DATA PRIVACY
Data Privacy Statement of Gellner GmbH, Uhlandstraße 15, 75446 Wiernsheim
The company Biedermann GmbH takes the protection of your personal data seriously and complies with the statutory data protection regulations. Personal data is only collected to the technically required extent on this website. The collected data is neither sold nor disclosed to third parties for any other reasons.
The following Privacy Statement will provide an overview on how we guarantee this protection and which types of data are collected for which purpose.
§ 1 Name and contact data of the Controller and the Company Data Protection Officer
Controller pursuant to Art. 4(7) General Data Protection Regulation (GDPR) is Gellner GmbH, Uhlandstraße 15, 75446 Wiernsheim, Tel. +49-7041-9611-0, Fax +49-7041-9611-96, E-Mail: info@gellner.com.
You can contact our Data Protection Officer, Mr. Andreas Lingenfelser at the above address with the addition ”The Data Protection Officer“ or on the email address datenschutz@gellner.com.
§ 2 Information on the collection of personal data
(1) Below, we inform you about the collection of personal data when using our website. Personal data includes all data which can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) If you contact us via e-mail or via a contact form, we will store the data provided by you (your e-mail address and, if necessary, your name and phone number) in order to answer your questions. The data that were provided in this context will be deleted by us after the storage of such data is no longer required, or, in case legal retention periods apply, we will restrict the processing of such data.
(3) If we make use of contracted service providers for individual functions of our offer or if we intend to use your data for advertising purposes, we will inform you in more detail below about the corresponding activities. We will also indicate the criteria established by us concerning the storage time.
§ 3 Your rights
You may assert the following rights towards us with regard to the personal data relating to you:
• pursuant to Art. 15 GDPR to request information regarding your personal data processed by us. In particular, you can obtain information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your personal data have been or will be disclosed, the envisaged storage time, the existence of a right of rectification, erasure or restriction of processing of personal data or objection to such processing, the right to lodge a complaint, information as to the source of your data, if such data was not collected by us, the existence of automated decision-making, including profiling and, if applicable, meaningful information as to their details;
• pursuant to Art. 16 GDPR to request the rectification of incorrect or completion of your personal data stored with us without undue delay;
• pursuant to Art. 17 GDPR to request the erasure of your personal data stored with us, unless the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
• pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data, provided you contest the accuracy of the personal data, the processing is unlawful and you oppose the erasure of such data and we no longer require the personal data, but such data are required by you for the establishment, exercise or defence of legal claims or you have objected to its processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to receive your personal data you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of such data to another controller;
• pursuant to Art. 7(3) GDPR to withdraw at any time your consent given to us. This means that we are no longer allowed to perform the processing of data based on such consent in the future, and
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a general rule, you may lodge the complaint with the supervisory authority competent for your habitual residence or your place of work or our registered office.
§ 4 Collection of personal data when visiting our website
(1) When you merely use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we will not collect any personal data, except for the data sent by your browser to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. (The legal basis is Art. 6(1), clause 1, letter f GDPR):
-
IP address
-
Date and time of request
-
Time zone difference to Greenwich Mean Time (GMT)
-
Content of the request (specific page)
-
Access status/HTTP status code
-
Amount of data transferred in each case
-
Website issuing the request
-
Browser
-
Operating system and its interface
-
Language and version of the browser software.
(2) The aforementioned data is processed by us for the following purposes:
-
Ensuring a smooth connection to the website,
-
Ensuring a comfortable use of our website,
-
Evaluating system security and stability, and
-
for other administrative purposes.
Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
(3) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and allocated to the browser you are using. The party responsible for storing the cookie (in this case us) will be supplied with certain information. Cookies cannot run programmes or transmit viruses to your computer. They are used to make the website more user-friendly and efficient on the whole.
Use of cookies:
a) This website uses the following types of cookies and/or comparable software, the scope and functioning of which are explained below:
-
Transient cookies (see b)
-
Persistent cookies (see c)
-
Flash cookies (see f)
-
HTML5 storage objects (see f)
b) Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. They store a so-called session ID which can be used to allocate different requests of your browser to the joint session. In this way, your computer can be recognised when you return to the website. The session cookies are deleted when you log out or when you close the browser.
c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can use the security settings of your browser to delete the cookies at any time.
d) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
e) We use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you will have to log in again for each visit.
f) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser used and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install a corresponding add-on, e.g. ”Better Privacy“ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.
(4) Furthermore, we use analytics services when you visit our website. A detailed explanation can be found below.
§ 5 Use of our contact form
(1) For enquiries of any kind, you can make use of the contact form provided on our website. To use this form, you need to provide a valid e-mail address so that we know who is making the enquiry and so that we can send you our reply. Any other information is provided voluntarily.
(2) We process data provided for the purpose of establishing contact in accordance with Article 6(1), clause 1, letter a GDPR, based on your freely given consent.
(3) The personal data we collect for the use of our contact form will be automatically deleted after the services in answer to your enquiry have ended.
§ 6 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services (e.g. newsletter) which you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These service providers have been carefully selected and commissioned by us, they are bound by our instructions and are regularly checked.
(3) Furthermore, we may pass on your personal data to third parties if we offer conclusions of contracts or similar services together with partners. For more information, please provide your personal data or see the description of the offer below.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
§ 7 Use of the blog functions
(1) You can write public comments in our blog, in which we publish various posts on subject areas concerning our activities. Your comment will be published under the post together with the username that you have entered. We recommend that you use a pseudonym instead of your real name. You must indicate your username and your e-mail address, any other information is provided voluntarily. When you submit a comment, we save your IP address. We will delete the latter after [one week]. We save your address in order to be able to defend ourselves against any liability claims in case of a possible publication of illegal content. Your e-mail address is required in order to contact you in case a third party claims that your comment is illegal. The legal bases are Art. 6(1), clause 1, letters b and f GDPR. Comments are not checked before publication. We reserve the right to delete comments in case third parties claim that they are illegal.
Additionally, if necessary:
(2) When writing a comment, you can click on the checkbox of our e-mail service. In doing so, you will be informed if another user publishes a comment on the post in question. For this service, we use the so-called double opt-in method, meaning that you will receive an e-mail in which you must confirm that you are the owner of the e-mail address and want to receive the notifications requested. You can cancel these notifications at any time by clicking on the link contained in the e-mail. Your personal data, including e-mail address, the time of registration for the service and your IP address are stored by us until you unsubscribe from this notifications service.
Additionally, if necessary:
(3) Our comment function uses the Disqus plug-in provided by the company Big Head Labs, Inc., http://www.disqus.com, which is responsible for the processing of the comments (hereinafter referred to as “Disqus”). With the help of Disqus, you can make a comment on our posts which will be stored and displayed as long as the commented post is online on our website, provided that you will not delete the comment before. You can use the comment function as a guest without registering, but also as a registered user of Disqus on all websites using Disqus. You can also log in with your account at third-party providers, such as Facebook, Twitter or Google. When you log in via the access data of a third-party provider, such provider will also process your personal data. However, we do not know the details of such processing. Disqus provides us with the data shared in the comment function. The legal basis is Art. 6(1), clause 1, letter f GDPR. [Since your personal data is processed in the US, we have established standard data protection regulations.] The contact data of the Controller is: Big Head Labs, Inc., San Francisco, USA. Terms of Service: http://help. disqus.com/customer/portal/articles/466260-terms-of-service/; more detailed information on the processing of your data can be found in the Privacy Policy of the provider: http://help.disqus.com/customer/portal/articles/466259-privacy-policy.]
§ 8 Use of our portal
(1) If you want to use our portal, you will need to register by providing your e-mail address and a password and username of your choice. You are not obligated to use your real name and you can therefore choose to use a nickname. When you register to use the portal, we use the so-called double opt-in method, meaning that your registration will not be complete until you confirm it by clicking on the corresponding link in the confirmation e-mail that you will receive after submitting your registration. If you do not confirm your registration within [24 hours], it will be automatically deleted from our database. It is mandatory that you provide the aforementioned data. Any other information is provided voluntarily by using our portal.
(2) When you use our portal, we store your data required for the purpose of execution of the contract, including information regarding your payment method, until you delete your access data for good. We also store the data you provide voluntarily for the duration of your use of the portal unless you delete these data. You can administer and amend all data provided in the protected customer area. The legal basis is Art. 6(1), clause 1, letter f GDPR.
(3) When you use the portal, your data may be made accessible to other users of the portal in accordance with the contractual service. Users who are not registered members will not receive any information about you. Your [username and photo] are visible to all registered members irrespective of whether you have chosen to share them. Your entire profile containing the data that you have chosen to share, on the other hand, is visible to all members whom you have confirmed as personal contacts. If you provide your personal contacts with access to content that you do not send via a private message, this content can be viewed by third parties if your personal contact decides to share it. If you publish posts in public groups, these will be visible to all registered members using the portal.
(4) The connection to the portal is encrypted using TLS technology in order to prevent unauthorised access to your personal data, especially financial data, by third parties.
§ 9 Disclosure of data
We will not disclose your personal data to third parties for any purposes other than those listed below. We will only disclose your personal data to third parties if:
-
you have given your explicit consent in accordance with Article 6(1), clause 1, letter a GDPR,
-
it is necessary to disclose this data, in accordance with Article 6(1), clause 1, letter f GDPR, for the establishment, exercise or defence of legal claims, and no grounds exist to assume you have an overriding and legitimate interest in the nondisclosure of your data,
-
this is required for compliance with a legal obligation to disclosure in accordance with Article 6(1), clause 1, letter c GDPR, and
-
it is legally permitted and necessary for the performance of a contract with you in accordance with Article 6(1), clause 1, letter b GDPR.
§ 10 Newsletter
(1) With your consent, you can subscribe to our newsletter, which informs you about our current interesting offers. The advertised goods and services are stipulated in the declaration of consent.
(2) For the subscription to our newsletter, we use the so-called double opt-in procedure. This means that after you have subscribed, we will send you an e-mail to the e-mail address specified in which we ask you to confirm your subscription to our newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your subscription and, if necessary, to inform you about possible misuse of your personal data.
(3) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6(1), clause 1, letter a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to info@gellner.com or by sending a message to the contact details provided in the legal notice.
(5) We will not analyse your user behaviour when sending the newsletter. Therefore, we do not create a user profile of you. We do not use so-called web beacons or tracking pixels.
§ 11 Objection to or revocation of the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) You may of course object to the processing of your personal data for purposes of advertising at any time.
(4) You can inform us about your objection at the following contact details: GELLNER GmbH & Co. KG, Uhlandstraße 15, 75446 Wiernsheim, Tel. +49-7041-9611-0, Fax +49-7041-9611-96, E-Mail: info@gellner.com.
§ 12 Use of analytics programmes
I. Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies,” which are text files placed on your computer, allowing the website to analyse your use of the website. The information generated by the cookie on your use of this website will normally be transmitted to a Google server in the United States and stored there. If IP anonymisation is activated on this website, however, your IP address will be truncated by Google within a member state of the European Union or within any other country which is a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and truncated there. Google will use this information on behalf of the operator of this website for purposes of evaluating your use of the website, compiling reports on website activities and providing the website operator with other services relating to website use and internet usage.
(2) The IP address transferred by your browser during the use of Google Analytics will not be associated with any other data held by Google.
(3) You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do this, you may not be able to use all functions of this website in their entirety. Furthermore, you can prevent the collection of data that is generated by the cookie and related to your use of the website (including your IP address) for Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed in a shortened form and direct references to people can be excluded. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyse and regularly improve the use of our website. Through the statistics gained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the United States, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6(1), clause 1, letter f GDPR.
(6) Information on third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: http://www.google.com/analytics/terms/de.html, overview on data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.
(7) This website also uses Google Analytics for a device-independent analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
§ 13 Online advertising, Google AdSense
(1) This website uses the online advertising service Google AdSense, which aims to present you with advertisements designed to suit your interests. We are interested in showing you advertisements that may be of interest to you in order to make our website more interesting to you. It collects statistical information about you, which is processed by our advertising partners. These ads can be seen by the „Google ads“ reference in the ad.
(2) By visiting our website, Google receives the information that you have accessed our website. Google uses a web beacon to place a cookie on your computer. The data mentioned in § 3 of this Privacy Statement will be transmitted. We have no influence on the collected data, nor are we aware of the full extent of the data collection and the duration of storage. Your data will be transmitted to the United States and evaluated there. If you are logged in with your Google account, your data can be assigned directly to it. If you do not want to be assigned with your Google profile, you will need to log out. It is possible that this data may be shared with Google’s contractors and third parties and agencies. The legal basis for the processing of your data is Article 6(1), clause 1, letter f GDPR. This website has also activated Google AdSense advertisements from third-party providers. The data specified above can be transmitted to these third-party providers (a list of which can be found at https://support.google.com/dfp_sb/answer/94149).]
(3) You can use one of a number of different options to prevent Google AdSense from installing cookies on your computer, namely:
a) by changing the corresponding setting in your browser software, especially by blocking third-party cookies in order to ensure you do not receive any advertisements from third-party providers;
b) by deactivating interest-based advertisements from Google via the link http://www.google.de/ads/preferences, although this setting will be deleted if you delete your cookies;
c) by deactivating the interest-based advertisements of providers involved in the "About Ads" consumer choice campaign via the link http://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies;
d) by permanently deleting advertising cookies in your Firefox, Internet Explorer or Google Chrome browser via the link http://www.google.com/settings/ads/plugin. You should, however, be aware that by doing so, you may not be able to make full use of all of the functions of this offer.
(4) You can find more information on the purpose and scope of the collection and processing of data and further information on your rights concerning this issue and the settings that you can use to protect your privacy at: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Privacy Policy for advertising: http://www.google.de/intl/de/policies/technologies/ads. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 14 Data security
(1) For the security of visits to our website, we employ the widely used SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level that your browser supports. In most cases, this is 256-bit encryption. If your browser does not support 256-bit encryption, then we will fall back on 128-bit v3 technology. Which of the pages on our website are transferred in encrypted form can be recognised by a symbol of a key or of a closed padlock in the lower status bar of your browser.
(2) We also employ suitable technical and organisational security measures in order to protect your data from accidental or intentional manipulation, partial or complete loss, destruction or access by unauthorised third parties. Our security measures are continually improved in accordance with the development of technical standards.
§ 15 Use of WhatsApp
If you communicate with us regarding the preparation, implementation or billing of our services and deliveries using the instant messaging service “WhatsApp” from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, use, you agree that WhatsApp Ireland Limited receives personal data (in particular communication metadata), which is also processed on servers in countries outside the EU (e.g. USA). WhatsApp also passes on the collected data to other companies within and outside the Meta group of companies. You agree that these states outside the EU may not ensure an adequate level of data protection. To secure these data transfers to non-EU countries, WhatsApp uses the standard contractual clauses approved by the EU Commission. These are considered a suitable guarantee in accordance with Article 46 Paragraph 2 Letter c GDPR. Further information can be found in WhatsApp's privacy policy (https://www.whatsapp.com/legal/privacy-policy-eea). We have neither precise knowledge nor influence on the data processing by WhatsApp Ireland Limited.
Your Gellner GmbH