info@ringspann-kempf.de
Data protection information
Name and address of the person responsible
The controller is the body that alone—or jointly with others—decides on the purposes and means of processing personal data. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
RINGSPANN Kempf GmbH
Mr. Jochen Helfrich
Moorstraße 1
36129 Gersfeld
Germany
Phone: 49 6654 96110
E-mail: info@ringspann-kempf.de
Website:
www.ringspann-kempf.de
Name and address of the data protection officer
We have appointed an external data protection officer:
BerIsDa GmbH I Website:www.berisda.de
You can contact the data protection officer by post at
RINGSPANN Kempf GmbH
Attention: Data Protection Officer
Moorstraße 4
36129 Gersfeld
Phone: 49 661 29698090
E-mail:datenschutz@berisda.de
I. General information on data processing
1. Scope of processing of personal data
The controller collects and uses personal data of its users (hereinafter also "data subject", "data subject" or "visitor") only to the extent necessary to provide a functional website and to display the content and services. The collection and processing of personal data of users for other purposes generally only takes place with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons, the processing is carried out on the basis of pre-contractual or contractual measures, the processing of the data is permitted by law and/or the controller has a legitimate interest in the processing.
Your personal data is generally collected directly from you, for example, when you contact us, consent to services on this site, or use forms on this website. In addition, technical data that is absolutely necessary for the operation of the site is automatically collected when you access the site.
2. Legal basis for the processing of personal data
If the controller obtains consent from the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data. If special categories of data are processed pursuant to Art. 9 (1) GDPR, Art. 9 (2) (a) GDPR applies as the legal basis. Any transfer to a non-secure third country is based on Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device, data processing is also based on Section 25 (1) TTDSG.
For the processing of personal data necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to implement pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which the controller is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
3. Data deletion and duration of processing
If no precise storage period has been specified in this data protection information, the personal data of our website visitors will remain with us until the purpose for data processing no longer applies. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies or if consent given is revoked by the data subject or processing is objected to. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need to further store the data for the conclusion or fulfillment of a contract.
4. Data transfer to a third country or an international organization
The European General Data Protection Regulation (GDPR) stipulates that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permissible if a level of data protection comparable to the requirements of the GDPR is guaranteed. This means that compliance with the provisions of the GDPR is ensured – this may include, for example, the existence of an adequacy decision by the EU Commission within the meaning of Art. 45 (1) and (3) GDPR or the introduction of internal company data protection rules approved by a supervisory authority (so-called "appropriate safeguards", Art. 46 (2) and (3) GDPR). If a level of data protection comparable to the requirements of the GDPR does not exist, risks may arise from processing in a third country.
Risks of transferring data to a non-safe third country: Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who might use the data for advertising purposes, for example. In addition, it is probably not possible to effectively enforce any data subject rights vis-à-vis the provider. There is a higher probability that incorrect data processing may occur because the provider's technical and organizational measures for protecting personal data do not fully meet the requirements of the GDPR in terms of quantity and quality. It is also possible that government agencies may access the provided personal data without the data subject knowing. In principle, this also complies with European legal regulations, e.g. for the purpose of threat prevention. However, the admissibility threshold for such data processing is higher in the European Union than in the data recipient's country. In summary, the level of data protection in non-secure third countries is not comparable to the requirements of the GDPR.
On our website, we use tools from providers whose headquarters or the headquarters of the parent company (or its affiliated companies) are located in a third country for data protection reasons. We also transfer data to the USA. Transferring data to the USA is permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards. The DPF is an (individual) agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is committed to adhering to these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/listThere, you can search for the provider name and view the certification directly. If data is transmitted to a provider certified according to the DPF, a separate notice will be provided by the respective service provider.
5. Necessity of providing personal data
The provision of your personal data is generally neither legally nor contractually required. There is no obligation to provide it. However, failure to provide it may prevent you from using functions, services, forms, and other processing on our website. We recommend that you only provide personal data that is necessary, for example, to process your inquiry, implement your desired offer, and use the functions we offer. If the provision of your personal data is legally or contractually required, we will inform you of this by means of a separate note in this privacy policy for each processing operation.
The collection of technical data (and possibly the collection of your IP address as personal data) to provide the website and the storage of this data in log files is essential for the operation of the website and occurs automatically when you access this website. If you do not wish this to happen, you must leave this page.
II. Rights of the data subject
If we process your personal data, you as the data subject have the following rights vis-à-vis us as the controller:
1. Right to information, Art. 15 GDPR
Within the scope of applicable legal provisions, you have the right at any time to obtain (free) information about your collected and stored personal data. This includes, among other things, information about the purposes of processing, its origin and recipient, the storage period, and the existence of various rights.
2. Right to rectification, Art. 16 GDPR
You have the right to request that the controller rectify (including complete) your data if the personal data concerning you that are processed are incorrect or incomplete for the purposes of processing. The controller must carry out the rectification immediately.
3. Right to erasure, Art. 17 GDPR
You can request the deletion of your personal data at any time under the conditions of Art. 17 GDPR, unless circumstances arise that entitle or oblige the controller to continue processing your personal data (such as statutory retention periods).
4. Right to restriction of processing, Art. 18 GDPR
If the legal requirements are met, you can request a restriction of the processing of your personal data within the scope of Art. 18 GDPR.
5. Right to information, Art. 19 GDPR
If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obligated to inform them of your requests for rectification, erasure, or restriction of processing, unless doing so proves impossible or involves disproportionate effort. You may request that the controller inform you of these recipients.
6. Right to data portability, Art. 20 GDPR
If you have provided us with personal data and automated processing is based on your consent or on the basis of a contract, you have the right to transfer the data you have provided within the scope of Art. 20 GDPR, provided that doing so does not adversely affect the rights and freedoms of others. The data will be transferred in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.
7. Right of objection, Art. 21 GDPR
You have the right to object to the processing of your data at any time, provided that the processing is based on a balance of interests. This is the case if the controller relies on the public interest or its legitimate interest for processing (see Art. 6 Para. 1 S. 1 lit. e and f). The prerequisite is that you assert reasons arising from your particular situation which outweigh the interests of the controller. The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Art. 21 (2) GDPR contains a special, deviating provision if the personal data concerning you is used for direct marketing purposes. In this case, you have the right to object to the processing of your personal data at any time without further requirements. The personal data concerning you will no longer be processed for the purpose of direct marketing. If profiling is associated with direct marketing, you can also object to this.
In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications.
8. Automated decision in individual cases, Art. 22 GDPR
According to Art. 22 GDPR, you have the right to prevent decisions that have legal consequences for you or similarly affect you from being based solely on automated processing – including profiling. Exceptions may apply if appropriate measures are in place to protect your personal data, if necessary contractual arrangements or a legal provision exist, or if you have expressly consented.
9. Right to withdraw your consent, Art. 7 (3) GDPR
You have the right to revoke your consent to data protection at any time. The legality of the data processing carried out up to the time of revocation remains unaffected. You can send your revocation to the controller by email or post.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. If you are located in another federal state or outside of Germany, you can also contact the local data protection authority.
III. SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. An encrypted connection can be recognized by the browser's address bar changing from "http://" to "https://" and by the lock symbol in the browser bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
IV. Externes Hosting
1. Description and scope of data processing
This website is hosted by an external service provider (so-called hoster). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, page views, and other data generated via a website.
2. Legal basis for data processing
The legal basis for data processing is Art. 6 (1) (f) GDPR for the provision of the website.
3. Purpose of data processing
We use a hosting provider to ensure the secure, fast, and efficient provision of our online services, as well as the reliable presentation and provision of our website by a professional provider. These purposes constitute our legitimate interest.
4. Duration of storage, possibility of objection and removal
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session ends.
The collection of data to provide the website and the storage of data in log files is mandatory for the operation of the website. Therefore, the user has no right to object.
5. Conclusion of a contract for order processing
In connection with the data processing described above, the data is transferred and processed by our external host: IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. We have concluded a contract for order processing with our host. This is a contract required by data protection law, which guarantees that [name of host] processes the personal data of our site visitors only according to our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).
V. Provision of the website and creation of log files
1. Description and scope of data processing
Each time you access our website, our system automatically collects data and information from the system of the accessing device.
FollowingThe following data is collected:
- - Referrer (previously visited website)
- - Requested web page or file
- - Browser type and version
- - Operating system used
- - Device type used
- - Time of access
- - IP address in anonymized form
The data is also stored in our system's log files. This data is not stored together with other personal user data.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. Furthermore, we use the data to optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.
4. Duration of storage, possibility of objection and removal
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session ends.
If the data is stored in log files, this will be the case after [seven days] at the latest. Longer storage is possible. In this case, the users' IP addresses will be deleted or altered so that the accessing device can no longer be assigned.
The collection of data to provide the website and the storage of data in log files is mandatory for the operation of the website. Therefore, the user has no right to object.
VI. Contact by email and/or telephone
1. Description and scope of data processing
Our website and signatures provide email addresses and telephone numbers through which you can contact us electronically and/or by telephone. In this case, the personal data of the data subject transmitted via email will be stored. If you contact us by telephone, personal data may also be stored to process your inquiry.
In this context, no data will be shared with third parties. The data will be used solely for establishing contact and conducting the conversation.
2. Legal basis for data processing
The legal basis for processing data transmitted via email or telephone is Art. 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
3. Purpose of data processing
We process your personal data solely to process your contact. This also constitutes our legitimate interest in processing the data.
4. Duration of storage, possibility of objection and removal
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email or telephone, this is the case when the respective conversation with the data subject has ended. The conversation is concluded when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded as a result of the contact, the corresponding (statutory) retention obligations and regulations apply.
If a data subject contacts us by email or telephone, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the contact process will be deleted.
VII. MapBox (Map Service)
1. Description and scope of data processing
We use the map service from MapBox. The provider is Mapbox Inc., 740 15th Street NW, 5th Floor, District of Columbia 20005, USA. Mapbox is an American provider of custom online maps for websites.
When you visit our site, MapBox may collect data about your user behavior and share it with third parties. This includes your IP address, browser information, the content of your request, usage data, the URL of pages visited, and the date and time of your visit. MapBox also processes personal data to improve its own products and to generate randomly generated IDs to evaluate user behavior (without personal reference). When you interact with an online map on our site, MapBox API sets a cookie in your browser.
Use of a provider based in a third country
The provider is certified according to the "EU-US Data Privacy Framework" (DPF). Further information on the DPF can be found in this privacy policy under "I. General information on data processing – 4. Data transfer to a third country or an international organization."
2. Legal basis for data processing
The legal basis for the processing of the data is the existence of the user's consent in accordance with Art. 6 (1) (a) GDPR, for any transfer to a third country Art. 49 (1) (a) GDPR - as well as Section 25 (1) (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG.
3. Purpose of data processing
MapBox is used in the interest of an attractive presentation of our online offerings and easy findability of the locations we list on our website.
4. Duration of storage, right of objection, revocation and removal
The collected data is stored and processed on MapBox servers in the USA. According to MapBox, your IP address is stored for 30 days and then deleted. Randomly generated IDs are deleted after 36 months.
You have the right to revoke your consent to data protection at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the time of revocation. You can revoke your consent using the button in the privacy policy.
For further information, please see MapBox’s privacy policy at https://www.mapbox.com/legal/privacy?tid=331659940938
