Data Privacy Policy
of Nordbrand Nordhausen GmbH
Status 11.11.2021
This website is operated by Nordbrand Nordhausen GmbH. In the following, we inform you about the gathering of personal data during the use of this website. Personal data is all data that can be attributed to you personally, thus, e.g. name, address, email address, and user behaviour.
Your data are gathered, processed and used in accordance with the provisions of the German Telemedia Act (“TMG”) and data protection law, in particular the Federal Data Protection Act (“BDSG") and the General Data Protection Regulation (“GDPR"). In this Data Privacy Policy, we inform you, as the data subject pursuant to Art. 13 GDPR, about the gathering of personal data and our website.
1. Gathering of Personal Data During Use for Information
(1) If the website is used merely for the purposes of information, meaning if you do not sign in, register or otherwise transfer information to us for the use of the website, we do not gather personal data, except for the data that is transmitted by your browser. The purpose of this data gathering is to enable you to visit the website and ensure the functionality of the website. Moreover, the data serves for the optimisation of the website and for ensuring the security of our information technology systems. This data includes:
- IP address
- Date and time of the retrieval
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the retrieval (concrete page)
- Access status/HTTP status code
- Respectively transferred data volume
- Referrer website
- Browser
- Operating system and its interface
- Language and version of the browser software
(2) In addition, when the website is used, cookies, web beacons and/or pixel (or comparable functions for the transmission of event data) will be stored on your computer if this is required for technical purposes or you have consented to the storing. Cookies are small text files that are stored on your hard drive as attributed to the browser you use and by means of which the people setting the cookie (we in this case) receive certain information. A cookie typically contains the name of the domain from which the cookie originates, the “lifetime” of the cookie and a value, which is regularly a randomly generated unique number. Cookies cannot execute any programs or infect your computer with viruses. The purpose of the use is to make our website overall more user friendly and more effective. Some elements on our webpage require that the retrieving browser can also be identified after switching pages.
(3) We use a solution of Usercentrics GmbH for the management of cookies and your consent to them. Within the scope of commissioned data processing, personal data (consent data) will therefore be transmitted to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, as the data processor. We understand consent data to mean the following data: date and time of the visit or consent/rejection, device information. The data is processed for the purpose of compliance with legal obligations (duty to present evidence according to Art. 7 (1) GDPR) and the related documentation of consents and therefore on the basis of Art. 6 (1) lit. c) GDPR. Local storage is used for storing the data. The consent data will be stored for 3 years. The data will be stored within the European Union. You can find more information regarding the gathered data and contact details at https://usercentrics.com/privacy-policy/. Details on the cookies used and the possibility to consent to the use of cookies can be found in the Consent settings.
(4) This stored information will be separated from any other data possibly disclosed to us. In particular, the data of cookies will not be linked with your other data if you such are transmitted.
2. Gathering of Personal Data During Personalised Use
(1) Besides the purely informational use of our website, we offer various services that you can use if interested. For this, you usually have to enter additional personal data, which we will use for the performance of the respective service. If additional voluntary information can be provided, this is marked accordingly. We will gather, process and use only the personal data, which is required for your use of the website and/or the performance of a contract concluded with us or data that you have provided yourself. This is, in particular, the following inventory data and usage data, which may be transmitted via forms on our website:
- Name (consisting of salutation, title, first name, last name and gender)
- Address
- Phone number
- Email address
- Date of birth
- Registration and login data of the user
(2) Inventory data and usage data will be used by us to establish a contractual relationship with you, if applicable, and to arrange it substantively, change or terminate it in order to fulfil our contractual obligations, enable the user’s login on the website and contact you if you have so requested or if this is required or permitted under the law within the scope of the contractual relationship.
(3) The personal data is stored and processed within the European Union, except for the data gathered by the third-party providers named below.
3. Deletion Periods
(1) Unless described otherwise in this Data Privacy Policy, we will store your data only for as long as this is required for the purposes for which it has been gathered or as necessary, unless legal retention periods require longer storage. Thus, your personal data will be deleted after the processing of your request, unless agreed otherwise or prescribed otherwise by law.
(2) Inventory will be deleted two years after termination of the contractual relationship toward the end of the calendar year, unless a longer storage period is required and legally permissible.
4. Statistical Anonymous Analysis of the Usage Data
Unless you object to it, we are permitted to create user profiles under pseudonyms for the purpose of marketing, market research or the design of the website appropriate to need. In particular, we analyse the usage data in anonymous form for statistical purposes in order to design the website as appropriate to need. You can object to this use of your personal data by notifying us.
5. External Contents
We might have integrated the contents of third parties (e.g. videos or pixel) in our online offer. You can find details about this here in the Consent settings.
6. Subcontractors and Recipients of Personal Data
In the context of the processing of personal data, we hire subcontractors and conclude agreements with these commissioned data processors in accordance with the requirements of Art. 28 GDPR.
(1) For the hosting of the website DFAU GmbH, Gustav-Weißkopf-Str. 5, 90768 Fürth is used as a subcontractor.
(2) For the monitoring of our general email addresses, we use the company KiKxxl GmbH, Mindener Str. 127, 49084 Osnabrück as commissioned data processor.
(3) For the administration of consent data, we use Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as commissioned data processor.
7. Protection of personal data
We take technical and organisational measures according to the requirements of Art. 32 GDPR for the protection of the users’ personal data. All of our employees entrusted with the processing of personal data are obligated to observe data secrecy. The user’s personal data will be encrypted by means of HTTPS in the transmission to the website.
8. Legal Bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing.
- Insofar as we obtain a declaration of consent from the data subject for the processing of personal data, Art. 6 (1) lit. a) GDPR serves as the legal basis. You can manage your consents at any time here: Consent settings
- For the processing of personal data that is required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b) GDPR serves as the legal basis. This also applies to processing that is required to conduct pre-contractual measures.
- Where processing of personal data is required for the fulfilment of a legal obligation that applies to our company, Art. 6 (1) lit. c) GDPR serves as the legal basis.
- The legal basis for the temporary storing of the data and logfiles is Art. 6 (1) lit. f) GDPR.
- The legal basis for the processing of personal data by means of technically necessary cookies is Art. 6 (1) lit. f) GDPR. The legal basis for the processing of personal data by means of cookies for analysis purposes is Art. 6 (1) lit. f) GDPR.
- If the processing serves to protect a legitimate interest of our company or of a third party and if the interests, civil rights and fundamental freedoms of the data subject do not override the interest mentioned first, Art. 6 (1) lit. f) GDPR serves as the legal basis for the processing.
If the processing of data is not required for the provision of the functionalities of the website, but if it serves for the security of the website or our business interests (e.g. gathering of data for the purposes optimising the website or for security purposes) takes place on the basis of our legitimate interests according to Art. 6 (1) lit. f) GDPR.
9. No Automated Decision-Making/No Profiling
We do not operate automated decision-making or profiling.
10. Rights of data subjects
The user and other data subjects are entitled to the following rights with regard to their personal data:
- Right to receive confirmation of the personal data concerned (Art. 15 GDPR)
- Right to correction (Art. GDPR 16)
- Right to erasure (Art. GDPR 17)
- Right to restrict the processing (Art. GDPR 18)
- Right to object to the processing if the data processing takes place on the basis of Art. 6 (1) lit. e) or lit. f) GDPR (Art. 21 GDPR); in this regard, please also see the notes below regarding the right to object pursuant to Art. 21 GDPR
- Right of data portability (Art. GDPR 20)
- Right to revoke a granted consent at any time, without affecting the legitimacy of the processing that has taken place up until the revocation, if the data processing is based on a consent pursuant to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) GDPR.
You furthermore have the right to lodge complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
11. Instruction On the Right to Object Pursuant to Art. 21 GDPR
A. Right to object based on the specific situation You have the right to object to the processing of personal data relating to you at any time for reasons arising from your specific situation on the basis of Art. 6 (1) lit. e) (public safety) or lit. f) (data processing based on an assessment of interests) GDPR. This also applies to profiling based on these provisions. We will then cease the processing of your personal data, unless we can prove compelling reasons for the processing that qualify for protection and override your interests, rights and freedoms, or if the processing serves the purpose of filing, enforcing or defending against legal claims. B. Right to object to direct marketing If we process personal data relating to you to operate direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such marketing; this also applies to profiling if it is connected to such direct marketing. If you object to the processing for the purposes of direct marketing, the personal data will no longer be processed for these purposes. C. Exercise of the right to object The right to object can be exercised formlessly, for example, by sending a letter to Nordbrand Nordhausen GmbH, Bahnhofstrasse 25, 99734 Nordhausen or e-mail to info@nordbrand.de. |
12. Service Providers/ Data Controller/ Contact Details/ Objection/ Revocation of a Consent
Service provider according to Sec. 13 TMG and data controller in the definition of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a nature similar to data protection regulations is:
Nordbrand Nordhausen GmbH
Bahnhofstrasse 25
99734 Nordhausen Deutschland
Please direct all requests for information, correction and deletion, objections or revocations of a consent, assertion of the right to restrict the processing or the right of data portability, and comments or questions of the user relating to data protection to this address.
13. Data Protection Officer
You can reach our Data Protection Officer at datenschutzbeauftragter@rotkaeppchen-mumm.de or at our postal address with the addition “The Data Protection Officer.”
14. Data Protection Supervisory Authority and Right to Lodge Complaint
The data protection supervisory authority competent for us is:
The State Data Protection Officer of Hesse, Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Phone: 0611/1408-0, fax 0611/1408-900 or -901, email: poststelle@datenschutz.hessen.de.
15. Update of this Data Privacy Policy
It is necessary from time to time to adjust the content of this Data Privacy Policy. We therefore reserve the right to change this Data Privacy Policy at any time. We will send the modified version of the Data Privacy Policy to registered users before it takes effect and publish it in the same place as this Data Privacy Policy.