With the following information, we would like to give you as the “data subject” an overview of the way we process your personal data and your rights under data protection laws. In general, our website can be used without entering personal data. However, if you want to use certain services that our business offers through its website, it may become necessary for us to process your personal data. If the processing of personal data is necessary and there is no lawful basis for such processing, we obtain consent from you as a matter of course.
Your personal information, such as your name, postal address and e-mail address, is always processed in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable for “SEAR GmbH”. By way of this data policy, we want to inform you about the scope and purpose of the personal data that we collect, use and process.
As the controller of the data, we have implemented numerous technical and organisational measures to ensure that the personal data processed through this website is protected as securely as possible. Nevertheless, web-based data transmissions can have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data to us by alternative means, such as by telephone or post.
According to the definition in the GDPR the controller is:
Hundsburgallee 9c , 18106 Rostock, Germany
Phone: +49381 12834 300
Fax: +49381 12834 101
Controller’s representative: Mayk Wiese
3. Data Protection Officer
You can contact the data protection officer in the following way:
Phone: +49381 12834 359
Fax: +49381 12834 101
You can contact our data protection officer directly at any time with any questions and suggestions regarding data protection.
4. Legal Basis for Processing Personal Data
Art. 6 (1) (a) of the GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfilment of a contract to which you are a party – as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or return service – the processing is based on Art. 6 (1) (b) of the GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, such as in the case of inquiries about our products or services.
If our company is subject to a legal obligation for which the processing of personal data becomes necessary (e.g. for the fulfilment of tax obligations), the processing is based on Art. 6 (1) (c) of the GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. For example, this may be the case if a visitor were injured on our premises and his or her name, age, insurance details or other vital information needed to be shared with a doctor, a hospital or other third parties. In that case, the processing would be based on Art. 6 (1) (d) of the GDPR.
Lastly, processing operations may be based on Art. 6 (1) (f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are covered under this legal basis if processing is required to protect a legitimate interest of our company or third party, provided that this does not override the interests, basic rights and fundamental freedoms of the data subject. We are entitled to use these types of processing operations because they are specifically mentioned by the European legislative body. On this matter, the legislative body takes the view that a legitimate interest could be assumed to exist if you are a customer of our company (Recital 47, sentence 2 of the GDPR).
5.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to guarantee the security of data processing and to protect the transmission of confidential content, such as orders, login data and contact requests that you send to us as the operator. You can tell that a connection is encrypted if it has “https://” instead of “http://” in the address bar of the web browser, and by the lock symbol in your browser bar.
With SSL or TLS encryption enabled, third parties cannot gain unauthorised access to the data that you transmit to us.
5.2 Data Collection When Visiting the Website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we will only collect the data that your browser transmits to our server (in “server log files”). Our website collects a series of general data and information each time you or an automated system access a page. These are stored in the server log files. The following can be recorded:
1. Browser types and versions used
2. Operating system used by the accessing system
3. Website from which an accessing system arrives at our website (known as the “referrer”)
4. Sub-websites viewed by an accessing system on our website
5. Date and time of access to the website
6. Abbreviated internet protocol address (anonymised IP address)
7. Internet service provider of the accessing system
We do not draw any conclusions that would allow us to identify you as a person when we use this general data and information. In actuality, this information is required to do the following:
1. Deliver the contents of our website correctly
2. Optimise the content of our website and the advertising for it
3. Ensure the long-term operability of our IT systems and the technology of our website
4. Provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack
Therefore, the data and information collected will be used for statistical purposes only, with the aim of increasing the data protection and data security of our company so as to ensure the highest possible level of protection for the personal data that we process. The anonymous data from the server log files are stored separately from all personal data entered by a data subject.
The legal basis for the data processing is Art. 6 (1) (f) of the GDPR. Our legitimate interest is based on the data collection purposes listed above.
6. Contents of Our Website
6.1 Contact / Contact Form
We collect personal data when you contact us (e.g. via the contact form or e-mail). The nature of the data collected when using the contact form is made clear in the relevant contact form. This data is stored and used solely for the purpose of responding to your request or to contact you and for carrying out the technical administration associated with doing so. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) (f) of the GDPR. If you contact us with the aim of concluding a contract, an additional legal basis for the processing is Art. 6 (1) (b) of the GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified – and provided that there are no legal storage obligations to the contrary.
7. Plug-Ins and Other Services
7.1 Google Maps
On this website, we use Google Maps (API) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. For example, the use of this service allows our location to be shown to you, making a possible journey easier.
Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there when you call up those sub-pages in which the Google Maps map is integrated. This data is transmitted regardless of whether you are logged into or have a Google account. If you are logged into Google, you data will be linked directly to your account. If you do not wish the data to be linked to your Google profile, you will need to log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular pursuant to Art. 6 (1) (f) of the GDPR on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or needs-based design of its website. You have the right to object to these user profiles being created, which must be exercised with Google.
Google Ireland Limited, based in Ireland, is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.
Google Maps is used in the interest of providing an appealing display of our website and so that the locations specified on this website can be easily found. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.
8. Your Rights as a Data Subject
8.1 Right to Confirmation
You have the right to request confirmation from us as to whether or not we are processing your personal data.
8.2 Right of Access, Art. 15 GDPR
You have the right to free receive information at any time about the personal data that we store concerning you, and to receive a copy of this data.
8.3 Right to Rectification, Art. 16 GDPR
You have the right to request the rectification of any incorrect personal data. Moreover, the person affected has the right to request the completion of any incomplete personal data, taking the purposes of the processing into account.
8.4 Erasure, Art. 17 GDPR
You have the right to ask us to immediately erase your personal data, provided that one of the legally intended reasons applies and insofar as processing is not required.
8.5 Restriction of Processing, Art. 18 GDPR
You have the right to request that we immediately erase your personal data if one of the relevant legal grounds applies.
8.6 Data Portability, Art. 20 GDPR
You have the right to receive the personal data that you have shared with us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us (as the body to whom the personal data has been provided), provided that the processing is based on consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR, or on a contract pursuant to Art. 6 (1) (b) of the GDPR, and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) of the GDPR, you have the right to have your personal data transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
8.7 Objection, Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) of the GDPR.
This also applies to profiling based on these provisions within the scope of Art. 4 (4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or that the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process personal data in order to conduct direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to any profiling connected with such direct advertising. If you object to us processing your data for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures that use technical specifications.
8.8 Revocation of Consent under Data Protection Law
You are entitled to withdraw your consent given for the processing of personal data at any time in the future.
8.9 Complaining to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority for data protection in connection with our processing of personal data.
The further development of our website and offers – or changes in legal or official requirements – may necessitate changes to this data protection policy. You can access and print out the current data protection policy at any time on the website at “www.adexx-sear.de/datenschutz.html”.