Data protection declaration

1. Introduction

With the following information we would like to give you as a “data subject” an overview of the processing of your personal data by us and your rights under thedata protection laws. It is generally possible to use our website without enteringpersonal data. However, if you wish to make use of special services of our companyvia our website, it may become necessary to process personal data. If it is necessaryto process personal data and there is no legal basis for such processing, we will obtain your consent.

The processing of personal data, such as your name, address or e-mail address, isalways carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulationsapplicable to ” decor metall GmbH “. By means of this privacy policy we would like toinform you about the scope and purpose of the personal data collected, used, and processed by us.

As controllers of personal data processing, we have implemented numeroustechnical and organisational measures to ensure that the personal data processedvia this website is protected as best as possible. Nevertheless, Internet-based datatransmissions can generally have security gaps, so that absolute protection cannotbe guaranteed. For this reason, you are free to transmit personal data to us byalternative means, for example by telephone or post.

 

2. Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other dataprotection regulations depends on which of the following companies is:

decor metall GmbH
Benzstraße 1-5, 32108 Bad Salzuflen, Germany

Phone: +49 5222 286-0
Fax: +49 5222 286-1 89
E-Mail: info@decor-metall.de

Representative of the controller: Thomas Löhr, Marcus Wenzel

 

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

E-mail: datenschutz-decor-metall@audatis.de

You can contact our Data Protection Officer directly at any time with all questions and suggestions regarding data protection.

 

4. Definitions

The privacy policy is based on the terms used by the European legislator fordirectives and regulations when the General Data Protection Regulation (GDPR) was adopted. Our privacy policy should be easy to read and understand both for thepublic and for our customers and business partners. To ensure this, we would like toexplain the terms used in advance.

We use the following terms, among others, in this privacy policy:

1. Personal data

Personal data is any information relating to an identified or identifiable naturalperson. An identifiable natural person is one who can be identified, directly orindirectly, in particular by reference to an identifier such as a name, an identificationnumber, location data, an online identifier, or one or more factors specific to thephysical, physiological, genetic, mental, economic, cultural or social identity of thatnatural person.

2. Data subject

Data subject is any identified or identifiable natural person whose personal data areprocessed by the controller (our company).

3. Processing

Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignmentor combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim oflimiting their future processing.

5. Profiling

Profiling is any form of automated processing of personal data consisting of the useof personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performanceat work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that thepersonal data can no longer be attributed to a specific data subject without the use ofadditional information, provided that such additional information is kept separatelyand is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

7. Processor

Processor is a natural or legal person, public authority, agency or other body whichprocesses personal data on behalf of the controller.

8. Recipient

Recipient is a natural or legal person, public authority, agency or another body, towhich the personal data are disclosed, whether a third party or not. 2However, publicauthorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; theprocessing of those data by those public authorities shall be in compliance with theapplicable data protection rules according to the purposes of the processing;

9. Third party

Third party means a natural or legal person, public authority, agency or body otherthan the data subject, controller, processor and persons who, under the directauthority of the controller or processor, are authorised to process personal data.

10. Consent

Consent is any freely given, specific, informed and unambiguous indication of thedata subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

5. Legal basis of the processing

Article 6 (1) lit. a GDPR serves as a legal basis for our company for processingoperations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract towhich you are party, such as processing operations necessary for the supply ofgoods or any other service or consideration, the processing is based on Article 6 (1) (b) GDPR. The same applies to processing operations necessary for the conductingpre-contractual measures, for example in case of inquiries about our products orservices.

If our company is subject to a legal obligation obligating us to process personal data, for example to fulfil tax obligations, such processing is based on Art. 6 (1) (c) GDPR.

In rare cases, the processing of personal data might be necessary to protect vital interests of the data subject or another natural person. This would be the case, forexample, if a visitor to our company was injured and his name, age, health insurancedetails or other vital information had to be passed on to a doctor, hospital or otherthird party. The processing would then be based on Article 6 (1) (d) GDPR.

Finally, processing operations could be based on Article 6(1) (f) GDPR. Processing operations which are not covered by any of the above legal bases are based on thislegal basis if the processing is necessary to safeguard a legitimate interest of ourcompany or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentionedby the European legislator. According to the view of the European legislator a legitimate interest can be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).

 

6. Technique

6.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data orcontact requests that you send to us as the operator. You can identify an encryptedconnection by the fact that the address line of your browser contains “https://” insteadof “http://” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot beread by third parties.

6.2 Data collection when visiting the website

When using our website for informational purposes only, i.e. if you do not register orotherwise provide us with information, we only collect the data that your browsersends to our server (in so-called “server log files”). Our website collects a number ofgeneral data and information every time you or an automated system access a page. This general data and information is stored in the server log files. The following canbe recorded

When using this general data and information, we do not draw any conclusions aboutyour person. This information is rather required to

This collected data and information is evaluated by us with the aim of increasing dataprotection and data security in our company in order to ultimately ensure an optimumlevel of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for the data processing is Art. 6 (1) (f) GDPR. Our legitimate interestfollows from the above-mentioned purposes for data collection.

 

7. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other thanthose stated in this privacy policy.

For some services and information on our website (e.g. online application ornewsletter registration) we need to receive personal data from you, such as yourname, address, or e-mail address.

We collect such data only if they are necessary for processing your request. Yourenquiries and the data and information contained therein will be forwarded internallyto employees of our company or companies commissioned by us (e.g. tradingpartners) who will support us in processing your request.

Since decor metall is a globally active company, it may be necessary to forward yourpersonal data to local business partners, whose registered office may also be locatedoutside the European Economic Area, in order to better process your request.

We only pass on your personal data to third parties if either:

Prior to transfer your personal data to countries outside the European Union and theEEA, we ensure an adequate level of data protection in the country concerned (e.g. by entering into EU Standard Contract Clauses).

In order to obtain a copy of the respectively applicable regulations please contact ususing the contact details given in Sections 2 and 3.

 

8. Cookies

8.1 Technically necessary cookies

We use cookies on our website. These are small files that your browser automaticallycreates and that are stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain viruses, trojans or other malware. Information is stored in the cookie thatis related to the specific end device used. This does not mean, however, that weobtain direct knowledge of your identity. The use of cookies serves on the one handto make the use of our offer more pleasant for you. For example, we use so-calledsession cookies to recognize that you have already visited individual pages of ourwebsite. These are automatically deleted when you leave our site. The dataprocessed by the above-mentioned cookies is required for the above-mentionedpurposes to protect our legitimate interests and those of third parties in accordancewith Art. 6 Para. 1 S. 1 lit. f GDPR.

8.2 Cookies for adaptation to user needs and for statistical analysis

In addition, we also use temporary cookies, which are stored on your end device fora certain fixed period of time, to optimise user-friendliness. If you visit our site againin order to use our services, we will automatically recognize that you have alreadybeen with us and which entries and settings you have made so that you do not haveto enter them again. On the other hand, we use cookies to record the use of ourwebsite statistically and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognize that you have already been withus when you visit our site again. These cookies are automatically deleted after a defined time. Most browsers accept cookies automatically. However, you canconfigure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completelydeactivating cookies may mean that you cannot use all the functions of our website. By using our opt-in cookie banner you have granted your consent to the placement oftechnically not necessary cookies in accordance with Art. 6 (1) (a) GDPR.