1. Name and contact details of the data controller and the company data protection officer
This data protection information applies to data processing by:
Wilhelmshöher Allee 292
D-34131 Kassel, Germany
Tel: +49 (0)561 3166 200
Fax: +49 (0)561 3166 225
Data protection commissioner:
Friedrich-Wilhelm-Straße 148, 57074 Siegen
2. Collection and storage of personal data as well as the nature and purpose of their use
a) Visiting the website
When you visit our website www.gbz-ag.eu, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. In the course of this procedure, the following data are collected and stored, without any action on your part, until such time as it is automatically deleted:
- the IP address of the requesting computer,
- the date and time of access,
- the name and URL of the retrieved file,
- the Website from which access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your Internet Access Provider.
We process the above-mentioned data for the following purposes:
- to ensure a smooth connection to the website,
- to ensure comfortable use of our website,
- to evaluate system security and stability as well as
- for other administrative purposes.
The legal basis for data processing is Article 6, Para 1, Sentence 1 (f) GDPR. Our legitimate interest is derived from the data collection purposes listed above. In no case shall we use the data collected to draw conclusions about you.
3. Disclosure of data
Your personal data are not transferred to third parties for purposes other than those listed below.
We share your personal information with third parties only if:
you have given express consent to this in accordance with Article 6, Para. 1, Sentence 1(a) GDPR,
the disclosure pursuant to Article 6, Para. 1, Sentence 1(f) GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
there is a legal obligation to disclose data in accordance with Article 6, Para. 1, Sentence 1(c) GDPR, and
this is legally permissible and required in accordance with Article 6, Para. 1, Sentence 1(b) GDPR for the settlement of contractual relationships with you.
4. Rights of the data subject
You have the right:
- in accordance with Article 15 GDPR, to request information about the personal data we process. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipient to whom your data have been or will be disclosed, the planned storage period, the right to rectification, deletion, restriction of processing or objection, the existence of the right to complain, the source of your data, if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details of same;
- in accordance with Article 16 GDPR, to demand the immediate correction of incorrect personal data stored with us or to demand its completion;
- in accordance with Article 17 GDPR, to demand the deletion of personal data stored with us, unless processing is required for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- according to Article 18 GDPR, to demand that the processing of your personal data be restricted if you dispute the accuracy of the data, the processing is unlawful, you reject its deletion and we no longer need the data, you however require the data to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR, to receive the personal data you provided to us in a structured, standard and machine-readable format or to request transmission to another responsible person;
- according to Article 7, Para. 3 GDPR, to revoke your previous consent to us at any time. This means that we are no longer allowed to continue processing the data based on this consent and
- you have the right to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or of our registered office.
5. Right of objection
If your personal data are processed based on legitimate interests in accordance with Article 6, Para. 1, Sentence 1(f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or that the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without the need to specify any particular situation.
If you would like to exercise your right of revocation or objection, please send an e-mail to firstname.lastname@example.org
6. Data security
We use the widespread SSL (Secure Socket Layer) method within the site visit, in conjunction with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see whether a single page of our website is encrypted by looking for a locked key or lock symbol in the lower status bar of your browser.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
7. Updating and changing this Data Protection Policy
This Data Protection Policy is up-to-date and valid as of May 2018.
It may be necessary to change this Data Protection Policy due to further development of our website and its services or due to changed legal or official requirements. The current Data Protection Policy can be viewed and printed on the website at any time at https://www.gbz-ag.eu.
We use Matomo to learn more about how visitors interact with our website. For that purpose, we collect certain data on visitors' behaviour on our website. We combine these data and use it to perform statistical analyses on an aggregated level. Among the data we collect and process are for example:
- which of our website's sub-sites a visitor is navigating to,
- how long a visitor remains on our website
- from which other website a visitor navigated to our website („referer“).
These data are collected and processed strictly anonymously. That means that we are not able to deduce information on any individual website visitor or identify them. Also, we do not combine these data with data from other sources, do not disclose these data to third parties within or outside of the European Union and do not use these data for individual profiling or solely automated decision-making.
You may object to the analyisis of your behaviour on our website, even though it is performed anonymously and no personal information is used in the process: