Döllken Profiles GmbH, Stangenallee 3, 99428 Nohra, Germany, Tel.: + 49 (0)3643 4170 711, e-mail: firstname.lastname@example.org, www.doellken-profiles.com is responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR).
I. Data protection at Döllken Profiles
In principle, we collect and utilise our users’ personal data only to the extent that this is necessary to provide a fully functional website, our content and services. We only collect and utilise our users’ personal data with the consent of our users. An exception to this is those cases in which, for practical reasons, it is not possible to obtain prior consent and the processing of the data is permitted by law.
1. Legal basis for the processing of personal data
When we obtain consent from the data subject for processing operations in relation to personal data, the legal basis for this is Art. 6 (1) letter a of the EU General Data Protection Regulation (GDPR).
Art. 6 (1) letter a GDPR constitutes the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This also applies to processing operations required to implement pre-contractual measures.
In so far as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) letter c GDPR is the legal basis for this.
When the vital interests of the data subject or those of another natural person necessitate the processing of personal data, Art. 6 (1) letter d GDPR provides the legal basis for this.
When processing is required to protect a legitimate interest pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) letter f GDPR constitutes the legal basis for processing.
2. Deletion of data and duration of storage
The personal data of the data subject is deleted or blocked as soon as the reason for storing that data no longer exists. However, the data may continue to be stored when this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data is also blocked or deleted when the retention period prescribed by the aforementioned norms expires unless it is necessary for the data to continue to be stored in order to conclude or perform a contract.
II. Visiting our website
1. Description and scope of data processing
When you visit our website, our system automatically collects data and information from the computer system on the computer being used to retrieve our site.
The following data is collected:
· The IP address of the user
· The time and date of access
· The requested resource (HTML, images, etc.)
· HTTP status
· Size of the delivered content in bytes
· Referrer (page from which the retrieval was started)
· Browser user agent of the user (browser version and general operating system such as Windows, Linux, Mac)
The data is also saved in the log files of our system. This data is never saved together with other personal data of the user. The temporary saving of the IP address by the system is necessary for the website to be delivered to the user’s computer. This requires the user’s IP address to be saved for the duration of the session. Data is saved in log files to ensure the functionality of the website. We also utilise the data to optimise the website and ensure that our IT systems remain secure. This does not involve any analysis of the data for marketing purposes. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected to provide the website, this takes place when the respective session ends. When data is stored in log files, this takes place no later than seven days it has been stored. It is possible to store such data for a longer period. In this case, the users’ IP addresses are deleted or rendered anonymous so that it is no longer possible to assign an IP address to the client retrieving the website.
The collection of data to provide the website and the storage of data in log files are essential for the operation of the website. Consequently, it is not possible for the user to opt out of this.
A) Description and scope of data processing
This website uses transient cookies (for temporary use) as well as third-party cookies (provided by third parties). Transient cookies are deleted automatically when you close your browser. These in particular include session cookies. These store a so-called session ID, by means of which various requests from your browser can be assigned to a common session. This allows your computer to be recognised when you return to the website. We use this kind of cookies to ensure the operation and functionality of our website. Session cookies are deleted when you log out or when you close the browser.
Third-party cookies are cookies which are set and used by a third party. This website uses third-party cookies as part of the Google Analytics analysis tool described below.
1. Description and scope of data processing
Newsletters are sent on the basis of the user having registered in the website:
our website offers the opportunity to subscribe to a free newsletter. When a user registers for the newsletter, data from the input form is transmitted to us. This comprises the user’s name and e-mail address. The following data is also collected on registration: the IP address of the retrieving computer, the date and time of registration
For the processing of the data, your consent is obtained during the registration process and you are referred to this data protection declaration. No data is passed onto third parties in connection with data processing for the dispatch of newsletters. The data is used only for dispatch of the newsletter.
The user’s e-mail address is collected to ensure delivery of the newsletter. The collection of other personal data during the registration process serves to prevent any misuse of the services or e-mail address used.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the e-mail address of the user is stored for as long as the newsletter subscription is active. Deregistration is possible at any time using a deregistration link in the newsletter or via our customer service.
V. Contact form and e-mail contact
1. Description and scope of data processing
There is a contact form on our website that can be used to get in touch with us electronically. If a user chooses to do this, the data entered in the input form is transmitted to us and stored. This data comprises:
The following data is also stored when the message is sent:
(1) The IP address of the user
(2) The time and date of registration
For the processing of the data, your consent is obtained during the dispatch process and you are referred to this data protection declaration. Alternatively, you can get in touch with us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail is stored. This does not involve the passing on of any data to third parties. The data is used only to process the conversation.
We only use the processing of personal data from the input form to facilitate communication. When contact is made by e-mail, this also involves the required legitimate interest in the processing of the data. The other personal data processed during the dispatch process is used to prevent any misuse of the contact form and to ensure that our IT systems remain secure.
The contact data requiring further processing (e.g. dispatch of sample material) is saved as the lead.
The user can withdraw his consent to the processing of personal data at any time. When the user contacts us by e-mail, he can object to the storage of his personal data at any time. This objection can be sent directly by e-mail directly below the contact form. All personal data saved to facilitate communication is then deleted.
VI. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies” (regarding cookies, see above). The information created by the Cookie concerning your use of this website is normally transmitted to a Google server in the USA and stored there. When individual pages of our website are retrieved, the following data is stored:
(1) Two bytes of the IP address of the user's retrieving system
(2) The retrieved website
(3) The website from which the user accessed the retrieved website (referrer)
(4) The individual pages retrieved from the retrieved website
(5) The time spent on the website
(6) The frequency with which the website is retrieved
At this point we inform you that on this website Google Analytics has been expanded by the code “anonymizeIp()” in order to ensure that the collection of IP addresses (so-called IP masking) has been rendered anonymous. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to produce reports concerning the website activities and to produce additional services associated with the use of the Internet and website for the website operator. The IP address communicated by Google Analytics from your browser is not combined with other data from Google. You can prevent the storage of the cookies by means of an appropriate setting in your browser software; we would, however, point out that in this case it may not be possible to make full use of the functions on this website. Furthermore, you can prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google and the processing of that data by Google. To do so, download and install the browser plug-in available under the following link. The current link is tools.google.com.
The data is deleted as soon as it is no longer needed for our record-keeping purposes.
VII. Your rights
You have the right to have the controller rectify and/or complete any processed personal data concerning you that is inaccurate or incomplete. The controller must rectify or complete that data without undue delay.
2. Right to restriction of processing
Subject to the following conditions, you can demand that the processing of your personal data be restricted:
(1) If you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use instead;
(3) the controller no longer needs the personal data for processing purposes, but you need it for the establishment, exercise or defence of legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, that data, with the exception of storage, can only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing subject to the aforementioned conditions, you will be informed of this by the controller before the restriction is lifted.
3. Right to erasure
a) Obligation to erase
You can obtain from the controller the erasure of your personal data without undue delay, and the controller is obliged to erase that data without undue delay when one of the following reasons applies:
(1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) letter a or Art. 9 (2) letter a GDPR, and there is no other legal ground for the processing.
(3) Pursuant to Art. 21 (1) GDPR, you raise an objection to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data has been unlawfully processed.
(5) Your personal data have to be erased for compliance with a legal obligation under EU law or Member State law to which the controller is subject.
6) Your personal data was collected in relation to offer of information society services pursuant to Art. 8 (1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
The right to erasure shall not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) letters h and i as well as Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
4. Right to information
If you have asserted the right to rectification, deletion or restriction of processing vis-a-vis the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform you about those recipients if you request it.
5. Right to data portability
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data was provided, where
(1) the processing is based on consent pursuant to Art. 6 (1) letter a GDPR or Art. 9 (2) letter a GDPR or on a contract pursuant to Art. 6 (1) letter b GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you have the further the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to a processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. Right to object
You have the right, on grounds arising from your special situation, at any time to object to the processing of your personal data, which occurs on the basis of Art. 6 (1) letter e or f of the GDPR; this also applies to profiling based on these provisions.
The controller no longer processes your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7. Right to withdrawal of the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.
8. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Art. 9 (2) letters a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
9. Right to complain to a supervisory body
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
VIII. Social bookmarks
We use what are called social bookmarks (Facebook, Google, Twitter) on our website. This enables you to share an article from out Internet offering in your own social media profile. To share the respective contents, you need an existing profile with the services offered respectively by Facebook, Google or Twitter. We have only integrated the social bookmarks into our website as links to the corresponding services. If you click an integrated image, you are forwarded to the page of the individual provider and only then is user information transferred. The purpose and scope of data collection and the further processing and use of data by the provider, as well as your rights in this respect and the possible settings to protect your privacy can be found in the data protection policy of the providers.
Facebook data protection policy:
Google data protection policy: