Privacy Policy

Privacy policy

What is this all about?

This privacy policy concerns your personal data and how we process them in the context of using our website as well as the special forms of use involved.

'Personal data' means any information relating to an identified or identifiable natural person ('data subject'), i.e. data that can be related to you personally, such as name, address, e-mail address, user behaviour, etc. 'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The following chapters

I.          Name and address of the controller

II.         Contact details of the Data Protection Officer

III.        General information on data processing

IV.       Provision of the website and creation of log files

V.        Use of "own" cookies

VI.       Website analysis tools

VII.      Newsletter

VIII.    Contact form and e-mail contact

IX.       Portals

X.        Embedding of YouTube videos

XI.       Embedding of Google Maps

XII.         Embedding of Google Fonts

XIII.        Online presence in social media

XIV.    Rights of the data subject

and the associated sub-items provide you with information in greater detail as to the processing of your personal data and your rights as a data subject:

I.          Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (hereinafter: "GDPR") and other national data protection laws of the EU Member States, as well as other data protection regulations, is

CWS-boco International GmbH

Franz-Haniel-Platz 6-8

D-47119 Duisburg

Germany

Telephone number: +49 6103 309-0

e-mail: info@cws.com

Website: https://www.cws.com

II.         Contact details of the Data Protection Officer

The controller's Data Protection Officer can be contacted as follows:

CWS-boco International GmbH

Datenschutzbeauftragter/Data Protection Officer

Franz-Haniel-Platz 6-8

D-47119 Duisburg

Germany

Telephone number: +49 6103 309-0

e-mail: datenschutzbeauftragter@cws.com

III.        General information on data processing

1.      Scope of personal data processing

We collect and process our users' personal data only insofar as necessary in the interests of providing a fully functional website and our content and services. The processing of our users' personal data on a regular basis only takes place with their consent. An exception applies in those cases in which circumstances prevent us from obtaining the user's prior consent and the processing of the data is permitted by law.

2.      The legal basis for the processing of the personal data

a)    Insofar as we obtain the data subject's consent for the processing of his/her personal data for one or more specific purposes, Art. 6(1)(a) GDPR serves as legal basis in this context.

b)    As regards the processing of data that is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as legal basis. This also applies to any processing that may be necessary in order to take steps at the request of the data subject prior to entering into a contract.

c)    Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as legal basis.

d)    In the event that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6(1)(d) GDPR serves as legal basis.

e)    If processing is necessary towards safeguarding a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing in such case.

3.      Erasure and storage period

The personal data of the data subject will be erased or blocked for processing as soon as the purpose for its storage is no given. Furthermore, data may be stored if this is required by Union or Member State regulations, law or other provisions to which the controller is subject. Deletion or blocking for processing of data will also be carried out if a storage period prescribed by the referenced standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

IV.       Provision of the website and creation of log files

1.      Description and scope of data processing

Every time a user accesses our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

·Information about the browser type and the version used

·The user's operating system

·The user's internet service provider

·The user's IP address

·Date and time of access

·Websites from which the user's system accesses our website

·Websites accessed by the user's system via our website

The data are likewise stored in the log files of our system. These data are not stored together with any other of the user’s personal data.

2.    Legal basis for data processing

The legal basis for temporary storage of the data and log files is Art. 6(1)(f) GDPR.

3.    Purpose of data processing

Temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data are stored in log files to ensure the website's functionality. In addition, we use the data to optimise the website and to ensure the security of our IT systems. We do not evaluate these data for any marketing purposes in this context.

These purposes also encompass our legitimate interest in the processing of the data as per Art. 6(1)(f) GDPR.

4.    Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected; As regards the collection of data for provision of the website, this is the case once the respective session has ended.

Data stored in log files are deleted within seven days at the latest. Extended storage is possible. In this case, the user's IP address will be deleted or modified in such a way that we can no longer identify the accessing client.

5.    Opt-out and data removal options

The collection of data for provision of the website and the storage of data in log files is absolutely essential to the website's operation. The user therefore has no possibility to object to their collection and retention.

V.        Use of "own" cookies

1.    Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user's computer system. When a user accesses the website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unambiguous identification of the browser when the website is accessed again.

We use the following types of cookies, the scope and function of which are explained in the following:

·Cookies that are technically necessary

·Cookies that are not technically necessary (analysis cookies)

a)    Cookies that are technically necessary

We use these cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can still be identified when the user switches to another page of the website.

These cookies store and forward the following data:

·Display of cookie notification text (cookie_consent, cookie_notification_reload_count)

·Support of JavaScript (has_js)

·Caching, e.g. of product reminder lists (Drupal.session_cache.sid)

·Bookmarked product list (Drupal.visitor.result, product_overview_href)

b)    Cookies that are not technically necessary (analysis cookies)

We also use cookies on our website that facilitate an analysis of your surfing behaviour.

The following data can be forwarded in this way:

·Search terms entered

·Frequency of page viewings

·Use of website functions

The user data collected in this way are pseudonymised by technical means. It is therefore no longer possible to associate the data to the accessing user. The data are not stored together with other personal data relating to the user.

When accessing our website, users are informed by a banner on the use of cookies for analytical purposes and referred to this privacy policy. In this context the user is also informed on how to disable the storage of cookies in the browser settings.

2.    Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.

3.    Purpose of data processing

a)    For technically necessary cookies

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be provided without the use of cookies. To this end it is necessary that the browser is recognised even after a page change.

These cookies are required for the following applications:

·Applying language settings

·Shopping basket

·Bookmarking of search terms

·Recognition of users

b)    For cookies that are not technically necessary

The analysis cookies are used to improve the quality of our website and its content. The analysis cookies enable us to find out how the website is used and thus allows us to continuously optimise it.

·Google Analytics (_ga, _gid, _gat)

In this purpose, we also have a legitimate interest in the processing of personal data in accordance with Art. 6(1)(f) GDPR.

4.    Duration of storage and options for objection and removal

Cookies are stored on the user's computer and sent by it to our website. You as user therefore have full control of the use of cookies. If the cookies used are what are known as transient cookies, they are deleted after the user logs out or closes the browser. Persistent cookies are automatically erased after a particular period of time which may differ depending on the cookie in question. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Moreover, cookies that have already been stored can be deleted at any time. As described, this can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

VI.       Website analysis tools

The following analysis tools are used on our website:

1.    Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc., whose European headquarters are at Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The terms of use can be viewed at https://www.google.de/analytics/terms/de.html, the overview on data protection and privacy principles can be viewed at

https://www.google.com/analytics/learn/privacy.html?hl=de and the privacy policy can be viewed at https://policies.google.com/privacy?hl=de.

a)    Description and scope of data processing

We use Google Analytics to analyse the use of our website. For this purpose, Google Analytics uses cookies which are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there.

This information is as follows:

·Origin (country and city)

·Language

·Operating system

·Device (PC, tablet PC or smartphone)

·Browser and add-ons used

·Click areas (heat map)

·Session duration

·Bounce rate

If IP anonymisation is activated on this website, however, Google Inc. will first truncate your IP address within the member states of the European Union or other parties to the Agreement on the European Economic Area. This means that IP addresses are only processed in truncated form, so personal identifiability can be ruled out. This means that if the data collected about you are identifiable to you personally, they will be blocked immediately and the personal data thus erased immediately.

Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. Where such exceptional cases in which personal data are transferred to the USA are concerned, Google has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is sentence 1 of Art. 6(1)(f) GDPR.

On behalf of this website's operator, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with other services relating to website and internet use.

The IP address sent by your browser for Google Analytics purposes will not be combined with other data stored by Google Inc.

b)    Legal basis for the processing of the personal data

The legal basis for processing the personal data is Art. 6(1)(f) GDPR.

c)    Purpose of data processing

We use Google Analytics to analyse and continuously improve the use of our website. With the statistics thus gained, we can improve our offering and make it more interesting for you as a user. Given these purposes, our legitimate interest lies in the processing of personal data pursuant to Art. 6(1)(f) GDPR. The anonymisation of the IP address means that adequate consideration is given to the interests of the user in the protection of their personal data.

d)    Duration of storage

Data stored at Google on the user and event level which are linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised after 14 months or erased. For details in this context, please refer to the following link:

https://support.google.com/analytics/answer/7667196?hl=de

e)    Opt-out and data removal options

You can prevent the use of cookies by adjusting your browser settings accordingly; however, please note that if you do so, some parts of this website may not function fully. You can also opt out of storage of the data on your site activity by the cookie (incl. your IP address) as well as the processing of these data by Google by downloading and installing the browser plug-in available from the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

You can prevent the collection of your data by Google Analytics by clicking the following link. This saves an opt-out cookie on your system, which prevents the collection of your data during future visits to this website: opt out of Google Analytics. Further information on the handling of user data at Google Analytics can be found in Google's data privacy policy at:

https://support.google.com/analytics/answer/6004245?hl=en

2.    etracker (CWS customer portal)

We use etracker, a web analysis service provided by etracker GmbH, Erste Brunnenstrasse 1, D-20459 Hamburg, Germany. The general terms and conditions can be viewed at https://www.etracker.com/agb, the agreement for the processing of personal data can be viewed at https://www.etracker.com/av-vertrag.

a)    Description and scope of data processing

We use etracker to analyse the use of our customer portal. For this purpose, etracker uses cookies which are stored on your computer and which enable an analysis of your use of the customer portal. The information generated by the cookie on your use of the customer portal is generally sent to a server of etracker GmbH in Hamburg and stored there.

This information is as follows:

·Origin (country)

·Language

·Operating system

·Device (PC, tablet PC or smartphone)

·Browser

·Click areas (heat map)

·Session duration

You can find more detailed information on etracker cookies at https://www.etracker.com/support/etracker-cookies-2/. The customer portal only uses the following cookies: BT_ctst, BT_pdc, BT_sdc, _et_coid, noWS_mjV509.

If IP anonymisation is activated on this website, however, etracker will first truncate your IP address within the member states of the European Union or other parties to the Agreement on the European Economic Area. As a result, IP addresses are only processed in truncated form in order to prevent direct identifiability. This means that if data collected about you are identifiable to you personally, they will be blocked straight away and the personal data thus erased immediately.

The legal basis for the use of etracker is sentence 1 of Art. 6(1)(f) GDPR.

On behalf of the operator of the customer portal, etracker GmbH will use this information to analyse your use of the website, to compile reports on website activities and to provide the website operator with other services relating to website and internet use.

The IP address sent by your browser for etracker purposes will not be merged with other data stored by etracker nor passed on to third parties.

b)    The legal basis for the processing of the personal data

The legal basis for processing the personal data is Art. 6(1)(f) GDPR.

c)    Purpose of data processing

We use etracker Analytics to analyse the usage of our customer portal and to be able to continuously improve it. With the statistics thus gained, we can improve our internet offering and make it more interesting for you as user.

d)    Duration of storage

Insofar as the data collected is personal, it will be deleted immediately as part of the anonymisation.

e)    Opt-out and data removal options

You can prevent the use of cookies by adjusting your browser settings accordingly; however, please note that if you do so, some parts of this website may not function fully.

VII.      Newsletter

1.    Description and scope of data processing

We would like to use the processing of the data in order to be able to suggest our best possible products and services for your business, to inform you about new products, product innovations, product possibilities, new developments, related current topics, special offers, newsletters about our own products and services including related current topics, events and to contact you for survey purposes from companies in the CWS Group.

Since we cannot offer all products ourselves in Germany, we also use affiliated companies as subcontractors. For the purposes of being able to make appropriate suggestions, we also pass on your data to the affiliated companies of the CWS Group (see www.cws.com/Locations for a list of these) within the scope of what is permitted under data protection law. We naturally conclude agreements with these companies on the processing of orders using personal data.

You can sign up to our free-of-charge newsletter by the following means:

a)  Website:

You can sign up to the free-of-charge newsletter on our website. We use what is known as the "double opt-in" procedure for your signup to our newsletter. This means that after you sign up, we will send you an e-mail to the e-mail address indicated by you, in which we ask you to confirm that you wish to have the newsletter mailed to you. If you do not confirm your signup within 24 hours, your information will be blocked and, after one month, automatically erased.

b)  e-mail invitation:

It is possible to sign up to our free-of-charge newsletter via an e-mail invitation. To sign up to our newsletter, confirm the activation link in the e-mail you receive. We will then send you a second e-mail in which we ask to confirm that you would like to have the newsletter mailed to you. If you do not confirm your registration within 24 hours, your information will be blocked and, after one month, automatically erased.

c)   Written consent:

Written consent: If you send us your written consent, we will store it as a scan or in its original form, likewise for documentation purposes. When you sign up to the newsletter the data from the input mask will be sent to us. The personal data in question are as follows:

·e-mail address (mandatory)

·Title (optional)

·Surname (optional)

·First name (optional)

·Date of birth (optional)

The following personal data will also be collected when you sign up:

·IP address of the accessing computer

·Date and time of signup/mailing of the first opt-in e-mail

·Storage of the texts used for signup and confirmation (as content of the declaration of consent)

As part of the signup process, your consent to the processing of your data is obtained and reference made to this privacy policy.

In connection with the data processing for the mailing of newsletters, the data are passed on to member companies of the CWS Group (see www.cws.com/Locations for a list of these) and to other service providers if this is necessary for the mailing of the newsletter.

The other service providers are currently:

                      i.    Salesforce Pardot

We use the Pardot services for the mailing of our newsletters. The provider is Salesforce.com, inc. The Landmark at One Market, Suite 300, San Francisco, CA 94105, USA.

We use Salesforce Pardot to organise and analyse the mailing of newsletters. When you enter data (e.g. your e-mail address) for signing up to our newsletter, these will be stored on Pardot servers in the USA. When you open an e-mail sent by Pardot, a file contained in the e-mail (so-called web beacon) connects to Pardot's servers in the USA. It can thus be established whether a newsletter message has been opened and which links, if any, are clicked on. Technical information is also collected:

·Time of access

·IP address

·Browser type

·Operating system

This information cannot be associated to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to ensure that the content of future newsletters better matches the interests of recipients.

The legal basis for using Pardot Salesforce is sentence 1 of Art. 6(1)(a) and (f) GDPR.

If you do not wish your use of the newsletter to be analysed by Pardot, you will have to unsubscribe from the newsletter. We provide a link for this purpose in each newsletter message that we send.

The data you provide us with for the purposes of your signup to the newsletter is stored until such time as you unsubscribe from the newsletter; they will then be deleted from our servers and from those of Pardot. For more information, see Pardot's privacy policy at:

https://www.salesforce.com/company/privacy/
Conclusion of a data processing agreement: We have concluded a data processing agreement with Pardot in which we obligate Pardot to protect the data of our customers and not to disclose said data to third parties, besides which Pardot has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

2.    Legal basis for the data processing

The legal basis for processing the data after the user's registration for the newsletter is, given the user's prior consent, Article 6(1)(a) GDPR.

3.    Purpose of data processing

The user's e-mail address is collected to facilitate delivery of the newsletter. If you voluntarily provide your title, surname, first name and date of birth as well when signing up, these data will solely be used for the purposes of personalising the newsletter.

The collection of other personal data as part of the signup process ensures the prevention of misuse of the services or of the e-mail address used.

Technical information is also collected when the newsletter is opened. It is used solely for statistical analysis of newsletter campaigns. The results of these analyses can be used to ensure that the content of future newsletters better matches the interests of recipients.

4.    Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected; your e-mail address will therefore be stored for as long as your subscription to the newsletter is active.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

5.    Opt-out and data removal options

You can opt out of having the newsletter mailed to you at any time and unsubscribe from the newsletter. You can notify your opt-out by clicking on the link provided in each newsletter e-mail, by e-mail to the e-mail address specified in the newsletter e-mail or by sending a message to the contact given in the imprint.

This likewise facilitates withdrawal of consent to the storage of personal data collected during the registration process.

VIII.    Contact form and e-mail contact

1.    Description and scope of data processing

The processing of your name and contact information for the purposes of providing you with information about our products, managing your registration, registering and participating in our events, webinars, for managing your registration for competitions or promotions, providing customer support or if we communicate with you by any other means.

There is a contact form on our website which can be used for making contact by electronic means. If users choose to use this possibility, the data entered in the input screen will be sent to us and stored. These data are:

·e-mail address (mandatory)

·Surname (mandatory)

·First name (mandatory)

·Company (voluntary)

·Street (optional)

·Postcode/city (mandatory)

·Telephone (mandatory)

·Requirement (optional)

The following data are additionally stored at the time the message is sent:

1.   IP address of the accessing computer

2.   Date and time of messaging

As part of the sending process your consent to the processing of your data is requested and reference made to this privacy policy.

Alternatively, you can contact us via the e-mail address accordingly provided. In this case, the user's personal data transmitted with the e-mail will be stored.

Such data will not be disclosed to third parties in this context. These data will be used exclusively for processing the conversation.

2.    Legal basis of the processing

The legal basis for data processing, given the user's consent, is Art. 6(1)(a) GDPR.

The legal basis for processing the data transferred in the course of sending an e-mail is Art. 6(1)(f) GDPR.

If the ultimate purpose of the e-mail contact is the conclusion of a contract, the supplementary legal basis for the data processing is Art. 6(1)(b) GDPR.

3.    Purpose of data processing

We process the personal data from the input mask solely for the purpose of facilitating communication with the user. If contact is made via e-mail, this also provides the required legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4.    Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected; as regards the personal data from the input mask and those sent per e-mail, this is then the case when the respective conversation with the user has ended. The conversation is deemed ended when the circumstances indicate that the matter in question has been definitively resolved.

The personal data additionally collected during the sending process are deleted after a period of 7 days at the latest.

5.    Opt-out and data removal options

At any time, the user has the option of opting out of the processing of his/her personal data. Users making contact with us by e-mail can at any time object to the storage of his/her personal data. In such case the conversation cannot be continued. To revoke your consent and object to the storage, you can use the e-mail address used to contact us or the e-mail address given in the imprint.

In such case, all personal data that was stored when you made contact with us will be erased.

IX. Portals

CWS customer portal

1.    Description and scope of data processing

Our CWS customer portal enables you to manage your contracts with CWS as well as view invoices and delivery notes.

On the portal homepage we offer you the option to sign up or log in by providing personal data. The data are entered in an input screen, transmitted to us and stored. The data will not be passed on to third parties.

We use what is known as the "double opt-in" procedure for your signup to our newsletter. This means that after you have signed up, we will send you an e-mail to the e-mail address indicated by you, in which we ask you to confirm that you wish to sign up to the portal. If you do not confirm your signup within 48 hours, your information will be blocked and, after one month, automatically erased.

The following data is collected during the signup process:

·Company

·Surname, first name

·Address

·Customer number

·e-mail address

·Phone number

The following other data is also stored at the time of your signup:

·Date and time of signup

As part of the signup process, your consent to the processing of your data is obtained and reference made to this privacy policy.

2.    Legal basis for the data processing

The legal basis for processing the data after your signup to the customer portal is Art. 6(1)(a) GDPR.

3.    Purpose of data processing

Your signup does not take place for the conclusion of a contract: Your signup is necessary for the provision of certain content and services on our website.

The collection of data in the course of the signup process serves to associate the person signing in to the correct contracts so that the user can manage his/her contracts only and view the invoices and delivery notes for them.

The purpose of collecting any other data as part of the process of signing up is to prevent misuse of the services or of the e-mail address used.

4.    Duration of storage

The data are erased as soon as you terminate your access permanently and your data are no longer necessary for contract performance. Furthermore, we will store the optional data provided by you for the duration of your use of the of portal, unless you erase them prior to this.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

5.    Opt-out and data removal options

You can permanently terminate your access to the customer portal at any time by following the steps explained in the customer portal. However, this does not remove your existing contract; this remains unaffected hereby.

  

X. Embedding of YouTube videos

1.    Description and scope of data processing

We have embedded YouTube videos in our online offering. These videos are stored on http://www.youtube.com and are directly playable from our website. These are all embedded via the URL https://www.youtube-nocookie.com, which means that no data on you as user is sent to YouTube unless you play the videos. Only after you play the videos will your data be sent. We have no control over this data transmission.

YouTube is operated by Google Inc.

When you visit our website, information is sent to YouTube that you have accessed that page on our website. In addition, the data listed under section IV.1. of this Privacy Policy are sent. Data are sent whether or not you have a YouTube account via which you are logged in. If you are logged in to Google, your data will be directly associated to your account. If you do not wish your data to be associated to your YouTube profile, you must first log out before clicking to view the videos. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or tailoring their website to your particular needs. ​This evaluation takes place in particular (even for users who are not logged in) to provide targeted advertising and to inform other users on the social network about your activities on our website.

2.    Legal basis for data processing

The legal basis for the integration of YouTube is Art. 6(1)(f) GDPR.

3.    Purpose of data processing

The embedding gives you the option to interact with YouTube and other users so that we can improve our offering and make it more interesting for you as user. Given this purpose, we have a legitimate interest in embedding YouTube videos.

Such evaluation by YouTube takes place in particular (even for users who are not logged in) to provide targeted advertising and to inform other users on the social network about your activities on our website.

4.    Duration of storage

We have no information on the storage periods and erasure of the data collected by YouTube.

5.    Opt-out and data removal options

You have a right to opt out of the creation of these user profiles, but to exercise this right you must contact Google.

X1. Embedding of Google Maps

1.    Description and scope of data processing

We use the Google Maps tool on this website.

Google Maps is operated by Google Inc. You can find the associated privacy policy as well as information on your rights and setting options for protecting your privacy at https://policies.google.com/privacy?hl=en-GB. Google processes your personal data in the USA as well and has signed up to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

When you visit the website, information is sent to Google that you have accessed that page on our website. In addition, the data listed under section IV.1. of this Privacy Policy are sent. Data are sent whether or not you have a Google account via which you are logged in. If you are logged in to Google, your data will be directly associated to your account. If you do not wish to be associated to your Google profile, you must first log out before clicking to use Google Maps. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or tailoring their website to your particular needs. Such evaluation takes place in particular (even for users who are not logged in) to provide targeted advertising and to inform other users on the social network about your activities on our website.

2.    Legal basis for data processing

The legal basis for the embedding of Google Maps is Art. 6(1)(f) GDPR.

3.    Purpose of data processing

The use of Google Maps gives you easy access to the interactive map displayed on our website, and convenient use of the map function. Given this purpose, we have a legitimate interest in embedding Google Maps

4.    Duration of storage

We have no information on the storage periods and erasure of the data collected by Google Maps.

5.    Opt-out and data removal options

You have a right to opt out of the creation of these user profiles, but to exercise this right you must contact Google.

XII. Embedding of Google Fonts

1.    Description and scope of data processing

On our website we embed the fonts ("Google Fonts") provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

According to Google, the user data is used solely for the purpose of displaying the fonts in the user's browser. The embedding is done based on our legitimate interests in a technically secure maintenance-free and efficient use of fonts, their uniform representation as well as consideration of possible licensing restrictions om their embedding. Privacy policy: https://www.google.com/policies/privacy/.

2.    Legal basis for data processing

The legal basis for the embedding of Google Fonts is Art. 6(1)(f) GDPR.

3.    Purpose of data processing

The embedding is done based on our legitimate interests in a technically secure maintenance-free and efficient use of fonts, their uniform representation as well as consideration of possible licensing restrictions om their embedding.

4.    Duration of storage

We have no information on the storage periods and erasure of the data collected by Google.

5.    Opt-out and data removal options

You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.

XIII. Online presence in social media

We maintain online presence on various social networks and platforms ("social media") in order to communicate with our customers, interested parties and other users and inform them about our services. When accessing such networks and platforms the terms and conditions as well as privacy policies of these networks and platforms apply.

Unless stated differently in this privacy policy, we process the user data insofar as the users communicate with us on the social media and platforms, for example written contributions on our posts or messages sent to us.

XIV. Rights of the data subject

If your personal data is processed, you then are a data subject within the meaning of the GDPR and you have the following rights in respect of the controller (see section I. of this declaration):

Right to access of information

You have the right to obtain from the controller confirmation as to whether we process your personal data.

Where that is the case, you have the right to obtain from the controller access to the following information:

a) the purposes for which the personal data are processed;
b) the categories of personal data that are processed;
c) the recipients or the categories of recipients to whom the personal data relating to you have been or will be disclosed;
d) the envisaged period of storage for which your personal data will be stored or, if specific information cannot be provided, the criteria used to determine the storage period;
e) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;
 f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information on their source;
h) the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and– at least in those cases – meaningful information about the logic involved, as well as the scale and the envisaged consequences of such processing for the data subject.

You have the right to access information as to whether your personal data are transmitted to a third country or to an international organisation. Where that is the case, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transmission.

Right to rectification

You have the right to obtain from the controller the rectification of inaccurate personal data on you and/or completion of incomplete personal data on you processed by the controller. The controller is to carry out such rectification without delay.

Right to restriction of processing

a) if you dispute the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;

b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or

d) you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

If the processing of personal data concerning you has been restricted, then – apart from its storage – this data may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest on the part of the Union or a Member State.

If you have obtained restriction of processing under the above criteria, you shall be informed by the controller before the restriction of processing is lifted.

Right to erasure of data

a) Obligation to erase data

You have the right to obtain from the controller the erasure of your personal data without delay and the controller has the obligation to erase such data without delay where one of the following grounds applies:

·Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

·You withdraw your consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.

·You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

·Your personal data have been unlawfully processed.

Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Your personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Notification of third parties

Where the controller has made your personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c)    Exceptions

The right to erasure does not apply to the extent that processing is necessary

·for exercising the right of freedom of expression and information;

·for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject,

·or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

·for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i), as well as Art. 9(3) GDPR;

·for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes as per Art. 89(1) GDPR, to the extent that the right referred to in section a) is likely to render impossible or seriously inhibit the achievement of the purposes of such processing; or

·for the assertion, exercise or defence of legal claims.

·

Right to notification

If you have exercised the right to obtain from the controller the rectification, erasure or restriction of processing, the controller is obliged to communicate such rectification or erasure of data or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves a disproportionate outlay.

You have the right to be informed by the controller about such recipients.

Right to data portability

You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

a)    the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or a contract pursuant to Art. 6(1)(b) GDPR and

b)    the processing is carried out by automated means.

In exercising that right, you have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6(1)(e) GDPR, including profiling based on those provisions.

The controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to withdraw consent to this privacy policy

You have the right at any time to withdraw your consent to the privacy policy. Such withdrawal shall not affect the lawfulness of any processing based on consent before its withdrawal.

Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

a)    is necessary for entering into, or performance of, a contract between the you and a controller,

b)    is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

c)    is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1), unless Art. 9(2)(a) or (g) GDPR apply and appropriate measures to protect your rights and freedom as well as your legitimate interests are in place.

In the cases referred to in points a) and c), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.