I. Name and address of the person responsibleThe person responsible within the meaning of the General Data Protection Regulation and other national data privacy laws of the member states as well as other provisions of data privacy law is the Data Privacy Officer: OSR GmbH & Co. KG Gartenstraße 105 D – 73430 Aalen Tel: +49 7361 81499 70 E-mail: firstname.lastname@example.org
II. Data processing by providing and accessing our website
1. Description and scope of data processingEach time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and the version used
- The user’s operating system
- The IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
2. Legal basis for data processingThe legal basis for the temporary storage of data and log files is Art. 6 Par. 1 lit. f GDPR
3. Purpose of data processingThe temporary storage of the IP address by the system is necessary so as to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage of the log files ensures the functionality of the website. What is more, the data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.
4. Duration of storageThe data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data to make the website available, this is the case when the session in question has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage going beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that they can no longer be assigned to the calling client.
5. Possibility of objection and removalThe collection of data for making the website available and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
III. Data processing by e-mail contact
1. Description and scope of data processingYou can contact us via the e-mail address provided on our website. In this case, the user’s personal data transmitted with the e-mail will be stored. Within this context, it does not pursue the passing on of the data to third parties. The data will be used exclusively for the processing of the conversation.
2. Legal basis for data processingLegal basis for the processing of the data, which is conveyed in the course of a transmission of an e-mail, is Art. 6 Par. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing Art. 6 Par. 1 lit. b GDPR.
3. Purpose of data processingThe processing of personal data serves solely to process the establishment of contact. In case of contacting us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
4. Duration of storageThe data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and removalThe user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of establishing contact will be deleted.
IV. Rights of the data subjectIf your personal data is processed, you are the data subject within the meaning of GDPR and you are entitled to the following rights vis-à-vis the person responsible:
1. Right to informationYou can request confirmation from the person responsible as to whether personal data relating to you will be processed by us. In the event of such processing, you may request the following information from the data controller:
- the purposes for which the personal data will be processed; the categories of personal data that will be processed;
- the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
- the planned duration of the retention of personal data concerning you or, if it is not possible to provide specific information, criteria for determining the retention period;
- the existence of a right to rectify or erase personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
2. Right to rectificationYou have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.
3. Right to limit the processingUnder the following conditions, you may request that the processing of your personal data be restricted:
- when you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
- if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the justified reasons of the person responsible outweigh your reasons.
4. Right to deletiona) Duty to delete You may request the data controller to delete the personal data concerning you immediately, and the data controller is then obliged to delete this data immediately if one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing according to Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a GDPR was based, and no other legal basis for the processing exists.
- You object to the processing in accordance with Art. 21 Par. 1 GDPR and no prior legitimate reasons for processing exists, or you object to the processing in accordance to Art. 21 Para. 2 GDPR.
- The personal data concerning you was unlawfully processed.
- The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data relating to you has been collected in relation to information society services offered in accordance with Art. 8 Par. 1 GDPR.
- to exercise the right of freedom of expression and information;
to fulfil a legal obligation which calls for processing requires the law of the Union or of the Member States to which the controller is subject, or to is required so as to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the field of public health, pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
- for archive purposes lying in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 Par. 1 GDPR, as far as the right mentioned under section a) presumably makes the realisation of the goals of this processing impossible or seriously impairs, or
- to assert, exercise or defend legal claims.
5. Right to informationIf you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you has been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort. You shall have the right vis-à-vis the person responsible to be informed of such recipients.
6. Right to transfer dataYou have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
- the processing is based on a consent according to Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR or on a contract according to Art. 6 Par. 1 lit. b GDPR and
- processing is carried out using automated procedures.
7. Right of objection
For reasons related to your particular situation, you have the right to object to the processing of personal data concerning you carried out pursuant to Art. 6 Par. 1 lit. e or f GDPR, including profiling based on these provisions, at any time.The controller will no longer process the personal data relating to you unless he can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and liberties, or the processing serves to assert, exercise or defend legal claims. If personal data concerning you is processed for the purpose of direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such advertising at any time; this also applies to profiling in so far as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right to object in relation to the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.