Data privacy

Name and contact person of the party responsible in accordance with Article 4 Para. 7 GDPR

Staudinger Company Group
Address: Lamerstrasse 9, 93444 Bad Koetzting
Phone: +49 9941/951-0
Fax: +49 9941/951-280
E-Mail: staudinger@staudinger.com

Data protection officer

Name: Bernhard Jacob
External Company: Jacob Expert Office
Address: Wolframstr. 74, 12105 Berlin
E-Mail: b.jacob@svb-jacob.de

Safety and protection of your personal data

Safety and protection of your personal data

Ensuring the confidentiality of the personal data you provide and protecting it from unauthorised access is our top priority. This is why we take extreme care and use the latest security standards to ensure the maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures that ensure that both we and our external service providers observe the data protection regulations.

 

Definitions

We are required by law to process personal data lawfully, in good faith and in a way that is transparent for the person concerned ("legality, processing in good faith, transparency"). To ensure this, we are informing you about the individual statutory terms that are also used in this data privacy statement.

 

1. Personal data

"Personal data" means all information relating to an identified or identifiable natural person (hereinafter referred to as the "person concerned"); a natural person is considered identifiable if that person can be identified directly or indirectly, especially by means of allocation to an identification such as a name, an identity number, location data, an online ID, or to one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

 

2. Processing

"Processing" means every operation or series of operations that is carried out with or without the help of automated procedures in connection with personal data such as the collection, recording, organisation, arrangement, storage, modification or change, reading out, query, use, disclosure by means of transmission, distribution or another form of provision, comparison or linking, restriction, deletion or destruction.

 

3. Restriction of processing

"Restriction of processing" means the marking of stored personal data with the objective of restricting its future processing.

 

4. Profiling

"Profiling" means any kind of automated processing of personal data that consists of this personal data being used to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects regarding their work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.

 

5. Pseudonymisation

"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific person concerned without the use of additional information, provided that this additional information is kept separate and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

 

6. File system

"File system" is each structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is maintained centrally, decentrally, or arranged according to functional or geographical factors.

 

7. Party responsible

"Party responsible" is a natural or legal person, authority, agency or other body which, alone or together with others, decides on the purpose and means of the processing of personal data; if the purpose and means of this processing are specified by European Union law or the law of the Member States, the party responsible or rather the specific conditions of its appointment in accordance with European Union law or the law of the Member States can be provided for.

 

8. Data processor

"Data processor" is a natural or legal person, authority, agency or other body that processes personal data on behalf of the party responsible.

 

9. Recipient

"Recipient" refers to a natural or legal person, public authority, agency or other body to whom person data is disclosed, regardless of whether or not this is a third party. Authorities who may receive personal data as part of a specific request for investigation according to European Union law or the law of the Member States do not count as a recipient, however; this data is processed by the named authorities as per the applicable data protection regulations in accordance with the purposes of the processing.

 

10. Third party

"Third party" is a natural or legal person, authority, agency or other body apart from the person concerned, the party responsible, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the party responsible or the data processor.

 

11. Consent

"Consent" granted by the person concerned means each statement of intent that is submitted for the specific case in an informed and unequivocal way in the form of a statement or another clearly confirming action, with which the person concerned intimates that he or she agrees to the processing of the personal data relating to that person.

Lawfulness of the processing

The processing of personal data is lawful only if a legal basis exists for its processing. The legal basis for the processing can be in accordance with Article 6 Para. 1

(a) – (f) GDPR in particular:

The person concerned has given his or her consent to the processing of the personal data relating to him or her for one or more specific purposes;

The processing is necessary for the fulfilment of a contract whose contractual party is the person concerned, or to perform pre-contractual measures that take place at the request of the person concerned;

The processing is necessary to fulfil a legal obligation to which the party responsible is subject;

The processing is necessary to protect the vital interests of the person concerned or another natural person;

the processing is necessary for the performance of a task that is in the public interest, or in the exercise of official authority that was vested in the party responsible;

the processing is necessary for the performance of the legitimate interests of the party responsible or a third party, provided that the interests or fundamental rights and freedoms of the person concerned requesting the protection of personal data do not outweigh this, especially if the person concerned is a child.

Information relating to the collection of personal data

(1) The following information relates to the collection of personal data during the use of our website. Personal data includes, for example, name, address, e-mail addresses and user behaviour.

(2) If you make contact with us via e-mail or by using a contact form, the data you provide (your e-mail address or your name and telephone number) is stored by us so that we can answer your questions. We will delete the data that is generated in this context once its storage is no longer necessary, or its processing is restricted if there is a legal obligation to retain the data.

Collection of personal data during visits to our website

If you use our website for purely informational purposes, that is, if you do not register with us or send us any other information, we will collect only the personal data that your browser sends to our server. If you would like to view our website, we collect the following data that is technically necessary for us to present our website to you and to ensure its stability and security (the legal basis is the first sentence of Art. 6 Para. 1 (f) GDPR):

IP address

Date and time of the inquiry

Time zone difference to Greenwich Mean Time (GMT)

Content of the request (specific page)

Access status/HTTP status code

Volume of data transmitted

Website from which the request originated

Browser

Operating system and its interface

Language and version of the browser software.

Use of cookies

(1) In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive assigned to the browser that you are using and certain information flows through the point that the cookie sets. Cookies cannot execute any programs or transfer viruses to your computer. They are used for making the Internet content more user friendly and effective.

(2) This website uses the following types of cookies whose scope and functionality are explained below:

Transient cookies (also a.)

Persistent cookies (see b.).

a) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store what is called a session ID, with which various requests from your browser can be assigned to the same session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you sign out or close your browser.

b) Persistent cookies are automatically deleted after a predefined duration, which can differ from cookie to cookie. You can delete the cookies at any time in the security settings for your browser.

c) You can configure your browser setting in accordance with your requirements and

Refuse to accept third party cookies or all cookies, for example. What are known as "third party cookies" are cookies that were set by a third party and therefore not by the actual website that is currently open. Please note that if you deactivate cookies, you may not be able to use all of the functions of this website.

d) the Flash cookies which are used are not recorded in your browser, but by your Flash plugin. We also use HTML5 storage objects that are stored on your end device. These objects store the required data regardless of the browser you use and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend manually deleting your cookies and browser history on a regular basis.

Additional functions and content on our website

(1) In addition to the use of our website purely for information purposes, we provide various services that you may be interested in using. To do this, you usually have to specify personal data which we use for providing the relevant service and to which the previously mentioned data processing principles apply.

(2) We sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are monitored on a regular basis.

(3) We can also forward your personal data to third parties if we offer sale campaigns, competitions, contract conclusions or similar services together with partners. You will receive more information about this when you provide your personal data or below in the description of the offer.

(4) If our service providers or partners are based in a country outside of the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.

Children

Our content is intended for adults only. Persons under 18 years old should not pass personal data to us without the agreement of their parents or guardians.

Rights of the data subject

(1) Withdrawal of consent

If the processing of personal data is based on consent that was granted, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of consent-based processing carried out up to the point of withdrawal.

You can contact us at any time to exercise your right of withdrawal.

(2) Right to obtain confirmation

You have the right to request confirmation from the party responsible regarding whether we process the personal data relating to you. You can request the confirmation at any time by using the contact details mentioned above.

(3) Right to information

If personal data is processed, you can demand information about this personal data and the following information at any time:

The purposes of the processing;

The categories of personal data that is processed;

The recipient or categories of recipients to whom the personal data has been disclosed or is being disclosed, especially in the case of recipients in third countries or with international organisations;

If possible, the planned duration for which the personal data is stored or, if this is not possible, the criteria for defining this period;

The existence of a right to correction or deletion of the personal data relating to you, or to restrict its processing by the party responsible, or a right to object against this processing;

You also have the right to complain to a supervisory authority;

If the personal data is not collected from the person concerned, all available information about the origin of the data;

The existence of automated decision-making including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the extent and the desired effects of this type of processing for the person concerned.

If personal data is transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate warranties in accordance with Article 46 GDPR in connection with the transmission. We provide a copy of the personal data that is the subject of the processing. For all other copies that you request, we can demand an appropriate charge based on administrative costs. If you make the request electronically, the information has to be provided in a common electronic format unless indicated otherwise. The right to receive a copy in accordance with Paragraph 3 must not affect the rights and freedoms of other persons.

(4) Right to correction   

You have the right to request from us the immediate correction of incorrect personal data relating to you. Taking the purpose of the processing into account, you have the right to request the completion of incomplete personal data including by means of a supplementary statement.

(5) Right to deletion ("right to be forgotten")

You have the right to request the party responsible to delete personal data relating to you with immediate effect and we are obliged to delete personal data with immediate effect if one of the following reasons applies:

The personal data is no longer necessary for the purposes for which is was collected or otherwise processed.

The person concerned revokes their consent upon which the processing was based in accordance with Article 6 Paragraph 1 (a) or Article 9 Paragraph 2 (a) GDPR and there is no other legal basis for the processing.

The person concerned objects to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing that take priority, or the person concerned objects to the processing in accordance with Article 21 Paragraph 2 GDPR.

The personal data has been unlawfully processed.

The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data was collected with regard to services offered by the information society in accordance with Article 8 Paragraph 1 GDPR.

If the party responsible has disclosed the personal data and is obliged to delete it in accordance with Paragraph 1, then taking into account the available technology and the implementation costs, the party responsible takes appropriate measures for informing the party responsible for data processing who processes the personal data that a person concerned has requested them to delete all links to this personal data, or copies or replications of this personal data.

The right to deletion ("right to be forgotten") does not exist if the processing is required:

To exercise the right to free expression and information;

to fulfil a legal obligation requesting the processing in accordance with the law of the European Union or the Member States, to which the party responsible is subject, or for the performance of a task that lies in the public interest or in the exercise of official authority that was vested in the party responsible;

for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 (h) and (i) as well as Article 9 Paragraph 3 GDPR;

for archive purposes in the public interest, for scientific or historic research purposes, or for statistical purposes in accordance with Article 89 Paragraph 1 GDPR, provided this does not make the realisation of the objectives of this processing named in Paragraph 1 impossible or seriously affect them, or

for the assertion, exercise or defence of legal claims.

(6)  Right to restriction of processing

You have the right to request the restriction of the processing of your personal data if one of the following prerequisites applies:

the accuracy of the personal data is disputed by the person concerned and indeed for a period that enables the party responsible to verify the accuracy of the personal data,

the processing is unlawful and the person concerned rejects the deletion of the personal data and instead requests the restriction of the use of the personal data;

the party responsible no longer requires the personal data for the purposes of processing, yet the person concerned requires it for asserting, exercising or defending legal claims, or

the relevant person has objected to the processing in accordance with Article 21 Paragraph 1 GDPR for as long as it has not been determined whether legitimate reasons of the party responsible outweigh those of the person concerned.

If the processing was restricted in accordance with the above-mentioned prerequisites, then this personal data – apart from its storage – is processed only with the consent of the person concerned or to assert, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

To assert the right to restriction of processing, the relevant person can contact us at any time by using the contact details specified above.

(7) Right to portability

You have the right to obtain the personal data relating to you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to a different party responsible without any obstacle from the party responsible to whom the personal data was provided, if:

The processing is based on consent in accordance with Article 6 Paragraph 1 (a) or Article 9 Paragraph 2 (a) or on a contract in accordance with Article 6 Paragraph 1 (b) GDPR and

The data was processed by means of automated processes.

When exercising the right to data portability in accordance with Paragraph 1, you have the right to effect the direct transfer of personal data from one party responsible to another if this is technically feasible. The exercise of this right to data portability does not affect the right to deletion ("right to be forgotten"). This right does not apply to processing that is necessary to perform a task that is in the public interest, or in the exercise of official authority that was vested in the party responsible.

(8) Right to object

You have the right to object at any time to the processing of personal data relating to you resulting from your personal situation, which is based on Article 6 Paragraph 1 (e) or (f) GDPR; this also applies to profiling based on these provisions. The party responsible will no longer process your personal data unless it can demonstrate compelling legitimate reasons that are worth protecting for the processing that the interests, rights and freedoms of the person concerned, or the processing serves to establish, exercise or defend legal claims.

If personal data is processed for the purpose of direct advertising, then you have the right to object at any time to the processing of personal data relating to you for the purpose of this type of advertising; this also applies to profiling if it is related to such direct advertising. If you object to the processing for purposes of direct advertising, the personal data will no longer be processed for these purposes.

In connection with the use of the services of the information society, regardless of directive 2002/58/EC, you can exercise your right to object by means of automated processes which use technical specifications.

For reasons resulting from your particular situation, you have the right to object to the relevant processing of personal data relating to you that takes place for scientific or historic research purposes, or for statistical purposes in accordance with Article 89 Paragraph 1, unless the processing is required to fulfil a task in the public interest.

You can exercise your right to object at any time by contacting the respective party responsible.

(9) Automated decisions in individual cases including profiling

You have the right not to be subject to a decision that was based exclusively on automated processing – including profiling – that has a legal effect on you or affects you considerably in a similar way. This does not apply if the decision:

is required for the conclusion or fulfilment of a contract between the person concerned and the party responsible,

is permissible based on legal provisions of the European Union or the Member States to which the party responsible is subject and these provisions contain appropriate measures for protecting the rights and freedom and the legitimate interests of the person concerned or

is made with the express consent of the person concerned.

The party responsible shall take appropriate measures to protect the rights and freedom and the legitimate interests of the person concerned, to which at least the right to obtain intervention by a person on the part of the party responsible, to presenting their case, and the right to challenging the decision belongs.

The person concerned can exercise this right at any time by contacting the respective party responsible.

(10) Right to complain to a supervisory authority

Irrespective of the provision of another administrative or legal judicial remedy, you also have the right to complain to a supervisory authority, especially in the Member State in which you reside, your workplace or the location of the alleged infringement if the person concerned believes that the processing of the personal data relating to them violates this regulation.

(11) Right to effective judicial remedy

Irrespective of the availability of an administrative or non-judicial remedy, including the right to complain to a supervisory authority in accordance with Article 77 GDPR, you have the right to an effective judicial remedy if you believe that your rights based on this regulation were violated as a result of processing of your personal data that is not in line with these regulations.