1. Controller; Data Protection Officer
1.1 We, fiss Klaus Friedrich e.K., Hauptstraße 8, 73650 Winterbach, are the controller within the meaning of the General Data Protection Regulation and national data protection laws of the Member States, as well as other data protection regulations, responsible for processing your personal data. We are serious about protecting your privacy.
1.2 You can contact our Data Protection Officer by e-mail at datasecurity(c)fiss-machines.com or by writing to our mailing address “attn. data protection officer".
|Cookie||A text file that is temporarily ("session cookie") or permanently ("persistent cookie") stored on your device by means of which we (“our own cookies") or third parties ("third-party cookies") receive certain information. This text file cannot run programs or transmit viruses to your computer.|
|Third country||A country outside of the European Union.|
|Voluntary information||Personal data that we request from you that is not mandatory information but that facilitates processing.|
|Contact and inquiry data||Personal data that you provide when contacting us by e-mail or when you contact us by other means and/or submit an inquiry that does not involve the conclusion of a contract.|
|Log file||A file that is stored on our servers and logs certain information each time our website is accessed.|
|Newsletter mailing data||Personal data that you provide when subscribing to our newsletter, in particular your e-mail address.|
|Usage data||Information about your use of our website, in particular data we collect through the use our own cookies, third-party cookies and log files.|
|Personal data||All information that relates to you as an identified or identifiable natural person. This comprises contract data, contact and inquiry data, newsletter mailing data and usage data.|
|Mandatory information||Personal data that we request from you that is absolutely necessary in relation to the purposes for which they are processed. Mandatory information is specially marked during data collection.|
|Contract data||Personal data that you provide in connection with placing an order in order to establish, substantively arrange, change or terminate a contractual relationship with us.|
3. General information about how personal data is handled
3.1 As a rule, we only use your personal data to enable you to use our services.
3.2 In cases where we have obtained your consent to process personal data, Art. 6(1)(a) of the General Data Protection Regulation (GDPR) serves as the legal basis for processing this personal data.
3.3 Art. 6(1)(b) GDPR serves as the legal basis for processing in cases where it necessary to process personal data for the performance of a contract to which you are a party. This also applies to processing operations that are necessary in connection with pre-contractual activities.
3.4 In cases where it is necessary to process personal data to comply with a legal obligation to which we are subject, Art. 6(1)(c) GDPR serves as the legal basis for such processing.
3.5 Art. 6(1)(d) GDPR serves as the legal basis in cases where processing personal data is necessary in order to protect your vital interests or of those of another natural person.
3.6 If processing is necessary to protect a legitimate interest of ours or a third party and if your interests, fundamental rights and freedoms do not outweigh these interests, Art. 6(1)(f) GDPR serves as the legal basis for such processing.
3.7 Personal data will be erased or blocked as soon as the purpose for which the data is stored ceases to apply. Furthermore, data may be stored if required for compliance with a legal obligation which requires storage by Union or Member State law to which the we are subject. Data will also be blocked or erased if a storage period prescribed by the laws referred to above has lapsed, unless there is a need for further storage of the data for the conclusion or performance of a contract.
3.8 If we share your data with external service providers for specific functions and services, we will provide you detailed information about the respective processing operations. We have carefully selected and engaged these external service providers; they are bound by our instructions and are subject to regular monitoring. These external service providers will not share data provided to them with other third parties, but rather they will erase this data after performance of the respective contract and upon expiry of statutory storage periods unless you have consented to continued storage. In cases where our external service providers or partners are based in a third country, we will provide you information about the consequences of this situation in the description of the respective data processing. As an exception, your personal data will also be shared with other third parties if we are legally obliged to disclose the relevant personal data, however we will inform you of this without undue delay.
3.9 Our employees are obliged to maintain secrecy regarding personal data.
4. Your rights
4.1 You may revoke your consent to our use of your personal data in whole or in part at any time with prospective effect.
4.2 In the case of processing personal data to perform tasks in the public interest (Art. 6(1)(e) GDPR) or to safeguard legitimate interests (Art. 6(1)(f) GDPR), you can object to the processing of personal data concerning you at any time with prospective effect. In the event of an objection, we shall refrain from any further processing of your data for the aforementioned purposes, unless:
- There are compelling legitimate grounds for the processing which override your interests, rights and freedoms;
- Processing is necessary for the establishment, exercise or defence of legal claims.
4.3 Where your data are processed for direct marketing purposes, especially for sending a newsletter, you have the right to object at any time to the processing of your personal data with prospective effect to the extent that it is related to direct marketing. In the event of objection, we must refrain from any further processing of your data for the purpose of direct marketing.
4.4 You also have the right to lodge a complaint with a supervisory authority concerning any data protection issues.
4.5 In addition, you have the following rights with regard to your personal data:
- Right to information;
- Right to rectification or erasure;
- Right to restriction of processing;
- Right to data portability.
5. Contract data
5.1 We process your contract data, which may include both mandatory information and voluntary information, to establish, perform and change our contractual relationship in accordance with the legal basis referred to in Section 3.3.
5.2 Your contract data will only be shared with third parties for the purpose of performing the contract. Recipients of such data include service providers, suppliers, contractual partners and contract data processors. The transfer of your newsletter mailing data to a third country or an international organisation is not planned.
5.3 Your contract data will be stored for the duration of the performance of the contract and will be erased immediately thereafter, unless further processing, in particular storage, is required by law, storage is required for evidentiary reasons (e.g. to assert claims or to defend against potential claims for damages), we have your express permission to do so or are authorised to do so by law.
6. Contact and inquiry datan
6.1 We process your contact and inquiry data, which may include both mandatory information and voluntary information (e.g. in order to contact you personally and in order to be better able to address any responses), to respond to you inquiries in accordance with the legal basis referred to in Section 3.3.
6.2 The transfer of your contact and inquiry data to a third country or an international organisation is not planned.
6.3 Your contact and inquiry data will be erased immediately after we have completely addressed you inquiry, unless further processing, in particular storage, is required by law, storage is required for evidentiary reasons (e.g. to assert claims or to defend against potential claims for damages), we have your express permission to do so or are authorised to do so by law.
7. Newsletter mailing data
7.1 We process your newsletter mailing data, which may include both mandatory information and voluntary information (e.g. in order to contact you personally, in order to personally tailor the newsletter and to be able to clarify questions about your e-mail address), to send our newsletter in accordance with the legal basis referred to in Section 3.2.
7.2 We use the so-called "double opt-in method" to send our newsletter. This means that we will not send you the newsletter until you have confirmed your registration via a confirmation e-mail sent to you using the link included in the confirmation e-mail. This is to ensure that only you can subscribe to the newsletter as the owner of the e-mail address you provide. Your confirmation must be received within 24 hours of receiving the confirmation e-mail, otherwise your newsletter subscription will be automatically blocked in our database and deleted after one month. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter.
7.3 In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this process is to be able to verify your registration and, if necessary, to clarify any potential misuse of your personal data. The legal basis for this process is described in Sections 3.2 and 3.4.
7.4 Your newsletter mailing data will not be shared with third parties. Under no circumstances will we disclose your personal data to third parties for advertising or marketing purposes unless you have expressly consented to disclosure for this purpose. The transfer of your newsletter mailing data to a third country or an international organisation is not planned.
7.5 You can also prevent further newsletters from being sent at any time after you have registered to receive our newsletter by revoking your consent; you will not be charged anything. To do so, you can either send us an informal e-mail to firstname.lastname@example.org or use the link at the end of the newsletter. This has no effect on any other rights you have as described in Section 4.
7.6 Your newsletter mailing data will be stored until you revoke your consent (Section 7.5) and erased immediately after that, unless further processing, in particular storage, is required by law, storage is required for evidentiary reasons (e.g. to assert claims or to defend against potential claims for damages), we have your express permission to do so or are authorised to do so by law.
8. Our cookies
8.1 We use our own cookies. The purpose of our own cookies is to make our website more user-friendly and functional. They do not contain any personal information about you, but rather only an identification number that has no significance outside our services. In particular, we use so-called session cookies. These store a so-called "session ID" by means of which various requests from your browser can be assigned to a common session. This means that when you visit our website, your device can be identified even if you switch from one page to another and the end of your visit can be determined. We also use persistent cookies. This allows your browser to be recognized the next time you return to our website.
8.2 We use session cookies so that you can seamlessly use our website. The legal basis for the use of our own cookies is referred to in Section 3.6.
8.3 Your usage data collected by our own cookies is not shared with third parties. The transfer of your usage data to a third country or an international organisation is not planned.
8.4 Session cookies are automatically deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period that may vary depending on the cookie. You can delete the cookies at any time using your browser's security settings. You can configure your browser settings according to your wishes and reject certain cookies or reject all cookies in general. Please note that if you refuse to accept our own cookies, you may not be able to use all of the functions of our website.
9. Use of Google Analytics
9.1 Our website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Inc. uses third-party cookies. Google Inc. uses information generated by these third-party cookies to evaluate your use of the website, to compile reports on the activities of the website for us and for the provision of other services related to Internet use and use of the website. The IP address transferred by your browser in connection with Google Analytics will not be associated with other data held by Google.
9.2 We use Google Analytics to analyse and improve our website. In this context, we use the statistics generated in this manner to pursue our interest in improving our website and making it more attractive for you as a user. The legal basis for the use of Google Analytics can be found in Section 3.6.
10. Log files
10.1 Every time you visit our website, we collect personal data transmitted by your browser to our server. This information is stored in a log file. Specifically, the following data set is stored every time you visit our website:
- IP address;
- Date and time of access;
- Time zone difference to Greenwich Mean Time (GMT);
- Contents of the request (specific page);
- Access status/HTTP status code;
- The amount of data transferred in each case;
- The referring website;
- Operating system and interface;
- Language and browser software version.
We do not link personal data stored in the log file with your other personal data.
10.2 Using this data is necessary so that we can display our website to you and ensure the stability and security of our website. The legal basis for the use of log files can be found in Section 3.6.
10.3 Your log files are not shared with third parties. The transfer of your data to a third country or an international organisation is not planned.
10.4 Your IP address will only be stored for the duration of your use of the website and is then deleted immediately or anonymised by shortening it. All remaining data is deleted after two days.
11. Integration of YouTube videos
11.2 Our intent for integrating YouTube videos is to improve our website and make it more attractive for you as a user. The legal basis for the integration of YouTube videos can be found in Section 3.6.
11.3 YouTube videos are provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For more information about the purpose and scope of the collection and processing of your data by Google Inc., your rights in this regard and the options available to you to protect your privacy, please visit http://www.google.de/intl/de/policies/privacy. Google Inc. also processes your personal data in the United States and has submitted to the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework.
11.4 You have a right to object to the creation of user profiles by Google Inc. and must contact Google Inc. directly to exercise this right.
12. Use of Google Maps
12.2 Google Maps allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The legal basis for the integration of Google Maps can be found in Section 3.6.
12.3 For more information about the purpose and scope of the collection and processing of your data by Google Inc., your rights in this regard and the options available to you to protect your privacy, please visit http://www.google.de/intl/de/policies/privacy. Google Inc. also processes your personal data in the United States and has submitted to the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework.
12.4 You have a right to object to the creation of user profiles by Google Inc. and must contact Google Inc. directly to exercise this right.
13. Data security
All information that you provide to us is stored on servers within the Federal Republic of Germany and the Republic of Austria. Please note that the transmission of information via the Internet is not completely secure. For this reason, we cannot guarantee the security of data transmitted to our website via the Internet. All data on our servers is protected from loss, destruction, access, modification or distribution by unauthorized persons by means of technical and organisational measures (e.g. multi-level security systems). Our employees and system service providers regularly control the effectiveness of these protective measures. We use SSL encryption (Secure Socket Layer) for communication between your device and our servers.
Last updated: May 2018
© e|s|b Rechtsanwälte Dresden