Data protection declaration
Data protection declaration
1. Data protection at a glance
The following information gives a simple overview of what happens with your personal data when you visit our website. Personal data is all data that enable you to be personally identified. Detailed information on data protection can be found in our data protection declaration set out below this text.
Data recording on our website
Who is responsible for data recording on this website?
Data processing on this website is performed by the website operator. The operator’s contact details can be found in the “Imprint” section of this website.
How do we record your data?
Some of your data are gathered when you submit them to us. This can be data that you enter in a contact form, for example.
Other data are recorded automatically by our IT systems when you visit our website. These are primarily technical data (e.g. web browser, operating system or time of the page view). These data are recorded automatically as soon as you access our website.
What do we use your data for?
Some of the data are gathered in order to ensure fault-free provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information on the origin, recipients and purpose of your stored personal data at any time. You also have a right to request correction, blocking or erasure of these data. If you have any questions about this or any other aspect of data protection, you are welcome to contact us at any time at the address stated in the “Imprint” section.
Furthermore, you are entitled to complain to the relevant supervisory authority.
Analysis tools and tools of third-party providers
When you visit our website, your surfing behaviour can be statistically evaluated. This is primarily carried out via cookies and analysis programs. Your surfing behaviour is usually analysed anonymously; it cannot be traced to you.
You can object to this analysis or prevent it by not using specific tools. Detailed information on this can be found in the data protection declaration below.
2. General details and mandatory information
The operators of these pages take protection of your personal data very seriously. We handle your personal data in strict confidence and in line with the statutory data protection regulations as well as this data protection declaration.
If you use this website, various items of personal data are gathered. Personal data are data that enable you to be personally identified. This data protection declaration explains what data we gather and what we use them for. It also explains how and for what purpose this is done.
Please note that data transfer on the internet (e.g. in the event of communication by e-mail) may involve security vulnerabilities. It is not possible to fully protect the data against access by third parties.
SSL and TLS encryption
For security reasons and to protect the transferring of confidential content such as enquiries that you send to us as the site operator, this site uses SSL and TLS encryption.
An encrypted connection can be identified by a change in the address line of your browser from “http://” to “https://” and the padlock symbol in your browser line.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
Details of the controller
The controller for data processing on this website is:
Chemische Fabrik Dr. Weigert GmbH & Co. KG
Mühlenhagen 85 D – 20539 Hamburg
Phone: ++49 40/7 89 60-0
The controller is the natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.).
If any of your personal data are processed, you are the data subject as per the GDPR, and you are entitled to the following rights in relation to the controller:
Right of access
You can ask the controller to confirm whether we process personal data relating to you.
If processing of this nature is carried out, you can ask the controller for the following information:
- the purposes for which the personal data are processed;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom your personal data have been or will be disclosed;
- the envisaged period for which your personal data will be stored, or, if specific details cannot be provided, the criteria used to determine the storage period;
- the existence of the right to request from the controller rectification or erasure of your personal data, a right to restriction of processing by the controller the data subject or a right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- all information on the origin of the data if the personal data have not been obtained from the data subject;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information on whether your personal data are transferred to a third country or an international organisation. In connection with this, you can ask to be informed of the appropriate guarantees as per Article 46 GDPR in connection with the transfer.
Right to rectification
You have a right to obtain rectification and/or completion from the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must perform rectification immediately.
Right to restriction of processing
Subject to the following conditions, you can request restriction of processing of your personal data:
- if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead;
- the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
- if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing of your personal data has been restricted, these data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
a) Erasure obligation
You can obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
- you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
- your personal data have been unlawfully processed;
- your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
a) Notification of third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
There is no right to erasure if processing is required for the establishment, exercise or defence of legal claims.
Right to information
If you have established the right to rectification, erasure or restriction of processing in relation to the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing unless this proves impossible or would involve a disproportionate effort.
You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on a consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) and;
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the relevant personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other people may not impaired as a result of this.
The right to data portability shall not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or where it serves the purpose of establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Right to withdrawal of the declaration of consent under data protection legislation
You shall have the right to withdraw your declaration of consent under data protection legislation at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
The competent supervisory authority on matters relating to data protection is the state data protection officer of the federal state in which our company has its head office. A list of the data protection officers and their contact details can be accessed via the link below:
Objection to advertising e-mails
Objection is hereby stated to the use of the contact details published in the mandatory imprint to send advertising and information materials that are not expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for instance through spam e-mails.
3. Data protection officer
Legally prescribed data protection officer
We have appointed a data protection officer for our company:
Volker Mennemann DPRT Business Services GmbH
Tel.: ++49 40/7 89 60-0
4. Data recording on our website
a) Description and extent of data processing
The following data are stored and transmitted in the cookies:
- Saving of language settings
- Login information
The following data can be transmitted in this way:
- Entered search terms
- Frequency of page views
- Utilisation of website functions
The user data gathered are pseudonymised by means of technical measures. This means that it is no longer possible to associate the data with the accessing user. The data are not stored together with other personal data of users.
b) Legal basis for data processing
The legal basis for processing of personal data with the use of technically essential cookies is point f) of Article 6(1) DSGVO.
The legal basis for processing of personal data for analysis purposes, subject to the user’s consent to this, is point a) of Article 6(1) DSGVO.
c) Purpose of data processing
We need cookies for the following applications:
- Saving of language settings
- Login information
The user data gathered by means of technically essential cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality and content of our website. From the analysis cookies, we learn how the website is used, enabling us to constantly optimise our offering.
These purposes also account for our legitimate interest in processing personal data as per point f) of Article 6(1) DSGVO.
e) Duration of storage, possibility of objection and rectification
5. Provision of the website and creation of log files
Description and extent of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data are gathered here:
- Information on the browser type and the version used
- The user’s operating system
- The HTTP response code
- The number of bytes transferred
- The user’s IP address
- The data and time of access
- Websites from which the user’s system reaches our website
- Websites that are accessed by the user’s system via our website
Legal basis for data processing
The legal basis for temporary storage of the data and log files is point f) of Article 6(1) DSGVO.
Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Storage in log files is carried out in order to ensure that the website works properly. In addition, we use the data to help us optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes is performed in connection with this.
These purposes also account for our legitimate interest in data processing as per point f) of Article 6(1) DSGVO.
Duration of storage
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. In the event of data recording for provision of the website, this is the case when the respective session is ended. In the event of data storage in log files, this is the case after no more than fourteen days. Storage beyond this is possible. In this case, the users’ IP addresses are erased or distorted so that it is no longer possible to associate the accessing client.
Possibility of objection and rectification
Data recording to provide the website and storage of data in log files are absolutely essential to operation of the website. Consequently, there is no possibility of objection on the part of the user.
6. Contact form
1. Description and extent of data processing
A contact form that can be used to make contact electronically is available on our website. If a user makes use of this option, the data entered in the input screen are sent to us and stored. These data are:
- Phone Number
- Your Message
Your consent to data processing is obtained in the context of the sending process and this data protection declaration is referred to.
No forwarding of the data to third parties is carried out in connection with this. The data are used solely for processing of the conversation.
2. Legal basis for data processing
The legal basis for processing of the data, subject to the user’s consent, is point a) of Article 6(1) DSGVO.
The legal basis for processing of the data transmitted when sending an e-mail is point f) of Article 6(1) DSGVO. If the e-mail contact is intended to conclude a contract, an additional legal basis for processing is point b) of Article 6(1) DSGVO.
3. Purpose of data processing
We process the personal data from the input screen solely for the purpose of facilitating contact. In the event of contact by e-mail, the essential legitimate interest in processing the data also relates to this.
The other personal data processed during the sending process serves to prevent misuse of the contact form and ensure security of our IT systems.
4. Duration of storage
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. For the personal data from the input screen of the contact form and the personal data sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is ended when it is apparent from the context that the matter concerned has been definitively resolved.
The personal data additionally gathered during the sending process are erased after a period of seven days at the latest.
5. Possibility of objection and rectification
Users are able at any time to withdraw their consent to the processing of their personal data. If users contact us by e-mail at firstname.lastname@example.org, they can object at any time to storage of their personal data. In any such case, the conversation cannot be continued.
All personal data stored in the context of contact are erased in this case.
7. Analysis tools and advertising
Matomo (formerly Piwik)
1. Extent of processing of personal data
On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse our users’ surfing behaviour. The software deposits a cookie on the user’s computer (see above for details of cookies). If individual pages of our website are accessed, the following data are stored:
- Two bytes of the IP address of the user’s accessing system
- The accessed website
- The website from which the user reached the accessed website (referrer)
- The subpages accessed from the accessed website
- The time spent on the website
- The frequency of access to the website
The software only runs on the servers of our website. The users’ personal data are only stored there. No forwarding of the personal data to third parties is performed.
The software is configured in such a way that the IP addresses are not fully stored; instead, 2 bytes of the IP address are concealed (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to associate the abbreviated IP address with the accessing computer.
2. Legal basis for processing of personal data
The legal basis for processing of the users’ personal data is point f) of Article 6(1) DSGVO.
3. Purpose of data processing
Processing of the users’ personal data enables us to analyse our users’ surfing behaviour. Evaluating the extracted data allows us to compile information on the use of individual components of our website. This helps us to constantly improve our website and make it more user-friendly. These purposes also account for our legitimate interest in processing the data as per point f) of Article 6(1) DSGVO. The users’ interest in protection of their personal data is sufficiently taken into account through anonymisation of the IP address.
4. Duration of storage
The data are erased as soon as they are no longer needed for our record-keeping purposes.
5. Possibility of objection and rectification
On our website, we give our users the opportunity to opt out of the analysis process. To do this, they must follow the relevant link. In this way, a further cookie is deposited on their system, telling our system not to store the user’s data. If the user erases the corresponding cookie from their own system in the meantime, they must redeposit the opt-out cookie.
Further information on the privacy settings of the Matomo software can be found via the following link: matomo.org/docs/privacy/.
8. Plugins and tools
We have embedded YouTube videos in our online offering. They are stored at www.youtube.com and can be played directly from our website. All of them are embedded in ”privacy-enhanced mode“, i.e. no data about you as a user can be transferred to YouTube if you do not play the videos. The data listed in paragraph 2 is only transferred if you play the videos. We have no influence on this data transfer.
As a result of the visit to the website, YouTube is informed that you accessed the corresponding subpage of our website. In addition, the data listed in item 4 of this declaration is transmitted. This happens regardless of whether YouTube provides a user account via which you are logged in or whether there is no user account. If you are logged into Google, your data is associated directly with your account. If you do not want to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or requirement-oriented design of its website. Evaluation of this kind is performed particularly (even for users who are not logged in) for the provision of requirement-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to formation of these user profiles, and must contact YouTube in order to exercise it.
Further information on the purpose and extent of data collection and processing of the data by YouTube can be found in the data protection declaration. You will also find further information on your rights and settings options for protecting your privacy there: policies.google.com/privacy.
Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.