Data protection information of the Dr. Jean Bausch GmbH & Co. KG
1. Name and address of the responsible
party
The responsible party in the sense
of the General Data Protection Regulation (GDPR), of the data protection
regulations holding good in the member states of European Union and of other
regulations with a legal data-protecting character is the:
Dr. Jean Bausch GmbH & Co. KG
Oskar-Schindler-Str. 4
50769 Köln
represented by:
André Bausch
Peter Bausch
Contact:
Telephone: +49-221-70936-0
Telefax: +49-221-70936-66
E-Mail: info@bauschdental.de represented
by:
2. Name and address of the data protection
officer
The external data protection
officer of the controller is:
Mr. Jens Engelhardt, his representative
Prof. Sven Kolja Braune,
c/o NOTOS Xperts GmbH
Heidelberg Str. 6
64283 Darmstadt
Phone: +49 6151-52010-0
Fax: +49 6151-52010-99
Website: www.notos-xperts.de
E-mail: datenschutz@notos-xperts.de
Each data subject can turn at
any time directly to our data protection officer with all questions and
suggestions on data protection.
3. Definitions
The data protection information
of the Dr. Jean Bausch GmbH & Co. KG is based on the definitions which have
been used by the European directive and order issuing office in formulating the
General Data Protection Regulation (GDPR). The data protection information of
the Dr. Jean Bausch GmbH & Co. KG should be easily read and understood not
only by the general public but also by our customers and business partners. In
order to ensure this, we would like to clarify in advance the definitions used.
In this data protection
information and on our website, we use - amongst others - the following terms:
3.1 Personal data
Personal data is any
information relating to an identified or identifiable natural person
(hereafter "data subject"). Defined as identifiable is a natural
person who can be identified, directly
or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural
or social identity of that natural person.
3.2 Data subject
Data subject is each identified
or identifiable natural person, whose personal data is processed by the
responsible party for the processing.
3.3 Processing
Processing means any
operation or set of operations which is carried out in connection with personal
data - whether or not by automated means - such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or
destruction.
3.4 Restricting of the processing
Restricting of the processing
is the marking of personal data as stored with the objective of restricting its
processing in the future.
3.5 Profiling
Profiling is each type of the
automated processing of personal data, which consists of this personal data
being used to permit particular personal aspects relating to a particular
natural person, and here in particular aspects in respect of work performance,
economic situation, health, personal likes, interests, reliability, behaviour,
place of residence or change of place of residence of this natural person to be
evaluated, analysed or forecast.
3.6 Pseudonymization
Pseudonymization is the
processing of personal data in such a way that the personal data can no longer
be assigned to a specific data subject without the use of additional
information, in so far as this additional information is kept in a special way
and subjected to technical and organizational measures which ensure that the
personal data cannot be assigned to an identified or
identifiable natural person.
3.7 Responsible party or party responsible for the processing
Responsible party or party
responsible for the processing (hereafter responsible party) is the natural
person or legal entity, authority, institution or other post, which alone or
together with others decides on the purposes and means of the processing of
personal data. If the purposes and means of the processing are laid down in
European Union legislation or the legislation of the member states, then the
responsible party or the particular criteria of the appointment of this
responsible party in accordance with European Union legislation or the
legislation of the member states can be provided.
3.8 Order processor
Order processor is a natural
person or legal entity, authority, institution or other post, which processes
the personal data on the instructions of the responsible party.
3.9 Recipient
Recipient is a natural person
or legal entity, authority, institution or other post to which personal data
are disclosed regardless of whether this is a third party or not. However,
authorities, which receive within the framework of a particular investigation
order in accordance with European Union legislation or the legislation of the
member states data which possibly may be/contain personal data, do not hold
good as recipients.
3.10 Third party
Third party is a natural
person or legal entity, authority, institution or other post with the exception
of the data subject, the responsible party, the order processor and those
persons which are authorized under the direct responsibility of the responsible
party or of the order processor to process the personal data.
3.11 Consent
Consent is each declaration of
will given voluntarily by the data subject for the definite case in an informed
and unambiguous manner in the form of a declaration or other unambiguous
confirmatory action, with which the data subject makes clear that he/she agrees
to the processing of personal data relating to himself/herself.
4. General
information on data processing
Data protection, data security
and data secrecy hold high priority for Dr. Jean Bausch GmbH & Co. KG
(hereafter also termed Dr. Jean Bausch GmbH & Co. KG). The durable
protection of your personal data, of your company data and of your business
secrets is especially important for us.
You can always visit our
website without making statements on your person. However, if you wish to make
use of the services of our company, then this makes the stating of personal
data necessary. As a rule we use the data that you communicate and that is collected
by the website as well as the data stored in the course of the use solely for
our own purposes, namely for the execution and making available of our website
and the initiation, execution and progressing of the services/offers made
available via the website (contract fulfilment) and do not pass this data on to
external third parties in so far as there is not an official obligation to do
this. In all other cases we obtain your special agreement.
The processing of your
personal data is carried out in conformity with the requirements of the General
Data Protection Regulation and in conformity with the country-specific data
protection regulations holding good for Dr. Jean Bausch GmbH & Co. KG. With
the aid of this data protection information we wish to inform you on the
nature, scope and purpose of the personal data processed by ourselves. In
addition, we clarify for you with the aid of this data protection information
the rights to which you are entitled.
Dr. Jean Bausch GmbH & Co. KG has realized technical and organizational
measures in order to ensure an appropriate level of protection of the personal
data processed via this website. Nevertheless, fundamentally Internet-based
data transmissions can have security loopholes so that absolute protection cannot
be guaranteed.
5. Collecting of general data and
information
The website of Dr. Jean Bausch GmbH & Co. KG collects a range of
general data and information each time the website is called by a data subject
or an automated system. This general data and information is stored in the log
files of the server. Able to be collected are: (1) the browser types and versions used, (2) the
operating system used by the accessing system, (3) the website, from which an
accessing system reaches our website (so-called referrer), (4) the
sub-websites, which are steered to on our website via an accessing system, (5)
the date and time of an access to the website, (6) an Internet-protocol-address
(IP-address), (7) the Internet service provider of the accessing system and (8)
other similar data and information, which serve the warding off of hazards in
the case of attacks to our IT systems.
In using this general data and
information Dr. Jean Bausch GmbH & Co. KG draws no conclusions about the
data subject. Much more is this information needed (1) to be able to deliver
out the content of our website correctly, (2) to permit the optimization of the
content of our website and of the advertising for this, (3) to ensure the
durable functionality of our IT systems and of the technology of our website
and (4) to be able to make available to the law enforcement authorities the
information necessary for criminal prosecution in the case of a cyber attack.
This anonymously collected data and information is evaluated by Dr. Jean Bausch
GmbH & Co. KG on the one hand statistically and on the other hand with the
objective of increasing the data protection and the data security in our
company in order finally to ensure an optimal level of protection for the
personal data processed by ourselves. The anonymous data of the server-logfiles
are stored separately from all the personal data stated by a data subject.
6. Contact form and e-mail contact
Provided on
our website is a contact form which can be used for making contact
electronically. If a user makes use of this opportunity, the data entered in
the input mask is transmitted to and will be stored by ourselves. This data may
be (for example):
· First name and surname*
· E-Mail address*
· Company
· Address
· Telephone number
· Telefax
· Message*
*Obligatory
Information.
At the time
of the transmission of the message the following data will also be stored:
A list of
the relevant data follows. Here some examples:
· IP-address of the user
· Date and time of the transmission
Alternatively,
it is possible for contact to be made via the e-mail address that is provided.
In this case the personal data of the user transmitted with the e-mail is
stored.
In this connection no data
is passed on to third parties. The data is used exclusively for the processing
of the conversation and will immediately be deleted if it is no longer needed.
7. Sending of information
7.1 Sending
of information (including Advertising)
In
addition, we reserve the right to store your first name and surname, your
postal address and - in so far as we have received this additional information
from yourself within the framework of the contractual relationship - your
title, academic degree, year of birth and professional title, sector or
business designation and to store this information for our own adverting
purposes, e.g. for the sending of similar, interesting offers and information
on our training offers per mail or per e-mail if you have stated your e-mail
address.
7.3 No
passing on of data
No passing
on of data to third parties takes place in connection with the data processing
for the sending of newsletters and advertising. The data is used exclusively
for the sending of the newsletter.
7.4 Right
of objection and right of revocation
We draw
explicit attention to your right of revocation (newsletter) and your right of
objection (advertising) in accordance with sections 16.7 and 16.8 of this data
protection information.
8. Data protection with applications and application processes
We collect and process the
personal data of applicants for the purpose of progressing the application
process. The processing can also be carried out electronically. This is in
particular the case when an applicant sends to us relevant application
documents by an electronic route, e.g. per e-mail. If we conclude a contract of
employment with you as applicant, the data transmitted will be stored for
purposes of progressing the employment relationship subject to observation of
the legal regulations. If a contract of employment is not concluded by the
party responsible for the processing with the applicant, then the application
documents will be automatically deleted six months after notification of the
rejection in so far as there is no other legitimate interest of the party
responsible for the processing against deletion. Another legitimate interest in
this sense is, for example, an obligation of proof in a process in accordance
with the German General Equal Treatment Act.
9. Cookies
9.1 Description
and scope of the data processing
Our website
uses cookies. Cookies are text files which are stored in the Internet browser
or, as the case may be, in the Internet browser on the computer system of the
user. If a user calls a website, then a cookie may be stored on the operating
system of the user. Such a cookie contains a characteristic string which
permits unambiguous identification of the browser if the website is called
again.
We
exclusively use session cookies cookies in order to arrange our website in a
more user-friendly manner. Certain elements of our website require that the
calling browser can also be identified after a page change.
In the
cookies the following date is stored and transmitted:
· Language settings
· Articles in a shopping basket
· Log-in information
The data of
the user collected in this way is pseudonymized by technical processes.
Accordingly, assignment of the data to the user calling in is no longer
possible. The data collected is not stored together with other personal data of
the user.
You are
able to set your browser so as to be informed about the setting of cookies and
to decide individually whether to accept them or to exclude the acceptance of
cookies in certain cases or in general. If cookies are not accepted, the
functionality of our website may be limited. The following links provide
information on how to activate and deactivate cookies in the most important
browsers:
· Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
· Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
· Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
10. Data protection regulations for the use and application of
Google Analytics (with anonymization function)
We have integrated on this
website the Google Analytics component (with anonymization function). Google
Analytics is a web-analysis service. Web-analysis is the collecting,
compilation and evaluating of data concerning the behaviour of the visitors to
websites. A web-analysis service collects - amongst other things - data on from
which website (the so-called referrer) a data subject has come to a website,
which subsites of the website were accessed or how often and for what period a
subsite was watched. Web-analysis is used primarily for optimization of a
website and for cost-benefit analysis of Internet advertising.
The operating company of the
Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain
View, CA 94043-1351, USA.
The party responsible for the
processing uses the suffix „_gat._anonymizeIp“ for the web analysis via Google
Analytics. With the aid of this suffix the IP-address of the Internet
connection of the data subject is abbreviated and anonymized if the access to
our website comes from a member state of the European Union or from another
signatory of the agreement on the European Economic Area.
The purpose of the Google
Analytics component is the analysis of the visitor flows to our website. Google
uses the data and information obtained in order to - amongst other things -
evaluate the use of our website, to prepare for us online reports which show
the activities on our website and to provide further services linked with the
use of our website.
Google Analytics sets a cookie
on the IT system of the data subject. What cookies are has been explained
above. The setting of cookies enables Google to analyze the use of our website.
With each call of an individual page of this website, which is operated by the
party responsible for the processing and on which a Google Analytics component
has been integrated, the Internet browser on the IT-system of the data subject
is automatically caused by the particular Google Analytics component to
transmit data to Google for the purpose of online analysis. Within the
framework of this technical process, Google obtains knowledge of personal data
such as the IP-address of the data subject, which data enables Google to -
amongst other things - trace the origin of the visitor and clicks and as a consequence
to make possible the issuing of commission invoices.
With the aid of cookies items
of information related to personal data, e.g. the access time, the place from
which an access started and the frequency of the visits to our website by the
data subject, are stored. With each visit to our website this personal data
including the IP-address of the Internet connection used by the data subject is
transmitted to the United States of America. This personal data is stored by
Google in the U.S.A. In certain circumstances Google passes on this personal
data as collected via the technical process to third parties.
As has already been described
above, the data subject can prevent the setting of cookies by our website at
any time by making an appropriate setting on his/her Internet browser as used
and thereby object to the setting of cookies in a durable manner. Such a
setting of the Internet browser used would also prevent Google from setting a
cookie on the IT system of the data subject. In addition, a cookie that has
already been set by Google Analytics, can be deleted at any time via the
Internet browser or another software program.
Furthermore, the data subject
has the opportunity to object to collection of the data relating to use of this
website generated by Google Analytics and to the processing of this data by
Google and to prevent such collection. For this the data subject must download
and install a browser add-on under the link
https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google
Analytics via JavaScript that no data and no information on the visiting of
websites may be transmitted to Google Analytics. The installation of the
browser add-on is evaluated by Google as an objection. If the IT system of the
data subject is deleted, formatted or installed anew at a later point in time,
then the data subject must carry out the installation of the browser add-on
again in order to deactivate Google Analytics. In so far as the browser add-on
is deinstalled or deactivated by the data subject or by another person, who can
be considered to belong to the area of control of the data subject, then the
browser add-on can be installed or activated again.
Further information and the
valid and applicable data protection regulations of Google can be called under
https://www.google.de/intl/de/policies/privacy/ as well as under
http://www.google.com/analytics/terms/de.html. Google Analytics is explained in
more detail under this link: https://www.google.com/intl/de_de/analytics/.
11. Data protection regulations on the application and use of
YouTube
On this website we have
integrated components from YouTube. YouTube is an Internet video portal that
enables video publishers to set video clips free of charge and for other users
to view, evaluate and comment on these, also free of charge. YouTube permits
the publication of all types of video so that not only complete films and
television programmes but also music videos, trailers and amateur videos
prepared by users can be called via the Internet portal.
Operating company of YouTube
is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a
subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA
94043-1351, U.S.A.
With each call of one of the
individual pages of this website, which is operated by the responsible party
for the processing and on which a YouTube component (YouTube video) has been
integrated, the Internet browser on the IT system of the data subject is caused
by the particular YouTube component to download a representation of the
relevant YouTube component from YouTube. Further information on YouTube can be
called under https://www.youtube.com/yt/about/de/. Within the framework of this
technical process YouTube and Google receive knowledge of which concrete subsite
of our website has been visited by the data subject.
In so far as the data subject
is at the same time logged in at YouTube, YouTube will recognize with the
calling of a subsite, which contains a YouTube video, which concrete subsite of
our website the data subject has visited. This information is collected by
YouTube and Google and assigned to the particular YouTube account of the data
subject.
YouTube and Google will always
receive via the YouTube components information that the data subject has visited
our website if the data subject is logged in at our website and at the same
time at YouTube; this takes place regardless of whether or not the data subject
has clicked on a YouTube video. If the transmitting of this information in this
way to YouTube and Google is not desired by the data subject, the latter can
prevent this transmission by logging out of his/her YouTube account before
calling our website.
The data protection regulations
published by YouTube - these can be called down at
https://www.google.de/intl/de/policies/privacy/ - provide information on the
collecting, processing and using of personal data by Google and YouTube.
12. Use of
various social media plug-Ins
12.1 Facebook
This website uses social
plug-ins ("plug-ins") of the social network facebook.com, which is
operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.
("Facebook"). The plug-ins can be recognized with one of the Facebook
logos (white "f" on a blue tile or a "thumbs up" character)
or are characterized with the additive "Facebook Social Plugin". The
list and appearance of the Facebook social plug-ins can be inspected here:
http://developers.facebook.com/plugins.
If a participant calls a
website of this offer, which website contains such a plug-in, the participant's
browser builds up a direct link with the Facebook servers. The content of the
plug-in is transmitted by Facebook directly to your browser and from this
integrated into the website. Accordingly, the offeror has no influence on the
scope of the data which Facebook collects with the aid of this plug-in and
informs the participants accordingly in accordance with its state of knowledge
(https://www.facebook.com/help/186325668085084):
Through the integration of the plug-ins Facebook gets the information that a
participant has called the appropriate page of the offer. If the participant is
logged in at Facebook, Facebook can assign the visit to participant's Facebook
account. If participants interact with the plug-ins, for example if they press
the Like button or make a comment, then the relevant information is transmitted
from your browser directly to Facebook and is stored there. If a participant is
not a member of Facebook, there is nevertheless the opportunity for Facebook to
learn the participant's IP-address and to store this. According to Facebook
only an anonymized IP-address is stored in Germany.
The purpose and scope of the
data collection as well as the further processing and use of the data by
Facebook as well as the related rights and setting opportunities for the
protection of the private sphere of the participants can be taken from
Facebook's data protection information: http://www.facebook.com/policy.php.
If a participant is a member
of Facebook and does not want Facebook to collect data on him via this offer
and to link this data with his membership data as stored at Facebook, he must
log out at Facebook prior to visiting the Internet website. Similarly it is
possible to block Facebook social plug-ins with add-ons for your browser, for
example with the "Facebook Blocker".
12.2 Twitter
Functions of the Twitter
service are integrated on our pages. These functions are offered by Twitter
Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.A. By using
Twitter and the function "Re-tweet" the websites visited by you are
linked to your Twitter account and made known to other users. Thereby data is
also transmitted to Twitter. We draw attention to the fact that we as offeree
of the pages do not receive any knowledge of the content of the data
transmitted or of its use by Twitter. You can find further information on this
in Twitter's data protection declaration at http://twitter.com/privacy.
You can change your data
protection settings at Twitter in the account settings under: http://twitter.com/account/settings.
12.3 Further
social-media plug-Ins
You will find more detailed
information on data protection in the particular data protection information of
this offeree in so far as we use further social-media plug-Ins. Should you not
find this, please do not hesitate to contact us at info@bauschdental.de.
13. Legal fundamentals, purposes of the
processing, duration of the storage, objections and opportunities for
elimination
13.1 General statements on the legal
fundamentals
Article 6
Para. 1 lit. a EU General Data Protection Regulation (EU GDPR) serves as the
foundation for the processing of personal data in so far as we obtain the
consent of the data subject for the processing of personal data.
Article 6
Para. 1 lit. b GDPR serves as the legal foundation for the processing of
personal data which is necessary for the fulfilment of a contract if the data
subject is party to this contract. This also holds good for processing
processes which are necessary for the execution of pre-contractual measures.
Article 6
Para. 1 lit. c GDPR serves as the legal foundation in so far as processing of
personal data is necessary for the fulfilment of a legal obligation.
Article 6
Para. 1 lit. d GDPR serves as the legal foundation for the situation that vital
interests of the data subject or another natural person make the processing of
personal data necessary.
Article 6
Para. 1 lit. f GDPR serves as the legal foundation for the situation that
processing is necessary for ensuring a legitimate interest of our company or of
a third party and if the interests, fundamental rights and fundamental freedoms
of the data subject do not exceed the first named interest.
13.2 General statements on deletion of data and
duration of storing
The
personal data of the data subject are deleted or disabled as soon as the
purpose for which the data was stored lapses. In addition, storage can take
place if this was stipulated by the European or national legislatures in
orders, laws or other regulations in accordance with European Union law to
which the responsible party is subject. Disabling or deletion of the data is
also carried out if a storage period prescribed by the standards as named
expires unless there is a necessity for the continued storage of the data for
the concluding or fulfilling of a contract.
13.3 Individual
statements:
|
Date/data |
Legal foundation |
Storage purpose |
Storage duration |
Objection / opportunity for elimination |
|
General
system data in accordance with clause 5 |
Article 6 Para. 1 lit. f GDPR (legitimate interest) |
The temporary storing of the IP-address by the system is necessary to
permit the delivery of the website to the computer of the user. For this the IP-address
of the user must remain stored for the duration of the session. |
The
data is deleted as soon as it is no longer necessary for achieving the
purpose of their collection. This is the case when the particular session has
ended in situations where the data is collected for making the website
available. This is
the case at the latest seven days after the time when the data was stored in
log files. More extensive storing is possible. In this case the IP-addresses
of the users are deleted or distorted so that an assignment of the client
calling in is no longer possible. |
No because
the data is essential for operating of the website |
|
Data from the
contact form and e-mails in accordance with clause 6 |
Legal
foundation for the processing of the data is as a rule Article 6 Para. 1 lit.
b. GDPR in the case of enquiries via the contact form and/or e-mails. (contract
fulfilment; pre-contractual measures); Article 6
Para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering of
questions on data protection) and in
addition, Article 6 Para. 1 lit. f GDPR (legitimate
interest). |
The
processing of the personal data from the input mask / e-mail serves us solely
for the processing of the contact. This is also the necessary legitimate
interest in the processing of the data. The other
personal data processed during the sending-off process serve to prevent
misuse of the contact form and to ensure the security of our IT systems. |
The
data is deleted as soon as it is no longer needed for achieving the purpose
of their collection. This is the case for the personal data from the input
mask of the contact form and those which are sent by e-mail when the
particular conversation with the user has ended. The
conversation has ended when the circumstances allow the conclusion to be
drawn that the matter in question has been finally clarified. The
above does not hold good if the correspondence is subject to a retention
obligation under commercial law The
additional personal data collected during the sending-off process is deleted
at the latest after a period of seven days. |
The
user has the opportunity to object at any time to the storing of his personal
data. In such a case the conversation cannot be continued. |
Advertising
on the basis of training courses that have been booked in accordance with
clause 7.1 |
Legal foundation
for advertising is Article 6 Para. 1 lit. f GDPR (legitimate interest) |
Purpose of
the collection in addition to fulfilment of the contract is being able to
send promotional material to the customer in a targeted manner (in line with
his interests). |
The date
is deleted at the latest 6 years after the last booking or they are blocked
for advertising purposes (in so far as there is retention obligation). |
Right of
objection in accordance with clause 14.7 |
|
Data
collected in connection with job-applications and job-application processes
in accordance with clause 8 |
Legal
foundation for the processing of the data is as a rule Article 6 Para. 1 lit.
b. GDPR with job applications submitted via the contact form and/or e-mail. (fulfilment
of the employment contract; measures prior to the concluding of an employment
contract); Article 6
Para. 1 lit. c. GDPR (Fulfilment of a legal obligation, e.g. answering of
questions in connection with the job-application process) and apart from
this Article 6 Para. 1 lit. f GDPR (legitimate
interest) and special
legal authorization rules such as a collective agreement, company agreement,
income tax law etc. A supplementary reference is made to the Personnel / HR
processing file. |
If we
conclude an employment contract with you as job applicant, the data
transmitted for the purpose of progressing the employment relationship will
be stored whereby the legal obligations will be observed. |
If no employment
contract is concluded between the party responsible for the processing and
the job applicant, then the job-application documents will be automatically
deleted six months after the notification of rejection has been sent in so
far as no other legitimate interest of the party responsible for the
processing conflicts with the deletion. A
legitimate interest in this connection could be - for example - a proof
obligation in a process in accordance with the German General Equal Treatment
Act). |
Only general
objection and elimination opportunities. |
|
Cookies in
accordance with clause 9. |
Article 6
Para. 1 lit. f GDPR (legitimate interests) for strictly technically essential
cookies In
addition: Article 6 Para. 1 lit. a GDPR (consent) |
The
purpose behind the use of strictly technically essential cookies is that of
making use of the website easier for the user. Certain functions of our
website cannot be offered without the use of cookies. For these functions it
is necessary that the browser is recognized even after a page change. Analysis
cookies are used for the purpose of improving the quality of our website and
its content. Through the analysis cookies we learn how the website is used
and in this way, we can continually optimize our offer. These
purposes also include our legitimate interest in the processing of the
personal data in accordance with Article 6 Para. 1 lit. f GDPR. |
Cookies
are stored on the user's computer and are transmitted from this to our
website. Accordingly, you as user have full control over the use of cookies. |
By
carrying out a change to the settings of your browser you can deactivate
cookies or restrict the transmission of cookies. Cookies that have already
been stored can be deleted at any time. This can also be carried out automatically.
However, if cookies for our website are deactivated, it may no longer be
possible to use all the functions of the website in full. The
transmission of flash cookies cannot be prevented via the browser settings
but requires changes to the setting of the flash player. |
|
Data
transmission through third party cookies in accordance with clauses 10-12 |
Article 6
Para. 1 lit. f GDPR (legitimate
interest) |
Purpose of
and legitimate interest in the setting of third party cookies is that of
improving our offer for you through the analysis of your user behaviour. As a
rule, only a pseudonymized transmission of data to the third parties takes
place. In addition, you yourself are able to prevent transmission of third
party cookies by carrying out an appropriate setting on your Internet
browser. For more details look at the statements made under clauses 10-12. |
Third
party cookies are stored on the computer of the user and are transmitted to
our computer from this. Accordingly, you as user have full control on the use
of third party cookies. |
By
carrying out a change to the settings of your Internet browser you can
deactivate or restrict the transmission of third party cookies. Third party
cookies that have already been stored can be deleted at any time. This
process can also be automated. The
transmission of flash cookies cannot be prevented via the browser settings
but requires changes to the setting of the flash player. |
14. Your rights
If your
personal data is processed, then you are the data subject in the sense of the
GDPR and you are entitled to the following rights vis à vis the responsible
party:
14.1 Right to information
You can
demand from the responsible party confirmation as to whether personal data that
relates to you has been processed by us.
If such
processing has taken place, you can demand information on the following from
the responsible party:
(1)
The
purposes for which the personal data is processed;
(2)
The
categories of personal data which are processed;
(3)
The
recipients or, as the case may be, the categories of recipients to which the personal
data relating to you has been disclosed or will be disclosed;
(4)
The
planned duration of the storage of the personal data relating to you or - if
concrete statements on this are not possible - the criteria for the laying down
of duration of storage;
(5)
The
existence of a right to correction or deletion of the personal data relating to
yourself, of a right to a restriction of the processing by the responsible
party or of a right of objection to this processing;
(6)
The
existence of a right of appeal at a supervisory authority;
(7)
All
the available information on the origin of the data if the personal data was
not collected at the data subject;
(8)
The
existence of an automated decision-finding process including profiling in
accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases -
meaningful information on the logic involved and its scope and the effects
strived for of such a processing for the data subject in question.
You are
entitled to the right to demand information on whether the personal data
relating to yourself is transmitted to a third country or an international
organization. In this connection you can demand to be instructed on the
suitable guarantees in accordance with Article 46 GDPR in connection with the
transmission.
14.2 Right to correction
You have a
right to correction and/or complementing vis à vis the responsible party in so
far as the personal data as processed and which relates to yourself is
incorrect or incomplete. The responsible party has to carry out the correction
without delay.
14.3 Right to restriction of
the processing
Subject to
the meeting of the following preconditions you can demand restriction of the
processing of the personal data relating to you:
(1)
if
you dispute the correctness of the personal data relating to yourself for a
period which makes it possible for the responsible party to check the
correctness of the personal data;
(2)
the
processing is unlawful and you reject deletion of the personal data and instead
demand restriction of the use of the personal data;
(3)
the
responsible party no longer needs the personal data for purposes of the
processing but you need the data for the advancing, exercising or defending of
legal claims, or
(4)
if
you have advanced objection to the processing in accordance with Article 21
Para. 1 GDPR but it has not yet been established whether the justified reasons
of the responsible party outweigh your reasons.
If the
processing of the personal data relating to yourself has been restricted, then
this data - apart from the storing of this - may only be processed with your
consent or for the assertion, exercising or defending of legal claims or for
the protection of the rights of another natural person or legal entity or for
reasons relating to an important public interest of the European Union or of a
member state.
If the
restriction of the processing has been restricted in accordance with the
afore-mentioned preconditions, then you will be informed by the responsible
party before the restriction is removed.
14.4 Right to deletion
14.4.1 Deletion obligation
You can
demand of the responsible party that the personal data relating to yourself is
deleted without delay and the responsible party is then obliged to delete this
data without delay in so far as one of the following reasons applies:
(1)
The
personal data relating to yourself is no longer required for the purposes for
which it was collected or for which it was processed.
(2)
You
revoke your consent, on which processing in accordance with Article 6 Para. 1
lit. a or Article 9 Para.2 lit. a GDPR was based, and there is no other legal
foundation for the processing.
(3)
You
submit an objection to the processing in accordance with Article 21 Para. 1
GDPR and there are no justified reasons for the processing with a higher
priority, or you submit an objection to the processing in accordance with
Article 21 Para. 2 GDPR.
(4)
The
personal data relating to you was processed in an unlawful manner.
(5)
The
deletion of the personal data relating to you is required to fulfil a legal
obligation in accordance with European Union law or the law of the member
states, which laws the responsible party is subject to.
(6)
The
personal data relating to you was collected in relation to services offered by the
information company in accordance with Article 8 Para. 1 GDPR.
14.4.2 Information to third
parties
If the
responsible party has made the personal data relating to you public and if
he/she is obliged to delete this data in accordance with Article 17 Para. 1
GDPR, then he/she shall take reasonable measures including ones of a technical
nature - whereby account shall be taken of the available technology and the
implementation costs - to inform the responsible parties for the data
processing which process the personal data that you as data subject have
demanded from them the deletion of all links to this personal data or of copies
or replicates of these.
14.4.3 Exceptions
The right
to deletion does not exist in so far as the processing is necessary for
(1)
the
exercising of the right of free expression of opinion and to information;
(2)
for
the fulfilment of a legal obligation, which requires the processing in
accordance with the law of the European Union or the law of the member states,
which laws the responsible party is subject to, or for the carrying out of a
task, which lies in the public interest or which is carried out in the
exercising of public authority, which authority was transferred to the
responsible party;
(3)
for
reasons of public interest in the field of public health in accordance with
Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;
(4)
for
archiving purposes, scientific or historical research purposes lying in the
public interest or for statistical purposes in accordance with Article 89 Para.
1 GDPR, in so far as the right named in section a) probably makes the reaching
of the objectives of the processing impossible or impairs it seriously, or
(5)
for
the advancing, exercising or defending of legal claims.
Moreover,
the right to deletion does not exist in so far as the personal data has to be
stored by the controller in order to fulfill legal duties to preserve records
and legal retention periods. In such a case instead of deletion blockage of the
personal data applies.
14.5 Right to information
If you have
advanced the right to the correcting, deleting or restricting of the processing
vis à vis the responsible party, then the latter is obliged to inform all
recipients, to which the personal data relating to you was disclosed, of this
correction or deletion of the data or of the restricting of the processing,
unless this proves itself to be impossible or linked with unreasonable
expenditure.
You are
entitled to the right vis à vis the responsible party to be informed about
these recipients.
14.6 Right to data portability
You have
the right to receive the personal data relating to you, which you made
available to the responsible party, in a structured, conventional and
machine-readable format. In addition, you have the right to transmit this data
to another responsible party without hindrance by the responsible party to whom
the personal data was made available, in so far as
(1)
the
processing is based on a consent in accordance with Article 6 Para. 1 lit. a)
GDPR or Article 9 Para. 2 lit. a) GDPR or on a contract in accordance with
Article 6 Para. 1 lit. b) GDPR and
(2)
the
processing is carried out with the aid of automated processes.
In
exercising this right, you have in addition the right to bring about the
situation that the personal data relating to you is transferred directly from
one responsible party to another responsible party in so far as this is
technically possible. The freedoms and rights of other persons may not be
impaired thereby.
The right
to data portability does not hold good for the processing of personal data,
which is necessary for the carrying out of a task, which lies in the public
interest or in the exercising of public authority and which task was
transferred to the responsible party.
14.7 Right to object
For reasons
which result from your particular situation you have the right to advance at
any time objection to the processing of the personal data relating to you,
which processing is carried out on the basis of Article 6 Para. 1 lit. e) or f)
GDPR; this right also holds good for profiling based on these provisions.
The
responsible party shall then no longer process the personal data relating to
you, unless he/she can demonstrate compelling reasons worthy of protection,
which reasons overweigh your interests, rights and freedoms or where the
processing serves the advancing, exercising or defending of legal claims.
If the
personal data relating to you is processed for the carrying out of direct
advertising, then you have the right to advance at any time objection to the
processing of the personal data relating to you for purposes of such
advertising; this holds good too for profiling in so far as this is carried out
in connection with such direct advertising.
If you
object to the processing for purposes of direct advertising, then the personal
data relating to you will no longer be processed for these purposes.
You have
the opportunity - in connection with the use of services of the information company
and regardless of directive 2002/58/EC – to exercise your right of objection
with the aid of automated processes in which technical specifications are used.
14.8 Right to withdraw from the
declaration of consent under data protection law
You have the
right to withdraw your consent at any time and without giving reasons. In the
event of withdrawal we immediately will delete your personal data and no longer
process it. The legality of the processing carried out on the basis of your
given consent and carried out prior to your withdrawal is not affected by you
withdrawal.
14.9 Automated decision-making
in individual cases including profiling
You have
the right to not subject yourself to a decision based solely on an automated
processing process - including profiling - which unfolds a legal effect vis à
vis yourself or which impairs you significantly in a similar way. This does not
hold good if the decision
(1)
is
necessary for the concluding or fulfilment of a contract between you and the
responsible party,
(2)
is
permissible on the basis of legal regulations of the European Union or of its
member states, which the responsible party is subject to, and these regulations
contain reasonable measures for the maintenance of your rights and freedoms as
well as for your legitimate interests or
(3)
is
carried out with your explicit consent.
However,
these decisions may not be based on particular categories of personal data in
accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a
or g does not hold good and reasonable measures have been taken for the
protection of the rights and freedoms as well as of your legitimate interests.
In respect
of the cases named in (1) and (3) above the responsible party shall take
reasonable measures to ensure the rights and freedoms as well as your
legitimate interests, whereby belonging thereto is at the least the right to
the affecting of the intervention of a person on the side of the responsible
party for the representation of the responsible party's standpoint and to the
challenging of the decision.
14.10 Right to complain at a
supervisory authority
Regardless
of another regulatory or judicial remedy, you are entitled to the right to
lodge a complaint at a supervisory authority and here in particular at a
supervisory authority in the member state of your place of residence, of your
place of work or of the place where the suspected infringement took place when
you are of the opinion that the processing of the personal data relating to you
infringes the GDPR.
In this
situation the supervisory authority, at which the complaint was lodged, shall
inform the complainant on the status and the results of the complaint including
the possibility of a judicial remedy in accordance with Article 78 GDPR.
Status: May
2018
Responsible
party: Dr. Jean Bausch GmbH & Co. KG