1. Responsible body for data processing and data security officer; the scope of application
(1) We, Folit GmbH, Im Moldengraben 47, 70806 Kornwestheim, Germany, phone: +49 (0) 7154-8225-80, fax: 07154-8225-89, email: firstname.lastname@example.org, are the responsible body for the processing of your personal data as the user of the websites, accessible via www.folit.de (in the following also “WEBSITE”), as our business partner (e.g. a customer or supplier), as applicant at our house as well as any other person we communicate with (“you”) as defined in Article 4 No 7 of European General Data Protection Regulation (“GDPR”).
(2) Our data security officer is: Dr. Norbert Kuhn, Heustraße 3, 70174 Stuttgart, Germany, email: email@example.com
(3) Within our informational obligations, below we would like to inform you in detail which data will be processed when visiting our WEBSITE and using our further services and functions of our WEBSITE, (in the following also “services”), for our further business processing and communication with you as well as for your application to our company. In addition, we would like to inform you about accompanying protection measures which we have taken in terms of technology and organization of our WEBSITE, as well as about your rights regarding the processing of personal data concerning you.
2. General principles of the processing of your personal data
(1) Personal data are all information regarding an identified or identifiable natural person. Thus personal data include all data which can be linked to your person directly and indirectly like e.g. your name, your address, your phone number or your email address.
(2) Personal data will be processed by us mainly if and insofar
(5) ) The scope and type of data processing vary depending on either you visit our WEBSITE for the information retrieval (cf. the following No 3) or use the services of our WEBSITE, or you are in business relation with us or want to apply to us (cf. the following No 4). Additionally, cookies will be stored on your pc during each visit of our WEBSITE (cf. the following No 5). We inform you about further technologies on our WEBSITE applied by us in No 6, about the contents of third parties in No 6.
3. Purely informational use of our WEBSITE
(1) In connection with the purely informational use of our WEBSITE, this means if you do not use any services and offers of our WEBSITE or transmit us information otherwise, we only collect those of your data, which your internet browser transmits to our server automatically. Here the following data will be collected:
(2) These data are technically necessary for us to make the use and the functionality of our WEBSITE possible for you, especially to display the WEBSITE and to ensure the safety and stability of the WEBSITE. The connection of these data to the personal data of a specified natural person does not take place. Our legitimate interest in a functioning website does exist. The legal basis for it is Article 6(1)(1)(f) of GDPR.
(3) Your data will be deleted as soon as they are longer necessary for the purpose they were collected for. In case of data collection for purely informational provision of our WEBSITE the deletion takes place when the respective session is finished. The storage of your IP address lasts up to seven days in complete form, thereafter in anonymized form. Here your IP address will be shortened by the last octet (partial segment). The temporary storage of the IP address by our system is necessary to correct malfunctions of our WEBSITE and to avert dangers.
4. Further functions and offers
Along with the purely informational use of our WEBSITE we process personal data in accordance with different services on our WEBSITE, which you can use in case of interest. Hereto you usually have to provide further personal data, which we use to fulfil the respective performance and to which the previously mentioned data processing rules apply. Moreover, we process personal data if you contact us otherwise, if you have a business relationship with us or want to apply to our company. In detail:
(1) If you contact us, for example to give us your feedback, the processing of your provided contact data (e.g. your given name and surname, email address, phone number) takes place to answer your requests and/or suggestions sent via contact form, email or otherwise. The processing of your data serves only for the processing of your contact as well as for the prevention of an abuse and for the guarantee of the safety of our informational technological systems.
(2) The legal base for the processing of the data is Article 6(1)(1)(f) of GDPR. If your message aims to the conclusion of a contract, an additional legal base for the processing of your data is Article 6(1)(1)(b) of GDPR.
(3) Insofar the erasure of your personal data is not opposed by any legal or contractual retention period, we delete the data as soon as they are no longer necessary for the purpose they were collected for. This is the case when the conversation with you is finished. Generally, the conversation is finished when the circumstances reflect that the issue concerned has been conclusively clarified.
4.2 Use of our B2B web shop
(1) If you want to order in our B2B web shop, for the conclusion of a contract it is necessary that you provide your personal data, which we need for the processing of your order. The necessary mandatory data for the processing of the contracts is marked separately; any further details are voluntary. The voluntary data provided by you will also be processed for the execution of your order. For this purpose we can forward your personal data to postal or logistics companies as well as your payment data to our house bank. Legal basis for this is Article 6(1)(1)(b) of GDPR or Article 6(1)(1)(f) of GDPR for the voluntary data provided by you.
Additionally, we can process the data provided by you to inform you about further interesting offers or to send you emails with technical information. Legal basis for it is Article 6(1)(1)(f) of GDPR.
(2) We are obliged to store your address-, payment- and order data for the period of 10 years according to commercial and fiscal specifications. However, we reduce the processing after two years, which means that your data will only be used to fulfill legal obligations.
(3) To prevent any unauthorized access to your personal data by a third party, especially to financial data, the ordering process will be encrypted using TLS technology.
4.3 Business relationship
(1) If you are our business partner (e.g. customer or supplier), along with information about your company we also process information about you (e.g. contact data) or further people within your company. Your personal data will be provided mostly by you (e.g. by ordering) or collected by us in the course of processing insofar it is necessary for the performance of our business relationship. Subsequent to the changes of a contact person at your company, a further collection of personal data connected to the employees of your company can occur as well.
(2) In the first place your data will be saved and electronically processed for the purpose of contract execution between us and you. For the communication within the scope of contract processing (e.g. offers, orders, order confirmations, delivery notes and/or invoices) we can contact you via the data collected about you. This can be performed via postal address(es), email address(es) or phone- and fax number(s). Also the technical and content design of contracts, especially of the content, specifications and prices, can be processed with the saved data. Legal basis for it is Article 6(1)(1)(b) of GDPR.
(3) We can also provide you information and notifications about your business relationship with us to the data provided by you as well as offer you possibilities for the initiation of new businesses. Legal basis for it is Article 6(1)(1)(f) of GDPR. If we receive a response to these notifications from you, which are targeted at the conclusion of a contract, then an additional legal basis for processing your data is Article 6(1)(1)(b) of GDPR.
(4) For the fulfilment of our contractual obligations we partly use the services by different service providers. We only provide your data to a third party if it is necessary for the processing of a contract or if you explicitly give your consent to forwarding your data. Legal basis for it is Article 6(1)(1)(b) of GDPR or Article 6(1)(1)(a) of GDPR in case of your consent.
(5) In general, we do not transmit your personal data to countries outside of European Union or European Economic Area (third countries). Anyway, it can occur that in the course of obligations which arise from contracts between us and you as a business partner, data must be provided to a third country. This transmission only takes place after a detailed examination and only if special conditions of Article 44 ff of GDPR have been met (e.g. the adequacy decision of a commission, standard data protection terms, the approved codes of conduct).
(6) Insofar the deletion of your personal data is not opposed by any legal or contractual retention period, we delete the data as soon as they are no longer necessary for the purpose they were collected for. This is usually the case when the customer relationship with your company does not exist anymore or when you as a contact person have left the company.
(1) When you apply for a vacancy in our company, we process your personal data which you submit to us e.g. via email. We don`t need any information from you, which is not usable according to General Equal Treatment Law (for example ethnicity, religion or ideology, age, sexual identity). We ask you not to submit to us any information about pregnancy, political views, philosophical or religious beliefs and the membership in a trade union.
(2) The processing of your personal data takes place only for the purpose of filling the vacancies within our company. We do not forward your personal data unless you have given us your permission for it. However, in certain cases personal data must be provided to external parties like e.g. public institutions (authorities and offices), external service providers or other recipients.
(3) Legal basis for processing of your personal data is Article 6(1)(1)(b), Article 9(2)(b), Article 88 of GDPR in conjunction with §26 German Federal Data Protection Act new edition.
(4) If we cannot offer you any vacancy, we delete your data 6 months after the end of the application procedure latest, unless you give us your permission to store the applicant data for a longer period of time.
(2) Our WEBSITE uses transient cookies, their extent and functionality will be described in the following:
a) Transient cookies will be deleted automatically when you close the browser. These include in particular the session cookies. They save a so-called session-ID, which allows for the matching of different requests by your browser to a common session. Thus your pc can be recognized when returning to our WEBSITE. The session cookies will be deleted when you log out or close the browser.
b) Persistent cookies will be deleted automatically after a preset duration, which can differ from cookie to cookie. You can delete cookies at any time in the security settings of your browser.
(3) If certain cookies process personal data, the processing is carried out in accordance with Article 6(1)(1)(b) of GDPR either for the execution of a contract or in accordance to Article 6(1)(1)(f) of GDPR for the protection of our legitimate interest in best possible functionality of our WEBSITE as well as customer-friendly and effective organization of visiting the site.
(4) You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party-cookies or of all cookies. Please note that you might be not able to use all the functions of our WEBSITE.
6. Other technologies on our WEBSITE
6.1 Google Analytics
(1) Our WEBSITE uses Google Analytics, a web analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses the so-called cookies, text files, which will be saved on your pc and which allow for the analysis of the WEBSITE use by you. The information about your use of our WEBSITE, which will be created by the cookie (incl. your IP address), will be usually transmitted to a Google server in the USA and saved there. However, if the IP-anonymization is activated on our WEBSITE, your IP address will be first shortened by Google within the member states of European Union or in other member countries of the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the USA and shortened there only exceptionally. Google will use this information on our behalf to analyze your use of the WEBSITE, to compile reports about the website activities and to provide further services related to the website- and internet use to the operator of the website.
(2) The IP address transmitted within Google Analytics by your internet browser will not be connected to other data by Google.
(3) You can avoid the saving of cookies by adjusting the settings of your browser software; we would like to point out that in this case you might be not able to use all functions of our WEBSITE to the fullest extent. Moreover, you can avoid the future collection of the data created by a cookie and referable to your use of the WEBSITE (incl. your IP address) by Google at any time by downloading and installing a browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) Alternatively, for browsers on mobile devices you can avoid the collection by Google Analytics by clicking the following link: reactivate Google Analytics deactivate Google Analytics. An opt-out-cookie will be set which prevents the data collection for your future visits on our WEBSITE. Please note: the cookie works only for the respective browser it has been set. If you delete the cookie from this browser, you have to set it again by clicking the link above.
(5) Insofar you allow for the saving of cookies, Google Analytics stores your data for 14 months. Data which has reached the storage duration limit will be deleted automatically.
(6) Please note that Google Analytics will be applied with the extension “_anonymizeIp()” on our WEBSITE and thus your IP address will be processed only shortened to exclude direct personal identifications. If any personal references occur due to the collected data, this will be excluded immediately and the personal data will be immediately deleted.
(7) We use Google Analytics to analyze the use of our WEBSITE and to improve it regularly. Due to the gained statistics we can improve our offer and design it more interesting for you as the user. Our legitimate interest lies within optimization and marketing purposes. For exceptions in which personal data will be transmitted to the USA, Google is subject to EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is Article 6(1)(1)(f) of GDPR.
(9) Within the scope of Google Analytics we use the additional functions of Universal Analytics. Universal Analytics allows us to analyze your activities on our sites across multiple devices. This is possible due to a pseudonym assignation of a user identification (user ID) to a user. This kind of assignation takes place for example if you create a user account or sign into your user account. However, no personal data will be forwarded to Google. Please note that the previously mentioned possibilities of opting out by the browser plugin or opt-out cookie are also valid for the functions of Google Universal. Furthermore, you can deactivate the analysis across multiple devices in your user account in “my data”- “personal data”.
6.2 Google Tag Manager
(1) Our WEBSITE uses Google Tag Manager by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the managing of website tags.
(2) The Google Tag Manager itself does not place any cookies and does not collect any personal data. This tool activates only other tags, which possibly can place cookies or collect data. Google Tag Manager does not access these data. Insofar you have performed a deactivation on the domain- or cookie-level, it remains valid for all tracking tags implemented by the Google Tag Manager. You can avoid the collection by Google Tag Manager by clicking the following link: reactivate Google Analytics deactivate Google Analytics.
(3) We use Google Tag Manager to analyze the use of our WEBSITE and to improve it regularly. Our legitimate interest lies within optimization and marketing purposes. Legal basis for the use of Google Tag Manager is Article 6(1)(1)(f) of GDPR. For exceptions, in which personal data will be transmitted to the USA, Google is subject to EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7. Data safety
(1) We use technical and organizational safety measures to protect the incoming or collected personal data especially against incidental or intended manipulation, loss, and destruction or against the attack by any unauthorized person. Our safety measures will be continuously improved according to the technological development.
(2) Our WEBSITE will be encrypted using SSL technology to prevent access by any unauthorized third party. You can identify the secured transmission by the protocol title “https://” in the URL bar.
8. Your rights
(1) Regarding the processing of your respective personal data you are entitled to the rights against us listed in the following letters a-h in accordance with law. For this please contact us or our data security officer. The contact data is listed in No 1.
a) Right to information
You can request from us a confirmation in accordance with Article 15 of GDPR if personal data concerning you will be processed by us. In this case, in accordance with Article 15(1) of GDPR you have the right to information about the processing purposes, the categories of processed personal data, the recipients or categories of recipients we disclosed or will disclose the personal data to, the planned duration of saving or criteria for the determination of the saving duration, the existence of the right to rectification or erasure of your personal data as well as the restriction of processing or objection of the processing, the existence of the right to lodge a complaint to a supervisory authority, the data origin as far as they were not collected from you, the existence of an automated decision-making incl. profiling, as well as in accordance with Article 15(2) of GDPR the right to information about the appropriate guarantees in accordance with Article 46 of GDPR within the scope of the transmission of the personal data to third countries.
b) Right to rectification
You can demand the immediate rectification and/or completion of your personal data with regard to the intention of the processing in accordance with Article 16 of GDPR insofar your data are incorrect or incomplete.
c) Right to erasure
In accordance with Article 17 of GDPR you can demand the immediate erasure of your personal data provided there is a reason in accordance with Article 17(1)(a-f) of GDPR. The right to erasure of your personal data is not applicable particularly insofar their processing is necessary for the exercise of the right to freedom of expression and freedom of information, for the compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims (Article 17(3) of GDPR).
d) Right to the restriction of processing
You can demand the restriction of processing of your personal data in accordance with Article 18 of GDPR as long as we check the correctness of your data disputed by you, when you decline the erasure of your data due to unlawful processing and demand the restriction of use of your data instead, when you need your data for the establishment, exercise or defense of legal claims or when you have filed an objection to processing as long as it is uncertain if our legitimate rights overweigh.
e) Right to information
In accordance with Article 19 of GDPR we inform all the recipients whom your personal data has been disclosed to about each correction or deletion of your personal data or the limitation of their processing in accordance with Article 16, 17(1) and 18 of GDPR unless it turns out to be impossible or requires a disproportionate effort. In accordance to Article 19 sentence 2 of GDPR you have the right against us to be informed about the recipients on your demand.
f) Right to data portability
In accordance with Article 20 of GDPR you are entitled to receive your personal data which you provided to us in a structured, common and machine-readable format and to transmit this data to another responsible body provided that further conditions of Article 20 of GDPR exist, especially if it is technically feasible.
g) Right to objection
Provided we base the processing of your personal data on a legitimate interest in accordance with Article 6(1)(1)(f) of GDPR, you can object to the processing in accordance with Article 21 of GDPR. This is the case when the processing is not particularly necessary for the fulfilment of a contract with you, which will be presented by us respectively in the preceding description of the offers. When exercising this kind of objection we ask you to justify the reasons why we shall not process your personal data the way we do. In case of justified objection we will examine the situation and either not process your personal data or prove you the compelling and legitimate grounds for the processing which overweigh your interests, rights and freedoms in accordance with Article 21(1)(s2) of GDPR. A further processing remains additionally reserved, if the processing serves to the establishment, exercise or defense of legal claims.
In accordance to Article 21(2) of GDPR you can naturally object the processing of your personal data for the purposes of advertising or profiling insofar it is connected to direct advertising.
h) Right to the revocation of a consent
In accordance to Article 7(3) of GDPR you are entitled to revoke your possibly informed data protection consent at any time with future effect. However, this does not affect the lawfulness of processing which has occurred based on your consent until the time of revocation.
(2) If you believe that the processing of your data violates the data protection regulations, you are additionally entitled to the right to lodge a complaint to a supervisory authority in accordance to Article 77 of GDPR. Please contact a supervisory authority in the member state of your location, your job or at the location of the potential violation.
9. Changes of these data protection regulations
We reserve the right to change these data protection regulations at any time with future effect. The respective current version is available on our WEBSITE. Please access the WEBSITE regularly and get information about the valid data protection regulations.
As of: 24. Januar 2019