Status: May 28, 2018
1 YOUR DATA PROTECTION IS OUR CONCERN
We appreciate your interest in our company and our products or services and would like you to feel secure when visiting our Internet pages, also with regard to the protection of your personal data. We take the protection of your personal data very seriously. Compliance with the provisions of the EU General Data Protection Regulation (GDPR) is a matter of course for us.
We want you to know when we collect what data and how we use them. We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers.
2 RESPONSIBLE BODY
The responsible party for the collection, processing and use of your personal data within the meaning of the German Federal Data Protection Act is Sorpetaler Fensterbau GmbH, Selbecke 6, 59846 Sundern. If you wish to object to the collection, processing or use of your data by Sorpetaler Fensterbau GmbH in accordance with this data protection declaration, either as a whole or for individual measures, please send your objection by e-mail, fax or letter to the following address:
Sorpetaler Fensterbau GmbH Selbecke 6 59846 Sundern E-mail: email@example.com
3 NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The data protection officer of the responsible party is: Stefan Appelhans Selbecke 6 59846 Sundern E-mail address: firstname.lastname@example.org Telephone: +49 (0)2393 91 92 0
4 GENERAL INFORMATION ON DATA PROCESSING AND TRANSMISSION
Scope of the processing of personal data As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing Data deletion and storage period. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Transfer of data to third parties within the EU and abroad As a matter of principle, we use your personal data only within our company. If and to the extent that we involve third parties in the performance of contracts (such as payment service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing to third parties in another EU country ("commissioned processing"), we contractually obligate commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject, and we expressly point this out in this data protection statement in the course of explaining the individual data processing operations.
In the event that we outsource certain parts of data processing to third parties in other EU countries ("commissioned processing"), we contractually oblige commissioned processors, with the aid of standard contractual clauses provided by the EU Commission specifically for this purpose, to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject, and we expressly refer to this in this data protection declaration in the course of explaining the individual data processing operations.
5 PERSONAL DATA
Personal data is information about your identity. This includes, for example, information such as name, address, telephone number, e-mail address. It is not necessary for you to disclose personal data in order to use our website. In certain cases, however, we need your name and address as well as other information so that we can provide the requested services.
The same applies, for example, to the sending of information material and ordered goods or to answering individual questions. Where this is necessary, we will point this out to you accordingly. In addition, we only store and process data that you provide to us voluntarily or automatically.
If you make use of services, we generally only collect the data that we need to provide the services. If we ask you for further data, this is voluntary information. Personal data is processed exclusively to fulfil the requested service and to protect our own legitimate business interests.
Persons under the age of 18 should not provide us with any personal data without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect them and do not pass them on to third parties.