LinkedIn Logo

Imprint

Responsible:

Kurt Schubert GmbH
Gerrit Blömer
Industriestr. 26
33397 Rietberg
GERMANY

Entry in the commercial register
Registry Court: Gütersloh
Registry Number: HRB 5654

VAT identification number: DE 363 244 151

Tax identification number: 347/5749/0160

Privacy policy

Preamble

The following privacy policy will explain the types of personal data (hereinafter also "data") that our organization collects from you when you use our website, as well as the ways and extent to which our organization uses your data.

Last updated: October 3, 2023

Table of contents

Preamble

Responsible person

Overview of data processing

Legal background

Security measures

Sharing personal data

International data transfers

Deletion of data

Data subject rights

Use of cookies

Website and web hosting provisions

Amendment and updating of the privacy policy

Definitions of terms

Responsible person:
Gerrit Blömer
Industriestrasse 26
33397 Rietberg
GERMANY

E-Mail-Adresse:
bloemer@schubert-gegenzugfoilien.de

Terms and conditions:
www.gegenzugfolie.de

Overview of data processing

The following overview summarizes the types of data our organization collects and what this data is used for. In addition, the overview summarizes whose data our organization collects.

What data do we collect?

Website usage data.
Metadata, website traffic data and accounting data.

Whose data are we collecting?

We collect the data of any person visiting our website.

Why are we collecting your data?

Safety measures.
Analytics to help develop our online services and user experience.
Information technology infrastructure.

Legal background

Relevant provisions of the GDPR: Below you will find an overview of the provisions of the GDPR, on the basis of which we process your personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Any additional applicable legislations can be found in our Privacy Policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, there are national data protection regulations that are enforced in Germany. These include the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The BDSG contains special regulations on the right of access by the data subject, the right to erasure, the right to object, the processing of special categories of personal data, processing of data for other purposes and transmission, as well as automated decision making in individual cases, including profiling. Data protection laws of individual federal states may also apply.

Security measures

We take the appropriate technical and organizational measures in accordance with the legal requirements to ensure an appropriate level of data protection. Our organization takes into account processing costs, technological limitations, and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of threats to the rights and freedoms of natural persons.

These measures include safeguarding the confidentiality, integrity and availability of data by overseeing physical and electronic access to the data, as well as its input and disclosure, and safeguarding the availability and separation of user data. Furthermore, our organization has established procedures that ensure that your rights are protected, relevant data is deleted, and data threats are responded to. We take the protection of personal data into account during the development or selection of hardware, software and processes, this all in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

TLS/SSL encryption (https): To protect user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing Internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Sharing personal data

As part of processing personal data, the data may be shared with or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data include, for example, IT service providers or providers of services and content that are integrated into the website. In these cases, our organization observes all legal requirements and concludes corresponding contracts or agreements with the recipients of your data that serve to protect it.

International data transfers

Data processing in third countries: Any data that is processed in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)), by a third party or is disclosed or transferred to other persons, bodies or companies, is done so in accordance with all legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data will only be transferred if the level of data protection is otherwise ensured, for example through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), if the data subject expresses consent or in the case of a contractual or a legally required transfer (Art. 49 para. 1 GDPR). You will be informed of all pertinent information if our organization transfer your data to a third country or a third party. Information regarding third country transfers and existing adequacy decisions can be found on the website of the EU Commission:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection.de

EU-US Trans-Atlantic Data Privacy Framework: As part of the Data Privacy Framework (DPF) and the adequacy decision of 10.07.2023, the EU Commission has recognized the level of data protection for certain companies from the USA as secure. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. You will be informed of which of our service providers are certified under the Data Privacy Framework.

Deletion of data

The personal data processed by our organization will be deleted in accordance with the legal requirements as soon as the consent for processing is revoked or other permissions cease to apply (e.g. if the purpose of processing this data no longer applies or if the data is no longer required for the aforementioned purpose). The processing of your data is restricted if its retention is required for other, legally permissible, purposes. This means that your data is not processed for these specified legal purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person. Our data protection notices may also contain further information on the retention and deletion of data, which take priority for their respective processing operations.

Data subject rights

Data subject rights as per the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where the personal data concerning you is processed for direct marketing purposes, you will have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: You have the right to withdraw your consent at any time.

Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to obtain information about this data and its copy in accordance with legal requirements.

Right to rectification: In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.

Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with legal requirements. You also have the right to request its transmission to another controller.

Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, they can store the login status of a user account, the contents of a shopping cart in an e-shop or the content accessed, or functions used on our website. Cookies can also be used for other purposes, such as ensuring the functionality, security and convenience of online services and for analyzing website traffic.

Notes on consent: We use cookies in accordance with the statutory provisions. We therefore obtain prior consent from users, unless this is not required by law. Consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our website). Strictly necessary cookies generally include cookies with functions that serve the display and operability of the online service, load balancing, security, storage of user preferences and selection options or similar purposes related to the provision of the main and secondary functions of the online service requested by the user. The revocable consent is clearly communicated to the users and contains the information on the respective use of cookies.

Information on legal bases under data protection law: The legal basis on which we process users' personal data, with the help of cookies, depends on whether we ask users for their consent. If users provide consent, the legal basis for processing their data is the consent they have given. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. the commercial operations of our website and improving its usability) or on the basis of a contractual obligation, if the use of cookies is necessary to fulfill it. We explain the purposes for which we process cookies in the course of this privacy policy and as part of our consent and processing procedures.

Storage period: Regarding the storage period, a distinction is made between the following types of cookies:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left a website and turned off their end software (e.g. browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after the end software is turned off. For example, cookies can save a user’s login status or their preferred content, which can be displayed immediately when the user visits the website again. The user data collected with the help of cookies can also be used to measure our website’s reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and can be stored for up to two years.

General information on revocation and objection (so-called "opt-out"): Users can revoke the consent they have given at any time and object to processing in accordance with legal requirements. Among other things, users can restrict the use of cookies in their browser settings (although this may also restrict the functionality of our website). An objection to the use of cookies for online marketing purposes can also be declared via the websites: https://optout.aboutads.info and https://www.youronlinechoices.com/

Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing operations, procedures and services:

Processing of cookie data on the basis of consent: We use a cookie consent management procedure that allows users to give, manage and revoke consent to the use of cookies, their processing or transfer to third parties. The declaration of consent is stored so that it does not have to be requested again and so that consent can be proven in accordance with legislation. Consent can be stored on the server, in a cookie (so-called opt-in cookie) or with the help of comparable technologies. These means of storage allow the website to retain consent given by a user or their device. Further information on consent stored in a cookie: consent may be stored for up to two years. A pseudonymous user identifier is created and stored with the time that consent was given, information on the scope of consent (e.g. which categories of cookies and/or services have been consented to) as well as the browser, system and end device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Website and web hosting provisions

We process users' data in order to provide them with the services of our website. For this purpose, we process the users’ IP addresses, which is necessary to transmit the content and functions of our website to the users’ browsers or end devices.

Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).

Data subjects: Users (e.g. website visitors)

Purposes of processing: Providing the user with access to our website and analyzing user behavior to improve user experience. Some cookies are necessary for the functioning of information technology infrastructure (access and use of information systems and technical devices (computers, servers, etc.)). Security measures.

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Our website and rented storage space: Our website uses storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called "web host"); legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Collection of access data and log files: Access to our website is logged in the form of server log files. The server log files include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting internet provider. The server log files are used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure the proper utilization of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Amendment and updating of the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as any changes occur or require your cooperation (e.g. consent).

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time. Please check the information before contacting us.

Definitions of terms

This section provides you with an overview of the terms used in this privacy policy. Insofar as the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are primarily intended to aid understanding.

Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller: The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, analysis, storage, transmission or deletion.

Imprint & AGBs
Kurt Schubert GmbH 2024