It has become an everyday routine to use IT systems to obtain and process information and to communicate. Hardly any business area can do without the use of computers these days. This insert, when used properly, facilitates a large part of the activities.
Companies have the ambition to collect the most accurate information possible about their customers, suppliers and employees in order to be able to offer the best possible deals. The collection of data in particular must be severely restricted in the course of the General Data Protection Regulation (DSGVO), so that only the most necessary data (data minimisation) is collected.
We take into account Art. 5 DSGVO “Principles for the processing of personal data”, i.e. We process data
– in a lawful manner, transparently in good faith.
– only for specified, clear and legitimate purposes.
– according to the principle of data minimisation
– factually correct, up to date
– only for as long as is necessary for the purpose
– with the appropriate security and integrity, secured by the necessary technical and organisational measures
However, negligent or unlawful use may result in the loss of personal and other confidential information. This in turn can threaten IT security, jeopardise the reputation of companies and infringe the rights of others.
For this reason, we require all our employees to handle all our data and IT systems responsibly and carefully.
The aim of this policy is to set minimum standards for the use and operation, as well as to ensure the legally compliant processing of personal and confidential data.
The aim is to ensure that
– only authorised employees can take note of this data
– data can be traced back to their origin at any time
– It is recorded who has used and processed which data and when.
– Data is kept complete and up to date
Care must be taken to ensure that the effort involved is always proportionate to the purpose of the protection.
The policy described here applies to all IT systems and applications (whether analogue or digital) that use and process personal and sensitive data.
Personal data means any information relating to an identified or identifiable individual. A natural person becomes identifiable as soon as he or she can be identified directly or indirectly, especially by assigning specific characteristics (name, identification number, bank data, date of birth, address, etc.).
There is also a special category of personal data, the sensitive data. This is all information that reveals racial and ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, health data or information on sexual orientation.
This privacy policy is binding for all our employees. All employees are regularly trained and sensitised on the topic of data protection. This can be done in the course of daily work, through notices, e-mail distribution lists, internal and external training, as well as in the course of data protection audits and inspections. Our employees document their commitment to comply with the data protection policy by signing it.
Due to the legal requirements of Art. 13 of the General Data Protection Regulation (DSGVO), we are obliged to comply with internal data protection regulations in accordance with Art. 47 of the Data Protection Act.
Responsible according to. Art. 4 para. 7 EU General Data Protection Regulation (GDPR):
Rösler CeramInno GmbH,
Langenauer Straße 2,
96355 Tettau
Phone: 09269-78100,
datenschutz@roesler-ceraminno.de
Data Protection Officer:
Corinna Rösler
Data Protection Officer
Sandra Schneider,
datenschutz@roesler-ceraminno.de
Personal data may only be processed for the purposes that were specified before the data were collected. Subsequent changes to the purposes are only possible to a limited extent and require justification or consent from the data subject. We only collect and process the personal data that we need to fulfil our legal and contractual obligations and to carry out our necessary internal processes.
We process according to DSGVO Art. 6 (1)
– Consent of the data subject
– Contract performance or pre-contractual measures
– Fulfilment of legal obligations (e.g. storage obligations)
– Vital interests of the person concerned (e.g. medical treatment)
– Safeguarding public interests
– Predominant legitimate interests of our company or a third party
Specifically, this includes:
– Interested parties and applicants: for answering contact requests and communication (e.g. making appointments), pre-contractual internal processing
– Customers: for internal customer data management, contract fulfilment, as well as for contacting and making appointments, greeting cards, invitations to events.
– Suppliers / partners: in the context of procurement procedures and contractual relationships with external service providers or other partners, greeting cards
– Users of our website / IT systems:
to defend against malware and threats to our communication technologies as well as our own security measures
– Employees: Employee data processing in the context of employment activities and legal requirements.
If, in the course of our processing, we disclose data to other persons and companies, transfer it to them or otherwise grant them access to the data, this is done on the basis of a legal permission, if the data subjects have consented, if a legal obligation provides for this, if it is necessary for the performance of a task that is in the public interest or on the basis of our legitimate interests.
If we involve third parties, they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing (“commissioned processing”), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject. Data is only transferred to third parties within the scope of legal and internal requirements, e.g. to the tax office and other offices, chambers, banks.
Data transfer to bodies or persons outside the EU does not take place and is not planned. Exceptions to this rule shall only be made with the consent of the persons concerned.
We process the following categories of personal data:
– Employee data: Names, addresses, functions, qualifications, tax data, time recording, etc. (see survey information).
– Contact details (e.g. name, address, e-mail, telephone/fax numbers etc.)
– Client data: Names, addresses, function, employer, tax data, etc.
– Usage data, meta/communication data (e.g. IP addresses).
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the deadline, the corresponding data is routinely deleted if it is no longer required to achieve the purpose, fulfil the contract or initiate the contract. Deletion takes place according to a documented deletion concept.
Server-Log-Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The following data is stored in the log files for 30 days:
• Date and time of retrieval (timestamp)
• Request details and destination address (protocol version, HTTP method, referer, UserAgent string)
• Name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes)
• Message whether the retrieval was successful (HTTP Status Code)
• Browser type and version
• Operating system used
• Host name of the accessing computer
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use. If you contact us by e-mail, the data provided by third parties (e.g. your e-mail address, name, telephone number, etc.) will be stored by us in order to answer the enquiry. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are statutory retention obligations. The legal basis is Art. 6 para. 1 f DS-GVO.
Contact by e-mail
Contacting us by e-mail is possible via various functional e-mail boxes in addition to the personal e-mail addresses of the employees. Insofar as you use one of the aforementioned contact channels, the data transmitted by you (e.g.: surname, first name, address), but at least the e-mail address, as well as the information contained in the e-mail, including any personal data transmitted by you, will be stored for the purpose of contacting you and processing your request, in accordance with the time limits specified for these. We would like to point out that the processing of the data is based on Article 6 (1) lit. f DSGVO in conjunction with § 3 BDSG. Processing of the personal data you provide is necessary for the purpose of processing your request.
Newsletter data
With your consent, you can subscribe to the newsletter offered on the website and social media channels. We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not activate your registration within 24 hours, your information will be blocked and automatically deleted after one month. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time and unsubscribe from the newsletter, for example by clicking on the link provided in every newsletter e-mail.
Our objection to advertising emails
The use of contact data published within the scope of the imprint obligation for the transmission of advertising and information material not expressly requested is herewith objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.
Cookies
The internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. („Google“). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that they cannot be traced back to a specific person. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is thus immediately deleted.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 S. 1 lit. f DSGVO.
(6) Third Party Provider Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Terms:
http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
Hosting
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.
In doing so, we or our order processor process inventory data, contact data, content data, contract data, usage data, meta data and communication data of users of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with the German Data Protection Act. Art. 6 para. 1 lit. f DSGVO in conjunction with. Art. 28 DSGVO (conclusion of a contract for commissioned processing).
We offer you the option of using Google Maps on our website to find us. We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Maps is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
Natural persons have the following rights in relation to personal data relating to them:
• Right of access pursuant to Art. 15 DS-GVO,
• Right to rectification pursuant to Art. 16 DS-GVO,
• Right to erasure pursuant to Article Art. 17 DS-GVO,
• Right to restriction of data processing pursuant to Art.18 DS-GVO,
• Right to data portability according to Art 20 DS-GVO,
• Right to object to processing pursuant to Art. 21 DS-GVO.
Information can be obtained upon written request by e-mail or post to the address stated in 3), stating the name, address and, if available, customer number or the context of the personal data. If this information is missing, we cannot authenticate the enquirer and guarantee a claim of their rights under the GDPR.
Natural persons also have the right to complain to a data protection supervisory authority about our processing of your personal data.
If natural persons have given their consent to the processing of their personal data, they can revoke this consent at any time. Such revocation will affect the lawfulness of the processing of your personal data after it has been made to us.
Where we base the processing of personal data on the balance of interests, the data owner may object to the processing. In the event of a justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or demonstrate our compelling legitimate grounds for continuing the processing.
Of course, data owners can object to the processing of your personal data for the purpose of passing on information on current topics at any time after the end of the contract. Data owners can inform us about the objection under the contact details mentioned in 3).
Data security
We make every effort to ensure the security of personal data within the framework of the applicable data protection laws and technical possibilities. Personal data is treated confidentially. However, we would like to point out that data transmission on the internet, e.g. when communicating via email or apps, can have security gaps. To secure personal data, we maintain technical and organisational security measures in accordance with Art. 32 DSGVO, which we constantly adapt to the state of the art.
Handling sensitive data
Within the scope of our activities, employees are entrusted with the processing of special categories of data (sensitive data) in accordance with the General Data Protection Regulation (Art. 9), the
• Employee health data
• Sick leave data of employees
• Religious confession of employees
• Trade union membership of employees
• racial / ethnic origin of employees
These data, unless made public by the data owner, may only be processed with the consent of the data subject or the legal representative, on the basis of legal requirements, for the assertion of legal claims by suitable personnel after appropriate instruction, we adhere to this.
Cooperation with data protection authorities
We cooperate with the data protection authority responsible for our company: Bavarian State Office for Data Protection Supervision https://www.lda.bayern.de
Data subjects can contact this authority at any time if they fear a risk to their personal data.
If there is a risk to the rights of individuals through loss or misuse of their data by our company, we will report the incident to the data protection authority within 72 hours.
Compliance with the data protection guidelines and the applicable data protection laws is regularly checked through data protection audits and other controls.
Released:
___________ __________________________
Date Management / Data Protection Officer
[borlabs-cookie style=”border-radius:50px; type=”btn-cookie-preference” title=”Cookies”/]
Flaschenfunk
Request our newsletter now.