Privacy Policy

Privacy Policy

As of February 2019

      I.   Name and address of the data controller

Responsibility within the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations remains with:

Georg Börner Chemisches Werk für Dach- und Bautenschutz GmbH und Co. KG

Heinrich-Börner-Str. 31

36251 Bad Hersfeld

Deutschland

06621-175-0

michael.spies@georgboerner.de

www.georgboerner.de

     II.    Contact details of the Data Protection Officer

The data protection officer in charge is:

DataCo Inc.

Dachauer Street 65

80335 Munich

Germany

Data protection [at] dataguard.de

www.dataguard.de

   III.    General data processing information

1. Amount of processed personal data

As a matter of principle, we only collect personal data of our users as far as it is necessary for us to provide a functional website, website contents and services. The processing of personal data is carried out on a regular basis subject to the users’ consent. An exception applies in cases where it is not possible to obtain prior consent and where the collection of data is legally permitted.

2. Legal basis for processing of personal data

If we obtain consent from the person concerned to process their personal data Article 6 (1) S. 1 (a) of the EU General Data Protection Regulation (hereinafter referred to as GDPR) serves as the legal basis.

Article 6 (1) S. 1 (b) of GDPR serves as a legal basis when personal data is processed that is used to fulfill a contract and where the contracting party is the person concerned. This also applies to the processing of data that is necessary to carry out pre-contractual measures.

If there is a legal obligation why a company should collect personal data, this will be done in accordance with Article 6 (1) S. 1 (c) GDPR.

If the vital interest of the person concerned, or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

If data processing is necessary to safeguard the legitimate interests of our company or of a third party and if the interests, fundamental rights and fundamental freedoms rights of the person concerned do not overwrite the former purpose, Article 6 (1) S. 1 (f) GDPR will apply as the legal basis for the processing of data.

3. Erasure of data and retention time

Personal data will be erased or blocked as soon as the purpose of the storage has ceased. Data storage may continue if it is required in order to comply with the European or national legislature in EU regulations, laws or other regulations that apply to the responsible subject. Data will be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a requirement to keep the data to enter into a contract or fulfill a contract.

IV.       Rights of the concerned party

If your personal data is processed, you are the concerned party according to GDPR and therefore entitled to the following rights:

1. Right to information

You can ask the data controller to confirm whether your personal data is being processed by them.

If this can be confirmed, you can request the following information from the controller:

1.    The purposes for which personal data is processed;

2.    The categories of personal data that are processed;

3.    The recipients or categories of recipients to whom the personal data relating to you have been disclosed or will still be disclosed;

4.    The planned data retention time of your personal data or, if this information is not available, any criteria that could determine the duration of the storage.

5.    The right to correct or erase personal data about you, the right to restrict the processing of the data or the right to object to this processing; 

    1. The right of appeal to the supervising authority;
    1. All available information about the origin of the data if the personal data is not collected from you directly;
    1. The existence of automated decision-making, including profiling in accordance with Articles 22 (1) and (4) GDPR, and at least all meaningful information on the principle involved, as well as the scope and effects of such processing for you.

You have the right to request information as to whether the personal data about you is transmitted to a third country or to an international organisation. In this context, you may also request to be informed about appropriate guarantees under Article 46 GDPR in connection with this transmission.

2. Right to rectification

You have the right to correct and/or complete data, provided that the processed personal data that concerns you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restrict processing of data

Under the following circumstances it is possible to request the that the processing of personal data relating to you may be restricted:

    • If you dispute the accuracy of the personal data that has been collected about you for some time so that it allows the controller to verify the accuracy of the personal data;
    • If the processing of the data is illegal and you object to the deletion of the personal data and instead demand restricted use of the personal data;
    • The controller no longer needs the personal data for the intended purposes, but you need them to exercise or defend legal claims, or
    • If you have objected to the data processing in accordance with Article 21 (1) GDPR and it is not clear yet whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted – apart from storing it - this data may only be used with your consent or to exercise or defend legal claims or to protect the rights of a other natural or legal persons or in case of being in the interest of public of the Union or of a Member State.

If the restriction of the data processing has been limited based on the previous conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

(a) Duty of erasure

You may request that the controller erases personal data concerning you immediately. The controller is under the obligation to erase personal data without undue delay where one of the following reasons applies:

    1. The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    1. You withdraw your consent on which the data processing is based according to Article 6 (1) S. 1 (a) or Article 9 (2) S 1. (a) GDPR and where there is no other legal basis for the processing.
    1. You object to the processing of the data pursuant to Article 21 (1) of GDPR and there are no overriding legitimate reasons for processing, or you object to the processing in accordance with Article 21 (2) of GDPR.
    1. The personal data relating to you have been unlawfully processed.
    1. The deletion of the personal data relating to you is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the controller is subject.
    1. The personal data relating to you was collected in relation to the provided services of the information society services in accordance with Article 8 (1) of GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is required pursuant to Article 17 (1) of GDPR to erase it, the controller, taking into account the available technology and costs of the implementation, must take reasonable steps and technical measures to inform those responsible for data processing that you as the person concerned have requested the deletion of all links to this personal data or of copies and replications in regards to the personal data.

c) Exceptions

The right to erasure does not apply if the processing is necessary

    1. To exercise the right to freedoms of expression and information;
    1. In order to fulfil a legal obligation which requires processing by Union law or law of the Member States to which the controller is subject or to carry out a task that is in the interest of the public or in the exercise of the public authority, which has been entrusted to the controller;
    1. For reasons of the interest of the public in public health according to Article 9 (2) (h) and (i) and Article 9 (3) of GDPR;
    1. For archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of GDPR, insofar as the law referred to in section (a) is likely to make the objectives of this processing impossible or difficult, or
    1. To assert, exercise or defend legal claims.

6. Notification right

If you have asserted the right towards the controller to correct, erase or restrict the processing of personal data, the controller is obliged to notify all recipients to whom the personal data concerned to you has been transferred to about the restriction or deletion of data unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

7. Right to data portability

You have the right to receive the personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without obstruction by the controller to which the personal data was initially provided, where

    1. Processing is based on consent according to Article 6 (1) S. 1 (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
    1. Processing is done using automated procedures.

In exercising this right, you also have the right to request that the personal data relating to you is transmitted directly from one controller to another controller as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply if the processing of personal data is required to perform a task that is in the public interest or in the exercise of the public authority that has been entrusted to the controller.

8. Right to object

At any time, you have the right to appeal for reasons arising from your situation against the processing of the personal data concerning you based on Article 6 (1) S.1 (e) or (f) GDPR. This also applies to profiling based on these provisions.

The controller will no longer process the personal data relating to you, unless he can prove compelling legitimate grounds for the processing which overwrite your interests, rights and freedoms, or if the processing serves the purpose to assert, exercise or defend legal claims.

Where the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; This also applies to profiling, as far as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding directive 2002/58/EG, you have the opportunity to exercise your right to object using automated means that utilise technical specifications.

9. Right to revoke the declaration of consent under data protection law

You have the right to revoke your information on data protection at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of consent until the revocation.

10. Automated decision on a case-by-case basis including profiling

You have the right not to be subject to a decision that is based solely on automated processing - including profiling - which has a legal effect on you or affects you similarly significantly. This does not apply if the decision

    1. Is necessary to enter or fulfil a contract between you and the data controller,
    1. Is subject to legislations of the Union or Member States that the controller must comply with and where such legislations include appropriate measures to safeguard your rights and freedoms, as well as your legitimate interests, or
    1. Is made with your explicit consent.

However, these decisions may not be based on specific categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) (g) GDPR and appropriate measures have been put in place to protect rights and freedoms as well as your legitimate interests.

In the cases referred to in 1. and 3. the controller shall take appropriate measures to safeguard your rights, freedoms and legitimate interests, including at least the right of a person to intervene on part of the controller, to present his or her own point of view and challenge the decision.

11. Right to complain to a supervisory authority

Without prejudice to any other administrative or legal advise, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, your job or the location of the alleged violation if you believe that the processing of the personal data concerning you violates GDPR.

The supervisory authority where the complaint was filed informs the complainant of the status and results of the complaint, including the possibility of a judicial appeal under Article 78 of GDPR.

    V.     Provision of website and creation of log files

1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

    • Information about the type of browser and the browser version
    • Information about the user's operating system
    • Information about the user's internet service provider
    • Information about the user's IP address
    • Date and time of access
    • Websites from which the user's system enters our website

This data is stored in the log files of our system. This data as well as other personal data of the user will not be stored.

2. Purpose of data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

The storage in log files is needed to ensure that the website works. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes will not take place in this context.

These are the reasons for our legitimate interest in data processing under Article 6 (1) S. 1 (f) GDPR.

3. Legal basis for data processing

Legal basis for the temporary storage of data and log files is defined in Article 6 (1) (f) GDPR.

4. Duration of data storage

The data will be erased as soon as they are no longer needed to achieve the purpose of their collection. If the data are collected to provide the website this will be the case when the session is finished.

If the data are stored in log files this will be the case after seven days at the latest. It is possible to store the data beyond this point if the users IP addresses are deleted or alienated, so that it is no longer possible to assign the individual device.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is necessary to operate the website. Therefore, the user has no possibility to object.

VI.   Newsletter

1. Description and scope of data processing

On our website it is possible to subscribe to a free newsletter. When you sign up for the newsletter, the data from the input fields are transmitted to us.

    • Email address
    • Name
    • Date and time of registration

In connection with the data processing for the sending of the newsletters, the data are not passed on to third parties. The data will only be used to send the newsletter.

2. Purpose of data processing

The purpose of collecting the user's e-mail address is to deliver the newsletter.

The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.

3. Legal basis for data processing

The legal basis for the processing of the data after signing up for the newsletter is explained in Article 6 (1) (a) GDPR if the user has given his prior consent.

4. Duration of storage

The data will be erased as soon as they are no longer needed to achieve the purpose of their collection. The user's e-mail address is therefore stored as long as the subscription to the newsletter is active.

Other personal data that was collected as part of the registration process are usually deleted after a period of seven days.

5. Possibility of objection and removal

The subscription to the newsletter can be canceled by the user at any time. For this reason, there is a link in every newsletter to do this.

This also allows the user to revoke the consent to the storage of the personal data collected during the registration process.

VII.        E-mail contact

1. Description and scope of data processing

It is possible to contact us via the e-mail address provided on our website. In this case, the personal data of the user transmitted by e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively to process the conversation.

2. Purpose of data processing

In the case of e-mail contact, the necessary legitimate interest in processing the data is given through the email request.

3. Legal basis for data processing

The legal basis for processing the data is Article 6 (1) (a) GDPR if the user has given his consent.

The legal basis for processing the data sent while sending an e-mail is Article 6 (1) (f) GDPR. When the e-mail contact is aimed at entering a contract, the additional legal basis for the data processing is Article 6 (1) (b) GDPR.

4. Duration of storage

The data will be erased as soon as they are no longer needed to achieve the purpose of their collection. Personal data sent by e-mail will be erased when the respective conversation with the user has ended. The conversation ends when it can be explicitly established that the matter in question has been resolved.

The additional personal data collected during the submission process will be deleted no later than seven days after it has been collected.

5. Possibility of objection and removal

The user has the option to revoke his consent for the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the email exchange cannot continue.

Mouse clicks

In this case all personal data that were stored during the contact will be erased.

Mouse clicks

  VIII.   Job application by e-mail

1. Amount of processing of personal data

You can send us your application by e-mail. We collect your e-mail address and the data you share in your e-mail.

Your data will not be passed on to third parties. The data will only be used to process your application.

2. Purpose of data processing

The processing of the personal data from your application e-mail is only used to process your application.

3. Legal basis for data processing

The legal basis for processing your data is Article 6 (1) (a) GDPR and § 26 BDSG.

4. Duration of storage

Once the application process has been completed, the data will be stored for up to two months. Your data will be deleted after two months at the latest. In the event of a legal obligation, the data will be stored within the requirements of the applicable regulations.

All additional personal data collected during the submission process will be deleted within a period of seven days.

5. Possibility of objection and removal

The applicant can revoke his consent to process the personal data at any time. In such a case, the application can no longer be considered.

The applicant sends an email to change the data or sends modified attachments.

In this case all personal data stored in the course of the electronic application will be deleted.

    • Email address

Once the application process has been completed, the data will be stored for up to two months. Your data will be deleted after two months at the latest. In the event of a legal obligation, the data will be stored within the requirements of the applicable regulations.

The applicant sends an email to change the data or sends modified attachments.

  IX.    Hosting

Our website is hosted on servers at a service provider commissioned by us.

Our service provider is:

Mittwald CM Service GmbH & Co. KG

The servers automatically collect and store information in so-called server log files, which your browser automatically sends when you visit our website. The information that is stored are:

Browser type and browser version

Operating system of user

URL of user

Host name of the access computer

Time of server request

IP address

This data will not be merged with other data sources. This data is collected in accordance with Article 6 (1) (f) GDPR. The website operator has a legitimate interest in a technically error-free presentation and optimization of its website – therefore server log files must be recorded.

We have entered into a contract with our service provider by requesting that the relevant service provider protects all user data and does not pass it on to third parties.

The location of the server for our website is based in Germany.

X.        Plugins

We use plugins for various purposes. The plugins used are listed below:

YouTube

1. Amount of processing of personal data

On our website we use YouTube's Google plugin from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as YouTube). We use YouTube's plugin to embed videos from YouTube on our website. When you visit our website, your browser connects to YouTube's servers. This allows personal data to be stored and evaluated, especially the user activity (e.g. which pages have been visited and which items have been clicked on) as well as device and browser information (e.g. the IP address and the operating system). We have no influence on the content of the plug-in. If you are logged into your YouTube account while visiting our website, YouTube can assign your website visit to your account. By interacting with this plug-in, the corresponding information is sent directly to YouTube and stored there. 
More information on the collection and storage of the data by Google can be found here: https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of data processing

The use of YouTube plug-ins help to improve the user-friendliness and attractivity of the presentation of our website.

3. Legal basis for the processing of personal data

The legal basis for processing your data is Article 6 (1) (f) GDPR.

 

4. Duration of storage

Your personal information will be stored as long as it is necessary to fulfill the purposes described in this Privacy Statement or as required by law, for tax and accounting purposes.

5. Possibility of objection and removal

You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, using the ‘Do Not Track’ feature of a supporting browser, enabling ‘Turn off script’ in your browser or by installing a script blocker such as ‘NoScript’ (www.noscript.net) or ‘Ghostery’ (www.ghostery.com) on your browser.
The link below allows you to disable Google's use of your personal data:
https://adssettings.google.de
For more information on ways to object and erase data against Google please visit:
https://policies.google.com/privacy?gl=DE&hl=de
In addition, Google is complying with the Privacy Shield Agreement between the European Union and the United States and has been certified itself. As a result, Google is committed to comply with the standards and regulations of the European data protection law. More information can be found in the article below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

 

Use of Bootstrap

1. Amount of processing of personal data

Our website uses the OpenSource Framework Bootstrap. This is loaded from the content delivery network of Bootstrapcdn.com. Provider of this service is MaxCDN DBA StackPath., 2021 McKinney Ave., Suite 1100, Dallas, TX 75201, USA (hereinafter referred to as StackPath). By using BootstrapCDN, cookies are saved on your computer and your usage data is stored. As a result, personal data can be stored and analysed, especially the user activity (e.g. which pages have been visited and which items have been clicked on) as well as device and browser information (e.g. the IP address and operating system).
To find out more information on how StackPath collects and stores the data please follow the link below:
https://www.bootstrapcdn.com/privacy-policy/

2. Purpose of data processing

Bootstrap is used to improve our website and its user-friendliness.

3. Legal basis for the processing of personal data

The legal basis for processing your data is Article 6 (1) (f) GDPR.

4. Duration of storage

Your personal information will be stored as long as it is necessary to fulfill the purposes described in this Privacy Statement or as required by law, for tax and accounting purposes.

5. Possibility of objection and removal

You can prevent StackPath from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, using the ‘Do Not Track’ feature of a supporting browser, enabling ‘Turn off script’ in your browser or by installing a script blocker such as ‘NoScript’ (www.noscript.net) or Ghostery (www.ghostery.com) on your browser.
For more information on ways to object and erase data against StackPath please visit:
www.bootstrapcdn.com/privacy-policy/
In addition, StackPath is complying with the Privacy Shield Agreement between the European Union and the United States and has been certified itself. As a result, StackPath is committed to comply with the standards and regulations of the European data protection law. More information can be found in the article below::

https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active

This Privacy Statement was prepared with the support of DataGuard