1. An overview of data protection
The website operator recognises the importance of passing regulations to advance information security and data privacy for citizens of the EU, and all citizens, regardless of their location.
Personal data is all data and information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable that can be identified directly or indirectly, in particular by association with an identifier such as a name, with an identification number, with location data, with an online identifier (eg cookie) or with one or more special features. that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
Processing is any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.
The person responsible is the natural or legal person, public authority, body or other body that, alone or in concert with others, decides on the purposes and means of processing personal data.
The processor is a natural or legal person, public authority, body or agency, and third parties who process personal data on behalf of the controller.
Pseudonymisation refers to the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
Profiling is any type of automated processing of personal data that involves the use of such personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict interests, reliability, behavior, whereabouts or location of this natural person.
Relevant statement of legal bases
In accordance with Art. 13 GDPR, the site owner informs you of the legal basis of the data processing.
The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR,
the legal basis for the processing for the performance of services and the performance of contractual measures as well as the response to inquiries is Art. 6 para. 1 lit. b GDPR,
the legal basis for processing to fulfill legal obligations is Article 6 (1) lit. c GDPR,
and the legal basis for processing in order to safeguard legitimate interest is Article 6 (1) lit. f GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
Use of the website and data processing
The use of this website itself is usually possible without specifying specific personal data. If personal data are collected on the website, this is always done on a voluntary basis and, if possible, on the consent of the visitor / user. Purposes of processing are the provision of the available information and services, the associated functions and content, the answering of contact requests and communication with the visitor / user, as well as necessary security measures and range measurement. In principle, data will only be collected if it is necessary to provide a functioning website as well as its contents and services. An exception applies only in cases in which prior consent can not be obtained for real reasons and the processing of the data is permitted by law. Personal data will not be disclosed to third parties without your express consent. Disclosure to third parties will only be made if the processing is necessary to fulfill a contract or to fulfill a legal obligation, if you have expressly given your consent thereto or if the processing is necessary to safeguard legitimate interests and there is no reason to believe that You have a predominant legitimate interest in not disclosing your information.
2. Data transmission and general security measures
The site owner points out that data transmission over the Internet (for example, when communicating by e-mail) may be vulnerable. A complete protection of data from access by third parties is therefore not possible. For this reason, the direct transfer of the data by form is not available on the website. This is done through the security foundation of the technology used (e.g., software, IT, e-mail programs). For this purpose, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures shall be taken to ensure an adequate level of protection for the risk (Art. 32 GDPR).
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, procedures have been put in place to ensure the enjoyment of data subject rights, data erasure and data vulnerability. Furthermore, the protection of personal data is already taken into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through privacy-friendly default settings (Article 25 GDPR).
Collaboration with processors and third parties
Insofar as data are disclosed to, conveyed to, or otherwise granted access to the data to other persons and companies (contract processors or third parties), this is done only on the basis of a legal permission (eg if the data is transmitted to third parties , as to payment service providers, to fulfill the contract), you have consented to a legal obligation to do so or on the basis of legitimate interest (eg in the use of agents, web hosts, etc.).
Insofar as third parties are commissioned to process data on the basis of a so-called contract processing contract, this is done on the basis of Art. 28 GDPR.
To the extent necessary for the fulfillment of your request or as required by law, data will be disclosed or transmitted to third parties in the context of communication with other professionals or contractors typically involved in the performance of the contract. This only happens if it complies with the provision of contractual services. Art. 6 para. 1 lit. b) GDPR serves, legally gem. Art. 6 para. 1 lit. c) GDPR is prescribed, serves the legitimate interests of the person responsible or those of the person concerned as a legitimate interest (see Article 6 (1) (f) GDPR) or in the context of a consent in accordance with Art. Art. 6 para. 1 lit. a) i.V.m. Art. 7 GDPR is allowed.
Transfers to third countries
If data is processed in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)), or in the context of the use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is done to fulfill (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of legitimate interests. Subject to legal or contractual permissions, the data in a third country are processed only in the presence of the special conditions of Art. 44 et seq. GDPR. The processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield www.privacyshield.gov) or compliance with officially recognized specific contractual obligations (so-called standard contractual clauses).
3. Overview of data collection on the website as well as business related processing
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the responsible person, in this case the website operator. The contact details can be found in this imprint.
How are the data collected?
On the one hand, your data will be collected by informing the person responsible, in this case the website operator. This can be data that you use, e.g. via e-mail, telephone or in person.
Other data is collected automatically when visiting the website through the present IT system. These are above all technical data (for example used Internet browser / version, operating system, time of the page call, IP address, referencing source pages). The collection of this data occurs automatically as soon as you enter the website. The storage of the data is done for security reasons, for. B. to clarify cases of abuse. If data must be revoked for reasons of proof, they are excluded from the deletion until the incident has been finally clarified.
What personal data is collected?
Contact and data processing
Collected, stored, used, rectified, transmitted or deleted the following personal data:
- Data of the interested parties / visitors of the website are the natural persons
Types of data e.g., usage data (e.g., visited web pages, interest in content, access times), and meta / communication data (e.g., device information, IP addresses)
- Data of all other natural persons who come into contact with the responsible site owner (for example, agents, employees of legal entities)
- Personal data of you will be collected when you contact the responsible site owner, e.g. by e-mail, telephone or in person to make a request.
- Personal data of you are collected from the responsible site owner (eg stock, master data and contact data such as salutation, first name, last name, email, telephone, fax, mobile phone, subject, request / specification according to offer / inquiry, order data, address data (street, house number, Postcode, place of residence), bank data) as a basis for inquiries and for the processing and processing of your concern to the extent of the necessity eg Contract and contract basis. The processed data, the nature, the scope and the purpose and the necessity of their processing are determined by the underlying contractual relationship or your concern.
Types of the data, for example: inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text input, photographs, videos)
- Contract data (e.g., subject, term, customer category).
- Payment data (e.g., bank details, payment history)
- by business partners / contract partners / contract processors or third parties for the purpose of providing contractual services, service and customer care (for example, contract data such as subject matter, term, customer category, payment data such as bank details, payment history)
- Personal information about your online behavior and preferences will not be processed!
The processing of the data thus takes place exclusively on the basis of your consent (Article 6 (1) (f) GDPR).
Right of objection and right of withdrawal
You can revoke this consent at any time or object to it. An informal message by e-mail to the person responsible, in this case the site operator, is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. The data you submit will remain in stock until you request that the owner, in this case the page owner, be deleted, revoke your consent to storage, or lose the data storage purpose (for example, after your request has been fully processed). Mandatory legal provisions – especially retention periods – remain unaffected.
Business records must normally be kept for ten years. These include e.g. Accounting documents, tax notices, memos, account statements, reports, receipts, records, inventories, accounting data of the company EDP etc.
In exceptional cases, it can even be 30 years or more.
Administration, financial accounting, organization and contact management
Data is also used in the context of administrative tasks as well as organization of business and financial accounting and compliance with legal obligations, such as archived. Here, the same data is processed, which will be processed in the context of the performance of the contractual services. The processing principles are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. The processing affects customers, prospects, business partners, order processors, third parties and website visitors. The purpose and interest in processing lies in administration, financial accounting, office organization, archiving of data, that is, tasks that serve to maintain business, perform the tasks and provide the services that are offered. The deletion of the data in terms of contractual performance and contractual communication corresponds to the information provided in these processing activities.
Data is disclosed and taken over to the financial administration, consultants such as tax accountants or auditors as well as other fee offices and payment service providers.
Furthermore, on the basis of business interests, information on suppliers, contract partners, organizers, third parties and other business partners, e.g. saved for later contact and collaboration. This majority of company-related data is always stored permanently without revocation.
Data collection server log files, analysis tools and third-party tools
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits. When visiting this website, your browsing behavior can be statistically recorded. This happens above all with the available analysis programs of the provider.
- Visited website
- Time at the time of access
- Amount of data sent in bytes
- Source / reference from which you came to the page
- Used browser / browser version
- Operating system used
- Used IP address
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes constitute a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR on data processing.
This website uses partially so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make the present offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser. Most of the cookies used on these pages are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow this site to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Types of cookies
- Transient cookies
- Persistent cookies
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to the site. The session cookies are deleted when you log out or close the browser.
The following cookies are used:
pll_language | Polylang uses a cookie to remember the user-selected language when he returns to re-visit the site. This cookie is also used to obtain the language information if it is otherwise unavailable. | Type: Accessibility | Expiration period: 365 days | Session Cookie: No.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The above-mentioned purposes constitute a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR on data processing.
4. Legal situation regarding your transmitted data (information, correction, limitation / blocking, revocation, deletion and data transfer)
What rights do you have regarding your data?
At any time you have the right to free information about your stored personal data, their origin and recipient and the purpose of the data processing as well as a right to correction, blocking or deletion of this data. For this purpose and for further questions on the subject of personal data and data protection, you can always contact the person responsible, in this case the site owner, at the address given in the imprint. Furthermore, you have a right of appeal to the competent supervisory authority.
Your rights in the overview
Rights regarding your personal information or authorization:
- Right to information
according to Art. 15 GDPR Right of access to the processed personal data. This includes the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned retention period, the right of rectification, cancellation, limitation of processing or opposition, the existence of a right of appeal, which The origin of their data, if not collected by the site owner, as well as the existence of automated decision-making, including profiling and, where appropriate, meaningful information about their details;
- Right to rectification or cancellation
in accordance with Art. 16 GDPR to demand rectification of incorrect or completed personal data and to demand the deletion of stored personal data in accordance with Art. 17 GDPR, unless the processing for the exercise of the right to freedom of expression and information, to fulfill a legal obligation is required for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing
In accordance with Art. 18 GDPR the limitation of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and the data is no longer needed, but you this for assertion, exercise or defense require legal claims or you have objected to processing in accordance with Art. 21 GDPR;
- Right to object to the processing
pursuant to Art. 7 para. 3 GDPR, to revoke your once given consent at any time. As a result, the data processing based on this consent will be discontinued in the future
- Right to complain to a data protection supervisory authority about the processing of your personal data by the controller
according to Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, workplace or the registered office of the site owner.
- Right to data portability
pursuant to Art. 20 GDPR to receive your personal data that you have provided in a structured, common and machine-readable format or to request the transfer to another person responsible;
5. General information about the responsible body and mandatory information
The responsible data processing unit on this website is:
structural engineering & textile architecture
Proskauer Straße 15
+49 (0)163 480 3850
info at z3rch.com
Responsible entity is a natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data (such as names, e-mail addresses, etc.).
Right of appeal to the competent supervisory authority
In the case of violations of data protection law, the person concerned has the right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection officer of the federal state in which the site officer is based. A list of the data protection officers as well as their contact data can be taken from the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Automated decision-making / profiling
A method for automated decision making is not used, profiling does not take place.
Contradiction against advertising mails
The use of published in the context of the imprint obligation contact information for sending unsolicited advertising and information materials is hereby rejected. The site owner expressly reserves the right to take legal action in case of unsolicited promotional information, such as spam e-mails.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from “http: //” to “https: //” and the lock symbol in your browser line. If SSL or TLS encryption is enabled, the data that you submit to the page owner can not be read by Drtitten.
The responsible person uses
appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. The security measures are constantly being improved in line with technological developments.
6. Data Protection Officer
Statutory data protection officer
Not required to appoint a data protection officer.
7. Use social media, plugins, widgets, tools, and third-party links
Links to external third party providers:
The links are opened in a separate browser window. The site owner has no influence on this data transfer.
If you are logged in to an existing third-party account, you allow the user to associate your surfing behavior with your personal profile. You can prevent this by logging out of your third-party account.
The use is made in the interest of a pleasing presentation of the available online offer and an easy findability of the places and information given on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Saves the IP addresses for brute-force backup in your own WordPress database. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Date: May 2018