Extranet Privacy Statement Date of issue: September 2018
We appreciate your interest in our website. This Privacy Statement explains in detail how we will treat your data on the extranet portal.
§ 1 Information on the collection of personal data
- Personal data are all data that relate to you personally, e.g. your name, address, email addresses and user behaviour.
- The controller within the meaning of Art. 4(7) of the EU General Data Protection Regulation (GDPR) is Lenord, Bauer & Co. GmbH, represented by its managing directors Dr. Matthias Lenord and Paul Markus Bresser, Dohlenstraße 32, 46145 Oberhausen, e-mail: firstname.lastname@example.org (see also our Imprint). You can contact our data protection officer, UIMC Dr. Voßbein GmbH & Co KG, at https://www.uimc.de/kontakt or by post at Nützenberger Straße 119, 42115 Wuppertal, Germany.
- If you have any questions about the processing of your personal data, if you want to access data or have data rectified, blocked or erased or you want to withdraw consent previously given, please contact our controller pursuant to Art. 4(7) GDPR and/or our data protection officer. Please refer to section 1 paragraph 2 of this Privacy Statement for the contact details.
§ 2 Your rights
You have the following rights in respect of our treatment of the personal data concerning you:
- right of access;
- right to rectification or erasure;
- right to restriction of processing;
- right to object to processing;
- right to data portability.
- You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that our processing of the personal data concerning you infringes the GDPR. The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
§ 3 Extent of the collection and storage of data where the portal web page is used for information purposes only
Where our portal web page (log-in page) is used for information purposes only, i.e. if you do not log in to our portal, register or otherwise send us information, we will not collect any personal data with the exception of the data that your browser sends us in order to enable you to access our portal web page. If you wish to view our portal web page, we will collect the following data that are technically necessary for us in order to display our portal web page for you and to guarantee the stability and security of the portal web page: the IP address, date and time of the request, the time zone difference from Greenwich Mean Time (GMT), the content of the request (specific page), the access status/HTTP status code, the respective data quantity transmitted, the web page from which the request was made, the browser, the operating system and its interface and the language and version of the browser software. The data will be stored in log files in order to ensure the functionality of the website. We also use the data in order to optimise the website and to ensure the security of our IT systems. We will analyse these data solely for the purpose of improving our website; they do not enable us to identify you. The data will not be analysed for marketing purposes in this regard. The legal basis is point (f) of Art. 6(1) GDPR. The data will be erased as soon as they are no longer necessary in order to achieve the purpose for which they were collected. Where the data are collected for the purpose of providing our web page, this is the case as soon as the respective session ends. Where the data are stored in log files, this is the case after not more than 7 days. Storage for a longer period is possible, in which case the IP addresses of the user will be erased or anonymised so that the accessing client can no longer be ascertained.
§ 4 Cookies
To make our portal web page more attractive to browse, to enable the use of particular functions and to display appropriate products, we use what are known as cookies on the various pages in addition to the data mentioned above. This serves the purpose of what is, on a balancing of interests, our overriding legitimate interest in the optimised delivery of our website. The legal basis is point (f) of Art. 6(1) GDPR. Cookies are small text files that are stored automatically in your terminal device. Some of the cookies we use are deleted again when the browser session ends, i.e. when you close your browser (session cookies). Other cookies remain on your terminal device and enable us to recognise your browser on your next visit (persistent cookies). The duration of storage is indicated in the overview of the cookie settings of your web browser. You can change your browser settings so that you are informed when cookies are set and can decide whether to accept them on a case-by-case basis or exclude the acceptance of cookies for particular cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. If cookies are not accepted, the functionality of our web page may be restricted.
§ 5 Information on the processing of personal data when using the portal
- Data processing by the provider/controller
To enable you to use our data portal, and enable us to actually perform our services, we need you to provide some personal data. When registering for our data portal, please give your first name and surname and the name of your company, as well as the postal address. We also need you to give us your business telephone number and business e-mail address, your customer number - if you have one - and the particular project name or the purpose for which you want to use the portal. We need these data in order to be able to assess whether to give you access to the data portal.
We will only process your personal data if you provide them voluntarily when registering for our data portal and duly complete the registration process. If you register for our data portal, we will only process your personal data if this is necessary for the use of our data portal and for the performance of our services.
Once you have completed the registration process, we will verify whether you are in our geographical area of responsibility. If you are not, the data will be forwarded to the relevant sales partner. In this case we will inform you that we are forwarding your data and will give you the name of the sales partner. The sales partner will then contact you and decide whether to give you access to the portal. If you are in our geographical area of responsibility, we will check whether you are already registered with us. If you are, you will be given an account in our portal. If you are not yet registered with us, we will consider whether to give you an account.
When an account is created, the data you provide will be processed until you withdraw consent. The legal basis for the processing of the data if you have given consent is points (a) and (b) of Art. 6(1) GDPR.
We will compare the data you provide when registering against the then current list in Annex I of Council Regulation (EU) No 753/2011 concerning restrictive measures directed against certain individuals, groups, undertakings and entities in view of the situation in Afghanistan. If your data are on this list, we will forward the personal data you have provided to the competent state bodies. The legal basis for this, assuming you have given consent, is point (c) of Art. 6(1) GDPR. If you are on this list, your account will be blocked immediately and you will be notified accordingly.
You can ask us to delete your user account. You can make such a request to delete by sending a message to the contact details indicated in section 1 paragraph 2 of this Privacy Statement. In this case your personal data will be erased or we will restrict their processing if we have a statutory duty to retain the data. The same applies if you deregister from our data portal or the period in which you are allowed to use the data portal has expired, unless you have expressly consented to any further use of the data, e.g. by opening a customer account. The legal basis for the processing of the data that you provide when registering for the portal and that are processed within the scope of your use of the portal is point (a) of Art. 6(1) GDPR. It may be necessary to transfer your personal data to companies that we use in order to perform our services or to operate the data portal. The legal basis for this is point (b) of Art. 6(1) GDPR.
- Data processing by external service providers
In some cases we make use of external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. When processing on our behalf, a third-party provider performs the services of hosting and delivering the website and the data portal web page for us. This service provider is located in a country of the European Union or of the European Economic Area. All data that are collected within the scope of use of the data portal or on the forms provided in the data portal as described below will be processed on our servers. The legal basis for this is point (b) of Art. 6(1) GDPR. Data will only be processed on other servers to the extent explained in this Privacy Statement.
§ 6 Data security
We maintain current technical measures to ensure data security, in particular to protect your personal data from risks when being transferred and from being accessed by third parties. These measures are adapted to the current state of the art. Your personal data will be encrypted by SSL encryption for transfer via the internet, particularly in the process of registering for the data portal. We take technical and organisational measures to protect our data portal and other systems from the loss, destruction, access, modification or distribution of your data by unauthorised persons. If you have a user account, your user account can only be accessed by entering your log-in and your personal password. You should, therefore, always keep your access information confidential and not disclose it to others, and you must close your browser window when your communication with us has ended. This particularly applies if you share use of the computer with other people.
§ 7 Repetition of any declarations of consent given
You have expressly given us the following consent(s). We have logged these consents. The German Telemedia Act obliges us to keep the content of consents available for retrieval at any time. Once given, you can withdraw consent at any time with effect for the future.
Registration for the portal
I would like to register to use the data portal in future. Please include and store the details I have provided in your portal database (Show Privacy Statement).
I agree to allow the details I provided in the registration process to be compared with the list in Annex I of Council Regulation (EU) No 753/2011 current at the time of entry and, if the details I have provided are on this list, to allow them to be passed on to the competent state bodies.
I have noted and understood the Privacy Statement.
§ 8 Objection or withdrawal of consent to the processing of your data
- You can at any time withdraw consent previously given to the processing of your data. Such withdrawal of consent makes it unlawful for us to process your personal data after you have notified us.
- If we base our processing of your personal data on a balancing of interests, you can lodge an objection to the processing. A balancing of interests is where the processing is in particular not required in order to perform a contract with you. We explain this when describing the relevant function. If exercising such a right to object, please state the reasons why you do not want us to process your personal data. If your objection is legitimate, we will review the matter and will either cease or modify our processing of the data or set out our compelling legitimate reasons for continuing to process them.
- You can, of course, object at any time to the processing of your personal data for the purposes of advertising and data analysis. To object to their processing for advertising, please notify us using our contact details. Please refer to section 1 paragraph 2 of this Privacy Statement or our Imprint for the contact details.