We attach great importance to privacy. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you the above-mentioned portal. This statement describes how and for what purpose your data is collected and used and what options you have in relation to personal information.
1 Name and Address of the Controller
Responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is
OECON Holding & Consulting GmbH
Hermann-Blenk-Straße 22 a
Phone: +49 531 35 444 10
Fax: +49 531 35 444 16
2 Genral use of the website
The hosting services we use are for the purpose of providing the following services: infrastructure and platform services, computing capacity, disk space and database services, collateral and technical maintenance services we use to operate the site.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer acc. Art. 6 para. 1 p. 1 f) GDPR in conjuction with Art. 28 GDPR.
2.2 Access data
We collect information about you when you use this website. We automatically collect information about your usage and interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our online offer (so-called server log files). Access data includes:
- IP address
- the date and time of access to the Internet site
- the sub-websites, which are controlled by an accessing system on our website
- the browser types and versions used
- the operating system used by the accessing system
We use this protocol data without assignment to your person or other profiling for statistical evaluations for the purpose of the operation, the security and the optimization of our on-line offer, in addition, for the anonymous registration of the number of visitors on our website (traffic) as well as to the extent and type of Use of our website. Based on this information, we can provide personalized and location-based content, analyze traffic, troubleshoot and improve our services.
This is also our legitimate interest in accordance with Art. 6 paragraph 1 p. 1 f) GDPR.
We reserve the right to retrospectively review the log data if, on the basis of concrete evidence, there is a legitimate suspicion of unlawful use. IP addresses are stored in the logfiles for a limited period of time.
We use so-called session cookies to optimize our online offerings. A session cookie is a small text file that is sent by the respective servers when visiting a website and stored on your hard disk. This will allow your computer to be recognized when you return to our website.
The cookies store about the following data and information:
- Language settings
You can set your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether you exclude the acceptance of cookies for specific cases or in general, or that cookies are completely prevented. This may limit the functionality of the website.
2.4 e-mail contact
If you contact us by e-mail, we will store your details for the processing of the request as well as in the event that follow-up questions arise.
This is also our legitimate interest in accordance with Art. 6 para. 1 p. 1 f GPDR.
We store and use other personal data only if you consent to it or if this is permitted by law without special consent.
2.5 Contact form
On our website is a contact form available, which can be used for electronic contact. If a user realizes this option, the data entered in the input mask will be transmitted to us and saved. These data are:
- e-mail address
For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 p. 1 a GPDR.
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The user has the possibility at any time to revoke his consent to the processing of the personal data. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
3 Your rights as data controller
Under applicable law, you have various rights to your personal information. If you would like to assert these rights, please send your request by e-mail or by post with a clear identification of your person to the address specified in section 1.
Below is an overview of your rights.
3.1 Right to confirmation and information
You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to ask us for free information about your personal data stored together with a copy of this data. Furthermore, there is a right to the following information:
- The processing purposes;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
- if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
- the right of rectification or erasure of personal data concerning you or restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected from you, all available information about the origin of the data;
- the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on you.
If personal data are transmitted to a third country or to an international organization, you have the right to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transfer.
3.2 Right to rectification
You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
3.3 Right to cancellation (“right to be forgotten”)
According to Art. 17 (1) GDPR, you have the right to ask us to delete your personal data without delay and we are obliged to delete your personal data immediately if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based in accordance with Article 6 (1) sentence 1 a) GDPR or Article 9 (2) (a) GDPR and there is no other legal basis for the processing
- In accordance with Art. 21 para. 1 GDPR, you object to the processing and there are no prior justifiable reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR
- The personal data were processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under Union or national law to which we are subject.
- The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If we have made the personal data publicly available and if we are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall take appropriate measures, including technical ones, for data controllers who are responsible for the personal data, taking into account the available technology and the implementation costs Process Data, informing you that you have requested deletion of any links to such personal information or copies or replications of such Personal Information.
3.4 Right to restriction of processing
You have the right to require us to restrict processing if any of the following conditions apply:
- The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information,
- the processing is unlawful and you have refused to delete the personal data and have instead requested the restriction of the use of personal data;
- we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend your rights, or
- You have objected to the processing according to Art. 21 (1) GDPR, as long as it is not certain that the justified reasons of our company outweigh yours.
3.5 Right to Data Portability
You have the right to receive the personal information you provide to us in a structured, common and machine-readable format, and you have the right to submit that information to another person without hindrance, provided that
- the processing on a consent in accordance with Art. 6 para. 1 p. 1 a) GDPR or Art. 9 para. 2 a) GDPR or based on a contract pursuant with Art. 6 para. 1 p. 1 b) GDPR and
- the processing is done using automated procedures.
In exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data are transmitted directly by us to another person responsible, as far as this is technically feasible.
3.6 right to contradict
You have the right to object at any time to the processing of personal data concerning you pursuant to Article 6 (1) sentence 1 (e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. We no longer process personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If personal data are processed by us in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
You have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR unless the processing is necessary to fulfill a public interest task.
3.7 Right to revoke a data protection consent
You have the right to revoke your consent to the processing of personal data at any time.
3.8 Right to complain to a supervisory authority
You have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.
4 Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted with us. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (for example, when communicating by e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
To safeguard your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we always adapt to state-of-the-art technology.
We also do not warrant that our offer will be available at specific times; Disturbances, interruptions or failures can not be excluded. The servers we use are regularly backed up carefully.
5 Disclosure of data to third parties, no data transfer to non-EU countries
Basically, we only use your personal data within our company.
If we engage third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transmission is required for the corresponding service.
In the event that we outsource certain parts of the data processing (“order processing”), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights.
Data transmission to agencies or persons outside the EU outside of the cases mentioned in this declaration in paragraph 2 does not take place and is not planned.