Data Privacy Statement
We are very grateful for your interest in our company. Data protection is particularly important to the management of Dr.-Ing. Paul Christiani GmbH & Co. KG. As a basic principle, it is possible to use the websites of Dr.-Ing. Paul Christiani GmbH & Co. KG without disclosing personal data of any kind. However, if a data subject wishes to make use of particular services offered by our company through our website, this may require the processing of personal data. If the processingof personal data is necessary and there is no legal basis for such processing, we will always obtain the consent of the data subject.
Personal data, such as the name, address, e-mail address or phone number of a data subject, is always processed in accordance with the General Data Protection Regulation and in line with the national provisions on data protection that apply to Dr.-Ing. Paul Christiani GmbH & Co. KG. With this Data Privacy Statement, our company aims to provide information to the public on the nature,scope and purpose of the personal data we collect, use and process. This Data Privacy Statement also informs data subjects about the rights that they hold.
As the controller, Dr.-Ing. Paul Christiani GmbH & Co. KG has implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website is afforded the most complete protection possible. Nevertheless, it is always possible for security gaps to exist in Internet-based data transmission, which means that it is not possible to ensure absolute protection. For this reason, all data subjects are free to send personal data to us via alternative methods, such as by telephone.
This Data Privacy Statement by Dr.-Ing. Paul Christiani GmbH & Co. KG is based on the terms that have been used by European regulators for the adoption of the General Data Protection Regulation (GDPR). Our Data Privacy Statement is intended to be simple to read and easy to understand both for the general public and for our customers and business partners. In order to ensure that this is the case, we would like to begin by explaining some of the terms we will be using.
We use the following terms, amongst others, in this Data Privacy Statement:
· a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
· b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed bythe controller.
· c) Processing
· d) Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
· e) Profiling
Profiling means any form of automated processing of personal data comprising the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
· f) Pseudonymisation
Pseudonymisation means the processing of personal data such that the personal data can no longer be traced to a specific data subject without involving additional information, provided this additional information is kept separately and is subject to appropriate technical and organisationalmeasures that guarantee that the personal data cannot be assigned to an identified or identifiablenatural person.
· g) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
· h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes data on behalf of the controller.
· i) Recipient
Recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.
· j) Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
· k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes made by the data subject by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
2. Name and Address of the Controller
The controller in accordance with the General Data Protection Regulation, other data protection laws in the member states of the European Union and other provisions in force for the purposes of data protection is:
Dr.-Ing. Paul Christiani GmbH & Co. KG
Tel.: 07531 5801-100
3. Name and Address of the Data Protection Officer
The data protection officer of the controller is:
Herr Kai Hartwig
machCon Deutschland GmbH
Tel.: 07733 360 35 40
Each data subject can contact our data protection officer directly at any time for any questions and suggestions regarding data protection.
The data subject can prevent cookies being stored by our website at any time by adjusting the relevant setting in the Internet browser they use, thereby permanently objecting to cookies being inserted onto their computer. In addition, cookies that have already been stored can be deleted via your browser or other software at any time. This can be carried out in all commonly used Internet browsers. If a data subject disables cookies in the Internet browser used, it may not be possible to make full use of some functions on our website.
5. Collecting General Data and Information
Each time the Dr.-Ing. Paul Christiani GmbH & Co. KG website is accessed by a data subject or an automated system, the site collects a range of general data and information. This general dataand information is stored in server log files. The data that may be collected includes (1) the browser type and version used, (2) the operating system used by the system accessing the site, (3) the website via which the system accessing the site reaches our website (i.e. a referrer), (4) the sub-websites accessed on our website by a system accessing the site, (5) the date and time at which the site is accessed, (6) the Internet Protocol address (IP address), (7) the Internet service provider for the system accessing the site and (8) other similar data and information used for security purposes in the event of attacks on our IT systems.
Dr.-Ing. Paul Christiani GmbH & Co. KG does not identify the data subject when using this general data and information. This data is instead required in order to (1) correctly provide the contents of our website, (2) optimise the contents of our website and our associated advertising, (3) guarantee the long-term functionality of our IT systems and the technology we use for our website and (4) provide law enforcement agencies with information required for criminal proceedings in the event of a cyberattack. This anonymously collected data and information is therefore evaluated by Dr.-Ing. Paul Christiani GmbH & Co. KG for statistical purposes as well as for the purpose of increasing data protection and the data security in our company, in order to ultimately ensure an ideal level of security for the personal data we process. The anonymous data from the server log files is stored separately from all personal data supplied by data subjects.
6. Registering on Our Website
The data subject has the option to register on the website of the controller by entering personal data. The personal data provided to the controller comes from the input field used for registration.The personal data entered by the data subject will only be collected and stored for internal use bythe controller and for their own purposes. The controller can arrange for transfer of the personal data to one or more processors, such as a parcel service provider, who likewise will only use that personal data for internal use that can be attributed to the controller.
7. Subscribing to Our Newsletter
The website of Dr.-Ing. Paul Christiani GmbH & Co. KG provides visitors with the option to subscribe to the newsletter of our company. The personal data provided to the controller as part of ordering the newsletter comes from the input field used for this purpose.
Dr.-Ing. Paul Christiani GmbH & Co. KG informs its customers and business partners of products and services offered by the company at regular intervals by means of a newsletter. Our company’s newsletter can only be received by a data subject if (1) the data subject has a valid e-mail address and (2) the data subject has registered to receive the newsletter. For legal reasons, a confirmation e-mail based on the double opt-in process will be sent to the e-mail address entered for the first time by the data subject for receipt of the newsletter. This confirmation e-mail is used to check whether the owner of that e-mail address has provided authorisation for receipt of the newsletter as a data subject.
As part of registration for the newsletter, we also store the IP assigned by the Internet Service Provider (ISP) used by the computer of the data subject at the time of registration, as well as the date and time of registration. Collection of this data is required to identify (possible) misuse of the e-mail address of a data subject at a later time, and therefore acts as legal protection for the controller.
The personal data collected upon registration for the newsletter is only used for sending our newsletter. In addition, subscribers to the newsletter are provided with information via e-mail if that information is required for operation of the newsletter service or registration for the newsletterservice, which may be necessary in the event of changes to the newsletter service or changes to the technical conditions. The personal data collected as part of the newsletter service is not shared with third parties. Subscription to our newsletter can be cancelled by the data subject at any time. Consent to storage of personal data provided to us by the data subject for the purposesof sending the newsletter can be withdrawn at any time. A link for withdrawing this consent is included in every newsletter. There is also the option to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller by other means.
The newsletter of Dr.-Ing. Paul Christiani GmbH & Co. KG contains tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable recording of a logfile and log file analysis. This enables statistical evaluation of the success or failure of online marketing campaigns to be carried out. The embedded tracking pixel enables Dr.-Ing. Paul Christiani GmbH & Co. KG to detect if and when an e-mail has been opened by a data subject and what links contained within the e-mail were selected by the data subject.
This personal data collected via the tracking pixels included in the newsletters is stored and evaluated by the controller in order to optimise sending of the newsletter and adjust the content offuture newsletters to better suit the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled to withdraw the declaration of consent made separately via the double opt-in process at any time. Following withdrawal of the declaration of consent, this personal data will be erased by the controller. Cancelling receipt of the newsletter is automatically considered by Dr.-Ing. Paul Christiani GmbH & Co. KG to constitute withdrawal of that declaration of consent.
9. Options for Getting in Touch via the Website
In accordance with statutory provisions, the website of Dr.-Ing. Paul Christiani GmbH & Co. KG contains details that enable quick electronic contact with our company as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the controller by e-mail or using a contact form, the personal data supplied by the data subject is stored automatically. Personal data supplied voluntarily by a data subject to the controller in this way is stored for the purpose of processing and/or getting in touch with the data subject. This personal data is not shared with third parties.
10. Subscription to Comments on the Blog on the Website
In general, third parties can subscribe to any comments left on the Dr.-Ing. Paul Christiani GmbH & Co. KG blog. In particular, it is possible for a commentator to subscribe to subsequent comments made on their comment on a specific blog entry.
If a data subject chooses the option to subscribe to comments, the controller will send an automatic confirmation e-mail in order to check using a double opt-in process whether the owner of the specified e-mail address has actually decided to select that option. The option to subscribe to comments can be cancelled at any time.
11. Routine Erasure and Restriction of Processing of Personal Data
The controller processes and stores personal data only for as long as necessary in order to fulfil the purpose for which it is stored, or in the event that this is provided for in legislation or regulations by the European regulator or other legislator under whose jurisdiction the controller lies.
If the purpose of storage no longer applies or a storage period prescribed by the European regulator or other competent legislator expires, the personal data is, routinely and in accordance with the statutory requirements, either erased or processing thereof is restricted.12. Rights of Data Subjects·a) Right to Confirmation
· a) Right to Confirmation
Every data subject has the right, conferred by the European regulator, to obtain from the controller confirmation as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the controller at any time for this purpose.
· b) Right of Access
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to obtain information regarding the personal data stored concerning their person and receive a copy of this information, free of charge. In addition, the European regulator has provided data subjects with the right to obtain the following information:
- The purposes of processing
- The categories of personal data being processed
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
- If possible, the planned duration of storage of this data or, if this is not possible, the criteria for defining this duration
- The existence of any right to rectification, erasure or restriction of processing of the personal data relating to the data subjects by the controller or any right to object to this processing
- The right to lodge a complaint with a supervisory authority
- If the personal data has not been collected from the data subject: All available informationconcerning the origin of the data
- The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, in such cases, meaningful information regarding the logicinvolved as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right of access to information regarding whether personal data has been transferred to a third country or an international organisation. If this is the case, thedata subject also has the right of access to information about the appropriate safeguards taken inrelation to the transfer.
· c) Right to Rectification
· d) Right to Erasure (Right to be Forgotten)
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to demand that the controller erase personal data concerning them without delay, insofar as one of the following grounds applies and processing is not necessary:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- The data subject withdraws consent on which the processing was based in accordance with Article 6(1a) or Article 9(2a) GDPR, and there is no other legal ground for the processing.
- The data subject objects to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21(2) GDPR.
- The personal data has been unlawfully processed
- The erasure of personal data is required in order to meet a legal obligation under Union orMember State law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.
Provided that one of the above grounds applies and a data subject wishes to arrange for erasure of the personal data stored by Dr.-Ing. Paul Christiani GmbH & Co. KG, they can contact an employee of the controller at any time for this purpose. The employee of Dr.-Ing. Paul Christiani GmbH & Co. KG will arrange for the erasure demand to be complied with without delay.
If the personal data has been disclosed by Dr.-Ing. Paul Christiani GmbH & Co. KG and our company is obliged as the controller to erase the personal data in accordance with Article 17(1) GDPR, Dr.-Ing. Paul Christiani GmbH & Co. KG will take appropriate measures, including those of a technical nature and taking into account the available technology and costs of implementation, to make other parties responsible for processing the disclosed personal data aware that the data subject has demanded from these responsible parties the erasure of all links to this personal data or copies or replicas thereof, insofar as the processing thereof is not necessary. The employee of Dr.-Ing. Paul Christiani GmbH & Co. KG will arrange for the necessary steps to be taken on a case-by-case basis.
· e) Right to Restriction of Processing
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to demand that the controller restrict the processing of their personal data in the event that one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal dataand requests the restriction of its use instead.
- The controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing in accordance with Article 21(1) GDPR and itis not yet clear whether the legitimate grounds of the controller override those of the data subject.
Provided that one of the above requirements applies and a data subject wishes to demand restriction of personal data stored by Dr.-Ing. Paul Christiani GmbH & Co. KG, they can contact an employee of the controller at any time for this purpose. The employee of Dr.-Ing. Paul Christiani GmbH & Co. KG will arrange for the restriction of processing.
· f) Right to Data Portability
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to obtain the personal data in question, provided to a controller by the data subject, in a structured, commonly used and machine-readable format. They also have the right to transmit the data to another controller without hindrance from the controller to which the personal data has been provided, provided that the processing is based on consent in accordance with Article 6(1a) or Article 9(2a) GDPR or on a contract in accordance with Article 6(1b) GDPR and the processing is carried out by automated means, provided that the processingis not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability in accordance with Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, if this is technically feasible and provided that this does not adversely affect the rights and freedoms of others.
The data subject may contact an employee of Dr.-Ing. Paul Christiani GmbH & Co. KG at any time in order to exercise their right to data portability.
· g) Right to Object
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1e) or Article 6(1f) GDPR. This includes profiling based on these provisions.
· h) Automated Decision-making on a Case-by-case Basis, Including Profiling
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the data controller, or (2) is authorised by European Unionor member state statutory provisions to which the controller is subject and which also lay down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the data controller or (2) is made with the data subject’s explicit consent, Dr.-Ing. Paul Christiani GmbH & Co. KG will take suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
If the data subject wishes to exercise their rights with regard to automated decision-making, they may contact an employee of the controller responsible for the data processing at any time for this purpose.
· i) Right to Withdraw Consent Under Data Protection Law
Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to withdraw consent for the processing of their personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller responsible for the data processing at any time for this purpose.
13. Data Protection for Applications and Application Procedures
14. Data Protection Provisions Concerning Use by econda
The controller has integrated components provided by econda on this website. Econda is a web analytics service. Web analytics refers to the collection, compilation and evaluation of data concerning the behaviour of visitors to websites. A web analytics service collects data about the site from which a data subject is linked to a certain website (the referrer), which sub-pages on thewebsite are accessed and how often and for how long sub-pages are viewed, among other data. Web analytics is predominantly used to optimise a website and to create a cost/benefit analysis ofInternet advertising.
The operating company of econda is econda GmbH, Zimmerstrasse 6, 76137 Karlsruhe, Germany.
Econda inserts a cookie onto the data subject’s IT system. The definition of cookies is given above. Each time an individual page is accessed on this website ‒ which is operated by the controller responsible for the data processing and onto which an econda component has been integrated ‒ the relevant econda component automatically causes the Internet browser on the data subject’s IT system to transfer data to econda for marketing and optimisation purposes. As part of this technical process, econda receives information about data used as part of creating pseudonymised usage profiles. The usage profile compiled by this process is used for analysis of the behaviour of the data subject who has accessed the controller’s website and is evaluated for the purposes of improving and optimising the website. The data recorded via the econda component will not be used to identify the data subject without separate and explicit consent given by the data subject. This data is not combined with personal data or other data containing the same pseudonym.
The data subject can prevent the insertion of cookies by our website, as set out above, at any time by adjusting the relevant setting in the Internet browser they use, thereby objecting to cookies being inserted on their computer in all cases. Changing the settings of the browser used in this way would also prevent econda from inserting a cookie onto the data subject’s IT system. In addition, cookies that have already been inserted by econda can be deleted via the browser or other software at any time.
The data subject also has the option to object to collection of the data concerning use of this website generated by the econda cookie and the processing of that data by econda, and can prevent this from taking place. To do so, the data subject must press the Submit button at the linkhttps://www.econda.de/en/data-storage-opt-out/, which will insert the Opt-Out cookie. The Opt-Out cookie inserted as a result of making the objection is stored on the IT system used by the data subject. If cookies are erased on the data subject’s system following the objection, the data subject must access this link again and insert a new Opt-Out cookie.
However, it is possible that inserting the Opt-Out cookie may result in the data subject no longer being able to use all features of the controller’s websites.
The applicable econda data protection provisions can be found at https://www.econda.de/en/data-protection/.
15. Data Protection Provisions Concerning Use by Google Analytics (with Anonymisation Function)
16. Data Protection Provisions Concerning Use by Google Remarketing
17. Data Protection Provisions Concerning Use by Google AdWords
18. Data Protection Provisions Concerning Use by LinkedIn
19. Data Protection Provisions Concerning Use by YouTube
Each time an individual page is accessed on this website ‒ which is operated by the controller responsible for the data processing and onto which a YouTube component (YouTube video) has been integrated ‒ the relevant YouTube component automatically causes the Internet browser onthe data subject’s IT system to download an image of the corresponding YouTube component from YouTube. Additional information regarding YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google receive information about which specific sub-pages on our website are visited by the data subject.
20. Legal Basis for Processing
Article 6(1a) GDPR provides our company with a legal basis for processing operations, where we must gain consent for a specific purpose of processing. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, which is the case for processing operations required for delivery of goods or providing any other service or return service, for example, this processing is based on Article 6(1b) GDPR. The same applies to those processing operations necessary for the performance of measures prior to the conclusion of a contract, such as in the case of enquiries concerning our products or services. If our company is subject to a legal obligation under which it is necessary to process personal data, such as compliance with tax obligations, this processing is based on Article 6(1c) GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our company were injured and it became necessary to provide their name, age, health insurance information or other essential information to a doctor, hospital or other third parties. In this case, processing would be based on Article 6(1d) GDPR. Lastly, processing operations may be based on Article 6(1f) GDPR. This legal basis provides grounds for processing operations not covered by any of the aforementioned legal bases, if the processing is necessary to protect the legitimate interests of our company or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are therefore permitted to carry out such processing operations in particular, because they have been specifically referenced by European legislators. The European legislators have taken the view that a legitimate interest can be assumed if the data subject is a customer of the controller (Recital 47(2) GDPR).
21. Legitimate Interest in Processing Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1f) GDPR, our legitimate interest is the execution of our business operations for the benefit of all our employees and shareholders.
22. Duration over which the Personal Data is Stored
23. Statutory or Contractual Provisions for Providing Personal Data; Requirement for Conclusion of Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide
We hereby inform you that the provision of personal data is to some extent required by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information regarding the contractual partner). In some cases, it may be necessary for conclusion of a contract that a data subject provides us with personal data that will then need to be processed by us. The data subject is, for instance, obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract cannot be concluded with the data subject. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis of whether provision of personal data is legally or contractually required or necessary for conclusion of the contract, whether an obligation exists to provide the personal data, and the consequences of failing to provide the personal data.
24. Existence of Automatic Decision-making
As a responsible company, we do not use automatic decision-making or profiling.
Date: August 2020