Privacy policy
We are delighted you have expressed an interest in our company, products or services and want to make sure you feel safe when visiting our website, also with regard to the protection of your personal data. We would like you to know when we store data, which data we store, and how we use it. We are subject to the provisions of the European general data protection regulation (GDPR) and the supplementary regulations of the German Federal Data Protection Act (BDSG). We have taken suitable technical and organisational measures to ensure that the regulations on data protection are observed both by us and by service providers commissioned by us.
This privacy policy applies to our online offers. This includes our websites, their functions and contents as well as external online presences, such as our appearances on social media. This general privacy policy also serves to inform you about further processing of your personal data and our fulfilment of our duty to inform you.
The terms used in this privacy policy, such as controller or personal data, are used in accordance with the definitions of the GDPR. For reasons of readability and thus also in the sense of a comprehensible provision of information, we generally refrain from referring to specific articles, paragraphs or suchlike.
Controller
The controller within the meaning of the GDPR and other national data protection laws of the member states and other data protection regulations is
DREISTERN GmbH & Co. KG
Wiechser Strasse 9
D-79650 Schopfheim
Germany
Tel. +49 7622 391-0
Fax +49 7622 391-200
Data protection officer
The controller has appointed a data protection officer. His contact details are
Michael Kranzer
datenschutz@dreistern.com
You can contact our data protection officer directly at any time if you have any questions about data protection.
General information on data processing
Legal basis for the processing of personal data
Within the framework of data protection regulations, the processing of personal data is generally not permitted, unless there is a legally permissible reason for permission. We are obliged to inform you about the legal basis of data processing
Insofar as we obtain your consent for processing personal data, this serves as the legal basis.
In the processing of personal data which is necessary to fulfill a contract to which you are a party, the fulfillment of the contract serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary to fulfill a legal obligation to which we are subject, this serves as the legal basis.
In cases where vital interests of the data subject or another natural person require the processing of personal data, this serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if these interests do not outweigh your fundamental rights and freedoms , this serves as the legal basis for the processing.
Data transmission in third-party states
The GDPR ensures a consistently high level of data protection within the European Union (EU) and the European Economic Area (EEA). When selecting our service providers and cooperation partners, we therefore rely on European partners whenever possible if your personal data is to be processed.
If we have your data processed in a third country – i.e. outside the EU/EEA – this is always done in accordance with the legal requirements.
In addition to your express consent or transfer required by contract or by law, we will only have your data processed in third countries with a recognised level of data protection, by contractual obligation through so-called standard contractual clauses of the EU Commission, in the case of certifications or binding internal data protection regulations.
Existence of an automated decision-making process
We do not have an automatic decision-making process.
Recipients of the data/categories of recipients
Within our company, we ensure that only those persons who need your data to fulfil their contractual and legal obligations receive it.
In some cases, we use carefully selected external service providers to process your data. Should data be passed on to service providers as part of so-called order processing, this is done in accordance with the provisions of the GDPR. Our contract processors are carefully selected, bound by our instructions and are checked at regular intervals. We only commission such contract processors who offer sufficient guarantees that suitable technical and organisational measures are taken in such a way that the processing is carried out in accordance with the requirements of the GDPR and BDSG and guarantees the protection of your rights.
Transfer of personal data to third parties
As a matter of principle, we do not pass on personal data to third parties without your express consent. If, in the course of processing, we nevertheless disclose your data to third parties, transfer it to them or grant them other access to the data, this is also done exclusively on the basis of one of the aforementioned legal bases.
For example, we transmit data to payment service providers or suppliers if this is necessary to fulfil the contract. If we are obliged to do so by law or by court order, we must transmit your data to the respective authorities entitled to receive the information.
Use of our online offer
You can use our online offer without disclosing your identity. In this section, we explain when and in what context we process data when using our online offers, which offers of service providers we have implemented, how they work and what happens with your data.
Children
Our offers are in principal aimed at adults. Persons under 16 years of age must not transmit personal data to us without the consent of their parents or legal guardians.
Transport encryption
To protect your transmitted data in the best possible way, we use a so-called transport encryption. To ensure the security of your data during the transmission process, we use a state-of-the-art SSL/TLS encryption process.
Data recording when visiting our website
If you use our websites for information purposes only, i.e. if you do not register for an offer, conclude a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers.
When you access our websites, we record the following data, which is technically necessary for us to be able to display our websites and to guarantee stability and security:
- IP address of the user
- Date and time of the access
- Content of the access (specific page)
- Access status/HTTP status code
- Respective data volume transferred
- Website from which our website is accessed
- Visitor's operating system
- Language and version of the browser software
This data is temporarily stored in the log files of our system for a maximum of seven days. Storage beyond this period is possible, but in this case the IP addresses will be shortened or alienated so that it is no longer possible to assign the accessing client. The log files are not stored together with other personal data concerning you within this context. The legal basis for these processing procedures is our legitimate interest.
Since the collection of data for the display of the websites and the storage of the data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no possibility of objection in this respect.
Enquiries to us
If you send us an enquiry via our website – for example by using the contact form – your personal data will be processed in order to answer your enquiry:
Customer account
Personal data is required to maintain a customer account. The required data is marked with an "*" in the registration form. By registering, you consent to the use of this data for the purpose of managing the account. Depending on the method of payment, further data is required for orders via the shop. For the purpose of processing electronic payments, we may cooperate with electronic payment service providers and transfer your personal data for these processing purposes.
Use of cookies
General information on the use of cookies
In addition to the above-mentioned data, cookies are stored on your device when you visit our websites. Cookies are small text packages that can be sent from a website to the browser, which stores them and sends them back again. Cookies can store different information which is read out by the party that sets the cookie. They usually contain a characteristic string of characters (ID) that enables the browser to be uniquely identified when the website is accessed again or when the user switches to another site. Their primary purpose is to make our online offers more user-friendly and effective overall. The user data collected in cookies is pseudonymised by technical measures, which generally makes it impossible to assign the data to the accessing user. Insofar as identifiability is given, such as in the case of a login cookie, whose session ID is necessarily linked to the user's account, we will make you aware of this at the appropriate point.
We use different types of cookies:
- So-called "session cookies" are cookies that are deleted after you leave our website and close the browser. In such cookies, e.g. language settings or the contents of a shopping basket are stored.
- "Permanent cookies" remain stored even after the browser is closed. For example, the login status or entered search terms can be saved. We use such cookies, among other things, for range measurement or marketing purposes. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. However, you can delete these cookies at any time using your browser.
In addition to so-called "first-party cookies", which are set by us as the controller for data processing, "third-party cookies" are also used, which are offered by other providers.
- So-called "first-party cookies" are set by us as the controller: The legal basis for the processing of your personal data is our legitimate interest.
- External service providers who carry out web tracking or range measurements for us, for example, may also set cookies.
The legal basis for processing your personal data is your consent.
Information on services used
Cookie management tool
We use a so-called cookie management tool. This enables you to manage the cookies we use, to find out more information about data processing using cookies and to view the purpose and storage period of the cookies used.
Leadinfo
We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo”.
Information on data processing by third parties
Google Analytics
If you have given your consent, this website uses Google Analytics. This is a web analysis service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyse the activities of a user across devices.
Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the Cookie concerning your use of this website is normally transferred onto a Google server in the USA and saved there. In the case of activation of the IP anonymisation on the website, your IP address will however be previously abbreviated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous recording of IP addresses. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
- Frequency of page views
- Number of users
- Jump rate (page is closed again after being accessed)
- Session duration (average duration of all users)
- Country from which the website was accessed
- Use of website functions
- Which page is visited how often
- From which website the user comes
- Booking Conversion Rate (How many users of the website book a service)
- From which region the user comes
- Device and device category with which the user accesses our website
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on activity for us, and providing other services relating to the usage.
The legal basis for the use of Google Analytics is your voluntarily given consent.
You can find more information on the terms of use and data protection at Google here and here.
Recipients/categories of recipients
The recipients/categories of recipients of the recorded data can be found in our cookie management tool.
Duration of data storage
How long the cookies are stored on your device can be seen in our cookie management tool.
Online offers in social media
We offer online services on various platforms to provide information and to be able to contact you.
We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our offers there, the platform operator stores cookies in your browser, in which your usage behaviour or your interests are stored for market research and advertising purposes.
The user profiles obtained in this way – usually across different devices – are used by the platform operators to display personalised advertising. Data processing may also affect persons who are not registered as users on the respective platform. Under certain circumstances, your data may be processed outside the territory of the European Union, which may make it difficult to enforce your rights. However, when selecting such platforms, we make sure that the operators undertake to comply with EU data protection standards.
The processing of your personal data when you visit one of our offers in social media is based on our legitimate interest in a diverse external presentation of our company and the use of an effective information opportunity as well as communication with you.
Detailed information on data processing in connection with the use of our offers on these platforms, the possibility of objection and the assertion of information rights can be obtained from the privacy statement of the respective platform operator.
YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy of the provider
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Agreement on the joint processing of personal data in accordance with the GDPR.
Privacy policy of the provider
Newsletter
We offer you the opportunity to subscribe to our free e-mail newsletter. We will only send this newsletter with your consent. When you subscribe to a newsletter, the data from the input window (name and e-mail address) is transmitted to us and stored for as long as the subscription to the newsletter is active.
Your consent will be obtained for the processing of this data for the purpose of sending the newsletter and reference will be made to this data protection notice. For the registration process, we use the so-called "double opt-in procedure". After successful registration, you will receive an e-mail in which you must click a link to confirm your registration. In this way, we prevent unauthorised third parties from registering using your e-mail address.
We log the registration process in order to be able to prove the process in accordance with legal requirements. The IP address of the accessing device, date and time of the registration are stored. The data provided by you will be stored for as long as the subscription to the newsletter is active.
You can cancel the subscription at any time. For this purpose, there is a corresponding unsubscribe link in every newsletter. This also enables you to revoke your consent. The legal basis for processing your data is your voluntarily given consent to receive newsletters.
If you purchase goods or services from us and provide us with your e-mail address, we reserve the right to use this to send newsletters with direct advertising for our own similar goods or services. This serves to protect our legitimate interests in advertising to our customers which are deemed as outweighing as part of a balancing of interests. You can object to this use of your data at any time by sending a message to the contact options listed below or by using the unsubscribe link in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates. Insofar as the newsletter is sent due to the sale of goods or services, we refer to the provisions of the law against unfair competition (UWG).
Analysis of opening rates
Our newsletters contain a pixel-sized file (a so-called web beacon or pixel counter), which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the access, is recorded.
This information is used, among other things, for the technical improvement of our newsletter. In addition, we would like to determine your access time and your reading behaviour on the basis of your access location. This analysis includes determining whether the newsletter is opened, when it is opened and which links are clicked. For technical reasons, this information can be assigned to individual recipients. It is by no means in our interest to observe individual users. Rather, we use the evaluations to identify the reading habits of our users and to adapt our content to them or to send different content that reflects the interests of our user groups.
The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
A separate revocation of the performance measurement is unfortunately not possible. If you wish to object to the performance measurement, you must cancel your newsletter subscription. This means that if you have given your consent, you must revoke your consent. If you receive the newsletter based on our previously declared legitimate interest, you must object to receiving the newsletter.
The legal basis for sending our newsletter is either your voluntarily given consent or our legitimate interest.
Right to object (opt-out)
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe the newsletter either at the bottom of each newsletter or you can use one of the contact options above, preferably by e-mail.
We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blocking list solely for this purpose.
Commercial and business services
We process the data of our contractual and business partners, e.g. suppliers, customers and interested parties (hereinafter referred to as business partners) within the framework of contractual or comparable legal relationships and associated measures and within the framework of communication with our business partners.
We process this data to fulfil our contractual obligations, to secure our rights and for purposes of the associated administrative tasks and our corporate organisation. Within the framework of the applicable law, we only pass on the data of our business partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations or with the consent of the data subjects (e.g. to involved telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this privacy policy.
We inform our business partners which data is required for these purposes before or during data collection or personally.
Deletion of data and storage period
As soon as the purpose for processing ceases to apply, we delete or block your personal data. Beyond this period, however, data may be stored if this is required by legal regulations to which we are subject. This applies in particular to data that must be retained for legal archiving reasons (e.g. for commercial law reasons, usually for 6 years or for tax law reasons, usually for 10 years).
Processed data
Existing data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of the contract, term of the contract).
Purposes of the processing
Provision of contractual services and customer service, contact enquiries and communication, internal organisational procedures, management and answering of enquiries.
Legal bases
Fulfilment of contract/pre-contractual enquiries, legal obligations, legitimate interests.
Applications
Within the context of an application to us, the data provided by you – such as your contact details and qualifications – will be used exclusively for processing the application procedure.
Your data will be passed on internally to the responsible divisional managers. We process your personal data for the purpose of your application for a job to the extent that this is necessary for the decision on whether to enter into an employment relationship with you.
Furthermore, we may process personal data about you to the extent that this is necessary to defend against legal claims asserted against us in connection with the application process.
Your data will generally be deleted 6 months after completion of the application process, unless otherwise agreed with the applicant (see also admission to the applicant pool). If your application is followed by the conclusion of an employment contract, the data will be included in the personnel file.
Admission to the applicant pool
If we do not currently have a suitable vacancy for your application – for example if you send us a speculative application – we will be happy to include your application in our applicant pool. However, this requires your consent, which we will ask you for in such a case.
If your application documents in the applicant pool are not used by us within one year, your application documents will be automatically deleted.
No automated decision making
There is no automated individual decision-making, i.e. the decision on your application is not based solely on automated processing.
Your rights as a data subject
As a data subject, you have various rights, about which we would like to inform you in the following. Depending on the reason for which and the way in which your personal data is processed, you have the rights described in the following sections.
Your right to information
As a data subject, you have the right to obtain from us information as to whether we are processing personal data about you and, if so, which personal data we are processing.
You also have the right to request a copy of your personal data that is being processed.
Your right to rectification
You have the right to ask us to rectify any personal data which you consider to be incorrect.
You also have the right to ask us to complete any personal data which you consider to be incomplete.
Your right to erasure
If the legal requirements are met, you can request the erasure of your personal data.
This is the case, for example, if we process your data based on your consent and you revoke this consent.
However, we may not, for example, erase data if we must store it due to legal retention periods. We are also unable to comply with your request for erasure if it is necessary for us to process your personal data in order to assert, exercise or defend legal claims.
Your right to restriction of processing
Under certain circumstances, you as the data subject have the right to demand that we restrict the processing of your personal data.
One such condition is, for example, that you dispute the accuracy of your personal data. Or the case in which we no longer need your personal data, but you need this data to assert, exercise or defend legal claims.
Your right to object
If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing if it is based on your particular personal situation. However, this right to object does not apply if there is a compelling public interest in the processing which outweighs your interest, if a legal provision obliges us to process the data, or if the processing serves the assertion, exercise or defence of legal claims.
If we use your personal data for direct marketing purposes, you have the right to object at any time to the processing for the purpose of such marketing. If you object to processing for this purpose, your personal data will no longer be processed for this purpose.
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future. Your revocation does not affect the legality of the processing that has taken place until the revocation.
Your right to data portability
You only have this right with regard to personal data that you yourself have provided us with. You have the right to demand that this personal data be transferred by us directly to another controller.
Alternatively, you have the right to require us to provide your data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract and if the processing is carried out using automated procedures.
Complaint to the supervisory authority
You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of data protection legislation.
Modifications
This privacy policy will be adapted from time to time. These adjustments are made, for example, if changes occur due to technical progress, legal requirements or other influences.
Date: October 2020