Art. 95 GDPR and/or Art. 5 Guideline 2002/58/EC.

3. Purpose of the Data Processing

We use the function in order to enable the integration of maps and geo-data.

4. Duration of the Storage

Because the data collected in conjunction with Google Maps are exchanged exclusively between your browser and the service provider, we have no knowledge whatsoever of the duration of the storage of the data which are collected and transmitted. Before this backdrop, we recommend that you read the respectively-current Data Protection Guidelines of the below-mentioned operators.

Google: https://policies.google.com/privacy?hl=de

5. Rights to Object and Delete

For the processing of the data during the visit to one of the webpages of our website you consent shall be obtained via an info-banner and reference shall be made to this Data Protection Declaration.

Whenever a user uses the search function on our reference page, the processing of data shall be mandatorily required. Thus, no right to object exists in this regard. If no transmission of personal data to third-party providers is desired, the user of our website may not use the search function.

Google Analytics

Our website uses Google Analytics, a web analytical service from (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Google Analytics uses so-called “cookies” – text files which are stored on the users’ computer and which enable an analysis of their usage of the website. As a rule, the information generated by the cookie with the usage of this website by the users shall be transmitted to a Google server in the USA and stored there.

In the case that IP anonymisation has been activated on this website, the users’ IP address shall nonetheless be shortened beforehand by Google within the member countries of the European Union or in other contracting states to the European Economic Area Convention. Only in exceptional cases shall the full IP address be transmitted to a Google server in the USA and shortened there. The IP anonymisation has been contractually agreed. Google shall use this information in order to evaluate the usage of the website by the users, in order to compile reports regarding the website activities and in order to render additional services associated with the usage of the website and the Internet for us.

This shall constitute our entitled interest in accordance with Art. 6 Para. 1 lit. f GDPR. The IP address transmitted by your browser for Google Analytics shall not be commingled with other data by Google.

The users may prevent the storage of cookies by changing the corresponding settings on their browser software; however, we wish to point out that, in this case, you may not be able to use all functions of this website in their full scope.

Moreover, the users may prevent the collection of the data (including your IP address) which are generated by the cookie and which refer to your usage of the website from being sent to Google as well as the processing of these data by Google by downloading and installing the browser plug-in that is available by clicking on the following link:

https://tools.google.com/dlpage/gaoptout?hl=de .

Alternatively to the browser add-on or within browsers on mobile devices, please click on this link in order to prevent the data collection by Google Analytics within this website in the future. In so doing, an opt-out cookie shall be stored on your device. If you delete your cookies, you will need to click this link again.

Call Center / Secretarial Service Providers

In order to support our services, we cooperate with service providers. A Contracted Data Processing Agreement has been concluded with these service providers in accordance with EU-GDPR § 28. If our employees cannot be reached by telephone temporarily, then the telephone call shall be forwarded to the TELiAS Business Center GmbH Company, Hohenstaufenring 62, 50674 Cologne. They shall record the caller and/or call-back data for us. In so doing, the company name, name, telephone number and, where applicable, an e-mail address shall be recorded.

Even in the case of the “no answer” and/or if a message is left, a notification shall be sent to JST in which the caller’s telephone number is transmitted. The legal basis for this shall be Art. 6 Para. 1 lit. f GDPR. If the aforementioned data are requested, the disclosure of these data shall be undertaken voluntarily and of your own free will. Thus, the legal basis shall be Art. 6 Para. 1 lit. a GDPR.

We use these services in order to increase our ability to be contacted for customers and prospective customers. Therein lies our entitled interest.

The duration of the data storage shall be subject to the Contracted Data Processing Agreement and the obligations that the service provider owes us in order to document the fulfilment of the agreed tasks.

All personal data which have been stored during the initiation of contact shall be deleted in this case.

Ticket Feedback / Secretarial Service Providers

In order to support our services, we cooperate with service providers. A Contracted Data Processing Agreement has been concluded with these service providers in accordance with EU-GDPR § 28. In order to ensure the satisfaction with our services to prevent complaints, the effektivOFFICE Company, Finkenweg 10, 32699 Extertal calls our customers on our behalf. Thus, this company can see the following data: Company name, forename, surname, telephone number, e-mail address and address in our contact database. However, any other data are not available.

The legal basis for this shall be Art. 6 Para. 1 lit. f GDPR.

We use these services in order to be able to control our service quality and to constantly optimise it. Therein lies our entitled interest.

The duration of the data usage shall be limited to the time for the realisation of the respective initiation of contact and/or to the duration of the viewing in our contact database.

The user shall have the right at any time to revoke his consent for the processing of personal data. If the user contacts us via e-mail, then he may at any time object to the storage of his personal data.

All personal data which have been stored for the initiation of contact shall be deleted in this case.

X. Rights of the Affected Person

If your personal data are processed, then you shall be considered to be the affected person in accordance with the GDPR and you shall have the following rights vis-à-vis the responsible party:

1. Right to Information

You may demand that the responsible party confirm whether your personal data are being processed by us.

If such processing has been done, you may demand that the responsible party provide the following information:

(1) the purposes for which the personal data are being processed;
(2) the categories of personal data which are being processed;
(3) the recipients and/or the categories of recipients to whom your personal data have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if it is not possible to provide concrete information in this regard, the criteria for the determination of the storage timeframe;
(5) the valid existence of a right to the correction or deletion of your personal data, a right to the restriction of the processing by the responsible party or a right to object to this processing;
(6) the valid existence of a right to object to a government supervisory agency;
(7) all available information regarding the origin of the data if the personal data have not been collected from the affected person;
(8) You shall be entitled to demand information regarding whether your personal data have been transmitted to a non-EU country or to an international organisation. In this context, you can demand to be informed about the appropriate guarantees pursuant to Article 46 GDPR in connection with the transmission.

2. Right to Correction

You shall have a right to the correction and/or completion of your personal data vis-à-vis the responsible party insofar as your personal data that have been processed are incorrect or incomplete. The responsible party must promptly make the correction.

3. Right to the Restriction of the Processing

Subject to the following prerequisites, you may demand the restriction of the processing of your personal data:

(1) If you dispute the correctness of your personal data for a timeframe which enables the responsible party to verify the correctness of the personal data.
(2) The processing is illegal and you reject the deletion of the personal data and instead demand the restriction of the usage of the personal data.
(3) The responsible party no longer needs the personal data for the purposes of the processing, but you nonetheless require them for the assertion, exercising or warding-off of legal claims.
(4) You have lodged an objection to the processing in accordance with Art. 21 Para. 1 GDPR and it and it is not yet clear whether the justified reasons of the Responsible Party outweigh your reasons.

If the processing of your personal data has been restricted, these data may – apart from their storage – only be processed subject to your consent or in order to assert, exercise or ward off legal claims or in order to safeguard the rights of any other natural or juridical person or for reasons of an important public interest of the European Union or of a member country.

If the restriction of the processing has been limited in accordance with the aforementioned pre-requisites, you shall be notified of this by the responsible party before the restriction is lifted.

4. Right to Deletion

a) Obligation to Delete
You may demand that the responsible party promptly delete your personal data and the responsible party shall be obliged to promptly delete these data insofar as one of the following reasons applies:

(1) Your personal data are no longer required for the purposes for which they have been collected or otherwise processed.
(2) You revoke your consent upon which the processing was supported in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and no other legal basis exists for the processing.
(3) You lodge an objection to the processing in accordance with Art. 21 Para. 1 GDPR and no prevailing justified reasons exist for the processing or you lodge an objection to the processing in accordance with Art. 21 Para. 2 GDPR.
(4) Your personal data have been illegally processed.
(5) The deletion of your personal data is required in order to fulfil a legal obligation in accordance with EU law or the law of the member countries to which the responsible party is subject.
(6) Your personal data have been collected with regards to the Information Society services offered in accordance with Art. 8 Para. 1 GDPR.

b) Providing Information to Third Parties
If the responsible party has publicly disclosed your personal data and is obliged to their deletion in accordance with Art. 17 Para. 1 GDPR, then it shall, subject to the consideration of the available technology and the implementation costs, undertake appropriate measures – including of a technical nature – in order to notify the party responsible for the data processing who is processing the personal data that you, as the affected person, have demanded that it delete all links to these personal data or copies or replications of these personal data.

c) Exceptions
The right to deletion shall not be valid insofar as the processing is required

(1) in order to exercise the right to freedom of expression and to provide information;
(2) in order to fulfil a legal obligation which requires the processing in accordance with the law of the European Union or of the member countries to which the responsible party is subject or in order to fulfil a task which lies in the public interest or in order to exercise the public authority which has been assigned to the responsible party;
(3) for reasons of the public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;
(4) for the archiving purposes lying in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR insofar as the right specified in Section a) is anticipated to make impossible or seriously restrict the realisation of the goals of this processing;
(5) in order to assert, exercise or ward off legal claims.

5. Right to Notification

If you have asserted the right to the correction, deletion or restriction of the processing vis-à-vis the responsible party, then the responsible party shall be obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of the processing unless this is determined to be impossible or is associated with disproportionate expenditures.

You shall have the right vis-à-vis the responsible party to be informed of these recipients.

6. Right to Data Portability

You shall have the right to receive your personal data, which you have provided to the responsible party, in a structured, standard and machine-readable format. Moreover, you shall have the right to transmit these data to another responsible party without being hindered from so doing by the responsible party to whom the personal data have been provided insofar as

(1) The processing is based upon consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or upon an agreement in accordance with Art. 6 Para. 1 lit. b GDPR and
(2) The processing is undertaken via automated processes.

Moreover, in exercising this right, you shall also have the right to affect that your personal data be transmitted directly by one responsible party to another responsible party insofar as this is technically feasible. The freedoms and rights of other persons may not be restricted by so doing.

The right to data portability shall not be valid for a processing of personal data which are required for the fulfilment of a task which lies in the public interest or is being done in the exercising of public authority which has been assigned to the responsible party.

7. Right to Objection

You shall have the right at any time to lodge an objection to the processing of your personal data which has been done in accordance with Art. 6 Para. 1 lit. e or f GDPR owing to reasons which are based upon your special situation; this shall also be valid for a profiling supported by these provisions.

The responsible party shall no longer process your personal data unless it can document that mandatory reasons worthy of protection exist for the processing which outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or warding off legal claims.

If your personal data have been processed in order to conduct direct advertising, you shall have the right at any time to lodge an objection to the processing of your personal data for the purpose of such advertising; this shall also be valid for the profiling insofar as it is associated with such direct advertising.

If you object to the processing for the purposes of direct advertising, then your personal data shall no longer be processed for these purposes.

You shall have the right – in conjunction with the usage of the Information Society services and notwithstanding Guideline 2002/58/EC – to exercise your right to object via automated processes whereby technical specifications are used.

8. Right to the Revocation of the Declaration of Consent under Data Protection Law

You shall have the right to revoke your Declaration of Consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Right to Lodge a Complaint to a Government Supervisory Agency

Irrespective of any other legal remedy under administrative law or in court, you shall have the right to lodge a complaint to a government supervisory agency – particularly in the member country of your residence, your workplace or the location of the purported violation if you are of the belief that the processing of your personal data violates the GDPR.

The government supervisory agency, to which the complaint has been submitted, shall notify the complainant of the status and the rulings regarding the complaint – including the option of seeking a legal remedy in court in accordance with Art. 78 GDPR.