Data protection declaration for contract fulfilment subject to the General Data Protection Regulation (GDPR)
I.Name and address of the data controller
In terms of the GDPR and other national data protection laws of the member states of the European Union and other data protection regulations, the data controller is:
Rudolf Geiger Maschinenbau GmbH
Milchgrube 2, 91320 Ebermannstadt, Germany
Phone: +49 9194/7377-0
E-Mail: rudolf@geiger-gmbh.de
Website: www.geiger-gmbh.de
II. Name and address of the data protection officer
The data protection officer for the data controller is:
Law office: Glöckner Keller Rechtsanwälte
Title: Mr.
Title:
Name, first name: Keller, Frank A.
Street:
Postal code: 90419
Town: Nuremberg
Phone: +49 (0)911 2550 99-0
Email: info@anwaelte-gkr.de
III. General information on data processing
1. Extent of personal data processing
In principle, we only collect and use personal data that belong to our users insofar as it is necessary to provide a functioning website and our content and services. The collection and use of personal data belonging to our users only takes place on a regular basis with the consent of the user. An exception applies in cases where prior consent cannot be obtained for actual reasons and where processing the data is permitted by law.
2. Legal basis for processing personal data
Sec.6 (1) (a) EU General Data Protection Regulation (GDPR) serves as legal basis insofar as we obtain the consent of the data subject for processing personal data.
Sec. 6 (1) (b) General Data Protection Regulation (GDPR) serves as legal basis for processing the personal data required for fulfilling a contract to which the data subject is a party. This also applies to the processing operations required for performing pre-contractual measures.
Sec. 6 (1) (c) General Data Protection Regulation (GDPR) serves as a legal basis insofar as processing personal data is required to fulfil a legal obligation to which our company is subject.
Sec. 6 (1) (d) General Data Protection Regulation (GDPR) serves as a legal basis in the event that the vital interests of the data subject or another natural person require the processing of personal data.
Sec. 6 (1) (f) General Data Protection Regulation (GDPR) serves as a legal basis if processing is required to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest.
3. Data deletion and storage duration
Personal data concerning the data subject will be deleted or blocked as soon as the reason for storage no longer exists. Storage may also take place when this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data are also blocked or deleted when a period of storage prescribed by the standards stated expires, unless the data needs to be stored for longer in order to conclude or fulfil a contract or the customer/client has granted their consent.
IV. Data processing for contract fulfilment
1. Description and scope of data processing
The following data are collected and stored for the purpose of fulfilling the contract:
(1) Name, contact details and contact person at the contracting party, insofar as these are made available by the respective contract partner and, if applicable, others:
Address data (street, house number, postal code, town, etc.)
Contact details (telephone, fax, mobile, email, etc.)
Bank details (account number, bank code, bank name, account holder, etc.)
Personal data (birth date, birth place, marital status, citizenship, religion, etc.)
Employee data (personnel number, entry and exit date, department, etc.)
Salary/Wage data (salary/wage amount, number of payments per annum, payment date, working hours (weekly hours), pension and social security data, etc.)
Leave dates (number of leave days per year, number of days remaining, etc.)
Activity data (working hours recorded, etc.)
Insurance number
Finance data
If necessary, additional data categories if required for executing the order
(2) Documents and contracts may be filed in our file system as originals or photocopies, or stored electronically in electronic files.
(3) Email contacts are also stored electronically. Details of this can be found in the Section “Data Protection Policy for email contacts”
2. Legal basis for data processing
The legal basis for processing data is the existence of consent granted by the contract partner in accordance with Art. 6 (1) (a) GDPR.
An additional legal basis for processing data is formed by Art. 6 (1) (b) GDPR if the collection of data serves to fulfil a contract to which the contract partner is a party or for the implementation of pre-contractual measures.
3. Purpose of data processing
Collection of the aforementioned data is required for the purpose of fulfilling a contract with the contract partner or for pre-contractual measures.
The data are required for fulfilling the contract, because the contact details and contact persons at the contracting party are required to establish contact and, in particular, transfer documents.
4. Period of storage
The data are deleted as soon as they are no longer required to fulfil the purpose they were collected for.
This is the case for the duration of the continuing obligation to fulfil a contract or undertake pre-contractual measures, if the data are no longer required for performing the contract. A need to store personal data belonging to the contracting party may exist even after conclusion of the contract, in order to comply with contractual or legal obligations.
Within the scope of our business activities, we are required to keep business records and, as a rule, the personal data contained within them for a period of ten years.
If no other contractual or legal obligations exist, the data are deleted after the aforementioned period of time.
5. Objection and removal option
As the data subject, the option is open to you at any time to request that your personal data be stored and/or deleted. You can change the data stored on your person at any time.
If the data are required for fulfilling a contract or for performing pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not preclude their deletion.
6. Data Disclosure
Within the framework of handing over accounting documents (invoices, contracts, etc.), data are passed on to the tax advisor/accounts office.
V. Provision of the website and creation of log files
1. Description and scope of the data processing
Each time our website is called our system automatically enters data and information from the computer system of the calling computer. The following data are collected hereby:
– Browser type und browser version
– Operating system used
– Referrer URL
– Host name of the accessing computer
– Time of the server request
– IP address
The data are also stored in the log files of our system. The IP addresses of the user or other data, which enable the allocation of the data to a user, are not affected hereby. These data will not be stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to enable a delivery of the website to the computer of the user. For this purpose the IP address of the user must remain stored for the duration of the session. The storage in log files is carried out in order to ensure the functionality of the website. The data moreover serve us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in the data processing according to Art. 6 Para. 1 lit. f GDPR.
4. Duration of the storage
The data will be erased as soon as they are no longer required in order to achieve the purpose for which they were collected. In the event that the data are entered in order to provide the website, this is the case when the respective session has ended. In the event that the data are stored in log files, this is the case after one month at the latest. Storage beyond this is possible. In this case the IP addresses of the users will be erased or alienated so that an allocation of the calling client is no longer possible.
5. Possibility to object and for remedy
The entry of the data for provision of the website and storage of the data in log files is absolutely essential for the operation of the website. There is consequently no possibility for the user to file an objection.
VI. Use of cookies
1. Description and scope of the data processing
Our website uses cookies that are stored on your device by the browser and which include certain settings for the use of the website (for the active session). Cookies serve to make our offer more user-friendly, more effective and more secure. Cookies are small text files, which are deposited on your computer and which are stored by your browser. The cookies used by us are so-called session cookies, which are erased automatically after the browser is closed.
The cookies partly serve to simplify website processes by storing settings (e.g. the reservation of already selected options).
2. Legal basis for the data processing
Insofar as personal data are also processed by individual cookies implemented by us, the processing shall be carried out pursuant to Art. 6 Para. 1 lit. b GDPR either for execution of the contract or pursuant to Art. 6 Para. 1 lit. f GDPR in order to safeguard our legitimate interests in the best possible functionality of the website as well as in a customer-friendly and effective design of the visit to the site.
3. Purpose of the data processing
The temporary storage of the cookies by the system is necessary in order to make it possible for our website to be presented with the best possible functionality. A so-called session cookie will remain stored for the duration of the session for this purpose. An evaluation for marketing purposes will not take place in this context.
This purpose also constitutes are our legitimate interest in the data processing according to Art. 6 Para. 1 lit. b and f GDPR.
4. Duration of the storage
The data will be erased as soon as they are no longer required in order to achieve the purpose for which they were collected. In the event that the cookies are stored in order to provide the website, this is the case when the respective session has ended.
You can set your browser so that you will be informed about the setting of cookies and only permit cookies in an individual case, exclude the acceptance of cookies for certain cases or generally as well as to activate the automatic erasure of the cookies when the browser is closed. The cookie settings can be managed under the following links for the respective browser.
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/
You can additionally prevent the loading of so-called Scripts as a standard. NoScript only allows the execution of JavaScripts, Java and other plugins with trustworthy domains of your choice. You can obtain information and instructions how you can process this function through the provider of your browser (e.g. for Mozilla Firefox under: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that the functionality of this website may be restricted when cookies are deactivated.
5. Possibility to object and for remedy
The storage of session cookies for the proper provision of the website is absolutely essential for the operation of the website. There is consequently no possibility for the user to file an objection. Reference is however explicitly made in this context once again to the possibility to prevent the storage according to Subclause 4.
VII. Email Contact
1. Description and scope of data processing
Establishing contact may take place over the email address provided. The user’s personal data transmitted by email are stored in this case.
In this context, we do not disclose the data to third parties. The data are used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for processing the data transmitted in the course of sending an email is formed by Art. 6 (1) (f) GDPR. If the reason for email contact is to conclude a contract, then the additional legal basis for processing the user’s data is formed by Sec. 6 (1) (b) GDPR.
3. Purpose of data processing
The processing of personal data from contact established by email only serves us for processing the established contact. Our requisite legitimate interest in processing the data also lies in this.
4. Period of storage
The data are deleted as soon as they are no longer required to fulfil the purpose they were collected for. For personal data sent by email, this is the case when the respective conversation with the user has come to an end. The conversation is considered to have come to an end once it can be inferred from the circumstances that the matter in question has been clarified conclusively.
5. Objection and removal option
The user has the option to revoke the consent he has granted to processing his personal data at any time. If the user establishes contact with us by email, he can object to the storage of his personal data at any time. The conversation cannot be continued in such a case.
Notification of the revocation of consent can be sent to the data controller’s email address.
In this case, all personal data stored in the course of establishing contact will be deleted. The data stored in the revision-proof email archive will be stored until the legally required deadline.
VIII. Rights of the data subject
If personal data on your person are processed, you are the data subject in terms of the GDPR and have the following rights vis-à-vis the data controller:
1. Right to information
You can ask the data controller to confirm where we process personal data concerning your person.
If we do, you can ask for details from the data controller concerning the following information:
(1) The purposes for which your personal data are processed;
(2) The categories of personal data processed;
(3) The recipients or categories of recipients to whom the personal data concerning your person have been disclosed or are still being disclosed;
(4) The amount of time your personal data are planned to be stored for or, if specific information is not available, criteria for determining the duration of storage;
(5) The existence of the right to have personal data corrected or deleted, a right to restrict to what extent they can be processed by the data controller and the right to object to your personal data being processed;
(6) The existence of the right of appeal to a supervisory authority;
(7) All information available on the data source if the personal data are not collected direct from the data subject;
(8) The existence of automated decision-making including profiling under Article Sec. 22 (1) and (4) GDPR and, in these cases at least, sound information on the logic involved, and the scope and intended impact of said processing on the data subject.
You are entitled to request information about whether your personal data are transferred to a third country or international organisation. In this context, you can request the appropriate guarantees in accordance with Sec. 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data concerning your person are incorrect or incomplete. The data controller must perform the correction without delay.
3. Right to restrict processing
You may ask for the personal data concerning your person to be restricted in processing under the following conditions:
(1) The accuracy of the personal data concerning your person is contested for a period of time that allows the data controller to verify the accuracy of your personal data;
(2) Processing is unlawful and you refuse to have your personal data deleted and instead request the restriction of their use;
(3) If the data controller no longer needs your personal data for the purposes of processing, but you need them to establish, exercise or defend against legal claims, or
(4) If you have objected to their processing subject to Art. 21 (1) GDPR, and it is not certain that the legitimate reasons of the data controller outweigh your reasons.
If processing personal data concerning your person has been restricted, it may only be used with your consent, or for the purpose of asserting, exercising or defending against legal claims, or for protecting the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.
If the restriction on processing has been restricted in accordance with the aforementioned conditions, the data controller responsible will inform you before the restriction is lifted.
4. Right to deletion
a) Deletion Obligation
You have the right to ask the data controller to delete the personal data concerning your person without delay, and the data controller is obliged to delete them immediately if one of the following is true:
(1) The personal data concerning your person are no longer needed to fulfil the purposes they were collected or otherwise processed for;
(2) You revoke your consent to processing your personal data pursuant to Art. 6 (1) (a) GDPR or Sec. 9 (2) (a) GDPR and there is no other legal basis for their processing;
(3) You object to processing your personal data in accordance with Art. 21 (1) GDPR, and there are no legitimate reasons for their processing, or you object to their processing in accordance with Art. 21 (2) GDPR.
(4) The personal data concerning your person were processed illegally.
(5) Deletion of personal data concerning your person is required to fulfil a legal obligation under European Union law or the law of the member states to which the data controller is subject.
(6) The personal data concerning your person were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information disclosure to third parties
If the data controller has made the personal data concerning your person public and is obliged to delete it subject to Art. 17 (1) GDPR, he shall take appropriate measures, including technical means, to inform data controllers who process the personal data, taking into account available technology and implementation costs, that you as the data subject have requested that all links to such personal data or copies or replications of such personal date be deleted.
c) Exceptions
The right to deletion does not exist if the data need to be processed,
(1) To exercise the right to freedom of expression and information;
(2) To fulfil a legal obligation required by the law of the European Union or member states to which the data controller is subject, or to perform a task in the public interest or in exercising an official power conferred to the data controller;
(3) For reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
(4) For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes acc. to Art. 89 (1) GDPR, to the extent that the law referred to in Item (a) is likely to render impossible or seriously affect the achievement of the objectives of this processing, or
(5) For asserting, exercising or defending against legal claims.
5. Right to information
If you have asserted your right to the rectification, deletion or restriction in processing your personal data to the data controller, he is obliged to notify all recipients to whom your personal data have been disclosed of the corrections that have been made to your data or their deletion or restriction in processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the data controller about the identity of these recipients.
6. Right to data portability
You have the right to receive personal data that concern your person, which you provide to the data controller, in a structured, standard and machine-readable format. You also have the right to transfer these data to another data controller without hindrance by the data controller to whom the personal data were provided, insofar as,
(1) Processing is subject to consent pursuant to Sec. 6 (1) (a) GDPR or Sec. 9 (2) (a) GDPR, or a contract pursuant to Sec. 6 (1) (b) GDPR and
(2) Processing is performed using automated procedures.
In exercising this right, you also have the right to effect that the personal data concerning your person are transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons are not allowed to be affected by this.
The right to data portability does not apply when processing personal data is required to perform a task that is in the public interest or in exercising an official power which has been conferred upon the data controller.
7. Right to object
On grounds relating to your particular situation, you have the right to object at any time to the processing of personal data concerning your person which is based on Art. 6 (1) (e) or (f), including profiling based on these provisions.
If you object, the data controller will no longer process your personal data unless he can establish compelling legitimate grounds for their processing that outweigh your interests, rights and freedoms, or their processing serves the purposes of asserting, exercising or defending against legal claims.
If your personal data concerning your person are processed for direct marketing purposes, you are entitled to submit an objection at any time against processing your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of using information society services, you have the option to exercise your right to object using automated procedures that use technical specifications regardless of Directive 2002/58/EC.
In order to object, it suffices if you declare this by letter or email to the aforementioned contact address and your communication makes it clear who the data subject is and whether all the data, or only part of the data should be deleted. Unless you provide information on the scope of your deletion request, we will assume that we should delete all your data.
8. Right to withdraw your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of your consent does not affect the lawfulness of any processing performed based on the consent you granted until revocation took place.
9. Right to file a complaint with a supervisory authority
Without prejudice to another administrative or judicial remedy, you are entitled to complain to a supervisory authority, in particular in the member state where your place of residence, place of employment or place of the alleged breach is located, if you believe that processing your personal data breaches the GDPR.
The supervisory authority to which the complaint is submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.