Data Privacy Policy

I. Controller

Controller within the meaning of the General Data Protection Regulation (EU-GDPR) and other national data protection regulations of the member states and other data privacy regulations is:

Gottlieb Duttenhöfer GmbH & Co. KG

Bahnhofstraße 100

67454 Haßloch, Germany

Tel.: +49 (0)6324 590-0

E-mail: Info(at)Duttenhoefer.com

Represented by the managing directors:

Dipl. Kfm. Carsten Meiswinkel

II. Data Protection Officer

The Controller’s data protection officer is:

Markus Reffert

Tel.: +49 (0)6324 590-254

E-mail: Datenschutz(at)duttenhoefer.com

III. State Data Protection Authority

The responsible state data protection authority is:

The State Commissioner for the Protection of Data and Freedom of Information Rhineland Palatinate

Postfach 30 40

55020 Mainz, Germany

Tel.: +49 (0)6131 208-2449

Fax: +49 (0)6131 208-2497

E-mail: poststelle(at)datenschutz.rlp.de

IV. General Provisions on Data Processing

1. Scope of Processing of Personal Data

We process personal data of our users only insofar as this is necessary for the provision of a functional website.

2. Data Erasure and Storage Duration

The personal data of the data subject are deleted or blocked as soon as the purpose of the storage ceases to apply. Data may furthermore be stored if provided for by the European or national legislators in Union directives, laws or other regulations to which the Controller is subject. The data are blocked or deleted also on expiry of a storage period prescribed in the above-mentioned standards unless the continued storage of the data is necessary for the conclusion or fulfilment of a contract.

V. Provision of the Website and Compilation of Log Files

Every time our Internet website is called up, our system automatically collects data and information from the computer system of the calling computer.

1. Description and Scope of Data Processing

The use of our homepage does not involve any collection of personal data, except the temporary storage of the IP address, without which use of the homepage is not possible.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f) GDPR.

3. Purpose of Data Processing

The data are stored in log files to ensure the functionality of the website. In addition, the data help us to optimise the website and to safeguard the security of our IT systems. The data are not evaluated for marketing purposes in this context.

4. Duration of Storage

The data are deleted as soon as they are no longer required for the achievement of the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated.

The temporary storage does not allow any identification of personal data.

5. Right of Objection and Right to Erasure

Collection of the data for provision of the website and storage of the data in log files is essential for the operation of the Internet website. The user therefore has no right to oppose such collection and storage.

VI. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the user’s Internet browser or on the user’s computer system by the Internet browser. If a user calls up a website, a cookie can be stored on the user’s operating system. This cookie contains a distinctive character string that allows unambiguous identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our Internet website require the calling browser to be identified even after switching to a different website.

2. Legal Basis for Data Processing

The legal basis for the processing of personal data with the use of cookies is Art. 6 (1) lit. f) GDPR.

3. Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of the website for the user. Certain functions of our Internet website cannot be offered without the use of cookies. For these functions it is necessary that the browser can still be identified even after switching to a different website.

The user data collected by technically necessary cookies are not used to create user profiles.

These purposes also found our legitimate interest in the processing of the personal data in accordance with Art. 6 (1) lit. f) GDPR.

4. Duration of Storage, Right of Objection and Right to Erasure

Cookies are stored on the user’s computer and transmitted by the computer to our website. You as user therefore have complete control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies already stored can be deleted at any time. This process can also be automated. If cookies are deactivated for our website, you may no longer be able to make full use of all the functions of the website.

5. Third party cookies

For the uniform display of fonts, our website uses, among other things, so-called web fonts. On this website, we use MyFonts, from MyFonts Inc, 500 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the license terms, page view tracking is performed by counting the number of visits to the website for statistical purposes and transmitting them to MyFonts. MyFonts only collects anonymized data. If necessary, the data is passed on by activating Java Script code in your browser. To prevent the execution of Java Script code from MyFonts altogether, you can install a Java Script blocker (e.g. www.noscript.net). For more information about MyFonts Counter, please see MyFonts’ privacy policy at http://www.myfonts.com/info/terms-and-conditions/#Privacy.

VII. E-Mail Contact

1. Description and Scope of Data Processing

You can contact us via the e-mail address provided. In this case, the personal data on the user transmitted with the e-mail will be stored.

No data are forwarded to third parties in this context. The data are used exclusively for the processing of the conversation.

2. Legal Basis for Data Processing

The legal basis for the processing of the data transmitted in conjunction with the dispatch of an e-mail is Art. 6 (1) lit. f) GDPR. If the objective of the e-mail contact is the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b) GDPR.

3. Purpose of Data Processing

Such contact by e-mail also founds our legitimate interest in the processing of the data.

4. Duration of Storage

The data are stored and deleted in accordance with the “German Principles of Data Access and Verifiability of Digital Documentation (GDPdU)”.

5. Right of Objection and Right to Erasure

The user has the right to revoke his/her consent to the processing of the personal data at any time. If the user contacts us by e-mail, he/she may object to the storage of his/her personal data at any time. In such cases, the conversation cannot be continued.

The revocation of consent and the objection to the storage of the data must be made in writing to the above postal address or by e-mail to Datenschutz(at)duttenhoefer.com

In this case, all personal data stored during the course of the contact will be deleted as long as erasure does not infringe the “German Principles of Data Access and Verifiability of Digital Documentation (GDPdU)”.

VIII. Rights of the Data Subject

If personal data on you are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis à vis the Controller:

1. Right to Information

You can demand information from the Controller as to whether personal data concerning you are being processed by us.

If such data are being processed, you can demand the following information from the Controller:

(1)            The purposes for which the personal data are being processed;

(2)            The categories of personal data being processed;

(3)            The recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;

(4)            The planned period of the storage of the personal data concerning you or, if concrete indication is not possible here, the criteria used to determine that period;

You have the right to demand information on whether the personal data concerning you have been or will be transferred to a third country or international organisation. In this context you can demand information on the appropriate safeguards in accordance with Art. 46 GDPR in conjunction with the transfer of your data.

2. Right to Rectification (Art. 16 GDPR)

You have a right to rectification and/or completion vis à vis the Controller if the processed personal data concerning you are incorrect or incomplete. The Controller shall rectify the data without undue delay.

3. Right to Erasure (Art. 17 GDPR)

The data processed by us are deleted or their processing is restricted in accordance with Art. 17 and 18 GDPR. Unless otherwise expressly stated in this data privacy policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose and erasure does not contravene statutory retention obligations. If the data are not deleted because they are required for other legally permitted purposes, their processing will be restricted, i.e. the data will be blocked and not processed for any other purposes. This applies e.g. to data that have to be retained for commercial and tax law reasons.

4. Right to Restriction of Processing (Art. 18 GDPR)

Under the following conditions, you can demand restriction of processing of the personal data concerning you:

(1)            If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2)            The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3)            The Controller no longer needs the personal data for the purposes of the processing, but you require these data for the establishment, exercise or defence of legal claims, or

(4)            If you have objected to processing pursuant to Art. 21 (1) GDPR pending verification as to whether the legitimate grounds of the Controller override your grounds.

If processing of the personal data concerning you has been restricted, these data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted under the above conditions, you shall be informed by the Controller before the restriction of processing is lifted.

5. Right to Notification (Art. 19 GDPR)

If you have exercised your right to rectification, erasure or restriction of processing vis à vis the Controller, the Controller shall be obliged to communicate this rectification or erasure of personal data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the Controller about these recipients.

6. Right to Data Portability (Art. 20 GDPR)

You have the right at any time to receive the personal data concerning you provided to the Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit these data to another Controller without hindrance from the Controller to whom the personal data have been provided, insofar as

(1)        Processing is based on consent pursuant to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR or on a contract pursuant to Art. 6 (1) lit. b) GDPR, and

(2)        Processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one Controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of other persons.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) lit. e) or f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data relating to you unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

8. Right to Revoke Consent under Data Protection Law

You have the right to revoke your consent under data protection law at any time. This revocation of consent shall not prejudice the lawfulness of processing carried out up to the time of your revocation.

9. Right of Complaint to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with whom the complaint was lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.