Declaration of Data Protection

Name and Contact of the respondents according article 4 Abs. 7 DSGVO

Cfm Oskar Tropitzsch GmbH

Adalbert-Zoellner-Str. 1

95615 Marktredwitz, Deutschland

Tel.: +49-(0)9231-9619-0

Fax: +49-(0)9231-9619-60

Mail: kontakt@cfmot.de

Data Protection Officer

The company size of up to 10 employees will not be exceeded. Therefore, a data protection officer does not have to be named. Please contact the general contact channels for data protection questions.

Security and protection of your personal data

We consider it our primary responsibility to protect the confidentiality of the personal information you provide and to protect it from unauthorized access. That’s why we use the utmost care and state-of-the-art security standards to ensure maximum protection of your personal information.

As a private company, we are subject to the provisions of the European General Data Protection Regulation (DSGVO) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the data protection rules are respected both by us and by our external service providers.

Definitions

Legislation requires that personal data be processed lawfully, in good faith and in a manner that is reasonable for the data subject (“lawfulness, fairness, transparency”). To ensure this, we inform you about the individual legal definitions that are also used in this privacy statement:

Personally identifiable data

“Personally-identifiable data” is any information that relates to an identified or identifiable natural person (hereinafter “the affected person”); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.

Processing

“Processing” is anyone, with or without the help of automated procedures, performed procedures, or any such series of operations related to personal data such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using disclosure through submission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction.

Limitations of processing

“Limitations of processing” ist die Markierung gespeicherter personenbezogener Daten mit dem Ziel, ihre künftige Verarbeitung einzuschränken.

Profiling

“Profiling” means any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, to analyze or predict personal preferences, interests, reliability, behavior, location or change of location of this natural person.

Pseudonymization

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data Data can not be assigned to an identified or identifiable natural person.

File system

“File system” means any structured collection of personal data accessible by specific criteria, whether that collection is centralized, decentralized or organized according to functional or geographical considerations.

Responsible person

“Responsible person” means a natural or legal person, public authority, body or body that alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.

Processor

“Processor” means a natural or legal person, public authority, body or body that processes personal data on behalf of the controller.

Recipient

“Recipient” means a natural or legal person, public authority, agency or other entity to whom personal data are disclosed, whether or not it is a third party. However, authorities that may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients; the processing of these data by the said authorities shall be in accordance with the applicable data protection rules in accordance with the purposes of the processing.

Third-party

“Third-party” means a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.

Informed consent

An “informed consent” of the data subject is any expression of will voluntarily be given in an informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that they are involved in the processing of the data subject personal data.

 

Legality of processing

The processing of personal data is only legal if there is a legal basis for processing. The legal basis for the processing may, in accordance with Article 6 para. 1 lit. a – f DSGVO in particular: 

·         The affected person has given their approval to the processing of the personal data concerned for one or more specific purposes;

·         The processing is for the fulfillment of a contract, in which contracting party is the affected person, or for the execution of pre-contractual measures required, which are made at the request of the affected person

·         The processing is for the fulfillment of a legal obligation required, which is _unterliegt_ to the responsible person; the processing is required for protecting the vital interests of the affected persons or the other natural person

·         The processing is for the perception of a task, which transferred to the responsible person and in the public interest or as a mission of public authority required;

·         The processing is necessary for the perception of legitimate interests of responsible persons or a third party require, unless the interest or fundamental rights and fundamental freedoms of the affected persons, which require the protection of personal data, predominate, especially if the affected person is a child

Information about the collection of personal data

(1)   In the following, we inform you about the collection of personal data in case of using our website. Personal data are for example name, address, e-mail address, and user behavior.

(2)   In case of contacting us by using the contact form or by writing an e-mail, we save the giving information (your name, company name, country, and your e-mail-address). This helps us to answer and find the right contact person for your question and forward it to them. We will delete the data when the legal basis pursuant to Article 6 paragraph 1 lit. a – f DSGVO is no longer available.

Collecting personal data on visiting our website

In the just informative use of the website, when you aren’t registered or transfer information to us, we collect the personal data, which your browser sends to our server.  If you want to view our website, we collect the data which are a list up in the following and are technically necessary for showing you our website and to ensure the stability and security (legal basis is Art. 6 (1) sentence 1 lit. DSGVO):

·         IP address

·         Date and time of the request

·         Time zone difference to Greenwich Mean Time (GMT)

·         Content of the request (concrete page)

·         Access Status / HTTP status code

·         each transferred amount of data

·         Website from which the request comes

·         Browser

·         Operating system and its interface

·         Language and version of the browser software.

 

Use of Cookies

(1)   In addition to the previously mentioned data in using our website cookies are saved on your computer. The cookies are small text data, which are stored on your hard drive assigned to the browser you are using and through which the position that sets the cookie receives certain information. Cookies can’t execute programs or transmit viruses on your computer. The purposes of the cookies are to make our internet offers more user-friendly and effective.

(2)   This website uses the following types of cookies their scope and functioning are explained in the following:

·         Transient Cookies

will be deleted automatically, if you close the browser. These include, in particular, the session cookies. These are the Session-Cookies. These cookies stored the so-called Session-ID, with which different requests from your browser can be assigned to the common session.  So we can recognize your computer if you visit our website again. The Session-Cookies will be deleted if you log out or close your browser.

·         Persistent Cookies

will be deleted automatically after a predetermined duration, which can be differentiated. You can delete the cookies whenever you want in the security settings of your browser.

You can configure your browser settings according to your wishes and for example, the approval for Third-Party-Cookies or all other cookies rejects. The so-called “Third Party Cookies” are cookies set from a third party, this means that they are not from the actual website on which you are currently located. We want to inform you that in case of deactivating the cookies some functions of the website can’t be used. The uses of HTML5 storage objects can be prevented by changing your browser in the private modus. We recommend you, to delete your browser course and the cookies regularly.

Further functions and offers of our website

(1)  Besides the purely informational use of our website, we offer you other services, which you can use if you are interested. You will need to provide more personal information that we use to provide the service and for which the aforementioned data processing principles apply.  

(2) Particularly we use to process your data from external service providers. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected.

(3)  Furthermore, we can relay your personal data if we offered by us and together with partner’s participation in activities, competitions, contracts or similar services. More Information you get in the indication while giving us your personal data or in the description of our offer. 

Newsletter

(1)   You have got the opportunity to fill a contact form on our website, which can send us your questions. By the admission in the distributor of the newsletters, you will get a confirmation e-mail to your given address. Other confirmations aren’t mandatory. 

(2)   Your acceptation about getting the newsletter is any time revocable and suppressible. You can retract by click on a link which is in all newsletters, or by using our contact form, or with a message to the given contact data of imprint.  

Rights of the Affected Person

Retraction of consent

If the processing of the personal data is based on a given consent, you have got the right to retract your acceptation any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

For the exercise of your right, you can always contact us.

Right to confirmation

You have got the right to require confirmation from the responsible person about the process of personal data concerning you. Any time you can get the confirmation from the above-mentioned contact data.

Right of providing information

You can request information about the collection and processing of personal data and about the following information at any time:

        the processing purpose;

        the categories of personal data being processed;

        the recipients or categories of recipients to whom the personal data have been disclosed or not disclosed, particularly in recipients in third countries or international organizations;

        the planned duration for which the personal data are stored;

        the existence of a right to rectification or erasure of your personal data or restriction of processing by the controller or a right to object to such processing;

        the existence of complaint right with a supervisory authority

        if the personal data isn’t collected from the data subject, all available information about the source of the data

        the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the involved logic and the scope and intended impact of such processing on the data subject.

If the personal data are transmitted to a third country or an international organization, you have got the right to be reported about the appropriate warranty in accordance with article 46 DSGVO in connection with the transmission. We provide a copy of the personal data which is the subject of the processing. For other copies that you can apply as a person, we can demand a reasonable remuneration based on the administrative costs. Submit the application electronically, so the information is provided in an electronic format unless it states otherwise.  The right to receive a copy according to paragraph 3 may not affect the rights and liberty of the persons.

Right to rectification

You have got the right to demand immediately the authorization to get your personal data from us.

Taking into account the purposes of the processing you‘ve got the right to demand the completion of incomplete personal data – including by means of a supplementary declaration.

 

Right to cancellation (“right to be forgotten”)

You’ve got the right to require from the responsible person to immediately delete your personal data and we are obliged to delete personal data if one of the following reasons is true.

·         The personal data for the purposes for which they were collected or otherwise processed are no longer necessary

·         The responsible person revokes the consent on which the processing was based on Article 6 (1) a or 9 (2) a DSGVO and there is another basis for the processing is missing.

·         The affected person put according to article 21 (1) DSGVO a contradiction against the processing and there are no longer reasons for the processing or the affected person put a contradiction according to article 21 (2) DSGVO against the processing.

·         The personal data were processed unlawfully.

·         The deletion of the personal data is to fulfill a legal obligation under Union or national law, in which the person responsible is subject.

·         The personal data were regarding the offered services of the information society according to article 8 (1) DSGVO raised.

 

Has the responsible person make the personal data public and is according to article 1 to the deletion committed, so it’s taking into account of the available technology and the implementation costs appropriate measures, also technical kind, in order for the data processing responsible person, who processing with the personal data, to inform the person that an affected person has requested to delete all links to any personal data or copies or replicas of such personal data.

The right of deletion (“right to be forgotten”) doesn’t exist, as far as the processing is required.

·         to exercise the law of freedom of expression and information;

·         to fulfill a legal obligation, which the processing according to the law of Union or the member state to which the controller is subject, or for the performance of a public-interest or public-authority task delegated to the controller;

·         for reasons for the public interest in the area of public health according article 9 (2) h and i and Article 9 (3) DSGVO; for the public interest archival purposes, science or historical research purpose or for statistical purposes according to article 89 (1) DSGVO, as far as the paragraph 1 called right probably the realization of the aims of the processing makes impossible or seriously impaired or,

·         To assert, to exercise or defense of legal claims. Right of restriction the processing.

You have got the right to demand the restriction of the processing of your personal data if one of the following requirements is given:

·         The accuracy of the personal data of the affected person is denied and for a duration, which enables the responsible person to verify the personal data,  

·         The processing illegitimate is and the affected person the deletion of the personal data refuses and instead of the restriction of use demand;

·         The responsible person, who doesn’t need the personal data for the purpose, however, the affected person is required for the assertion, exercise or defense of legal rights, or 

·         The affected person put contraction against the processing according to article 21 (1) DSGVO has the right, as long as not determined yet if the purpose of the legitimate reasons of the responsible across from the affected person predominate. 

Was the processing according to the above conditions restricted, so this personal information will be – apart from the storage – only with an agreement of the affected person or for assertion, exercise or defense of legal claims or for the protection of rights of another natural or juridical person or for reasons of important public interest of the Union or of a member state processed.

To enforce the right to restriction of processing, the affected person can write to us anytime to the above standing contact address.

Right of data portability

You have got the right to get your personal data, which you have given to us, in a structured, common and machine-readable format.   You have got also the right to transmit those data to another responsible person without any obstruction due to the responsible person, which was provided to, as far as:

·         The processing is based on a consent according to article 6 (1) a or article 9 (2) a or on a contract according to article 6 (1) b DSGVO  or

·         The processing happens with the help of an automated procedure.

The practice of the right of data portability according to paragraph 1 you have got the right to obtain, that the personal data are transmitted directly from a responsible person to another, as far as this is technically feasible. The processing of the right of data portability leaves the right of deletion (“Right to be forgotten”) untouched. The right is not for processing, which is for the perception of a task required and which is in the interest of the public or results is taken place in public violence, the responsible person was transferred.

Right of objection

You have the right, for reasons, which is arising from particular situations, to file an objection anytime against the processing for your personal data, which is the result due to article 6 (1) e or f DSGVO. This also applies for one on these provisions supported/ protected profiling.  The responsible person isn’t processing the personal data anymore, unless he can coercively requiring protection reasons for the processing provide, which is preponderance the interest, the rights, and freedom of the affected person, or the processing serve as an assertion, practicing or defense of legal claims.

If your personal data is processed to run direct mail you have the right to file an objection against the processing of your affected personal data for the purpose of such advertising. This applies also to profiling, as far as it is associated with such direct mails. If you object the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In conclusion with the use of services of the information society, you can regardless of the guideline 2002/58/EG exert your objection through the automated procedure, where technical specifications are used.    

You have the right, for reasons, which is arising from particular situations, to file an objection anytime against the  processing of your personal data, which is using for scientific or historical research purpose or for statistical purposes as referred to article 89 (1), unless the processing is necessary for fulfilling a public interest task.

You can always exert the right of objection by contacting the responsible person.

 

Automated decisions on a single case including profiling

You have the right not only of automated processing – including profiling – to be subjected to decision-making, which is unfolding legal effect over you or is significantly affected you in a similar way. This doesn’t apply if the decision:

  • For the conclusion or performance of a contract between the affected person and the responsible person is necessary,

  • Due to legal regulations of the union or a state member, which the controller is responsible to, is permitted and this legislation contains reasonable measures to protect the rights and freedoms and the legitimate interests of the affected person or,

  • With the explicit consent of the affected person.

The responsible person makes reasonable measures for protecting the right and freedom such as the legitimate interests of the affected person,  including the right to obtain the intervention of a person by the responsible person and on exposition to his own point of view and contesting the decision.

This right can exert by the affected person anytime by contacting the responsible person. 

Right of appeal with a controlling institution 

You also have, without prejudice to any other administrative or judicial remedy, the right of appeal on a controlling institution. Especially in the member state of your residence, your workplace or the place of alleged infringement, if the affected person is of the view that the processing of the personal data concerning them is contrary to this regulation.

Right to an effective judicial remedy

You have without prejudice to any available administrative or extrajudicial remedy including the right of appeal on a controlling institution according to article 77 DSGVO the right to effective judicial remedy, if you are in a view that your rights under this regulation have been infringed as a result of a not consistent processing of your personal data under this regulation. 

Use of Google Analytics

(1)   This website is using google analytics, a web analytics service of Google Inc. (“Google”). Google Analytics is using so-called “cookies”, text files, which are stored on your computer and which allow an analysis of the use of the website by you. The information generated by the cookies about your use of this website is usually transmitted and stored by Google on servers in the United States. In case of activating der IP anonymization on this website, your IP address is shorted by Google within member states of the European Union or in other contracting states of the agreement on the European economic area. Only in exceptional cases your full IP address is transferred and shortened on a Google server in the USA.  On behalf of the operator of this website, Google will use this information, to evaluate your use of the website, to report the website activities and other services and activities related to the website usage and internet usage across from the website operator.

 

(2)   The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.

 

(3)   You can prevent the storage of cookies by setting your browser software accordingly. We point out to you, that in this case, you may not be able to use the full functions of this website. You may also prevent the collection by Google of the data generated by the cookies and related to your use of the website (including your IP address) as well as the processing of this data by Google.  To do this, you must download and install the browser plug-in available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

 

(4)   This website uses Google Analytics with the feature “_anonymizelp()”. By that, the IP address will be shorted and continue processed. So person relatability can be excluded. So far the data collected about you is assigned a personal reference; it will be immediately excluded and deleted.  

 

(5)   We are using Google Analytics to analyze the use and regularly improve our website. With the gained statistics we can improve our offer and make it more interesting for you as a user. For the exceptional case in which personal data transmitted to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is Article 6 (1) sentence 1 f DSGVO

 

(6)   Information from the third party:

Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html,

Overview of privacy: http://www.google.com/intl/de/analytics/learn/privacy.html,

And data protection: http://www.google.de/intl/de/policies/privacy

 

(7)   This website uses Google Analytics also for a cross-device analysis of visitor flows, which is carried out via a user ID.  You can deactivate in your customer account under “my data”, “personal information” the cross-device analysis of your use.

Use of Google Webfonts

To make our content cross-browser accurate and graphically appealing, we use script libraries and font libraries such as e.g. Google Webfonts on this website (https://www.google.com/webfonts/). Google Webfonts are transferred to the cache of the browser to prevent multiple loading. If the browser isn’t supporting Google Webfonts or stop the access, the content will be displayed in a standard font.

The call of script libraries or font libraries automatically triggers a connection to the operator of the library. It is possible that the operators of the respective libraries collect data.

 

The privacy policy of the library operator Google can be found here:

www.google.com/policies/privacy/

 

Processor

We serve our extern services (processor) e. g. but not only for the dispatch of goods or payment transactions. With this service, a separate order data processing was concluded to ensure the protection of your personal data. Which service providers in our process data on our behalf, you can see with a request to our experience.