Privacy policy
1. Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR), of the data protection regulations holding good in the member states of European Union and of other regulations with a legal data-protecting character is the company specified in the imprint (in the following: "we" or "us" or "our").
2. Name and address of the data protection officer
The external data protection officer of the controller is:
Mr. Jens Engelhardt and his deputy Mr. Erdem Durmus,
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
64283 Darmstadt
Tel: +49 6151-52010-0
Fax: +49 6151-52010-99
Website: www.notos-xperts.de
E-Mail: datenschutz@notos-xperts.de
Each data subject can turn at any time directly to our data protection officer with all questions and suggestions on data protection.
3. Definitions
• Web offer
This data protection information is used synonymously for different internet based services like websites, tendering software, apps, online services and web shops. The expression web offer applies equally for the above mentioned exemplarily and comparable services.
Otherwise our data protection information is based on the definitions which have been used by the European directive and order issuing office in formulating the General Data Protection Regulation (GDPR). The data protection information of the Muster GmbH should be easily read and understood not only by the general public but also by our customers and business partners. In order to ensure this, we would like to clarify in advance the definitions used.
In this data protection information and on our website, we use – amongst others – the following terms:
• Personal data
Personal data is any information relating to an identified or identifiable natural person (hereafter "data subject"). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject
Data subject is each identified or identifiable natural person, whose personal data is processed by the responsible party for the processing.
• Processing
Processing means any operation or set of operations which is carried out in connection with personal data – whether or not by automated means – such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restricting of the processing
Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.
• Profiling
Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behaviour, place of residence or change of place of residence of this natural person to be evaluated, analysed or forecast.
• Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
• Responsible party or party responsible for the processing
Responsible party or party responsible for the processing (hereafter responsible party) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the responsible party or the particular criteria of the appointment of this responsible party in accordance with European Union legislation or the legislation of the member states can be provided.
• Order processor
Order processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the responsible party.
• Recipient
Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.
• Third party
Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the responsible party, the order processor and those persons which are authorized under the direct responsibility of the responsible party or of the order processor to process the personal data.
• Consent
Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.
4. General information on data processing
Data protection, data security and data secrecy hold high priority for us. The durable protection of your personal data, of your company data and of your business secrets is especially important for us.
You can always visit our web offer without making statements on your person. However, if you wish to make use of the services of our company, then this makes the stating of personal data necessary. As a rule we use the data that you communicate and that is collected by the web offer as well as the data stored in the course of the use solely for our own purposes, namely for the execution and making available of our web offer and the initiation, execution and progressing of the services/offers made available via the web offer (contract fulfilment) and do not pass this data on to external third parties in so far as there is not an official obligation to do this. In all other cases we obtain your special agreement.
The processing of your personal data is carried out in conformity with the requirements of the General Data Protection Regulation and in conformity with the country-specific data protection regulations holding good for us. With the aid of this data protection information we wish to inform you on the nature, scope and purpose of the personal data processed by ourselves. In addition, we clarify for you with the aid of this data protection information the rights to which you are entitled.
We have realized technical and organizational measures in order to ensure an appropriate level of protection of the personal data processed via this web offer. Nevertheless, fundamentally Internet-based data transmissions can have security loopholes so that absolute protection cannot be guaranteed
For security reasons and to protect the transmission of sensitive information, such as requests via a contact form that you send to us as the provider, this web offer uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL encryption is activated, the data you transmit to us cannot be seen by third parties.
5. General statements on the legal fundamentals
Article 6 Para. 1 lit. a EU General Data Protection Regulation (EU GDPR) serves as the foundation for the processing of personal data in so far as we obtain the consent of the data subject for the processing of personal data.
Article 6 Para. 1 lit. b GDPR serves as the legal foundation for the processing of personal data which is necessary for the fulfilment of a contract if the data subject is party to this contract. This also holds good for processing processes which are necessary for the execution of pre-contractual measures.
Article 6 Para. 1 lit. c GDPR serves as the legal foundation in so far as processing of personal data is necessary for the fulfilment of a legal obligation.
Article 6 Para. 1 lit. d GDPR serves as the legal foundation for the situation that vital interests of the data subject or another natural person make the processing of personal data necessary.
Article 6 Para. 1 lit. f GDPR serves as the legal foundation for the situation that processing is necessary for ensuring a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not exceed the first named interest.
6. General statements on deletion of data and duration of storing
The personal data of the data subject are deleted or disabled as soon as the purpose for which the data was stored lapses. In addition, storage can take place if this was stipulated by the European or national legislatures in orders, laws or other regulations in accordance with European Union law to which the responsible party is subject. Disabling or deletion of the data is also carried out if a storage period prescribed by the standards as named expires unless there is a necessity for the continued storage of the data for the concluding or fulfilling of a contract.
7. Collecting of general data and information
Our web offer collects a range of general data and information each time the web offer is called by a data subject or an automated system. This general data and information is stored in the log files of the server. Able to be collected are: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website, from which an accessing system reaches our web offer (so-called referrer), (4) the sub-websites, which are steered to on our web offer via an accessing system, (5) the date and time of an access to the web offer, (6) an Internet-protocol-address (IP-address), (7) the Internet service provider of the accessing system and (8) other similar data and information, which serve the warding off of hazards in the case of attacks to our IT systems.
In using this general data and information we draw no conclusions about the data subject. Much more is this information needed (1) to be able to deliver out the content of our web offer correctly, (2) to permit the optimization of the content of our web offer and of the advertising for this, (3) to ensure the durable functionality of our IT systems and of the technology of our web offer and (4) to be able to make available to the law enforcement authorities the information necessary for criminal prosecution in the case of a cyber attack. This anonymously collected data and information is evaluated by us on the one hand statistically and on the other hand with the objective of increasing the data protection and the data security in our company in order finally to ensure an optimal level of protection for the personal data processed by ourselves. The anonymous data of the server-logfiles are stored separately from all the personal data stated by a data subject.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. f GDPR (legitimate interest)
|
The temporary storing of the IP-address by the system is necessary to permit the delivery of the web offer to the computer of the user. For this the IP-address of the user must remain stored for the duration of the session. |
The data is deleted as soon as it is no longer necessary for achieving the purpose of their collection. This is the case when the particular session has ended in situations where the data is collected for making the web offer available. This is the case at the latest seven days after the time when the data was stored in log files. More extensive storing is possible. In this case the IP-addresses of the users are deleted or distorted so that an assignment of the client calling in is no longer possible. |
No, because the data is essential for operating of the web offer. |
8. Registration in our web offers / seminars
-
Registration in our web offers
In some cases you have to register with the indication of your personal data to use the web offer to the fullest extent. The particular personal data, which is transmitted to the party responsible for the processing, is made clear in the input mask that is used for the registration. The personal data entered by the data subject is collected and stored solely for internal use by the party responsible for the processing and their own purposes. We can pass on the data submitted to one or more order processors, for example a payment-service provider or a parcel-service provider; the service provider may then use the personal data but solely for purposes related to the fulfilment of his order from ourselves.
When you register on our website, we store in addition the IP address issued by your Internet service provider as well as the date and the time of your registration. Storing this data enables us when necessary to clarify criminal acts and infringements of copyright that have been committed. To this extent the storing of this data for our security is necessary and lies in our justified field of interest in the sense of Article 6, Para. 1, lit f) of the GDPR. Passing on of this data to third parties does not take place in so far as there is no legal obligation to do this or in so far as the passing on serves a criminal or civil prosecution.
Apart from the above, your personal data, which you stated voluntarily when registering, aid us in offering you content or services, which by reason of the nature of the matter can only be offered to registered users.
We reserve the right to check the plausibility of individual details provided by you, e.g. industrial affiliation, and compare them with our and publicly accessible databases.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. b GDPR (contract fulfilment) |
Registration of the user is necessary for the fulfilment of a contract with the user or for the execution of pre-contractual measures. |
This is the case for the fulfilment of a contract or the execution of pre-contractual measures during the registration process when the data for the execution of the contract is no longer needed. Also, after the concluding of the contract there can be a necessity for the personal data of the contractual partner to be stored in order to meet contractual or legal obligations. |
As user you have the opportunity at any time to terminate the registration. You can have the data stored on you changed at any time. If the data is necessary for the fulfilment of contract or for the execution of pre-contractual measures, then premature deletion of the data is only possible if there are no contractual or legal obligations standing in the way of this. |
- Registration and participation in seminars
- If you take part in one of our offered seminars, we will regularly process the following categories of personal and non-personal data based on your information:
Company address:
- Company* (company name of business name as per entry in the commercial register / as per business registration)
- Branch*
- Street/No. *
- Postcode*
- Location*
- E-Mail*
- Phone
Contact person for registration:
- Salutation*
- First name*
- Last name*
- E-Mail*
- Phone
- Recipients
Your personal data provided in the context of the seminar booking will only be passed on by us in individual cases if we work together with cooperation partners for the seminar. In this case, the collection of your data as part of the seminar registration and the processing of your data for the implementation of the seminar will be the joint responsibility of us and the respective cooperation partner. In this case, we conclude a Joint Controller Agreement with the cooperation partner. The essence of this agreement can be found on the respective registration page on which the exact cooperation partner for the respective seminar is also named.
After the data has been passed on to the cooperation partner, the latter will use your data under its own responsibility for its own purposes (e.g. for direct advertising purposes). You can object to this further processing of your data by the cooperation partner at any time. To do so, please contact the cooperation partner named on the registration page for the seminar directly. You will find the address to be used in the linked data protection declarations of the cooperation partner. A transfer of your data to a so-called third country does not take place either.
With your separate consent, which you can withdraw at any time with effect for the future, we will transfer your name and company affiliation and, if you do not rule this out, your contact data to the other participants in the form of an (electronic) list of participants.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Abs. 1 lit. b GDPR
Article 6 Abs. 1 lit. a GDPR |
A registration of the user is required for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. In detail: |
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case for the data collected during the registration process for the purpose of fulfilling a contract or for the implementation of pre-contractual measures if the data is no longer necessary for the implementation of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. |
If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if no contractual or legal obligations prevent deletion. You can withdraw your consent to the publication of your data in a list of participants at any time; your consent in this regard is only valid for a single seminar.
|
9. Contacting, E-Mail and others
If contact forms are integrated in our web offer, they can be used as electronic contact. If a user makes use of this opportunity, the data entered in the input mask is transmitted to and will be stored by ourselves. This data may be (for example):
- Salutation address*
- Title
- First name and surname*
- Company
- Address*
- E-Mail address*
- Telephone number
- Fax number
- URL
- Purpose
- Message
*Obligatory information
At the time of the transmission of the message the following data will also be stored:
- Date and time of the transmission
Alternatively, it is possible for contact to be made via the e-mail address, fax- or phone number that is provided. In this case the personal data of the user transmitted with the e-mail is stored (E-Mail, Fax) or manually recorded.
In this connection no data is passed on to third parties. The data is used exclusively for the processing of the conversation and will immediately be deleted if it is no longer needed.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR in the case of enquiries via the contact form and/or e-mails, fax or phone. (contract fulfilment; pre-contractual measures); Article 6 Para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering of questions on data protection) and in addition, Article 6 Para. 1 lit. f GDPR (legitimate interest) |
The processing of the personal data from the input mask / e-mail serves us solely for the processing of the contact. This is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending-off process serve to prevent misuse of the contact form and to ensure the security of our IT systems. |
The data is deleted as soon as it is no longer needed for achieving the purpose of their collection. This is the case for the personal data from the input mask of the contact form and those which are sent by e-mail, fax or phone when the particular conversation with the user has ended. The conversation has ended when the circumstances allow the conclusion to be drawn that the matter in question has been finally clarified. The above does not hold good if the correspondence is subject to a retention obligation under commercial law Valid for the contact form: The additional personal data collected during the sending-off process is deleted at the latest after a period of seven days. |
The user has the opportunity to object at any time to the storing of his personal data. In such a case the conversation cannot be continued. |
10. Advertising
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly send you offers by e-mail for similar products to those you have already purchased from our range. This serves to protect our legitimate interests in addressing our customers in an advertising manner according to Art. 6 Para. 1 lit. f GDPR, which prevail in the context of a balancing of interests.
You can object to this use of your e-mail address at any time by sending a message to the contact option described above or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
The legal basis for advertising mailings is Art. 6 para. 1 lit. f GDPR (legitimate interest).
|
The purpose of the data collection is, in addition to the fulfillment of the contract, to provide the customer with targeted advertising (corresponding to his interests and purchases).
|
The data will be deleted at the latest 6 years after the last order or the last contact or (if a retention obligation continues to exist) blocked for advertising purposes. |
You have the option to object to the sending of advertising at any time. |
11. Data protection with applications and application processes
We collect and process the personal data of applicants for the purpose of progressing the application process. The processing can also be carried out electronically. This is in particular the case when an applicant sends to us relevant application documents by an electronic route, e.g. per e-mail. If we conclude a contract of employment with you as applicant, the data transmitted will be stored for purposes of progressing the employment relationship subject to observation of the legal regulations. If a contract of employment is not concluded by the party responsible for the processing with the applicant, then the application documents will be automatically deleted six months after notification of the rejection in so far as there is no other legitimate interest of the party responsible for the processing against deletion. Another legitimate interest in this sense is, for example, an obligation of proof in a process in accordance with the German General Equal Treatment Act.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Legal foundation for the processing of the data is as a rule Article 6 Para. 1 lit. b. GDPR with job applications submitted via the contact form and/or e-mail. (fulfilment of the employment contract; measures prior to the concluding of an employment contract); Article 6 Para. 1 lit. c. GDPR (Fulfilment of a legal obligation, e.g. answering of questions in connection with the job-application process) and apart from this Article 6 Para. 1 lit. f GDPR (legitimate interest) and special legal authorization rules such as a collective agreement, company agreement, income tax law etc. A supplementary reference is made to the Personnel / HR processing file.
|
If we conclude an employment contract with you as job applicant, the data transmitted for the purpose of progressing the employment relationship will be stored whereby the legal obligations will be observed. |
If no employment contract is concluded between the party responsible for the processing and the job applicant, then the job-application documents will be automatically deleted six months after the notification of rejection has been sent in so far as no other legitimate interest of the party responsible for the processing conflicts with the deletion. A legitimate interest in this connection could be - for example - a proof obligation in a process in accordance with the German General Equal Treatment Act). |
Only general objection and elimination opportunities. |
12. Cookies – Description and scope of the data processing
Our web offer uses cookies. Cookies are small text files which are stored on your computer and which store certain settings and data for the exchange with our online offer via your browser. A cookie usually contains the name of the domain from which the cookie file was sent, information about age of the cookie and an alphanumeric identification character.
Cookies enable us to recognize your computer and to make any presettings immediately available. Cookies help us to improve our online offer and to offer you a better and even more customized service.
We use cookies to make our website more user-friendly. Some elements of our web offer require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
- Language settings
- Articles in the shopping cart
- Log-In-Information
By law, we may store cookies on your device without your consent if the are absolutely necessary for the operation on this site For all other types of cookies we need your permission.
Under the following links you can find out how to deactivate cookies in the most important browsers:
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
We also use cookies on our we offer, which enable us to analyze the surfing behavior of users. When accessing our web offfer, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this data protection declaration. Please also note the additional information provided by the cookie consent tool we use.
By using cookies for analysis purposes, the following data can be transmitted:
- Entered search terms
- Frequency of page views
- Use of web offer functions
You can withdraw your consent to the processing of you personal data by cookies for analysis purposes at any time. Please use the setting options in the cookie consent tool for this purpose.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Art. 6 Abs. 1 lit. f GDPR (legitimate interests) for technically mandatory cookies otherwise: Art. 6 Abs. 1 lit. a GDPR (consent)
|
The purpose of using technically mandatory cookies ist o simplify the use of our web offer for users. Some functions of our web site cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 Abs. 1 lit. f GDPR The analysis cookies are used for the purpose of improving the quality of our web offer and its contents. The analysis cookies enable us to find out how the web offer is being used and thus to continuously optimize our service.
|
Cookies are stored on the user’s computer and are transmitted by the user to our web offer. Therefore you as a user have full control over the use of cookies. This applies equally to technically necessary cookies and analysis cookies. Please note our explanation above.
|
Technically necessary cookies: The transmission of Flash cookies cannot be prevented by the browser settings, but by changing the settings of the Flash player. You are also welcome to inform us about your objection and we will support you in deactivating the cookies. Analyser-Cookies: |
13. Social-Media channels, Plug-Ins and tracking tools
- Data protection regulations on the application and use of Instagram Plug-Ins
Moreover our web offer uses so-called Social Plug-Ins ("Plug-Ins") from Instagram, which is operated by Instagram LLC ..1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
Whenever you visit a page of our web offer that contains such a plug-in, your browser establishes a direct connection to Instagram's servers. Instagram sends the content of the plug-in directly to your browser and integrates it into the page. Through this integration Instagram receives the information that your browser has called up the corresponding page of our web offer, even if you do not own an Instagram profile or are not currently logged in to Instagram. The information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. By logging in to Instagram, Instagram can immediately associate your visit to our web offer with your Instagram account. If you interact with the plug-ins, for example by pressing the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there.
The information will also appear on your Instagram account and be displayed to your contacts. For more information on the purpose and scope of data collection and the further processing and use of data by Instagram and your rights and setting options for protecting your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/.
If you do not want Instagram to associate the information collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plug-ins from loading with add-ons for your browser, e.g. with the "NoScript" script blocker: http://noscript.net/.
- Data protection regulations on the application and use of Facebook Plug-Ins
This web offer uses social plug-ins ("plug-ins") of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A. ("Facebook"). The plug-ins can be recognized with one of the Facebook logos (white "f" on a blue tile or a "thumbs up" character) or are characterized with the additive "Facebook Social Plugin". The list and appearance of the Facebook social plug-ins can be inspected here: http://developers.facebook.com/plugins.
If a participant calls a website of this offer, which web offer contains such a plug-in, the participant's browser builds up a direct link with the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and from this integrated into the web offer. Accordingly, the offeror has no influence on the scope of the data which Facebook collects with the aid of this plug-in and informs the participants accordingly in accordance with its state of knowledge: http://www.facebook.com/help/186325668085084.
Through the integration of the plug-ins Facebook gets the information that a participant has called the appropriate page of the offer. If the participant is logged in at Facebook, Facebook can assign the visit to participant's Facebook account. If participants interact with the plug-ins, for example if they press the Like button or make a comment, then the relevant information is transmitted from your browser directly to Facebook and is stored there. If a participant is not a member of Facebook, there is nevertheless the opportunity for Facebook to learn the participant's IP-address and to store this. According to Facebook only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection as well as the further processing and use of the data by Facebook as well as the related rights and setting opportunities for the protection of the private sphere of the participants can be taken from Facebook's data protection information: http://www.facebook.com/policy.php.
If a participant is a member of Facebook and does not want Facebook to collect data on him via this offer and to link this data with his membership data as stored at Facebook, he must log out at Facebook prior to visiting the Internet website.
Similarly it is possible to block Facebook social plug-ins with add-ons for your browser, for example with the "Facebook Blocker".
- Note on data processing on our Facebook fan page
- Basic information
We operate our own Facebook company page (Facebook Fanpage). As the operator of this Facebook page, we are jointly responsible with the provider of the social network Facebook (Facebook Ireland Ltd.) within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both responsible persons.
We have concluded an agreement with Facebook on joint responsibility for data protection (Page Controller Addendum). With this agreement, Facebook acknowledges its joint responsibility with regard to so-called Insights data and assumes essential data protection obligations to inform affected persons, to ensure data security or to report data protection violations. In addition, the agreement stipulates that Facebook is primarily the contact point for the exercise of the rights of the persons concerned (Art. 15 - 22 GDPR). As the provider of the social network, Facebook alone has immediate access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be necessary, we can be contacted at any time.
- Use of Insights and Cookies
In connection with the operation of this Facebook fan page, we use the Insights function of Facebook to obtain anonymized statistical data on the users of our Facebook fan page. Facebook provides information about the Insights and the Facebook Fanpages, for example, through its privacy policy.
In connection with visits to our and other Facebook pages, Facebook also uses cookies and other comparable storage technologies. For more information about Facebook's use of cookies, please see their cookie policy.
- Comments and news; participation in competitions
On our Facebook fan page, you also have the opportunity to comment on our articles, rate them and contact us via private messages or participate in competitions.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
We operate this Facebook Page to present, interact and communicate with Facebook users and other interested persons and our customers who visit our Facebook Page. The processing of the users' personal data is based on our legitimate interests, on an optimized company and product presentation (Art. 6 para. 1 lit. f) GDPR) as well as on participation in prize draws or answering product application questions based on a (pre-)contractual relationship in accordance with Art. 6 para. 1 lit. b) GDPR.
|
The processing of the information generated by Insights is intended to enable us, as operators of the Facebook fan page, to obtain statistics that Facebook generates on the basis of visits to our Facebook fan page. This is intended to control the marketing of our activities. For example, it allows us to learn about the profiles of visitors who value our Facebook Page or use applications on the Page to provide more relevant content and develop features that may be of greater interest to them.
|
Your data will be deleted if it is no longer used for the intended purpose, provided that there is no obligation to retain it. |
Under the settings for advertising preferences, Facebook users can influence the extent to which their user behavior when visiting our Facebook page may be recorded. Further options are offered by the Facebook settings or the form for the right of objection.
|
- Disclosure of personal data by transmission
It cannot be excluded that some of the information collected may also be processed outside the European Union by Facebook Inc. based in the USA. Facebook Inc. is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with the European data protection regulations.
We ourselves do not pass on personal data that we receive via our Facebook page.
- Information on contact possibilities and further rights as a data subject
For further information on our contact data, including our data protection officer, the rights of affected persons vis-à-vis us and how personal data is processed by us, please refer to the relevant sections of this privacy policy.
- Data protection regulations on the application and use of YouTube
On this web offer we have integrated components from YouTube. YouTube is an Internet video portal that enables video publishers to set video clips free of charge and for other users to view, evaluate and comment on these, also free of charge. YouTube permits the publication of all types of video so that not only complete films and television programmes but also music videos, trailers and amateur videos prepared by users can be called via the Internet portal.
Operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S.A.
With each call of one of the individual pages of this web offer, which is operated by the responsible party for the processing and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the IT system of the data subject is caused by the particular YouTube component to download a representation of the relevant YouTube component from YouTube. Further information on YouTube can be called under https://www.youtube.com/yt/about/de/. Within the framework of this technical process YouTube and Google receive knowledge of which concrete subsite of our website has been visited by the data subject.
In so far as the data subject is at the same time logged in at YouTube, YouTube will recognize with the calling of a subsite, which contains a YouTube video, which concrete subsite of our website the data subject has visited. This information is collected by YouTube and Google and assigned to the particular YouTube account of the data subject.
YouTube and Google will always receive via the YouTube components information that the data subject has visited our website if the data subject is logged in at our website and at the same time at YouTube; this takes place regardless of whether or not the data subject has clicked on a YouTube video. If the transmitting of this information in this way to YouTube and Google is not desired by the data subject, the latter can prevent this transmission by logging out of his/her YouTube account before calling our website.
The data protection regulations published by YouTube - these can be called down at https://www.google.de/intl/de/policies/privacy/ – provide information on the collecting, processing and using of personal data by Google and YouTube.
-
Privacy policy on the use and application of Google Analytics (with anonymization function )
Google Analytics
We have integrated the Google Analytics component (with anonymization function) on this web offer. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to web offers. Among other things, a web analysis service collects data on which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. A web analysis is predominantly used for the optimization of a website and for the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.
Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this web offer, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.
By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. For this data transfer, we have concluded an agreement with Google based on the standard contractual clauses adopted by the Commission pursuant to Art. 46 (2) lit. c GDPR.
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of this data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the information technology system of the data subject is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject's sphere of control, it is possible to reinstall or reactivate the browser add-on.
Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.
DAW SE has no further influence on the processing of your personal data by Google, insofar as you have activated personalized advertising. You can find more information about how Google uses your personal data at: https://policies.google.com/privacy?hl=de.
Legal basis |
Storage purpose |
Storage duration |
Objection/ Possibility of elimination |
Art. 6 (1) lit. a GDPR (Consent)
|
A web analysis is predominantly used to optimize a website and to analyze the cost-benefit of Internet advertising. The purpose of setting third-party cookies is to improve our offer for you by analyzing your user behavior. As a rule, only a pseudonymized data transfer to the third parties takes place. Incidentally, it is up to you to prevent the transmission of third-party cookies by making the appropriate setting in the cookie banner or within your Internet browser. If you have activated the "personalized advertising" option in your Google account, we use your personal data for the display of cross-device remarketing campaigns, as well as more detailed analysis of the interaction of these Google users with our online offers. |
The data is stored until the purpose of the processing no longer applies or you revoke your consent.
The defined storage period of your personal data when using Google Analytics is a maximum of 6 months. |
You can revoke the consent you have given at any time with effect for the future. |
- Data protection regulations on the insertion and use of Google AdWords
We have integrated Google AdWords on this web offer. Google AdWords is a service for Internet advertising which permits the advertiser to place an advertisement not only in Google's search engine results but also in the Google advertising network. Google AdWords permits an advertiser to lay down in advance particular key words by means of which an advertisement will only be displayed in Google's search engine results when the user calls a key-word relevant search result with the search engine. In the Google advertising network the advertisements are distributed to thematically relevant websites with the aid of an automatic algorithm and subject to observation of the previously defined key words.
Operating company for the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the advertising of our web offer through the overlaying of interest-relevant advertising on the website of third parties and in the search engine results of the Google search engine and an overlaying of third party advertising on our web offer.
If a data subject reaches our web offer via a Google advertisement, a so-called conversion cookie is stored on the IT system of the data subject by Google. What cookies are has been already described above. A conversion cookie loses its validity after 30 days and does not serve for the identification of the data subject. The conversion cookie – in so far as it has not expired – permits determination of whether a particular subsite, for example the shopping basket of an online shop system, was called on our web offer. With the aid of the conversion cookies not only ourselves but also Google can deduce whether a data subject, who reaches our web offer via an AdWords advertisement, generated turnover, i.e. completed a purchase or broke off.
The data and information collected through the use of conversion cookies is used by Google in order to prepare visit statistics for our web offer. These visit statistics are in turn used by ourselves to determine the total number of visitors which are conveyed to us via AdWords advertisements, i.e. in order to determine the success or lack of success of the particular AdWords advertisement and in order to optimize our AdWords advertisements for the future. Neither our company nor other advertising customers of Google AdWords receive information from Google with the aid of which the data subject could be identified.
With the aid of the conversion cookies personal data, for example the websites visited by the data subject, is stored. Accordingly, personal data including the IP address of the Internet connection used by the data subject is transmitted to Google in the United States of America with each visit to our web offer. This personal data is stored by Google in the U.S.A. Under certain circumstances Google passes on the personal data collected via the technical process to third parties.
As has already been described above, the data subject can prevent the setting of cookies by our web offer at any time by making an appropriate setting in the Internet browser used and thereby object to the setting of cookies in a durable manner. Such a setting in the Internet browser used would also prevent Google from setting a conversion cookie in the IT system of the data subject. In addition, a cookie that has already been set by Google AdWords can be deleted at any time via the Internet browser or by a software program.
Furthermore, the data subject has the opportunity to object to the interest-related advertising. For this the data subject must call from each of the Internet browsers he/she uses the link www.google.de/settings/ads and there carry out the desired settings.
Further information and the valid data protection regulations of Google can be called under www.google.de/intl/de/policies/privacy/.
- Data protection regulations on the application and use of Google Tag Manager
Google Tag Manager is a tool that allows us to administrate website tags from a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool causes other tags to be triggered, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. http://www.google.de/tagmanager/use-policy.html
However, if you do not wish to do so, you can also prevent cookies from being saved here using your browser settings. Furthermore, you have the possibility to select the types of Google ads or to deactivate interest-based ads on Google via the settings for advertising (https://adssettings.google.com/authenticated?hl=en). Finally, you can disable the use of cookies by third parties by using the Network Advertising Initiative's disabling tool (http://optout.networkadvertising.org/?c=1#!/).
- Data protection regulations on the application and use of Doubleclick
Furthermore we use Doubleclick, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick uses cookies to present relevant advertisements relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called. The cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or within the scope of order data processing. Under no circumstances will Google match your data with other data collected by Google.
You can prevent the storage of cookies. Moreover you can prevent the collection, processing and storage of data at any time with effect for the future by setting your browser software accordingly or by downloading and installing the browser plug-in available under the Doubleclick deactivation extension link: www.google.com/settings/ads/plugin.
However, we would like to emphasize that in this case you may not be able to use all functions of our web offer to their full extent.
- Further social-media Plug-Ins
You will find more detailed information on data protection in the particular data protection information of this offeree in so far as we use further social-media plug-Ins. Should you not find this, please do not hesitate to contact us at address given in our imprint.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. f GDPR (legitimate interest)
|
Purpose of and legitimate interest in the setting of third party cookies is that of improving our offer for you through the analysis of your user behaviour. As a rule, only a pseudonymized transmission of data to the third parties takes place. In addition, you yourself are able to prevent transmission of third party cookies by carrying out an appropriate setting on your Internet browser. For more details look at the separate statements.
|
Third party cookies are stored on the computer of the user and are transmitted to our computer from this. Accordingly, you as user have full control on the use of third party cookies. |
By carrying out a change to the settings of your Internet browser you can deactivate or restrict the transmission of third party cookies. Third party cookies that have already been stored can be deleted at any time. This process can also be automated. The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player. |
- Data protection regulation on the application and use of Google AdSense
This web offer uses Google AdSense, a service for the integration of advertisements of Google Inc. ("Google"). Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense uses so-called "cookies", text files which are stored on your computer and which enable an analysis of the use of the web offer. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic on these pages can be evaluated.
The information generated by cookies and web beacons about the use of this web offer (including your IP address) and the delivery of advertising formats are transferred to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.
Due to this transfer of your personal data to the USA, we have concluded – if applicable modified – EU standard data protection clauses with Google in order to guarantee the lawful and secure processing of your personal data.
For the use of Google AdSense, we obtain your consent via our cookie consent tool, which you can withdraw at any time. Google AdSense will not be used on our Website without your consent.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. a GDPR (consent)
|
The purpose of using Google AdSense is to improve our offer for you by analyzing your user behavior. Usually only a pseudonymized data transfer to the third parties takes place. |
Third-party cookies are stored on the user's computer for a period of 14 months and transmitted by the user to our site. |
General right of Withdrawal (see under Your rights) |
- Data protection regulations on application and use of Google Maps
We use the map service "Google Maps" of the provider Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) within our website. The use of Google Maps enables us to display the location of our company, our retailers and painters within our website and serves to increase user-friendliness for our website visitors.
For the integration of the map service "Google Maps" we use the Google Maps API (Application Programming Interface). The Google Maps API is a programming interface that is used to connect the map service "Google Maps" to our website and thus enables us to use the functionalities associated with the service. For the correct provision of the functionalities of this integration, a connection is established between your browser and the servers of the provider Google LLC when it is used. In the process, the "Google Maps" map service loads its own web fonts (digital fonts) into the memory of your browser (so-called "cache memory") in order to be able to correctly display and deliver the map view of the service.
When using the map service "Google Maps", your personal data (e.g. IP address) is transmitted to Google and stored on Google servers. We would like to point out that we have no influence on the processing of your personal data by Google LLC. We are aware of the third country transfer and have implemented appropriate safeguards according to Art. 46 GDPR to ensure a lawful and secure processing of your personal data. In case of a self-certification of the provider Google LLC under the EU-U.S. Data Privacy Framework, this applies additionally.
The use of Google Maps and the associated processing of personal data will only take place if you give your express consent in accordance with Art. 6 (1) a GDPR. Of course, you have the right to withdraw your consent at any time with effect for the future. This can be done by clicking on the corresponding option at the bottom of each page on which Google Maps is embedded. The lawfulness of the processing up to the time of the withdrawal remains unaffected.
For further information on the handling of your personal data and data protection by Google, we refer you to the associated Google privacy policy : Google Privacy Policy.
- Data protection regulations on the application and use of external scripts JQuery / jQueryUI, Bootstrap Version 4 and CDN
We use external JavaScript codes. The libraries of the various providers are integrated externally via a CDN (Content Delivery Network) to always have access to the latest and most secure version. In addition, we reduce loading times of our pages, because it is very likely that you have already used the CDN on another site. In this case, your browser can access the cached copy and does not need to download it again. If your browser does not have a copy stored in the cache, data such as your IP address will be transferred from your browser to the corresponding CDN. This data can also be processed in the USA.
We use an external code of the JavaScript framework jQuery / jQueryUI, provided by the third-party provider jQuery Foundation (https://jquery.org). The Google CDN is used, which may possibly transfer data from your browser to Google Inc. (https://www.google.org) from your browser.
Due to this transfer of your personal data to the USA, we have concluded – if applicable modified – EU standard data protection clauses with the relevant parties in order to warrant the lawful and secure processing of your personal data.
Bootstrap is a free frontend CSS framework. It contains HTML and CSS-based design templates for typography, forms, buttons, tables, grid systems, navigation and other interface design elements as well as additional, optional JavaScript extensions. To make optimal use of this library, we use a so-called CDN (Content Delivery Network).
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. f GDPR (legitimate interest)
|
The purpose and legitimate interest in the use of JavaScript codes is the correct and uniform integration of fonts and text on our web offer and the reduction of loading times. |
The duration of storage of your personal data is 7 days. Moreover, the data will be erased as soon as our legitimate interest no longer exists or we are obliged to erase the data due to legal or statutory orders. |
General right to object (see under Your rights) |
- Data protection regulations on the application and use of external scripts modernizr and CDN
We use external JavaScript codes. The libraries of the various providers are integrated externally via a CDN (Content Delivery Network) to always have access to the latest and most secure version. In addition, we reduce loading times of our pages, because it is very likely that you have already used the CDN on another site. In this case, your browser can access the cached copy and does not need to download it again. If your browser does not have a copy stored in the cache, data such as your IP address will be transferred from your browser to the corresponding CDN. This data can also be processed in the USA.
We use an external code of the JavaScript framework modernizr, provided by the third-party provider CDNJS / Cloudflare, https://cdnjs.com / https://www.cloudflare.com. This script enables especially the users of the Internet Explorer to use our pages in an optimized way.
Due to this transfer of your personal data to the USA, we have concluded – if applicable modified – EU standard data protection clauses with the relevant parties in order to warrant the lawful and secure processing of your personal data.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. f GDPR (legitimate interest)
|
The purpose and legitimate interest in the use of JavaScript codes is the correct and uniform integration of fonts and text on our web offer and the reduction of loading times. |
The duration of storage of your personal data is 7 days. Moreover, the data will be erased as soon as our legitimate interest no longer exists or we are obliged to erase the data due to legal or statutory orders. |
General right to object (see under Your rights) |
-
Data protection regulations for the use and application of Google reCAPTCHA
On this web offer we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This function is mainly used to distinguish whether an entry is made by a natural person or abusively by automatic and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in determining the individual willingness of actions on the Internet and avoiding misuse and spam.
We are aware of the transfer of your personal data to a third country and have implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure that your personal data is processed lawfully and securely.
Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit.
|
The purpose of the storage is to determine the individual will regarding to actions on the Internet and to avoid misuse and spam. |
The data will be deleted as soon as our legitimate interest no longer exists or we are obliged by law or legal orders to delete the data. |
Right of objection in accordance with 17. Your rights. |
- Data protection regulations on the application and use of Piwik Pro
For web analysis purposes, we use the "PiwikPro" software from the German company Piwik PRO GmbH (Kurfürstendamm 21, 10719 Berlin, Germany). With the help of PiwikPro, we collect information about website visitors in order to record details about the use and delivery of our website. We use the information collected in this way for the purpose of optimizing the user experience of website visitors and for the administration of the website in general.
There are two different ways of using the tool, depending on whether you have given your consent or not.
- With consent: If you give your consent, we will place analysis cookies in your browser in order to assign the data we collect to you and to identify you as a returning user if you visit our website again. We also use these cookies to record the success rate of our online marketing processes. In this case, the legal basis for setting the cookie is your consent in accordance with Section 25 para. 1 TDDDG. The legal basis for the processing of your personal data, which we collect via the analysis cookie, is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
- Without consent: If you do not give your consent, we will only collect your data in a restricted form for the purpose of analyzing website usage. In this case, we assign your data to a single session via a so-called session ID and remove the personal reference immediately after collection. We use the data to achieve the interest described below. In this case, our legal basis is our legitimate interest in further developing and optimizing the website based on user interaction and administering the website in general by monitoring the functionalities and capacities and adjusting them if necessary.
In addition, we set a PiwikPro cookie to store the consent you have provided via the cookie banner.
If you give your consent, you have the option to withdraw this consent at any time with effect for the future by adjusting your consent accordingly in our data protection notice under Cookie declaration.
The provider of this website explicitly excludes the transfer of your data to other third parties and in particular to non-EU third countries.
Further information on data protection at PiwikPro can be found here: https://piwikpro.de/privacy/
- Data protection regulations on the application and use of Walls.io
As part of the operation of our website, we use the functions of the social media wall plugin "walls.io." from the Austrian provider Walls.io GmbH (Schönbrunner Straße 213/215, 3rd Floor, 1120 Vienna, Austria). The use of the social media wall "walls.io" enables us to collect content from our social media profiles (LinkedIn, Instagram, Facebook, YouTube) centrally on our website and display it to our users.
If you call up a subpage of our website on which the social media wall plugin has been integrated, a connection to the walls.io servers is established. Accordingly, when walls.io is used, your personal data is regularly processed as follows:
- IP address
- Date
- Time
- Referrer URL
- Browser information
To ensure the security and integrity of your personal data during the processing, we have concluded a data processing agreement with Walls.io GmbH in accordance with Art. 28 GDPR . The processing of your personal data in (unsafe) third countries and the transfer of your personal data to unauthorized third parties is excluded when using walls.io.
The processing of your personal data takes place for the pursuit of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR (improvement of the display of our website, increasing user-friendliness). You have the right to object to the processing of your personal data in the context of the use of walls.io in accordance with Art. 21 GDPR. You can declare your objection to our data protection officer using the contact details provided in this privacy policy.
We only store your personal data for as long as is necessary to achieve the original purpose for which it was processed. If this original processing purpose no longer applies (e.g. if you object), we will erase your personal data unless we are legally obliged to store your data for a longer period due to statutory retention periods.
For further information regarding the handling of data protection by Walls.io GmbH, we refer you to the information in the provider's privacy policy: https://walls.io/privacy
14. Newsletter
By subscribing to our newsletter, your e-mail address will be used for our own advertising purposes until you log out. You will receive regular information by e-mail on current topics as well as e-mails for special occasions, for example special promotions. These e-mails can be personalized and individualized based on our information about you. You can influence the topics, contents and if applicable the time interval of receiving the newsletter by individual selection and specifications (e.g. your professional category). In case of a written registration for our Newsletter we record your name and signature in addition to your E-Mail address for documentation and verification purposes.
For the automated dispatch of our Newsletter, we use a tool that provides us with additional functionalities. If the user clicks in a link in the newsletter, this klick is statistically analyzed. For this purpose, the user`s IP address is shortened and stored anonymously by the provider.
The legal basis is Art. 6 para 1 lit. f GDPR. The evaluation enables us to optimize the quality of our newsletter and customer approach and to improve the underlying processes.
Generally, we will use the double-opt-in process for the registration to our Newsletter, i.e. we will not send you a newsletter by e-mail until you have expressly confirmed to us beforehand that we should activate the newsletter dispatch. Then we will send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail.
If you do not wish to receive any more newsletters from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. Therefore you only have to use the unsubscribe link contained in each newsletter or send a message to us or our data protection officer.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Legal foundation for the processing of the data following the user requesting sending of the newsletter is – when the consent of the user is held – Article 6 Para. 1 lit. a GDPR. (consent)
|
The collection of the e-mail serves to permit the newsletter to be sent. The collection of other personal data within the framework of the application process serves to prevent misuse of the services or of the e-mail used. The collection of other personal data within the framework of the application process serves to prevent abuse of the services or of the e-mail address used. |
The date is deleted as soon as it is no longer necessary for achieving the purpose of their collection. Accordingly, the e-mail address of the user is kept stored for as long as the subscription for the newsletter is active. The other personal data collected within the framework of the application process is deleted as a rule after a period of seven days. |
The subscription for the newsletter can be terminated at any time by the relevant user. For this purpose, there is an appropriate deactivation link in each issue of the newsletter. Terminating the subscription represents at the same time a revocation of the consent to the storing of personal data collected during the application process. |
15. Prize draws
We regularly organize free prize draws in which participants can win various prizes. Details on the type and scope of the prize draws and the prizes as well as the prerequisites for participation can be found in the respective conditions of participation. In order to participate in the prize draws, personal data must be provided. Which data must be provided can be found on the registration page of the respective prize draw. In the minimum case, the following personal data of the participant will be processed:
- First name and surname
- Date of birth
- Title and / or gender
- E-Mail-Address
In addition, participants may voluntarily provide other personal data, such as address data.
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
Article 6 Para. 1 lit. b GDPR (Steps prior to entering into a contract) for the execution of the prize draw Article 6 Para. 1 lit. b GDPR (consent) for the sending of advertising Article 6 Para. 1 lit. b GDPR (Steps prior to entering into a contract) for the delivery of prices |
This data is required for the proper running of the prize draw, for example to verify the identity of the participants, to comply with the age limit for participation in the prize draw, to contact participants with the appropriate designation or to notify them in the event of a win. In addition, your personal data may be stored for the purpose of sending advertising or delivering prices. If, in the event of a win, the prizes are delivered or made available by a specialist retailer, an affiliated company or another third party (cooperation partner), the participant data must be transmitted to such cooperation partner for the purpose of delivery or provision of the prize(s). |
The data provided on the registration page will be processed exclusively for the purpose of the prize draw and will be deleted by the responsible organizer once the prize draw has been completed. |
In connection with questions or suggestions regarding the processing of your personal data in the prize draw, you have the right at any time to contact the person responsible stated in this data protection notice or his data protection officer. Your rights listed in this data protection notice are also fully applicable to participation in prize draws. |
16. Additional information
- Colour shade sheet order
When you order the free colour sheets, we collect and store the personal data provided by you (name/company, street and house number, postcode and city, as well as any additional information). The collection of this data is based on Art. 6 para. 1 lit. a GDPR (consent) and is carried out for the purpose of the execution of your order, as well as for our own advertising purposes e.g. to send offers and services by mail.
Data |
Legal basis |
Storage purpose |
Storage period |
Revocation / Possibility of elimination |
Data from the form for ordering colour shade sheets |
The legal basis for the collection and storage of data is Art. 6 para. 1 lit. a GDPR (consent). |
The purpose of storing personal data is to execute the order for colour shade sheets. The data may also be used for advertising purposes (e.g. by sending advertising mail). |
The data for the execution of the order will be deleted two weeks after completion of the order and dispatch. In the event of additional consent to the use of the data for advertising purposes, these will be stored for a period of 18 months. |
Right of revocation according to clause 9.8 possible at any time and without stating reasons. |
Quick test from Nextim (via iFrame)
On our website an iFrame to the online quick test from NEXTIM Herrmann Kommunikation is integrated. We do not have any access to your test results. We use your e-mail address to inform you in general about our seminar programs. When you visit our page, a direct connection is established between your browser and Nextim's server. Nextim then receives the information that you have visited our site with your IP address. We are not responsible for third party sites linked in the iFrame and do not assume any liability for them.
The legal basis for the processing of your personal data is consent, which you can withdraw at any time. The withdrawal of your consent does not affect the lawfulness of the processing that took place until the withdrawal. We would also like to point out that we have concluded a data processing agreement (DPA) with Nextim to meet the requirements of data protection law.
For more information about Nextim, please see the provider's data protection policy at https://www.nextim.de/datenschutz/
17. Your rights
If your personal data is processed, then you are the data subject in the sense of the GDPR and you are entitled to the following rights vis à vis the responsible party:
• Right to information
You can demand from the responsible party confirmation as to whether personal data, that relates to you, has been processed by ourselves.
If such processing has taken place, you can demand information on the following from the responsible party:
• The purposes for which the personal data is processed;
• The categories of personal data which are processed;
• The recipients or, as the case may be, the categories of recipients to which the personal data relating to you has been disclosed or will be disclosed;
• The planned duration of the storage of the personal data relating to you or - if concrete statements on this are not possible - the criteria for the laying down of duration of storage;
• The existence of a right to correction or deletion of the personal data relating to yourself, of a right to a restriction of the processing by the responsible party or of a right of objection to this processing;
• The existence of a right of appeal at a supervisory authority;
• All the available information on the origin of the data if the personal data was not collected at the data subject;
• The existence of an automated decision-finding process including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases - meaningful information on the logic involved and its scope and the effects strived for of such a processing for the data subject in question.
You are entitled to the right to demand information on whether the personal data relating to yourself is transmitted to a third country or an international organization. In this connection you can demand to be instructed on the suitable guarantees in accordance with Article 46 GDPR in connection with the transmission.
• Right to correction
You have a right to correction and/or complementing vis à vis the responsible party in so far as the personal data as processed and which relates to yourself is incorrect or incomplete. The responsible party has to carry out the correction without delay.
• Right to restriction of the processing
Subject to the meeting of the following preconditions you can demand restriction of the processing of the personal data relating to you:
• if you dispute the correctness of the personal data relating to yourself for a period which makes it possible for the responsible party to check the correctness of the personal data;
• the processing is unlawful and you reject deletion of the personal data and instead demand restriction of the use of the personal data;
• the responsible party no longer needs the personal data for purposes of the processing but you need the data for the advancing, exercising or defending of legal claims, or
• if you have advanced objection to the processing in accordance with Article 21 Para. 1 GDPR but it has not yet been established whether the justified reasons of the responsible party outweigh your reasons.
If the processing of the personal data relating to yourself has been restricted, then this data - apart from the storing of this - may only be processed with your consent or for the assertion, exercising or defending of legal claims or for the protection of the rights of another natural person or legal entity or for reasons relating to an important public interest of the European Union or of a member state.
If the restriction of the processing has been restricted in accordance with the afore-mentioned preconditions, then you will be informed by the responsible party before the restriction is removed.
• Right to deletion
• Deletion obligation
You can demand of the responsible party that the personal data relating to yourself is deleted without delay and the responsible party is then obliged to delete this data without delay in so far as one of the following reasons applies:
• The personal data relating to yourself is no longer required for the purposes for which it was collected or for which it was processed.
• You revoke your consent, on which processing in accordance with Article 6 Para. 1 lit. a or Article 9 Para.2 lit. a GDPR was based, and there is no other legal foundation for the processing.
• You submit an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no justified reasons for the processing with a higher priority, or you submit an objection to the processing in accordance with Article 21 Para. 2 GDPR.
• The personal data relating to you was processed in an unlawful manner.
• The deletion of the personal data relating to you is required to fulfil a legal obligation in accordance with European Union law or the law of the member states, which laws the responsible party is subject to.
• The personal data relating to you was collected in relation to services offered by the information company in accordance with Article 8 Para. 1 GDPR.
• Information to third parties
If the responsible party has made the personal data relating to you public and if he/she is obliged to delete this data in accordance with Article 17 Para. 1 GDPR, then he/she shall take reasonable measures including ones of a technical nature - whereby account shall be taken of the available technology and the implementation costs - to inform the responsible parties for the data processing which process the personal data that you as data subject have demanded from them the deletion of all links to this personal data or of copies or replicates of these.
• Exceptions
The right to deletion does not exist in so far as the processing is necessary for
• the exercising of the right of free expression of opinion and to information;
• for the fulfilment of a legal obligation, which requires the processing in accordance with the law of the European Union or the law of the member states, which laws the responsible party is subject to, or for the carrying out of a task, which lies in the public interest or which is carried out in the exercising of public authority, which authority was transferred to the responsible party;
• for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;
• for archiving purposes, scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, in so far as the right named in section a) probably makes the reaching of the objectives of the processing impossible or impairs it seriously, or
• for the advancing, exercising or defending of legal claims.
Moreover, the right to deletion does not exist in so far as the personal data has to be stored by the controller in order to fulfill legal duties to preserve records and legal retention periods. In such a case instead of deletion blockage of the personal data applies.
• Right to information
If you have advanced the right to the correcting, deleting or restricting of the processing vis à vis the responsible party, then the latter is obliged to inform all recipients, to which the personal data relating to you was disclosed, of this correction or deletion of the data or of the restricting of the processing, unless this proves itself to be impossible or linked with unreasonable expenditure.
You are entitled to the right vis à vis the responsible party to be informed about these recipients.
• Right to data portability
You have the right to receive the personal data relating to you, which you made available to the responsible party, in a structured, conventional and machine-readable format. In addition, you have the right to transmit this data to another responsible party without hindrance by the responsible party to whom the personal data was made available, in so far as
• the processing is based on a consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and
• the processing is carried out with the aid of automated processes.
In exercising this right, you have in addition the right to bring about the situation that the personal data relating to you is transferred directly from one responsible party to another responsible party in so far as this is technically possible. The freedoms and rights of other persons may not be impaired thereby.
The right to data portability does not hold good for the processing of personal data, which is necessary for the carrying out of a task, which lies in the public interest or in the exercising of public authority and which task was transferred to the responsible party.
• Right to object
For reasons which result from your particular situation you have the right to advance at any time objection to the processing of the personal data relating to you, which processing is carried out on the basis of Article 6 Para. 1 lit. e or f GDPR; this right also holds good for profiling based on these provisions.
The responsible party shall then no longer process the personal data relating to you, unless he/she can demonstrate compelling reasons worthy of protection, which reasons overweigh your interests, rights and freedoms or where the processing serves the advancing, exercising or defending of legal claims.
If the personal data relating to you is processed for the carrying out of direct advertising, then you have the right to advance at any time objection to the processing of the personal data relating to you for purposes of such advertising; this holds good too for profiling in so far as this is carried out in connection with such direct advertising.
If you object to the processing for purposes of direct advertising, then the personal data relating to you will no longer be processed for these purposes.
You have the opportunity - in connection with the use of services of the information company and regardless of directive 2002/58/EC – to exercise your right of objection with the aid of automated processes in which technical specifications are used.
• Right to withdraw from the declaration of consent under data protection law
You have the right to withdraw your consent at any time and without giving reasons. In the event of withdrawal we immediately will delete your personal data and no longer process it. The legality of the processing carried out on the basis of your given consent and carried out prior to your withdrawal is not affected by you withdrawal.
• Automated decision-making in individual cases including profiling
You have the right to not subject yourself to a decision based solely on an automated processing process - including profiling - which unfolds a legal effect vis à vis yourself or which impairs you significantly in a similar way. This does not hold good if the decision
• is necessary for the concluding or fulfilment of a contract between you and the responsible party,
• is permissible on the basis of legal regulations of the European Union or of its member states, which the responsible party is subject to, and these regulations contain reasonable measures for the maintenance of your rights and freedoms as well as for your legitimate interests or
• is carried out with your explicit consent.
However, these decisions may not be based on particular categories of personal data in accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a or g does not hold good and reasonable measures have been taken for the protection of the rights and freedoms as well as of your legitimate interests.
In respect of the cases named in (1) and (3) above the responsible party shall take reasonable measures to ensure the rights and freedoms as well as your legitimate interests, whereby belonging thereto is at the least the right to the affecting of the intervention of a person on the side of the responsible party for the representation of the responsible party's standpoint and to the challenging of the decision.
• Right to complain at a supervisory authority
Regardless of another regulatory or judicial remedy, you are entitled to the right to lodge a complaint at a supervisory authority and here in particular at a supervisory authority in the member state of your place of residence, of your place of work or of the place where the suspected infringement took place when you are of the opinion that the processing of the personal data relating to you infringes the GDPR.
In this situation the supervisory authority, at which the complaint was lodged, shall inform the complainant on the status and the results of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.
18. Modifications of this data protection information
The status of the data protection information is indicated by the date (below). We reserve the right to change this data protection declaration at any time with effect for the future. A current version can be called up directly via the online offer. Please visit the website regularly and inform yourself about the applicable data protection declaration.
Status: August 2024
Responsible party: s. imprint
Business Partner Information (especially Customer and Supplier), as well as right of access by the data subject
for data processing according to Art. 12, 13, 14 ff. and 21 GDPR
Dear Miss,
dear Mister;
dear valued Business Partner,
due to the legal regulations of the General Data Protection Regulation (GDPR) are we obliged and happy to provide you with comprehensive information (Art. 13 GDPR) about the processing of your personal data. Data protection and treatment of your personal data are very important to us, so as to always guarantee lawfulness of your personal data processing. If you have any questions about the processing of your data, both we and our data protection officer are at your service. Furthermore, the data protection officer is not subject to any instructions, is independent in his position and legally obliged to maintain secrecy and confidentiality (Art. 38 GDPR, § 38 Federal Data Protection Act (BDSG)), so that you can talk to him in confidence. With regard to the processing of your personal data, we inform you of the following:
1. Name of the controller
Controller for the processing of your personal data is the
DAW SE.
2. Chief Executive Director, Head of data processing
• Managing board
Management directors of the controller are:
Dr. Sabrina Berg (CFO), Steffen Heiko Fischer (COO), Dr. Jörg Leuninger (CIPO), Dr. Ralf Murjahn (CEO), Heiko Siegmund (CSCO)
• Head of data processing
Head of data processing is:
Mr. Thomas Wölker
• Data protection officer
External data protection officer is:
Mr. Jens Engelhardt and his deputy Mr. Erdem Durmus,
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
64283 Darmstadt
Tel: +49 6151-52010-0
Fax: +49 6151-52010-99
Website: www.notos-xperts.de
E-Mail: datenschutz@notos-xperts.de
3. Contact details of the controller
DAW SE
Roßdörfer Straße 50
64372 Ober-Ramstadt
Deutschland
Telefon: +49 6154 71-0
Telefax: +49 6154 71-70222
E-Mail: info@daw.de
4. Purpose of the processing
Since 1895 DAW has developed, produced and sold innovative coating systems. As an independent family company in its fifth generation, we have continued to grow to become the third largest manufacturer of building paints in Europe and for decades we have been the market leader in Germany and Austria.
The DAW Group is the home to numerous stalwart brands. It is the driver of innovation in coating materials, thermal insulation and building protection and is a reliable partner for its customers and suppliers. The business purpose is the manufacture and sale of the aforementioned products. The DAW Group has its affiliated companies in various countries as well as outside Europe, e.g. Ukraine, Belarus and United Arab Emirates. A list of the companies can be found at the end of this privacy policy.
The purpose of processing of your personal data is necessary and does in paticular happen for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, realization, roll-out, evaluation, analyzation and improvement of our products and services as well as for the termination of a contractual relationship. (planning, purchase, delivery and service relationship), in this case with you as the business partner, incl. possible collection of outstanding debts. With regard to the collection of outstanding debts, we work or reserve the right to work with various collection service providers and/or lawyers. Further information on data protection in debt collection and dunning procedures can be found in the data protection information on the homepage of any debt collection service providers we may use (selection):
Besides this we are processing personal data based on legal and fiscal requirements. The processing of your data will be conducted centrally by DAW SE with the access of all group affiliates, as long as the hold the same data privacy standards.
Specifically, we process your data for the following (additional) purposes, among others:
-
Performance of the contract and processing of orders and responding to inquiries;
-
Enabling coordinated and regulated access by affiliated companies or third parties;
-
Verification of master data entered;
-
Simplification of intra-Group data flows in the event of legitimate interest, absence of or unremarkable objection, and uniform data level;
-
Centralization of data storage and maintenance;
-
Analysis and optimization of business processes;
-
Identification, management and evaluation of all transactions;
-
Termination of contractual relationships;
-
Pursuit, exercise or defense of legal claims;
-
Fulfillment and documentation of legal (contractual, tax and statutory) obligations;
-
Sales, marketing and advertising purposes in case of consent or legitimate interest, absence of or unremarkable objection;
-
Security and functional testing in the case of legitimate interest, absence of or unremarkable objection and case-by-case consideration;
-
Processing for a purpose other than that for which the personal data have been collected in the event of verified compatibility with the purpose for which the personal data are initially collected.
5. Categories of data
In this context, we process the following data or categories of data of you, in particular:
- Company name
- Name + first name of the contact person
- Birthday of contact person
- Address data of the company, sole proprietors or private customers
- Contract data (name, address, customer ID, invoice number)
- Accounts receivable data
- Banking details
- Other payment details (credit card etc.)
- Statistics of goods purchases
- Sales figures
- Content data of an existing business relationship, such as business letters, E-Mails and notes to oral or non-oral correspondence.
6. Lawfulness of processing
The lawfulness of processing of your personal data comes from:
- Performance of a contract according to Art. 6 Para. 1 lit. b GDPR (e.g. Sales-, Supply- and Servicecontract)
- Consent according to Art. 6 Para. 1 lit a, 7 GDPR (e.g. Newsletter, transfer of personal data to offices in third countries)
- Compliance with legal obligations according to Art. 6 Para. 1 lit c GDPR (e.g. reports to the tax office; Responses to legal and data protection related inquiries)
- Legitimate interest according to Art. 6 Para. 1 lit. f GDPR (e.g. data processing and data exchange across the group with the same data privacy standards, direct marketing for existing business partners, exercise domiciliary rights; Assertion of legal claims and defence in legal disputes; accounts receivable management; Safeguarding the IT security and operation of the controller; Prevention and detection of criminal offences; Collecting evidence of criminal offences through video surveillance. They thus serve to protect customers and employees as well as exercising domicilarty rights; Action to protect the facility security (e.g. limited access control).
7. Recipient or categories of recipients
In order to fulfil our contractual and legal obligations, your data will be forwarded to the following recipients or categories of recipients:
- Clerk and managing clerk of the respective departments
- Banking institutions
- Insurance companies
- External service provider
- IT service provider
- Hosting provider
- Marketing service provider
- E-Procurement Provider
- Collection service provider
- Logistics companies
- Document shredding
- Data protection officer
- Independent offices and affiliated units abroad, as long as your delivery and demand relates to them
- Other group members, if a legitimate interest exists and the data privacy standards are adequate reasonable and consistent
- Controlling/Auditing
- Auditing firms
- Tax office
8. Transfer of personal data to a third country
If you enquire our products or services abroad, mostly Europe or in a third country, your personal data will be transferred to such office of the DAW Group. Some third countries such as United Arab Emirates do not comply with the GDPR and further have no adequate level of protection of personal data.
We have agreed contractual, technical and organizational measures with our group companies, which assure consistent and reasonable data privacy standards. In case of a foreign affiliate located in a third country this agreement qualifies as reasonable guarantee in terms of Art. 46 GDPR.
In all other cases we will ask for your explicit consent for a transfer of your data to a third country.
9. Storage duration, erasure of personal data
In order to fulfil our contractual and legal obligations, we store the data for the following periods, unless there is a legitimate interest according to Art. 6 Para. 1 lit. f GDPR, which would justify longer storage:
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB), the Fiscal Code (AO), the German Banking Act (KWG) and the Money Laundering Act (GwG), among others. The periods for storage and documentation specified there range from two to ten years.
Additionally the storage duration is influenced by legal limitation periods, which can range from e.g. according to §§ 195 ff. of the German Civil Code (BGB) three (3) years, construction materials five (5) years [§438 Para. 1 No. 2 lit. b) BGB] to in certain cases even thirty (30) years.
In particular:
- Business correspondence: 6 Years, § 147 Para. 1 No. 4,5 in connection with Para. 3 the Fiscal Code (AO); § 257 Para. 1 No. 1, 4 in connection with § 238 Para. 1 the German Commercial Code (HGB)
- Contracts: 6 Years, § 147 Para. 1 No. 4,5 in connection with Para. 3 the Fiscal Code (AO); § 257 Para. 1 No. 1, 4 in connection with § 238 Para. 1 the German Commercial Code (HGB)
- Invoices and Accounting records: 10 Years, § 147 Para. 1 No. 4,5 in connection with Para. 3 the Fiscal Code (AO); § 257 Para. 1 No. 1, 4 in connection with § 238 Para. 1 the German Commercial Code (HGB)
- Verdicts, order of court and enforceable legal documents: 30 Years
10. Existence of a right of access by the data subject
Regarding your personal data you have the following rights:
-
Right of access by the data subject
-
Right of rectification and erasure (‚right to be forgotten‘)
-
Right to restriction of processing
-
Right of data portability
-
Right to lodge a complaint with a supervisory authority about the processing of your personal data, if you do not consent with our operations.
-
Right to withdraw: You have the right to at any time withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before ist withdrawal.
-
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning on points (e) and (f) of Article 6 (1) GDPR, including profiling based on those provisions.
-
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense or legal claims.
-
If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing personal data concerning direct marketing; which includes profiling if it relates to such direct marketing.
-
When you object to processing of your personal data for direct marketing, the controller will no longer process your data for such purposes. You will not incur any transmission costs other than those according to the basis rates if you send your objection to the abovementioned contact details.
-
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you also have the right to object by automated means using technical specifications.
-
11. Mutual Rules for processing
If we exchange personal data of customers for further processing, e.g. within the scope of the fulfilment of so-called drop shipments, that is usually not qualified as a processing in the sense of Art. 28 par. 3 GDPR, but a data transmission, because we or you process the data for our or your own purposes, namely to fulfil delivery or purchase obligations and under instruction-free determination of own resources. In order to ensure legal conformity, we establish the following mutual processing rule:
• Contractor and Principal are obliged to process personal data only in accordance with the basic EU data protection regulation (GDPR) and the Federal Data Protection Act (BDSG-new) and, if applicable, other special legal standards.
• The employees of contractors and Principal as well as their vicarious agents are subject to data confidentiality in accordance with Art. 29 GDPR in conjunction with the Federal Data Protection Act-new (BDSG-new). As far as the Contractor or the Principal uses a processor for the processing of personal data within the scope of the order, he shall – in accordance with Art. 28 GDPR – be carefully selected with regard to the guaranteed level and obliged and checked accordingly within the scope of a data processing agreement. The same applies if the Contractor and the Principal make use of another third party for the fulfilment of the order by way of the transfer of functions. The obligations arising from the confidentiality obligation/data processing agreement relate to all individual details of a person's personal and material circumstances as well as to all protective measures for this information. In particular, the Contractor and the Principal are obliged not to process any personal data without authorization.
• The Contractor will only use personal data which he receives from the Principal and/or from third parties within the scope of the execution of the order or which he collects himself for the purpose of the execution of the order. The Principal declares his agreement with this purpose limited processing. The use of this personal data outside the joint execution of the order (change of purpose) requires a separate, prior written consent of the Principal.
• In the event of the transfer of personal data to the Contractor assures the Principal that he is entitled to do so on the basis of an authorization under the GDPR, the BDSG-new or a special legal standard.
• If the Contractor and/or the Principal violate these obligations, the other party reserves the right to assert a resulting claim for damages and/or recourse.
• In the internal relationship, the Contractor and the Principal are only liable if the violation is within their own area of responsibility. In the event of a violation that is within the joint area of responsibility, the Contractor and the Principal shall be mutually liable in proportion to their respective share of fault and/or responsibility.
• If one party is held responsible by an affected party or the supervisory authority (liability, damages, fines, etc.), although the other party is responsible for the violation giving rise to the claim, the responsible party is obliged to indemnify the claimed party upon first request.
• The obligations of Contractor and Principal shall be apply beyond the end of the contract.
Status: July 2024
Companies within the DAW Group
Country |
Location |
Company |
Abu Dhabi |
Abu Dhabi |
Caparol International Paints LLC |
Belgium |
Heusden-Zolder |
DAW Belgium B.V.B.A. |
Bosnien- Herzigowina |
Binjezevo bb. |
Caparol d.o.o. Sarajevo |
Deutschland |
Enger-Oldinghausen |
Alligator Farbwerke GmbH |
Ober-Ramstadt |
Alpina Farben GmbH |
|
Wildeck-Richelsdorf |
Alsecco GmbH |
|
Ober-Ramstadt |
Caparol Farben Lacke Bautenschutz GmbH |
|
Ober-Ramstadt |
Caparol ICONS GmbH |
|
Ober-Ramstadt |
Caparol Industrial Solutions GmbH |
|
Ober-Ramstadt |
DAW SE |
|
Ober-Ramstadt |
DISBON GmbH |
|
Ober-Ramstadt |
Krautol GmbH |
|
Berlin |
Lacufa GmbH Lacke und Farben |
|
Ober-Ramstadt |
Rühl Farben GmbH |
|
Dubai |
Dubai |
Caparol Paints LLC |
France |
Boves |
DAW France SARL |
Boves |
Caparol Marketing Services France S.A.S (C.M.S France) |
|
Boves |
Trade Peinture S.A.R.L. |
|
Georgia |
Tbilisi |
Caparol Georgia GmbH |
Great Britain |
Staffordshire |
ALCECCO (U.K.) Limited |
Italy |
Vermezzo |
DAW Italia GmbH & Co KG, Niederlassung in Vermezzo |
Vicopisano (Pisa) |
Caparolcenter SRL |
|
Corciano |
BeaColor SRL |
|
Arcola |
Evercolor SRL |
|
Katar |
Doha |
Caparol Paints WLL |
Coatia |
Zagreb |
Caparol, Gesellschaft mit beschränkter Haftung für Produktion und Handel (Zagreb, Kroatien) |
Latvia |
Salaspils |
SIA „DAW Baltica“ |
Lithuania |
Vilnius |
UAB „DAW LIETIVA“ |
Netherlands |
Nijkerk |
DAW Nederland B.V. |
Nijkerk |
Verhandel Nederland B.V. |
|
Groningen |
Verfpunt Noordoost B.V. |
|
Austria |
Perg |
Synthesa Chemie Gesellschaft m. b. H. |
Wels |
Avenarius-Agro GmbH |
|
Perg |
Capatect Baustoffindustrie GmbH |
|
Perg |
Dalmatherm Dämmtechnik GmbH |
|
Wien |
Glemadur Farben und Lacke Vertriebsgesellschaft mbH |
|
Perg |
Naporo Klima Dämmstoff GmbH |
|
Poland |
Warschau |
Caparol POLSKA Sp. z.o.o. |
Portugal |
Porto, Maia |
Unibersa – Tintas Protectoras e Decorativas, Unipessoal, LDA |
Sweden |
Göteborg |
DAW Nordic AB |
Switzerland |
Nänikon |
DAW Schweiz AG |
Slovakia |
Bratislava |
Caparol Slovakia s.r.o. |
Slowenia |
Komenda |
Caparol Handel mit Farben, Lacken, Baumaterial und Chemikalien, d.o.o. |
Spain |
Blanes (Provinz Girona) |
Caparol Espana S.L. |
Palma de Mallorca |
Decopunt Balear S.L. |
|
Santianes |
Iberica de Revestimientos Grupo EMP S.L.U. |
|
Czech Republic |
Ceske Budejovice |
Cesky Caparol s.r.o. |
Ukraina |
Wasyliwka |
TOP „CAPAROL DNIPRO“ |
Kiew |
„CAPAROL UKRAINA“ |
|
Belarus |
Brest |
Ausländisches Produktions- und Handelseinheitsunternehmen „DISKOM“ |
Wholesale and CMS
The list of wholesalers can be found at the following link:
https://www.cms-gruppe.de/fileadmin/user_upload/cms_zentrale/unternehmen/cms_broschuere_2019_150.pdf