Data Protection Declaration of PEDAX GmbH (Status: May 2018)
We welcome your interest in our website www.pedax.de and in our company, including its products and services. We at PEDAX are aware that the protection of your privacy when using our website is important to you. Therefore, adherence to the statutory data protection regulations is a natural part of our activities. It is also important to us that you as our customer know at all times exactly when and how we collect and save which data and how we use it.
Below we inform you regarding the acquisition and further processing (e.g. storage, retrieval, changing, forwarding) of personal data during the use of our website. Personal data comprises all details personally referring to you, e. g. name, address, e-mail addresses and user behaviour.
Insofar as we process personal data within the scope of the use of our website or refer to commissioned service providers for individual functions, offers or services of our website relating to data processing or would like to use your data for advertising purposes, we will inform you below in detail regarding the respective procedures, in particular as to which data is processed. In doing so we will state the intended storage duration of at least the specified criteria for the storage duration as well as the relevant legal basis for the respective processing.
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection related provisions is:
PEDAX GmbH, Industriestraße 10 A, 54634 Bitburg, firstname.lastname@example.org, www.pedax.de
II. Contact data of the data protection officer
You can contact our data protection officer at email@example.com or by using our postal address, additionally stating “Data protection officer”.
III. Acquisition and storage of personal data as well as the type, purpose, legal basis and duration of its use
§ 1 When visiting the website
If you only use the website for information purposes, without registering or transmitting other information, we only collect the personal access data in so-called server log files, which your browser communicates to our server. The following details are collected within the scope of the server log files:
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- respectively communicated data quantity
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software.
This data is exclusively assessed to ensure the fault-free operation of the site with regard to stability and security and to improve our offer, and are subsequently discarded. The legal basis for data processing is Art. 6 par. 1 S.1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection.The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The acquisition of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user therefore does not have an option of objection.
The data is erased as soon as it is no longer required for the accomplishment of the purpose of its collection. In the event of the acquisition of the data for the provision of the website, this is the case when the when the respective session ends.
§ 2 When using other services, functions and offers of our website
Apart from the use of our website for information purposes only, we provide various services, offers and functions for you to use, if interested. For this you must usually state more personal data, which we use to provide the service in question and for which the data processing principles stated above also apply. The services, offers and functions are described in more detail below.
(1) Contact via e-mail or via contact form
When contacting us by means of our contact form, as a general inquiry or by requesting an offer, the data voluntarily provided by you (your company, your e-mail address, your first name and family name, your address and, if applicable, your phone number) will be stored by us for the purpose of responding to your inquiry. The details regarding your company, your e-mail address, your first name and family name and your address are mandatory; the provision of all other information is voluntary. Response will take place by e-mail or, if stated and requested, by phone.
The legal basis for processing is Art. 6 par. 1 lit. f) of the GDPR, the legitimate interest is the response to your inquiry.
We erase the data acquired in this context after completion of your inquiry, or restrict processing if statutory storage obligations exist.
With your consent you can subscribe to our newsletter, in which we inform you of current interesting offers.
We use the so-called double opt-in method for the subscription to our newsletter. This means that, after registration, we send an e-mail to the address you have stated, requesting you to confirm your subscription to the newsletter. If you do not confirm your subscription within 24 hours, your details will be blocked and automatically erased after one month. Furthermore, we save the IP addresses you use as well as the time of your subscription and confirmation. The purpose of this procedure is to prove your subscription and to resolve any possible misuse of your personal data if need be.
Only your e-mail address is compulsory for sending the newsletter. The provision of further personal data is voluntary and is used to enable us to address you personally. After your confirmation, we save your e-mail address in order to send you the newsletter.
The legal basis is Art. 6 par. 1 S. 1 lit. a GDPR pursuant to your voluntary consent.
You can revoke your consent to receiving the newsletter and unsubscribe at any time. You can declare your revocation by clicking on the button “Newsletter – Unsubscribe” provided on our website, or by sending an e-mail to firstname.lastname@example.org or by sending a notification to the contact data stated in the imprint.
(3) Applying for a job
If you apply for a job at PEDAX GmbH using the e-mail address provided on this website, the personal data voluntarily communicated by you will be used solely for the purpose of occupying the position advertised and for handling your application submitted for this position. After completion of the application procedure with regard to the specific position advertised, this data is blocked for further use and erased after expiration of any possible statutory storage obligations. The legal basis for processing is Art. 88 GDPR in conjunction with § 26 par. 1 of the German Federal Data Protection Act (BDSG).
IV. Disclosure of data
We will not transfer your personal data to third parties for other purposes than those listed below.
We only disclose your personal data to third parties, if:
– you have granted your explicit consent in accordance with Art. 6 par. 1. S. 1 lit. a GDPR,
– the disclosure in accordance with Art. 6 par. 1 S. 1 lit. f GDPR is required for the establishment, exercise or defence of legal claims and there is no reason for the assumption that you have an overriding interest warranting protection in the non-disclosure of your data,
– for the event that a statutory obligation exists for the disclosure in accordance with Art. 6 par. 1 S. 1 lit. c GDPR, and
– this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 par.1 S.1 lit. b GDPR.
§ 1 Extent of data processing
We use so-called cookies on various pages in order to make the visit to our website user-friendly and effective and to enable the use of certain functions. These are small text files, which are stored on your end device, and which save certain settings and data for the exchange with our system via your browser. Due to the cookies, the department setting the cookies (us) receives certain information. Cookies are not able to execute programs or transfer viruses to your computer.
Cookies do not contain any personal data and can therefore not be directly assigned to a specific user. Please observe that certain cookies are already set as soon as you access our website. This website uses the following types of cookies:
– Necessary/functional cookies: These cookies are necessary to enable the operation of our website. This includes cookies that enable you to login to the customer area.
– Transient cookies: These are deleted as soon as you close the browser. These particularly include the session cookies. These cookies save a so-called session ID, by means of which various requests from your browser
can be allocated to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you logout or close the browser.
– Persistent cookies: These are automatically deleted after a specified time, which may differ depending on the respective cookie. However, you can delete the cookies at any time in the safety settings of your browser.
You can configure your browser settings as you wish and can, for example, reject the acceptance of third-party cookies or even of all cookies. Your browser can also be configured in such a way that you are always notified when a cookie is created. For this, please consult the respective supplier of your browser. We would, however, like to point out to you that you may not be able to make use of all functions of our website should you reject the cookies.
The legal basis for the use of the cookies is Art. 6 par. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes for making the visit to our website more user-friendly and effective.
For further information on analytical cookies, please refer to section VI. of this document.
VI. Application of analysis tools
Web analysis services are used on our website for purposes of demand-oriented design and advertising.
a. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable the analysis of your use of the website. The information generated by the cookies with regard to your use of this website is usually transferred to a Google server in the USA and stored there.
We have activated the IP anonymisation function on this website. Through this, your IP address will be shortened in advance within the member states of the European Union or other contractual states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on the website activities and to render further services associated with the website and Internet use to the website operator. The IP address transmitted by your browser within the framework of Google Analytics is not collected together with other Google data.
You can prevent the saving of cookies by means of a corresponding setting of your browser software; we would, however, like to inform you that in this case, the functions of this website may possibly not be available to their full extent. You can also prevent the collection of the data related to your use of the website and generated by the cookie (incl. your IP address) to Google and the processing of said data by Google, by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser plug-in, in particular in the case of browsers on mobile end devices, you can prevent the use of your data by Google Analytics by clicking on the following link. An opt-out cookie is then set, which prevents the collection of your data for future visits to this website.
Deactivate Google Analytics
The opt-out cookie applies only in this browser and only to our website and is stored on your device. If you delete the cookies in this browser you must set the opt-out cookie anew.
Contract data processing.
We have concluded an agreement with Google for contract data processing and implement the strict specifications of the German data protection authorities when using Google Analytics.
We use Google Analytics to analyse the use of our website with the aim of regular improvement. We can improve our offer by means of the statistics gained and make it more interesting for you as a user. For those exceptional cases where personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 par. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes.
Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: http://www.google.com/analytics/terms/de.html , Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html , and the Data Protection Declaration: http://www.google.de/intl/de/policies/privacy .
Use of the SalesViewer® technology:
Data for marketing, market research and optimisation purposes is collected and stored on this website with the SalesViewer® technology of SalesViewer® GmbH based on the legitimate interests of the website operator (Art. 6 par.1 lit. f GDPR).
An objection to the collection and storage of the data can be submitted at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out, in order to prevent collection by SalesViewer® within this website in future. In doing so, an opt-out cookie is set on your device for this website. If you delete your cookies in this browser you must click on this link again.
VIII. Google Maps
We use the offer of Google Maps on this website. This enables us to show you interactive maps directly on the website, providing you with the convenient use of the map function.
When you visit our website, Google is notified that you have called up the corresponding sub-page of our website. In addition, the data stated in § 3 of this declaration is transferred. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly allocated to your account. If you do not wish to be allocated to your Google profile, you must log out prior to activating the button. Google saves your data as use profiles and uses it for such purposes as advertising, market research and/or demand-oriented design of its website. Such analysis takes places in particular (even for users who are not logged in) for demand-oriented advertising purposes and to inform other users of the social network about the activities on our website. You have a right to object to the formation of these user profiles; you must address Google if you wish to assert this right.
The Data Protection Declarations of the respective provider contain further information regarding the purpose and extent of data collection and its processing by the plug-in provider. There you will also receive further information regarding such rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Information about the third-party provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
IX. Your rights
If your personal data is processed, you have the following rights against us with regard to the personal data in question:
– Right of access, Art. 15 GDPR:
You can demand confirmation from the controller as to whether the latter processes your personal data.
In the case of such processing, you can demand the following information from the controller:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations; in the last-
stated cases you can demand notification of the suitable guarantees in accordance with Art. 46 GDPR in conjunction with the data transferral;
– the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine the storage period;
– the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of personal data by the controller or of a right to object
to said processing;
– the existence of a right to lodge a complaint with a supervisory authority;
– where the personal data is not collected from the data subject, any available information as to their source;
– the existence of automated decision-making, including profiling, referred to in Art. 22 par. 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved,
as well as the significance and the envisaged consequences of such processing for the data subject.
– Right to rectification, Art. 16 GDPR:
You have a right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data. The controller must implement the rectification immediately.
– Right to erasure, Art. 17 GDPR:
a) Erasure obligation
You can demand from the controller that your personal data is immediately erased, and the controller is obligated to immediately erase said data, if one of the following reasons applies:
– Your personal data is no longer required in relation to the purposes for which it was collected or otherwise processed.
– You withdraw your consent on which the processing is based according to Art. 6 par. 1 lit. a, or Art. 9 par. 2 lit a GDPR and where there is no other legal ground for the processing.
– You object to the processing pursuant to Art. 21 par. 1 GDPR (cf. section X) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant
to Art. 21 par. 2 GDPR.
– Your personal data has been unlawfully processed.
– The erasure of your personal data is required for compliance with a legal obligation in Union or Member State law to which the controller is subject.
– Your personal data has been collected in relation to the offer of information society services referred to in Art. 8 par. 1 GDPR.
b) Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Art. 17 par. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the data subject have requested the erasure of all links to said data, or of copies or replications of said personal data.
The right to erasure does not exist if processing is necessary
– for exercising the right of freedom of expression and information;
– for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller;
– for reasons of public interest in the area of public health in accordance with Art. 9 par. 2 lit. h and i as well as Art. 9 par. 3 GDPR;
– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 par. 1 GDPR, in so far as the right referred to in
section a) is likely to render impossible or seriously impair the achievement of the objectives of said processing; or
– for the establishment, exercise or defence of legal claims.
Right to restriction of processing, Art. 18 GDPR:
You have the right to obtain the restriction of processing of your personal data under the following conditions:
– you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
– the controller no longer needs the personal data for the purposes of the processing, but is required by you for the establishment, exercise or defence of legal claims; or
– you have objected to processing pursuant to Art. 21 par. 1 GDPR (cf. section X) pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of your personal data has been restricted, said personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained a restriction of processing pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
Notification obligation, Art. 19 GDPR:
If you have exercised the right to rectification, erasure or restriction of processing against the controller, said controller shall be obligated to communicate any rectification or erasure
of personal data or restriction of processing carried out to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate
You have the right to be notified as to the recipients of the data.
Right to data portability, Art. 20 GDPR:
You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit said data to another controller without hindrance from the controller to which the personal data has been provided, where:
– the processing is based on consent pursuant to Art. 6 par. 1 lit. a GDPR or Art. 9 par. 2 lit. a GDPR or on a contract pursuant to Art. 6 par. 1 lit. b GDPR and
– the processing is carried out by automated means.
In exercising this right you shall also be entitled to have your personal data transferred directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of other persons.
Your right to erasure shall remain unaffected.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object, Art. 21 GDPR
You have a right to object referring to individual cases and a right to object to the processing of data for marketing purposes. For further information, please refer to section X of this data protection declaration.
Right to revoke the declaration of consent under data protection law:
You can revoke consent to the processing of your personal data issued to the controller at any time. Please note that this revocation takes effect only for the future. The lawfulness of the processing performed based on the consent until the time of revocation shall not be affected.
Automated individual decision-making, including profiling, Art. 22 GDPR:
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for the conclusion or fulfilment of a contract between you and the controller;
(2) is permissible by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
In the cases (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Decisions solely based on automated processing shall also not be based on special categories of personal data pursuant to Art. 9 par. 1 GDPR, unless Art. 9 par. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests have been taken.
Right to lodge a complaint with a supervisory authority, Art. 77 GDPR:
You shall also have the right to lodge a complaint with a supervisory authority for data protection regarding the processing of your personal data. You can lodge the complaint with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority with which the complaint has been lodged shall inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
You can exercise the above rights by means of an informal notification to us. This notification should be sent to:
1. PEDAX GmbH, Industriestraße 10 A, 54634 Bitburg,
2. email@example.com or
X. Right to object pursuant to Art. 21 GDPR
Individual right to object:
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 par. 1 lit. e GDPR (data processing in the public interest) or Art. 6 par. 1 lit. f (Data processing for the legitimate interests of the controller or of a third party), including profiling based on those provisions. If you file an objection, we shall no longer process your personal data, unless we can present compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or that processing serves the establishment, exercise or defence of legal claims.
Right to object to data processing for marketing purposes
In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to processing of your personal data for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for purposes of direct marketing, we will no longer process your personal data for these purposes.
Objections in the above mentioned cases can be filed informally and should be sent by e-mail with the subject heading “Objection” to:
PEDAX GmbH, Industriestraße 10 A, 54634 Bitburg, firstname.lastname@example.org or email@example.com.
XI. Data security
By taking both technical and organisational measures, we endeavour to store your personal data in such a way that it is not accessible to third parties. With regard to e-mail communication, we are unable to guarantee full data security, such that we recommend that you send confidential information by post.
For reasons of security and for the protection of the transmission of confidential contents such as, for instance, inquiries you send us as the site operator, we use an SSL encryption. You can recognise an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line. If the TLS encryption is activated, the data you transmit to us cannot be read by third parties.