In the following, we inform you about the collection, storage, and use of personal data. “Personal data” means any data which relates to your person, e.g. your name, postal address, email address, telephone number, and usage behaviour.
- Information on the Controller and Data Protection Officer
2. Information on Data Subject Rights
3. Information on Data Processing
3.1 Server Data
3.4 Order Forms
3.5 Data Dissemination
3.6 Google Analytics
3.7 Social Media Presence
4. Data Security
- Name and Contact Details of the Controller Responsible for Processing and of the Corporate Data Protection Officer
Controller responsible for data processing:
Data Protection Officer:
- Data Subject Rights
2.1. Right of Access, Article 15 of GDPR
You have the right to obtain a confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information: purposes of the processing, the category of personal data concerned, recipients or categories of recipients to whom your personal data has been or will be disclosed, the envisaged storage period, the existence of the right to request rectification, erasure, restriction of processing or to object to such processing, the right to lodge a complaint with a supervisory authority, information as to the source of your data and the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about its details.
2.2. Right to Rectification, Article 16 of GDPR
You have the right to request the rectification of inaccurate or the completion of your personal data retained by us without undue delay.
2.3 Right to Erasure, Article 17 of GDPR
You have the right to request the erasure of your personal data stored with us without undue delay, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
2.4 Right to Restriction of Processing, Article 18 of GDPR
You have the right to request restriction of processing of your personal data, where the accuracy of the data is contested by you, for a period enabling us to verify the accuracy of the personal data, if the processing is unlawful, but you oppose its erasure, and if we no longer need the data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims, or if you have objected to the processing pursuant to Article 21 of GDPR.
2.5 Right to Data Portability, Article 20 of GDPR
You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and have the right to request the transfer of this data to another controller.
2.6 Right to Withdraw a Given Consent, Article 7(3) sentence 1 of GDPR
You have the right to withdraw your consent once given at any time towards us. An email to firstname.lastname@example.org is sufficient. The withdrawal does not affect the lawfulness of processing based on such consent before its withdrawal.
2.7 Right to Lodge a Complaint With a Supervisory Authority, Article 77 of GDPR
Moreover, you have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us.
Right to Object
To the extent that we process your personal data based on legitimate interests as per point (f) of Article 6(1) of GDPR, you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data as per Article 21 of GDPR. If you would like to make use of this right, it suffices to write an email to email@example.com. We will then verify the ongoing admissibility of processing. We will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
- Personal data collection, storage, and use
3.1. When visiting our website
When you visit our website www.gima-ziegel.de, the browser used on your terminal automatically sends information to the server of our website (so-called “server log files”). The following information will be captured without you being involved:
- IP address of the requesting computer;
- date and time of the request;
- name and URL of the file retrieved;
- access status / http status code;
- data volume transferred;
- website from which the request is made (referrer URL);
- browser used, language and version of the browser software, the operating system and its user interface and the name of your access provider.
We need this data to enable a smooth establishment of the connection and to ensure a comfortable use of the website as well as system security and stability. The log files are checked only where there is concrete evidence of any unlawful use of the website.
The data is retained for 8 weeks and then erased, unless there is concrete evidence of any unlawful use, requiring a prolonged retention for evidentiary purposes.
Processing is based on point (f) of Article 6(1) of GDPR. Our legitimate interest is to improve the stability, functionality, and safety of our website.
Our website is hosted on a server of the provider Ionos. Further information on this provider is available here: https://www.ionos.de/.
Most browsers accept cookies automatically; however, you can configure your browser so that no cookies will be retained on your computer or that a note will appear each time before a new cookie is placed. Cookies already retained can be erased at any time. Please note that disabling cookies overall may result in you no longer being able to make full use of all features of our website.
We use both transient and persistent cookies on our website.
- Transient Cookies
We use so-called “session cookies” on our website which retain a so-called “session ID” to determine whether you have already visited individual pages of our website. These cookies help to make the use of our services more convenient for you. The session cookies are automatically erased when you close the browser.
- Persistent Cookies
- Analysis Cookies
We use Google Analytics to capture the use of our website and to evaluate it to optimise the user-friendliness of our services for you (more on Google Analytics: see below). The cookie placed to that end has a term of two years. When accessing our website, you will be asked whether you consent to the use of analysis cookies. The cookie is placed only after you consented; the legal basis is point (a) of Art. 6(1) of GDPR. The cookie will not be placed without your prior consent. You may withdraw your consent once given to us at any time with effect for the future by customising your cookie settings here:Cookie Settings
We provide you with an opportunity to contact us via the forms provided on our website (s. point 3.4). In order to answer your enquiry, a valid e-mail address needs to be provided. In addition, further details (company name, sector, first name and surname, address or phone number) may be provided on a voluntary basis, helping us to perfectly process your request.
As an alternative to the contact form, you can contact us via the email address firstname.lastname@example.org. In this case, your personal data transmitted with the email is retained and used to respond to your request.
Legal basis for the processing is point (b) of Article 6(1) of GDPR to the extent that processing of the request is necessary to take steps prior to entering into a contract, or to fulfil obligations prior to entering into a contract. Processing for other purposes is based on point (f) of Art. 6(1) of GDPR, since we have a legitimate interest in complying with the user’s expectations and to answer the user’s request.
3.4 Order Forms
Our website provides you with the possibility to order a sample board, individual samples or printed documents. To do so, you have to indicate your email address and, for delivery by mail, your name and address in the provided order form. In addition, further details (company name, phone number, fax, construction project) may be provided on a voluntary basis, helping us to perfectly process your request. You may also indicate that you wish to be contacted, and you can send us an additional message.
Moreover, we provide you with an opportunity on our website to send a general contact request to us. In order to answer your request, a valid email address needs to be provided in the relevant order form. In addition, further details (company name, first name and surname, address, phone number, fax, construction project) may be provided on a voluntary basis, helping us to perfectly process your request. You may also indicate that you wish to be contacted, and you can send us an additional message. We’ll get in touch with you straight away afterwards.
Legal basis for the processing in both cases is point (b) of Article 6(1) of GDPR to the extent that processing of the request is necessary to deliver the order, to take steps prior to entering into a contract, or to fulfil obligations prior to entering into a contract. Processing for other purposes is based on point (f) of Art. 6(1) of GDPR, since we have a legitimate interest in complying with the user’s expectations and to answer the user’s request.
We will erase the collected data once this is requested under point 2.3 and if the erasure does not conflict with legal retention obligations based on a pre-contractual or contractual relation.
3.5 Data Dissemination
Except in the cases described under the individual processing operations, your personal data will be disseminated to third parties only if you have given your explicit consent under point (a) of Article 6(1) of GDPR, if the dissemination is necessary for the establishment, exercise or defence of legal claims under point (f) of Article 6(1) of GDPR and if there is no reason to consider that this conflicts with any overriding legitimate interest for the case that an obligation under point (c) of Article 6(1) of GDPR exists or if this is admissible and necessary under point (c) of Article 6(1) of GDPR to implement contractual relationships with you.
Tools of companies based in the US are embedded in our website. When such tools are active, your personal data might be transferred to the US servers of the relevant companies. Please note that the USA is no safe third country in terms of EU data protection laws. US companies are obliged to disclose personal data to security authorities where you as data subject are unable to take legal proceedings against such disclosure. Therefore, it cannot be excluded that US authorities (e.g. secret services) might process, assess, and permanently store your data that is stored on US servers for surveillance purposes. We have no influence on these processing activities. (Source: e-recht24.de)
3.6 Google Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics creates pseudonymised user profiles and uses so-called “cookies”, i.e. text files retained on your computer and allowing to analyse your use of the website. The information generated by the cookie about your use of this website, such as browser type/version, operating system used, referrer URL (the previously visited website), host name of the accessing computer (IP address), time of the server query, is transferred to a Google server in the US and retained there. If IP anonymisation is enabled on this website, however, your IP address will first be shortened by Google within Member States of the European Union or in other States which are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google will use this information on behalf of the provider of this website to analyse your use of the website, to compile reports about the website activities and to provide the website operator with further services associated with the website and Internet use.
The IP address transmitted by your browser as part of Google Analytics will not be amalgamated with any other data of Google.
When accessing our website, you will be asked whether you consent to the use of analysis cookies. Your data will be processed in the manner described above only after you have consented. Google Analytics will not be used without your prior consent. You may withdraw your consent once given at any time with effect for the future by changing your cookie settings according to point 3.2.
You can prevent the retention of the cookies by setting your browser software accordingly; please note, however, that you might not have full access to all website functions in this case. You may also prevent the collection by Google of the data captured by the cookie and relating to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link:
This website uses Google Analytics with the “anonymizeIP” extension. IP addresses are thus further processed in shortened form, allowing to exclude any personal identification. To the extent that the data collected about you is assigned a personal reference, it will thus be immediately excluded, and the personal data will be deleted without delay.
We use Google Analytics in order to analyse and regularly improve the use of our website. Using the statistics obtained by us, we can improve our services and make them more interesting for you as user.
The lifetime of the cookie is two years. The data is retained for a period of 14 months.
Legal basis for the use of Google Analytics is your prior consent as per point (a) of Article 6(1) of GDPR.
Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 4361001.
Further information on data protection in connection with Google Analytics is available, for example, in Google Analytics Help at: https://support.google.com/analytics/?hl=en#topic=3544906.
3.7 Social Media
We maintain an online presence with different platforms to call attention to us and our services and to reach out to customers and interested parties. We used graphics to link to our presence on the platforms. By clicking on the graphic, you will be forwarded to the respective platform.
When users access these platforms, their data is collected and retained by the operators.
We and the platform operator are jointly responsible for data processing. Processing is based on point (f) of Article 6(1) of GDPR. Our legitimate interest is to call attention to us and our services and to be able to reach out to customers and interested parties. Legal basis may also be a consent given to the platform as per point (a) of Article 6(1) of GDPR which may be revoked at any time with effect for the future.
When you access our online presence on these platforms, the respective operator processes your data to obtain statistical information on the use of our presence on the platform. The platform operator also uses this data for market research and advertising purposes and to create user profiles to solicit users outside the platform as well. If the user is logged in with an own account at the time of access, the data may be linked to the respective user account.
More detailed information on data processing by the respective platform operator is available at the links below.
Please note that data of the users might be processed outside the European Union, in particular in the US, which causes increased risks for users, e.g. in that later access to the user data may be impeded, since it can exclusively be accessed by the providers of the respective platform.
Our website uses plug-ins of the video portal Vimeo. Provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit the web page, you will be asked whether you consent to their use. If you give your consent, a connection will be established to the Vimeo servers. At the same time, the Vimeo server is provided with information about which of our web pages you visited. Moreover, Vimeo will obtain your IP address. This is also the case if you are not logged in with Vimeo or do not have an account with Vimeo. The information captured by Vimeo is transmitted to the Vimeo server in the US (for more information, please see point 3.5).
When you are logged in with your Vimeo account, you enable Vimeo to directly assign your browsing habits to your personal profile. You can prevent this by logging out of your Vimeo account.
If you want to receive the newsletter offered on the website with regular information on our services and products, we need your e-mail address as a mandatory detail. To dispatch the newsletter, we use the “double-opt-in procedure”. This means that we will send you our newsletter by e-mail only after you have expressly confirmed to us that you consent to the dispatch of newsletters. To that end, we will first send an e-mail to the e-mail address indicated by you upon your subscription. By clicking on the link in this e-mail, you can confirm that you want to receive newsletters in the future as addressee of the relevant e-mail address. By issuing this confirmation, you give us your consent as per point (a) of Art. 6(1) GDPR that we may process your personal data to dispatch the desired newsletter.
Upon your subscription to the newsletter, we retain, besides the e-mail address required for the dispatch, the IP address used by you to subscribe to the newsletter as well as the date and time of both the subscription and confirmation in order to retrace any potential misuse at a later point in time.
If you do not confirm your subscription, your data will not be retained in our system.
You may revoke your given consent at any time for the future and unsubscribe the newsletter using the link included in each newsletter or by e-mail to email@example.com . Following your unsubscription, your e-mail address will be immediately erased from our newsletter mailing list, unless you explicitly consented to the continued use of the collected data or the continued processing is otherwise admissible by law.
Our e-mail newsletter is dispatched via the technical service provider Sendinblue, to which we disseminate your data provided upon your newsletter subscription, and on the Sendinblue servers located in Germany. The data entered by you to receive the newsletter (e-mail address) will be retained on the servers of Sendinblue in Germany up to their erasure.
We concluded an order data processing agreement with Sendinblue in which Sendinblue undertakes to protect the data of the newsletter recipients and to not disseminate it to third parties. Further information can be found at the following link:
- Security by SSL Encryption (HTTPS Protocol)
The HTTPS transport encryption is consistent with the state of the art. As for the rest as well, we make use of appropriate technical and organisational safeguards to protect your data against accidental or deliberate manipulations, loss, in full or in part, destruction or unauthorised access by third parties. Our safeguards are continuously improved in line with technological developments.