Data Protection
- Name and address of the data controllerThe data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection legislation of the EU member states as well as other statutory data protection regulations is:
W. Dietermann GmbH
Gutenbergstraße 2
26632 Ihlow-Riepe
Telephone: +49 (0) 23 52 / 20 15 - 0
Email: info@dietermann.de
- General information on data processing
- Scope of the processing of personal dataIn principle, we collect and use the personal data of our users only insofar as this is required to provide a functioning website as well as our content and services. The collection and use of the personal data of users takes place regularly only with the consent of the user. An exception to this applies in such cases where the obtaining of such consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.
- Legal basis for the processing of personal dataIf we ask a data subject for consent to use his or her personal data for processing operations, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis. When it is required that we process personal data to perform a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are required to carry out pre-contractual measures. If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis. If processing is required to safeguard a legitimate interest of our company or a third-party and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.
- Erasure of data and duration of storageThe personal data of the data subject is erased or blocked as soon there is no longer a purpose for storage. Storage can take place beyond this if it is provided for by Union law directives, laws or other regulations by European or national legislators to which the controller is subject. Data is also blocked or erased if a retention period prescribed by the standards mentioned expires, unless there exists a requirement for further storage of the data for the conclusion of a contract or the performance of a contract.
- Protection of transfer by means of SSL/TLS encryptionThis website uses SSL or TLS encryption for security reasons and to protect the transfer of confidential content. The encrypted connection is guaranteed by the hypertext transfer protocol HTTPS (“https://”). In this instance, data which is transmitted to us by a user cannot be read by third parties.
- Provision of website and generation of log files
- Description and scope of the data processing
- Description and scope of the data processingEvery time our website is accessed, the hoster's system automatically captures data and information on the computer system of the accessing computer. The following data is collected:
(1) Information about the browser type and the version used,
(2) The user’s operating system,
(3) The user’s IP address,
(4) Date and time of access.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. - Legal basis for the data processingThe legal basis for the temporary storage of data and the log files is point (f) of Article 6(1) GDPR.
- Purpose of the data processingThe temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session. The storage in log files is carried out to ensure the functioning of the website. In addition, the data serves to optimise the website and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place in this context. These purposes include our legitimate interest in the data processing pursuant to point (f) Article 6(1) GDPR.
- Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose of its collection. This happens when the particular session has ended, in the event of data being captured for the provision of the website. When data is stored in log files, it is deleted after seven days at the latest. It is possible for data to be stored beyond this point. In this instance, the IP addresses of users are erased or anonymized, so that an association with the accessing client is no longer possible.
- Objection and removal optionThe capture of data to provide the website and the storage of data in files is an absolute requirement needed for the operation of the website. Consequently, there is no opt-out option for the user.
- Description and scope of the data processingEvery time our website is accessed, the hoster's system automatically captures data and information on the computer system of the accessing computer. The following data is collected:
- Description and scope of the data processing
- Use of cookies
This website uses cookies in the form of analysis cookies (see below). When our website is accessed, users are notified of the use of cookies purposes by an info banner and referred to this data protection policy.
Cookies are stored on the user’s device and transmitted from there to our website. By changing the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be erased at any time. If cookies are deactivated for our website, it is possible that not all of the functions of the website can be used in full.- Description and scope of the processing of personal data
We use on our website the open source software tool Matomo to analyse the surfing behaviour of our users. The software places a cookie on the computer of the users. If individual pages of our website are accessed, the following data is stored:
- Two bytes of the IP address of the user’s accessing system
- Website accessed
- Websites from which the user has reached the accessed website (referrer)
- Subsites, which are accessed by the accessed website
- Length of time spent on the website
- Frequency of access to the website
- Legal basis for processing personal data The legal basis for processing the personal data of users is Art. 6 Para. 1 lit. f GDPR.
- Purpose of the data processing The processing of the personal data of users enables us to analyse the surfing behaviour of our users. By analysing the captured data, we are able to compile information on the use of individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes include our legitimate interest in the processing of personal data pursuant to Art. 6 Para. 1 lit. f GDPR. By making the IP address anonymous, the interest of users in having their personal data protected is sufficiently accounted for.
- Duration of storage The data is erased as soon as it is no longer needed for our recording purposes. In our case, this is after 180 days.
- Withdrawal/objection and removal option
You may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the used web browser also prevents an analysis cookie from being set on the device of the data subject. In addition, analysis cookies already in use may be erased at any time via web browser settings.
Furthermore, users have the option of objecting to and preventing the collection of data generated by Matomo relating to the use of this website. For this purpose, we offer the users of our website the option of opting out of the analysis process.
- Description and scope of the processing of personal data
We use on our website the open source software tool Matomo to analyse the surfing behaviour of our users. The software places a cookie on the computer of the users. If individual pages of our website are accessed, the following data is stored:
- Contact form and email contact
- Description and scope of the data processingA contact form is available on our website, which can be used for making contact with us electronically. If a user takes this option, the data entered in the input mask is transmitted to us and stored. This data is:
- Name
- Company
- Address
- Telephone number
- Email address
- Message
At the time of sending the message, the following data is also stored:
(1) The user’s IP address
(2) Date and time
(3) Information about the browser type and version used
(4) The user’s operating system
To process data as part of this sending procedure, your consent is obtained, if required, and you are referred to this data protection statement. The transfer of data is encrypted by means of the SSL or TLS protocol.
Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data transmitted with the email is stored. Data is not passed on to third parties in this context. Data is used exclusively for the processing of the conversation. - Legal basis for the data processingThe legal basis for the processing of data is the presence of consent by the user pursuant to point (a) of Article 6(1) GDPR. The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6(1) GDPR. If the purpose of your contact by email is to terminate a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6(1) GDPR.
- Purpose of the data processingThe processing of personal data that we obtain from the input mask serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data. The other personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems.
- Duration of storageThe data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for personal data from the input mask of the contact form and the personal data that was sent with the email, if the conversation concerned is finished with the user. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. The additional personal data collected during the sending procedure is deleted after a period of 14 days.
- Objection and removal optionThe user has the option at any time of withdrawing consent to the processing of personal data that concerns him or her. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such an event, the conversation cannot be continued.
Please send an email to this effect to our Data Protection Officer (post@pilling.de).
All personal data that is stored in the course of your making contact with us is, in this instance, deleted.
- Description and scope of the data processingA contact form is available on our website, which can be used for making contact with us electronically. If a user takes this option, the data entered in the input mask is transmitted to us and stored. This data is:
- Open Street Map This site uses the open source mapping tool "OpenStreetMap" (OSM) via an API. The provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to store your IP address. This information is usually transferred to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. More information on the handling of user data can be found on the OpenStreetMap data protection page and here wiki.openstreetmap.org/wiki/Legal_FAQ
- Rights of the data subjectIf personal data that concerns you is processed, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the data controller:
- Right of accessYou can request confirmation from the data controller about whether personal data that concerns you is processed by us. If such processing takes place, you can request the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipient to whom the personal data has been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of a right to request from the data controller rectification or erasure of personal data, a right to the restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the existence of a right to complain to a supervisory authority;
(7) all available information about the origin of the data where the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind.
You have the right to information about whether personal data was transmitted to a third country or to an international organisation. In this connection, you have the right to be informed of suitable guarantees in connection with the transfer pursuant to Article 46 GDPR. - Right to rectificationYou have a right to rectification and/or completion by the controller, provided the processed personal data that concerns you is inaccurate or incomplete. The data controller must carry out the rectification without undue delay.
- Right to restrict processingSubject to the following prerequisites, you can request the restriction of processing of the personal data that concerns you:
(1) if you can test the accuracy of the personal data that concerns you for a period that enables the controller to check the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
(4) if you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the data controller override those of the data subject.
If the processing of the personal data that concerns you is restricted, this data may – apart from its storage – be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or on grounds of public interest of the Union or a member state. If the restriction of the processing is carried out in accordance with the above-mentioned prerequisites, you are notified by the data controller before the restriction takes place. - Right to erasure
- Erasure obligationYou can request that the data controller erases personal data that concerns you without undue delay, and the data controller is obliged to erase this data without undue delay, provided one of the following reasons applies:
(1) The personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
(4) The personal data has been unlawfully processed.
(5) The personal data has to be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. - Information given to third partiesIf the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- ExceptionsThe right to erasure does not exist, provided the processing is required
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation, which requires the processing in accordance with the law of the Union or member states to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to point (h) of Article 9(2) and Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, provided that the right mentioned under section a) probably makes the realisation of the goals of this processing impossible or seriously impairs it, or
(5) for the establishment, exercise or defence of legal claims.
- Erasure obligationYou can request that the data controller erases personal data that concerns you without undue delay, and the data controller is obliged to erase this data without undue delay, provided one of the following reasons applies:
- Right to notificationIf you have asserted your right to obtain rectification, erasure or restriction of your personal data from the data controller, the controller is obliged to notify all the recipients to whom the personal data affected was disclosed of this rectification or erasure of the data or the restriction of the processing, unless this proves impossible or involves disproportionate effort. You have the right to request that the controller notifies you of these recipients.
- Right to data portabilityYou have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, provided
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR and
(2) the processing is carried out by means of automated processes.
In exercising this right, you have the further right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. - Right to object7. You have the right for reasons resulting from your special situation to object to the processing of personal data that concerns you, pursuant to point (e) or (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process the personal data that concerns you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerned for the purpose of this sort of advertising; this also applies to profiling, provided it is connected to such direct advertising. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. You have the option, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EU – to exercise your right to object by means of automated processes in which technical specifications are used.
- Right to withdraw consent regarding data protection lawYou have the right to withdraw your consent regarding data protection law at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the point of withdrawal;
- Automated individual decision-making, including profilingYou have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply, if the decision
(1) is necessary for entering into, or performance of, a contract between the you and the data controller;
(2) is authorised by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or
(3) is based on your explicit consent.
However, decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, provided point (a) or (g) of Article 9(2) do not apply and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision. - Right to lodge a complaint with a supervisory authorityIf you consider that the processing of personal data relating to you infringes the GDPR, you have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the member’s state of your habitual residence, place of work or place of the alleged infringement. The supervisory authority where the complaint was lodged, informs the complainant of the status and results of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.
- Right of accessYou can request confirmation from the data controller about whether personal data that concerns you is processed by us. If such processing takes place, you can request the following information from the data controller:
- Date of/changes to the data protection statementUsers are requested to keep themselves informed regularly about the contents of the data protection statement.
- Changes to the data protection statementWe reserve the right to change this data protection statement to adapt to changed legal positions or changes to the services and the data processing. However, this only applies in respect of statements on data processing. Provided user consents are required or components of the data protection statement contain regulations of the contractual relationship with users, changes are made only with the agreement of users.
- Date of the data protection statementThis data protection statement is currently valid as of 25/10/2018.