Data protection declaration
With the following information we would like to give you as a “data subject” an overview of the processing of your personal data by us and your rights under thedata protection laws. It is generally possible to use our website without enteringpersonal data. However, if you wish to make use of special services of our companyvia our website, it may become necessary to process personal data. If it is necessaryto process personal data and there is no legal basis for such processing, we will obtain your consent.
As controllers of personal data processing, we have implemented numeroustechnical and organisational measures to ensure that the personal data processedvia this website is protected as best as possible. Nevertheless, Internet-based datatransmissions can generally have security gaps, so that absolute protection cannotbe guaranteed. For this reason, you are free to transmit personal data to us byalternative means, for example by telephone or post.
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other dataprotection regulations depends on which of the following companies is:
decor metall GmbH
Benzstraße 1-5, 32108 Bad Salzuflen, Germany
Phone: +49 5222 286-0
Fax: +49 5222 286-1 89
Representative of the controller: Thomas Löhr, Marcus Wenzel
3. Data Protection Officer
You can contact the Data Protection Officer as follows:
You can contact our Data Protection Officer directly at any time with all questions and suggestions regarding data protection.
1. Personal data
Personal data is any information relating to an identified or identifiable naturalperson. An identifiable natural person is one who can be identified, directly orindirectly, in particular by reference to an identifier such as a name, an identificationnumber, location data, an online identifier, or one or more factors specific to thephysical, physiological, genetic, mental, economic, cultural or social identity of thatnatural person.
2. Data subject
Data subject is any identified or identifiable natural person whose personal data areprocessed by the controller (our company).
Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignmentor combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim oflimiting their future processing.
Profiling is any form of automated processing of personal data consisting of the useof personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performanceat work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that thepersonal data can no longer be attributed to a specific data subject without the use ofadditional information, provided that such additional information is kept separatelyand is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Processor is a natural or legal person, public authority, agency or other body whichprocesses personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, towhich the personal data are disclosed, whether a third party or not. 2However, publicauthorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; theprocessing of those data by those public authorities shall be in compliance with theapplicable data protection rules according to the purposes of the processing;
9. Third party
Third party means a natural or legal person, public authority, agency or body otherthan the data subject, controller, processor and persons who, under the directauthority of the controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of thedata subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal basis of the processing
Article 6 (1) lit. a GDPR serves as a legal basis for our company for processingoperations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract towhich you are party, such as processing operations necessary for the supply ofgoods or any other service or consideration, the processing is based on Article 6 (1) (b) GDPR. The same applies to processing operations necessary for the conductingpre-contractual measures, for example in case of inquiries about our products orservices.
If our company is subject to a legal obligation obligating us to process personal data, for example to fulfil tax obligations, such processing is based on Art. 6 (1) (c) GDPR.
In rare cases, the processing of personal data might be necessary to protect vital interests of the data subject or another natural person. This would be the case, forexample, if a visitor to our company was injured and his name, age, health insurancedetails or other vital information had to be passed on to a doctor, hospital or otherthird party. The processing would then be based on Article 6 (1) (d) GDPR.
Finally, processing operations could be based on Article 6(1) (f) GDPR. Processing operations which are not covered by any of the above legal bases are based on thislegal basis if the processing is necessary to safeguard a legitimate interest of ourcompany or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentionedby the European legislator. According to the view of the European legislator a legitimate interest can be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).
6.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data orcontact requests that you send to us as the operator. You can identify an encryptedconnection by the fact that the address line of your browser contains “https://” insteadof “http://” and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot beread by third parties.
6.2 Data collection when visiting the website
When using our website for informational purposes only, i.e. if you do not register orotherwise provide us with information, we only collect the data that your browsersends to our server (in so-called “server log files”). Our website collects a number ofgeneral data and information every time you or an automated system access a page. This general data and information is stored in the server log files. The following canbe recorded
When using this general data and information, we do not draw any conclusions aboutyour person. This information is rather required to
This collected data and information is evaluated by us with the aim of increasing dataprotection and data security in our company in order to ultimately ensure an optimumlevel of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interestfollows from the above-mentioned purposes for data collection.
7. Transfer of data to third parties
For some services and information on our website (e.g. online application ornewsletter registration) we need to receive personal data from you, such as yourname, address, or e-mail address.
We collect such data only if they are necessary for processing your request. Yourenquiries and the data and information contained therein will be forwarded internallyto employees of our company or companies commissioned by us (e.g. tradingpartners) who will support us in processing your request.
Since decor metall is a globally active company, it may be necessary to forward yourpersonal data to local business partners, whose registered office may also be locatedoutside the European Economic Area, in order to better process your request.
We only pass on your personal data to third parties if either:
Prior to transfer your personal data to countries outside the European Union and theEEA, we ensure an adequate level of data protection in the country concerned (e.g. by entering into EU Standard Contract Clauses).
In order to obtain a copy of the respectively applicable regulations please contact ususing the contact details given in Sections 2 and 3.
8.1 Technically necessary cookies
8.2 Cookies for adaptation to user needs and for statistical analysis