Thank you for visiting our website and taking an interest in our company. We take the protection of your personal data very seriously. We process your data in compliance with the applicable legal specifications regarding the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws that apply for us. The purpose of this Data Protection Statement is to provide you with comprehensive information about the processing of your personal data by geobra Brandstätter Stiftung & Co. KG and the rights to which you are entitled.
Personal data is information that make it possible to identify a natural person. In particular this includes your name, date of birth, address, phone number and email address, as well as your IP address.
Anonymous data is data that does not enable a user to be identified in any way.
The controller and data protection officer
geobra Brandstätter Stiftung & Co. KG
Brandstätterstraße 2 - 10
D - 90513 Zirndorf
Tel.: 09 11 / 96 66 26 60
Fax.:09 11 / 96 66 13 03
Data protection officer contact: email@example.com
Your rights as a data subject
Firstly we would like to inform you of your rights as a data subject. These rights are standardised in Articles 15-22 of the European Union General Data Protection Regulation (GDPR). This includes:
• The right to access (Art. 15 GDPR),
• The right to erasure (Art. 17 GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to data portability (Art. 20 GDPR),
• The right to restriction of processing (Art. 18 GDPR),
• The right to object to processing (Art. 21 GDPR).
In order to assert these rights, please contact: firstname.lastname@example.org. The same applies if you have questions on how data is processed in our company. You are also entitled to lodge complaints with a supervisory authority for data protection.
Rights to object
In the context of rights to object, please note the following:
If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without stating reasons. The same also applies for any profiling insofar as it is associated with the direct advertising.
If you object to processing for the purposes of direct advertising, we will no longer process your personal data for these purposes. Making an objection is free of charge and can be done via submission in any form; if possible, please submit any objection to email@example.com.
In the event that we process your data for the purpose of legitimate interests, you may at any time object to this processing on grounds relating to your particular situation; this also applies for any profiling supported by these provisions.
We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if processing services the establishment, exercise or defence of legal claims.
Purposes and legal bases of data processing
When processing your personal data, the provisions of GDPR and all other applicable data protection law are complied with. The legal basis for data processing arises in particular from Art. 6, GDPR.
We use your data for initiating business; fulfilling contractual and legal obligations; implementing the contractual relationship; offering products and services; and strengthening the customer relationship, which may also include analysis for the purpose of marketing and direct advertising.
Your consent also represents a permission instruction under data protection law. We hereby inform you of the purposes of data processing and your right to object. If consent also relates to processing special categories of personal data, we will make explicit reference to this in the consent, Art. 88 Para. 1 GDPR.
Special categories of personal data, as defined by Art. 9 Para 1 GDPR, may only be processed when necessary due to legal specifications and when there is no grounds to suspect that your legitimate interest in the exclusion of processing takes precedence, Art. 88, Para 1 GDPR.
Disclosure to third parties
We will only disclose your data to third parties in the framework of legal provisions or in the event of corresponding consent. Otherwise we will not disclose your data to third parties unless we are required to do so due to compulsory legal stipulations (disclosure to external bodies such as supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
Within our company, we ensure that only individuals who require your data to fulfil contractual and legal obligations receive access to that data.
In many cases, service providers support our departments in performing their tasks. The necessary data protection contracts have been concluded with all service providers.
Period of data storage
We store your data for as long as is needed for the respective purpose of processing. Please note that many retention periods exist requiring that data continues to be stored. This particularly relates to retention obligations under commercial or fiscal law (such as the Commercial Code (Handelsgesetzbuch, HGB), General Fiscal Law (Abgabenordnung, AbgO), etc.). Unless there are further-reaching retention obligations, the data will be routinely erased once the relevant purpose has been fulfilled.
In addition, we may retain data if you have provided your authorisation for us to do so, or if legal disputes arise within the statutory limitation period and we use pieces of evidence that become subject to legal limitation periods, which may be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
We implement appropriate technical and organisational measures for the best possible protection of the data we store against accidental or deliberate manipulation, loss, destruction, or access by unauthorised individuals. Security levels are reviewed on an ongoing basis in collaboration with security experts, and adapted to new security standards.
Data exchange from and to our web server is encrypted in every case. We offer HTTPS as a transfer protocol for our web presence, in each case subject to the use of current encryption protocols.
We also offer our users content encryption within the contact forms. We are the only party able to decrypt this data. There is also the option of using alternative channels of communication (e.g. post).
Obligation to provide data
Various personal data is required for the establishment, implementation, and termination of the contractual relationship, and the fulfilment of the associated contractual and legal obligations. The same applies for the use of our website and the various functions it offers.
We have summarised the details of this in the point above. In certain cases, data also needs to be collected or made available as a result of legal provisions. Please note that it is not possible to process your enquiry or execute an underlying contractual relationship without the provision of this data.
Categories, sources, and the origin of data
Which data we process is determined by the relative context: It depends, for example, on whether you place an order online or enter an enquiry into our contact form, or whether you are sending us an application or submitting a complaint.
Please note that we may also make information for particular processing situations separately available to an appropriate body, for example when application documents are uploaded or a contact enquiry is sent.
We collect and process the following data when you visit our website:
• The name of your internet service provider
• Information about the website from which you reach our site
• The web browser and operating system you are using
• The IP address allocated by your internet service provider
• The files requested, data volume transferred, and downloads/file export
• Information about the webpages that you access on our site, including the date and time
We collect and process the following data when you submit a contact enquiry:
• Surname and first name
• Email address
• Information on your requests and interests
We process the following data in the course of the order:
• Surname and first name
• Company name
• Date of birth
• Delivery address
• Invoice address
• Email address
• Phone number
• Data that may legitimately be processed from other sources
We collect and process the following data for newsletters:
• Surname and first name
• Email address
• Analytical data from the newsletter evaluation
Contact form/making contact by email (Art. 6 Para. 1 lit. a, b GDPR)
Our website contains a contact form that can be used to make contact electronically. If you write to us using the contact form, we process the personal data you provide in the contact form in order to make contact and respond to your questions and requests.
The principle of data economy and data reduction is taken into account here, in that you only need to provide the data that we need in order to make contact with you. This comprises your email address, title, first name, surname, subject, and the message field itself. In addition, your IP address is processed for reasons of technical necessity and legal safeguarding. All other data fields are voluntary, and you have the option of filling them out (for example for a better-tailored response to your questions).
If you contact us by email, we will process the personal data you provide in the email purely for the purpose of processing your enquiry.
Newsletter (Art. 6 Para. 1 lit. a GDPR)
You can subscribe to a free-of-charge newsletter on our website. Your name and the email address provided during newsletter registration will be used for sending the personalised newsletter.
The principle of data economy and data reduction is taken into account here, as only the email address (and where applicable a name for a personalised newsletter) is identified as a mandatory field. When you subscribe to the newsletter, your IP address will also be processed for reasons of technical necessity and legal safeguarding.
You may of course end your subscription at any time using the unsubscribe option provided in the newsletter, thereby revoking your consent. Furthermore, you may at any time also unsubscribe from the newsletter directly via our website.
Automated decision-making in individual cases
We do not use any purely automated processing procedures for making decisions.
Cookies (Art. 6 Para. 1 lit. f GDPR / Art. 6 Para. 1 lit a GDPR in the event of consent)
These cookies enables us to analyse how users use our websites. This means that we can design the content of the website to meet the needs of its visitors. Cookies also enable us to measure how effective a particular advertisement is, and for example to place it depending on thematic user interests.
Most of the cookies we use are session cookies which are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their term of validity (generally six months) is reached, or if you delete them yourself before the term of validity expires.
Most web browsers accept cookies automatically. However, you can generally also change your browser settings if you would prefer not to send information. You can still continue to use our website without restrictions in this case (with the exception of configurators).
Please note: If you deactivate the saving of cookies, you may no longer be able to use all of our website’s functions to the full extent.
Online offers for children
Individuals under the age of 16 may not transfer personal data to us or issue a declaration of consent without the approval of their parent or legal guardian. We would like to invite parents and legal guardians to actively participate in their children’s online activities and interests.
Links to other providers
Our website also – clearly and identifiably – includes links to websites operated by other companies. Where links to other providers’ websites are provided, we have no influence over their content. For this reason, no guarantee can be provided and no liability can be accepted for this content. The respective provider or operator of the relevant pages is responsible for the content of these pages.
At the time that the link was placed, the linked pages were checked for possible legal violations and identifiable infringements of the law. No legal content was identifiable at the time that the link was placed. However, constant monitoring of the content of the linked pages is unreasonable without specific indication of an infringement of the law. In the event of infringements of the law becoming known, links of this type will be removed without delay.