This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as data) within our online offering and the associated websites, functions and content, as well as external online presences (hereinafter collectively referred to as online offer). With regard to the terms used, such as Processing or Controller, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Leitz Schilder GmbH
An der Bundesstraße 463
75365 Calw/Kentheim
Germany
Types of Processed Data
- Inventory data (e.g. names, addresses)
- Contact details (e.g. e-mail, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Usage data (e.g. visited websites, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
Categories of Persons Affected
Visitors and users of the online offer (hereinafter also referred to as users).
Purpose of Processing
- Provision of the online offer, its functions and content
- Answering contact requests and communication with users
- Security measures
- Range measurement/marketing
Used Terms
Personal data means any information relating to an identified or identifiable natural person; a natural person is considered identifiable who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier (e.g. cookie).
Processing is any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of the processing of personal data.
Processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the controller.
Relevant Legal Bases
According to Art. 13 GDPR, we inform you of the legal basis of our data processing. The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, for the fulfilment of our services Art. 6 (1) (b) GDPR, for legal obligations Art. 6 (1) (c) GDPR, and for legitimate interests Art. 6 (1) (f) GDPR.
Security Measures
We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk. Measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data. We also take into account the protection of personal data during development and selection of hardware, software and procedures according to the principle of privacy by design (Art. 25 GDPR).
Cooperation with Processors and Third Parties
If we disclose data to other persons and companies within the scope of our processing, this is only done on the basis of a legal permission, your consent, a legal obligation or our legitimate interests. If we engage third parties with the processing of data on the basis of an order processing contract, this is done on the basis of Art. 28 GDPR.
Transfers to Third Countries
Insofar as we process data in a third country outside the EU or EEA, this is only done to fulfil our contractual obligations, on the basis of your consent, a legal obligation or our legitimate interests in accordance with Art. 44 ff. GDPR.
Rights of Data Subjects
You have the right to request information about your data according to Art. 15 GDPR, to request correction according to Art. 16 GDPR, deletion according to Art. 17 GDPR, restriction of processing according to Art. 18 GDPR, and data portability according to Art. 20 GDPR. You also have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.
Right of Withdrawal
You have the right to withdraw given consents pursuant to Art. 7 (3) GDPR with effect for the future.
Right of Objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may be made in particular against processing for direct marketing purposes.
Cookies
Cookies are small files stored on users’ computers. We may use temporary and permanent cookies. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser.
Deletion of Data
The data processed by us will be deleted in accordance with Articles 17 and 18 GDPR. According to legal requirements in Germany, storage takes place for 10 years pursuant to §§ 147 AO, 257 HGB and 6 years pursuant to § 257 HGB.
Contact
When contacting us, the information provided by the user is processed in accordance with Art. 6 (1) (b) and (f) GDPR. We delete requests if they are no longer required and check the necessity every two years.
Hosting and Email Services
The hosting services we use serve to provide infrastructure and platform services. We or our hosting provider process inventory, contact, content, contract and usage data on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.
Collection of Access Data and Log Files
Our hosting provider collects data about every access to the server (server log files) on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Log file information is stored for a maximum of 7 days for security reasons and then deleted.
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke