Data privacy policy in respect of the obligation to provide information, as required by Articles 13/14 of the GDPR
- Introduction
In the following data protection statement, we inform you as a data subject what personal data about you we collect when you visit our website or optionally use our web services, and also how we process your data.
- For the data controller
The data controller as defined by the General Data Protection Regulation (GDPR) and other national data protection legislation of the EU member states, as well as other statutory data protection regulations, is:
VDP GmbH
Harmonie 3
27628 Hagen im Bremischen
Germany
Phone +49 (0) 47 46 / 55 6
Fax +49 (0) 47 46 / 17 97
E-Mail: info@vdpgmbh.de
Website: www.vdpgmbh.de
- General information on data processing
- Extent and purpose of processing of personal data
We process our users’ personal data to the extent necessary in order to provide a functional website and for our content and services to be usable. Technical data (for example web browser, operating system or the time pages are viewed) is automatically recorded by our IT systems as soon as you access our website.
- Legal basis for the processing of personal data
The legal basis for data processing where we have obtained consent from the data subject is Article 6 (1) (a) of the EU’s General Data Protection Regulation (GDPR).
When it is required that we process personal data to perform a contract to which the data subject is a party, point (b) of Article 6 (1) GDPR serves as the legal basis. This also applies to processing necessary to implement pre-contractual measures.
If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6 (1) of the GDPR serves as the legal basis.
The legal basis for processing necessary to protect the vital interests of the data subject or of another natural person is Article 6 (1) (d) of the GDPR.
If processing is required to safeguard a legitimate interest of our company or a third party, and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6 (1) of the GDPR serves as the legal basis for the processing.
- Recipients of the data/Categories of recipients
Your personal data is not usually passed to third parties. To operate this website, it can however be necessary for technical service providers to receive personal data. In such cases, we state – as far as is known – the scope of the data and the recipients of the data.
- Transfer to countries outside the EU/EEA.
Our company’s web servers are located within the European Union (EU) or the European Economic Area (EEA). We do not process any data outside the EU or EEA. Nonetheless, our website features services that you as a user can find helpful (for example, Google Maps, based in the USA). Where this occurs, we inform you that data is transferred to countries outside the EU/EEA.
- Data retention period/Criteria for determining the retention period
The data subject’s personal data will be deleted or blocked as soon as the data is no longer required for the purpose for which it was originally stored. In addition, such storage may be provided for by EU or national laws, regulations or other provisions to which the controller is subject. The data will also be blocked or deleted upon expiry of the storage period prescribed by the laws and regulations specified above, unless there is a need to continue storing the data for the purposes of contract conclusion or fulfilment.
- Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in relation to us as data controller:
- The right to receive information about your personal data that we process, in accordance with Article 15 of the GDPR.
- The right to have your personal data that we store corrected if it is incorrect or incomplete, in accordance with Article 16 of the GDPR.
- The right to have your personal data that we store deleted, in accordance with Article 17 of the GDPR, provided that the requirements for deletion are met.
- The right to restrict processing of the data, in accordance with Article 18 of the GDPR, provided that the requirements for this are met.
- The right to receive the relevant personal data that you provided to us in a structured, commonplace and machine-readable format, provided that the requirements for data portability, in accordance with Article 20 of the GDPR, are met.
- The right to object to us processing your personal data, in accordance with Article 21 of the GDPR, for reasons resulting from your own particular situation, and provided that data processing occurs on the basis of legitimate interest, in accordance with Article 6 (1) (f) of the GDPR.
- The right to revoke the consent you gave us, in accordance with Article 7 (3) of the GDPR.
Should you wish to exercise any of these rights, please contact the data controller at the address given above. Furthermore, in accordance with Article 77 of the GDPR in conjunction with Section 19 of Germany’s Federal Data Protection Act (BDSG), you have the right to complain to the regulatory authority for data protection if you are of the opinion that processing of your personal data has not occurred in accordance with the law. To exercise this right, you can contact the regulatory authorities in either your usual place of residence, your workplace’s location or those where our business is based. You can find a list of the regulatory authorities, along with their addresses, here (German language): www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
- Data processing in detail
- Transfer by means of SSL/TLS encryption
For security reasons, and to protect the transfer of confidential content, this website uses SSL/TLS encryption. The encrypted connection is guaranteed by the hypertext transfer protocol HTTPS (“https://”). In this instance, data which is transmitted to us by a user cannot be read by third parties.
- Provision of the website and creation of log files
- Provision of the website and creation of log files
Each time our website is visited, our system automatically collects data about the end device used to access our website. This can include the following types of data:
- Browser type and version used
- User’s operating system
- User’s IP address
- Date and time of access
- Websites from which users accessed our website (referrers)
- Websites that were visited by users as a direct result of visiting our website
This data is also stored in our system’s log files. This data is not stored together with other personal data relating to the user.
- Legal basis for the processing of personal data
The legal basis for the temporary storage of data and the log files is point (f) of Article 6 (1) of the GDPR.
- Purpose of the data processing
Temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s end device. The user’s IP address must be stored for the duration of the session.
Storage in log files ensures the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. These purposes include our legitimate interest in the data processing pursuant to point (f) Article 6 (1) of the GDPR.
- Data recipients
Recipients of the data are for example any technical service providers responsible for the operation and maintenance of our website.
- Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose of its collection. In the event of data being captured for the provision of the website, this happens when the particular session has ended.
Where the data is stored in log files, it is deleted after seven days. Data may also be stored for other purposes. In this case, the IP addresses of the users are deleted or anonymised to prevent them from being traced to the visiting client.
- Obligation to provide information, opportunity to object/revoke and opportunity to delete
The capture of data to provide the website and the storage of data in log files is an absolute requirement needed for the operation of the website. For this reason, the right to object does not apply.
- Contact form and email contact
- Description and extent of processing personal data
A contact form is available on our website, which can be used for making contact with us electronically. If a user makes use of this option, the data entered in the input fields is transmitted to us and stored. At the time of sending the message, the following data is also stored:
- User’s IP address
- Date and time
- Information about the browser type and version used
- User’s operating system
To process data as part of this sending procedure, users are referred to this data protection statement. Data transfer is encrypted by means of the SSL or TLS protocol.
Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data that is sent in the email will be stored.
This data is used exclusively for the processing of the conversation. In this context, data is not passed on to third parties.
- Legal basis for the processing of personal data
The legal basis for this processing is our legitimate interest in the context of the balancing of interests in accordance with Article 6 (1) (f) of the GDPR, as we have a legitimate interest in answering your contact enquiries. If the purpose of the contact is to initiate or conclude a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6 (1) of the GDPR.
- Purpose of the data processing
The processing of personal data that we obtain from the input fields serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data. The other personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems.
- Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for personal data from the contact form’s input fields and the personal data that was sent with the email, if the conversation with the user is concluded. The conversation is considered concluded when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
The additional personal data collected during the sending procedure is deleted after a period of 14 days.
- Open Street Map
This site uses the open source mapping tool "OpenStreetMap" (OSM) via an API. The provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to store your IP address. This information is usually transferred to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. More information on the handling of user data can be found on the OpenStreetMap data protection page and here wiki.openstreetmap.org/wiki/Legal_FAQ
- Conclusion
You are requested to keep regularly informed about the contents of the data privacy policy.
- Changes to the data protection notice
We reserve the right to change this data protection notice to adapt to changed legal situations, or changes to the services and the data processing.
- Data protection notice valid from
This data protection statement is currently valid as of 29 October 2018.