1 Controller and scope of application
The controller, within the meaning of the General Data Protection Regulation (hereinafter referred to as the GDPR) and other national data protection laws of member states as well as other data protection legislation, is:
An der Alster 6
Phone: +49/40/237 24 33 397
Fax: +49/40/237 24 33 9
2 Principles of data processing
Personal data is defined as all information which relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or your usage behaviour. Information that does not allow us (or only allow with a disproportionate amount of effort) to connect the data to you as a person – e.g. through anonymising the information – is not counted as personal data. The processing of personal data (e.g. collecting, accessing, using, saving or relaying personal data) must always have a basis in law, or your consent must have been obtained. Processed personal data is erased as soon as the purpose of the processing has been fulfilled and there are no statutory record-keeping obligations to be met.
You will find below information on the specific processes, scope and purpose of data processing, the legal basis for the processing and the length of time for which data will be stored for those cases where we process your personal data in order to be able to provide you with certain services.
3 Individual processes involving data processing
1 Provision and usage of the websitea.
a Type and scope of data processing
When you access and use our website, we capture the data that your browser automatically transmits to our server. This data is temporarily stored in a so-called log file.
When you use our website, we capture the following data that we need for technical reasons in order to be able to show you our website and to ensure its stability and security; and which is also analysed for statistical purposes only:
- IP address of the source computer
- Date and time of access
- Name and URL of the file accessed
- Website facilitating access (referrer URL)
- Controller sub-domains visited
- Browser used and, where applicable, your computer’s operating system and the name of your access provider
- Access status (http status code)
b. Legal basis
The legal basis for the data processing referred to above is provided by Art. 6 (1) (f) GDPR. The processing of the data referred to above is required for the provision of a website and thus necessary for the purposes of the legitimate interests pursued by our company.
c. Data storage duration
The log files created in conjunction with the usage of our website will be held for a period of 14 days and subsequently erased. The capture of the data and its storage in log files is required for the operation of the internet pages and for ensuring the stability and quality of this service. Greater and/or longer storage of data may apply in individual cases, if this is stipulated in law.
4 Sharing of data with third parties
We only share your personal data with third parties if:
- You have given your express permission for us to do so, in accordance with Art. 6 (1) sent. 1 lit. a GDPR
- In accordance with Art. 6 (1) sent. 1 lit. c GDPR there is a legal obligation to do so
- This is legally permissible and in accordance with Art. 6 (1) sent. 1 lit. b GDPR necessary for the performance of contract with you
- In accordance with Art. 6 (1) sent. 1 lit. f GDPR the sharing of your data is necessary to safeguard a justified company interest on the part of VARIODIN AG and there are no grounds for assuming you have an overriding right not to have your data shared with a third party, which is worthy of protection
- In accordance with Art. 6 (1) sent. 1 lit. f GDPR the sharing of your data is necessary to assert, exercise or defend a legal entitlement and there are no grounds for assuming you have an overriding right not to have your data shared with a third party, which is worthy of protection
5 Usage of cookies
- Technically Necessary Cookies
These cookies are necessary for the website to function and do not store personally identifiable information. They are usually set in response to user actions to enable key features like setting and maintaining logins or privacy preferences. These cookies cannot be objected to.
- Functional Cookies
These cookies may be used to enable a better user experience via enhanced features such as personalisation. If these cookies are disabled, some or all of these features may be adversely affected.
The GDPR requires your freely-given consent prior to processing any such personal data. You can withdraw your consent at any time in the privacy and cookies settings in your browser.
On our website there are so-called hyperlinks to the websites of other providers. If you activate these hyperlinks you will be taken from our website directly to the website of the other providers. This can be seen from the change in URL, amongst other factors. VARIODIN AG has no influence on the content or design of these other providers’ web pages. Understandably, therefore, the assurances made in this data protection declaration do not apply to the providers’ web pages. Please inform yourself of the treatment of your personal data by these organisations by visiting their websites direct.
7 Rights of data subjects
The GDPR has provided for you, as a data subject, to have the following rights in respect of the processing of personal data:
- 15 GDPR provides for you to demand information on the personal data we process in relation to you. In particular, you can demand information on the purposes for which we process data relating to you; the categories of personal data; the categories of recipients to whom your data has been or will be presented; the scheduled duration of data storage; the existence of a right to rectification, erasure, restriction of the processing or to object to processing; the existence of a right to complain; the source of the data on you if it has not been collected by us; whether the data is to be transferred to a third country or international organisations; and whether data is selected on the basis of an automated decision-making process or profiling, with meaningful information on the details of this process, where applicable.
- 16 GDPR provides for you to demand the immediate rectification or supplementing of your personal data held by us.
- 17 GDPR provides for you to demand the erasure of your personal data held by us, provided the processing thereof is not required to exercise the right to freedom of expression and information, to meet a legal obligation, for public interest reasons or to assert, exercise or defend legal claims.
- 18 GDPR provides for you to demand the restriction of processing of your personal data where you dispute the accuracy of the data; the processing is unlawful; or we no longer require the data but you oppose its erasure because you need it to assert, exercise or defend legal claims. You are also entitled to the right provided for in Art. 18 GDPR if you object to the processing in accordance with Art. 21 GDPR.
- 20 GDPR provides for you to demand to receive, in a structured, current and machine-readable format, the personal data you have provided to us; or you can demand that it is relayed to another controller.
- 7 (3) GDPR provides for you to withdraw the consent you gave us at any time. The consequence of this is that we may in future no longer continue with the data processing dependent on this consent.
- 77 GDPR gives you the right to complain to a supervisory authority.
8 The right to object
Where your personal data is processed on the basis of legitimate interests, Art. 6 (1) sent. 1 lit. f GDPR provides for you, in accordance with Art. 21 GDPR, to object to the processing of your personal data, where there are grounds for so doing based on your own particular situation, or your objection is to direct marketing. In the case of direct marketing you have a general right to object, which we must implement without the need for stating the existence of a particular situation.
9 Data security and backup measures
We undertake to protect your privacy and to treat your personal data with the utmost confidentiality. In order to avoid the manipulation, loss or misuse of the personal data we have stored that relates to you, we have adopted extensive technical and organisational security measures which are routinely checked and updated in line with improvements in technology. These include the use of recognised encryption methods (SSL or TLS). We must, however, point out that, due to the structure of the internet, it is possible that the data protection rules and abovementioned security measures may not be observed by other persons or institutions who/which do not come under our scope of responsibility. In particular, unencrypted data – e.g. if sent in an email – could be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data provided to him/her against misuse, through encryption or some other method.
If you have any queries, please do not hesitate to contact us at the address stated in section 1.