Data protection statement, as of 2021-08-05

Name and address of the data controller

The data controller as defined in the General Data Protection Regulation and other national data protection laws of the Member States, and in other data privacy provisions, is:

Grässlin Zeitschalttechnik GmbH
Leopoldstraße 1
78112 St. Georgen
Germany
+49 7724/933-0
info@graesslin.de
www.graesslin.de

 

Contact info of the data protection officer

datenschutz@graesslin.de

 

General information on data processing

Scope of processing of personal data

We process personal data from our users only where this is necessary in order to provide a functioning website and to provide our content and services. As a rule, personal data concerning our users is processed only when the user has given consent. An exception to this rule applies in cases in which prior receipt of consent is not possible for practical reasons and processing of data is permitted by the statutory regulations.

Legal basis for processing of personal data

If we receive consent to the processing of personal data from the data subject, the legal basis shall be formed by article 6(1), sentence 1(a) of the EU General Data Protection Regulation (GDPR).

When processing personal data that is required in order to fulfil a contract to which the data subject is a party, article 6(1), sentence 1(b) of the GDPR shall form the legal basis. This also applies to processing operations that are necessary in order to perform measures prior to entering into a contract.

If it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, article 6(1), sentence 1(c) of the GDPR shall form the legal basis.

In the event that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, article 6(1), sentence 1(d) of the GDPR shall form the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and these interests are not outweighed by the interests and fundamental rights and freedoms of the data subject, article 6(1), sentence 1(f) of the GDPR shall form the legal basis.

Data deletion and duration of storage

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage no longer applies. Storage of this data may exceed this period where provided for by European or national lawmakers – in compliance with Union law – in ordinances, laws or other regulations to which the data controller is subject. Data shall also be blocked or deleted when a retention period prescribed by the specified norms expires, unless it is necessary to continue storing the data for the purposes of concluding or fulfilling a contract.

 

Rights of the data subject

If personal data concerning you are processed, you are the data subject as defined in the GDPR and you have the following rights vis-à-vis the data controller:

Right to access

You can request confirmation from the data controller of whether personal data concerning you is processed by us.

If such processing exists, you can request the following information from the data controller:

  • The purposes of the processing for which the personal data are intended;
  • The categories of personal data that are processed;
  • The recipients or categories of recipient to whom personal data concerning you has been or shall be disclosed;
  • The planned period for which the personal data concerning you shall be stored or, if specific information is not possible, the criteria that are used to determine that period;
  • The existence of the right to request rectification or erasure of personal data concerning you, the right to restrict processing by the data controller or to object to this processing;
  • The right to lodge a complaint with a supervisory authority;
  • All available information about the origin of the data, if the personal data were not collected from the data subject;
  • The existence of automated decision-making, including profiling, referred to in article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the
  • significance and the envisaged consequences of such processing for the data subject.
  • You have the right to request information about whether the personal data concerning you are to be transferred to a third country or an international organisation. In this context, you can request to be informed of
  • suitable safeguards as defined in article 46 of the GDPR relating to this transfer.

Right to rectification

You have the right to obtain from the data controller the rectification or completion of personal data, where the personal data processed that relates to you are incorrect or incomplete. The data controller shall perform this rectification without delay.

Right to restriction of processing

Under the following conditions, you can request restriction of processing of the personal data concerning you:

  • If you contest the accuracy of the personal data concerning you, for a period enabling the data controller to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead;
  • The controller no longer needs the personal data for the purposes of the processing, but you require the personal data for the establishment, exercise or defence of legal claims, or;
  • If you have objected to processing pursuant to article 21(1) of the GDPR pending verification of whether the legitimate grounds of the controller override yours.

Where processing of personal data concerning you has been restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above conditions, you shall be informed by the data controller before the restriction of processing is lifted.

Right to erasure

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. You withdraw your consent on which the processing is based according to article 6(1), sentence 1(a), or article 9(2), sentence 2(a) of the GDPR, and where there is no other legal ground for the processing;
  3. You object to the processing pursuant to article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to article 21(2) of the GDPR;
  4. The personal data concerning you were unlawfully processed;
  5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in article 8(1) of the GDPR.

b) Information to third parties

Hat der Verantwortliche die Sie betreffenden personenbezogenen Daten öffentlich gemacht und ist er gem. Art. 17 Abs. 1 DSGVO zu deren Löschung verpflichtet, so trifft er unter Berücksichtigung der verfügbaren Technologie und der Implementierungskosten angemessene Maßnahmen, auch technischer Art, um für die Datenverarbeitung Verantwortliche, die die personenbezogenen Daten verarbeiten, darüber zu informieren, dass Sie als betroffene Person von ihnen die Löschung aller Links zu diesen personenbezogenen Daten oder von Kopien oder Replikationen dieser personenbezogenen Daten verlangt haben.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

  1. For exercising the right of freedom of expression and information;
  2. For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the  exercise of official authority vested in the data controller;
  3. For reasons of public interest in the area of public health in accordance with article 9(2) (h) and (i) as well as article 9(3) of the GDPR;
  4. For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89(1) of the GDPR in so far as the right referred to in section a) is likely to
  5. render impossible or seriously impair the achievement of the objectives of that processing; or
  6. For the establishment, exercise or defence of legal claims.

5. Right to notification

If you have exercised your right to obtain rectification, erasure or restriction of processing from the data controller, the data controller is obliged to communicate this rectification or erasure of the data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the data controller.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another data controller without hindrance from the data controller to which the personal data have been provided, where:

  1. The processing is based on consent pursuant to article 6(1), sentence 1(a) or article 9(2) (a) of the GDPR or on a contract pursuant to article 6(1), sentence 1(b) of the GDPR and the processing is carried out by automated means.
  2. In exercising this right, you also have the right to have the personal data in question transmitted directly from one data controller to another, where technically feasible. Exercising this right shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply for the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Right to withdraw your declaration of consent to processing of personal data

You have the right to withdraw your declaration of consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

  1. Is necessary for entering into, or performance of, a contract between you and the data controller;
  2. Is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. Is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in article 9(1) of the GDPR, unless article 9(2) (a) or (g) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to article 78 of the GDPR.

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.

The following data are recorded here:

  1. Information about the browser type and the version used
  2. The user’s operating system
  3. The user’s IP address
  4. Data and time of the access
  5. Websites from which the user’s system reaches our website
  6. The data are also saved in our system’s log files. These data are not stored together with other personal data concerning the user.

2. Legal basis of data processing

The legal basis for temporary storage of the data and the log files is article 6(1), sentence 1(f) of the GDPR.

3. Purpose of data processing

Temporary storage by the system of the IP address is necessary in order to enable the website to be made available to the user’s computer. To do this, the user’s IP address has to remain stored for the duration of the session.

This information is stored in log files in order to ensure the functioning of the website. Furthermore, we use the data to optimise the website and to safeguard the security of our information technology systems. The data are not evaluated for marketing purposes in this context.

These purposes are also covered by our legitimate interests as defined in article 6(1), sentence 1(f) of the GDPR.

 

4. Duration of storage

The data are erased as soon as they are no longer required to fulfil the purpose for which they were collected. In the case of collecting data to make the website available, this is the case when the session in question ends.

In the case of storing the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymised so that it is no longer possible to identify the calling client.

 

5. Possibility of objection and removal

Recording data to make the website available and storing data in log files are fundamentally necessary to operation of the website. As a consequence, the user does not have the possibility of objecting to these.

 

Use of cookies

Description and scope of data processing

Our website uses cookies. These are small files that our web server sends to your PC.

A distinction is made between technical cookies (1), which guarantee the correct functioning of our website and tracking cookies (2) for marketing and analysis purposes, which require your consent.

(1) Session cookies, handling of your opt-out opt-out, WordPress Multi Language (WPML).
(2) Google Analytics (via Google Tag Manager) – see separate sections in this Privacy Policy.

Technical cookies do not require agreement and are therfore set automatically.

Concerning the use of Google Analytics refer to the separate section of this data protection statement.

You can prevent the collection of your data by Google Analytics. Just change your settings: 

 

Contact form and email contact

1. Description and scope of data processing

On our website, there is a contact form that can be used to make contact with us in electronic form. If a user makes use of this option, the data entered into the input mask are transferred to us and stored.

At the time that the message is sent, the following data are also stored:

  • Name
  • Email address

During the dispatching process, you are requested to provide your consent to data processing and you are referred to this data privacy statement.

Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transferred with the email are stored.

No data are transferred to third parties in this context. The data are used exclusively for processing of the conversation.

2. Legal basis of data processing

The legal basis of data processing is, if the user has provided consent, article 6(1), sentence 1(a) of the GDPR.

The legal basis for processing the data transferred in the context of sending an email is article 6(1), sentence 1(f) of the GDPR. If the aim of email contact is to execute a contract, further legal basis is provided by article 6(1), sentence 1(b) of the GDPR.

3. Purpose of data processing

Personal data from the input mask are processed solely for the purposes of processing the establishing of contact. In the event that contact is established by email, there is also a legitimate interest in processing the data.

The other personal data processed during the dispatching process are used to prevent misuse of the contact form and to safeguard the security of our information technology systems.

4. Duration of storage

The data are erased as soon as they are no longer required to fulfil the purpose for which they were collected. In the case of the personal data from the input mask for the contact form and the personal data transferred by email, this is once the conversation in question with the user has concluded. The conversation is concluded once it can be assumed from the circumstances that the issue in question has been conclusively clarified.

The additional personal data recorded in the course of the dispatching process are deleted after a period of seven days, at the latest.

5. Possibility of objection and removal

The user has the option of withdrawing at any time his or her consent to the processing of personal data. If a user makes contact with us by email, the user can object at any time to the storage of his or her personal data. In this case, the conversation cannot be continued.

All personal data stored in the course of establishing contact are deleted in this case.

 

GOOGLE ANALYTICS

Founded on the legal basis of our legitimate interest to improve our web offering, our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address is abbreviated beforehand by Google within Member States of the European Union or in other states who are party to the Agreement on the European Economic Area. Your full IP address will only be transmitted to a Google server in the United States and abbreviated there in exceptional cases. On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage vis-à-vis the website operator. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.

You can prevent the collection of your data by Google Analytics or modify your general agreement, just change your settings: 

 

Information on the processing of customer / Supplier data article 13/14 EU-DSGVO

 

Personal data / origin of the data

The following categories of data can be affected:

  • Base data (Name, Address, Telephone No., Mail Address)
  • Payment details (Account details IBAN/BIC)

Your personal data is usually collected directly from you as part of our business initiation or ongoing business relationship.

 

Purposes and legal basis

1)  Consent Article 6 Paragraph 1a EU-DSGVO

Consent for the purpose of advertising measures, consent to the processing of special categories of data.

2) Fulfillment of contractual obligations Article 6 Paragraph 1b EU-DSGVO

  • To fulfill contractual obligations
  • To be able to correspond with you

3) Legal requirements Article 6 Paragraph 1c EU-DSGVO

4) As part of the balancing of interests Article 6 Paragraph 1f EU-DSGVO

If necessary, we also process your data in order to safeguard our legitimate interests of those of third parties.

This can be the case, for example, with:

  • Ensuring IT security and IT operations
  • To carry out payment processing
  • For the purpose of advertising
  • Measures to ensure house rules

 

If we process your data to safeguard legitimate interests, you can object to this processing if your particular situation gives rise to reasons that speak against data processing.

 

Data recipient

Within our company, only those persons and departments receive your personal data who need it to fulfil our contractual and legal obligations.

Service providers used by us can also receive data for these purposes, such as accounting, payment service providers, leasing banks, service providers.

 

Rights of the data subject

You have the right to information about the collected personal data, as well as to correction or deletion or restriction of processing, a right to object to processing and that right to data portability.

If you assume that your data has been processed unlawfully, you can submit a complaint to our data protection officer or the responsible supervisory authority.

 

Storage period

We process and store your data as long as it is necessary for the fulfillment of our contractual and legal obligations.

Any furhter storage takes place if you, according to Article 6, Paragraph 1c EU-ESGVO due to tax and retention and decomentation obligations under commercial law (from HGBm StGB or AO) are obliged to store them for a longer period of time.

 

Transmission to third countries

A transfer to third countries does not take place.