PRIVACY POLICY

Data Privacy
Declaration

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data privacy laws of the member states as well as other provisions of data privacy law is the Data Privacy Officer: OSR GmbH & Co. KG Gartenstraße 105 D – 73430 Aalen Tel: +49 7361 81499 70 E-mail: info@osr-rohstoffe.de

II. Data processing by providing and accessing our website

1. Description and scope of data processing

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
  1. Information about the browser type and the version used
  2. The user’s operating system
  3. The IP address of the user
  4. Date and time of access
  5. Websites from which the user’s system accesses our website
The data is also stored in the log files of our system. This data is not stored together with other personal user data.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 Par. 1 lit. f GDPR

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary so as to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage of the log files ensures the functionality of the website. What is more, the data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 Par. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data to make the website available, this is the case when the session in question has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage going beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that they can no longer be assigned to the calling client.

5. Possibility of objection and removal

The collection of data for making the website available and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

III. Data processing by e-mail contact

1. Description and scope of data processing

You can contact us via the e-mail address provided on our website. In this case, the user’s personal data transmitted with the e-mail will be stored. Within this context, it does not pursue the passing on of the data to third parties. The data will be used exclusively for the processing of the conversation.

2. Legal basis for data processing

Legal basis for the processing of the data, which is conveyed in the course of a transmission of an e-mail, is Art. 6 Par. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing Art. 6 Par. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data serves solely to process the establishment of contact. In case of contacting us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of establishing contact will be deleted.

IV. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of GDPR and you are entitled to the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you will be processed by us. In the event of such processing, you may request the following information from the data controller:
  1. the purposes for which the personal data will be processed; the categories of personal data that will be processed;
  2. the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
  3. the planned duration of the retention of personal data concerning you or, if it is not possible to provide specific information, criteria for determining the retention period;
  4. the existence of a right to rectify or erase personal data concerning you, a right to limit the processing by the controller or a right to object to such processing;
  5. the existence of a right of appeal to a supervisory authority;
  6. all available information on the origin of the data, if the personal data are not collected from the data subject;
  7. the existence of automated decision-making including profiling in accordance with Article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. Within this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to have your personal data corrected and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.

3. Right to limit the processing

Under the following conditions, you may request that the processing of your personal data be restricted:
  1. when you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
  4. if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the justified reasons of the person responsible outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of its storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion

a) Duty to delete You may request the data controller to delete the personal data concerning you immediately, and the data controller is then obliged to delete this data immediately if one of the following reasons applies:
  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent on which the processing according to Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a GDPR was based, and no other legal basis for the processing exists.
  3. You object to the processing in accordance with Art. 21 Par. 1 GDPR and no prior legitimate reasons for processing exists, or you object to the processing in accordance to Art. 21 Para. 2 GDPR.
  4. The personal data concerning you was unlawfully processed.
  5. The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
  6. The personal data relating to you has been collected in relation to information society services offered in accordance with Art. 8 Par. 1 GDPR.
b) Information to third parties If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Par. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data. c) Exceptions The right to deletion does not exist if the processing is necessary
  1. to exercise the right of freedom of expression and information;
  2. to fulfil a legal obligation which calls for processing requires the law of the Union or of the Member States to which the controller is subject, or to is required so as to perform a task carried out in the public interest or in the exercise of official authority vested in the controller

  3. for reasons of public interest in the field of public health, pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
  4. for archive purposes lying in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 Par. 1 GDPR, as far as the right mentioned under section a) presumably makes the realisation of the goals of this processing impossible or seriously impairs, or
  5. to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to rectify, cancel or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you has been disclosed of such rectification, cancellation or limitation, unless this proves impossible or involves a disproportionate effort. You shall have the right vis-à-vis the person responsible to be informed of such recipients.

6. Right to transfer data

You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, provided that
  1. the processing is based on a consent according to Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR or on a contract according to Art. 6 Par. 1 lit. b GDPR and
  2. processing is carried out using automated procedures.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one responsible person to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

For reasons related to your particular situation, you have the right to object to the processing of personal data concerning you carried out pursuant to Art. 6 Par. 1 lit. e or f GDPR, including profiling based on these provisions, at any time.

The controller will no longer process the personal data relating to you unless he can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and liberties, or the processing serves to assert, exercise or defend legal claims. If personal data concerning you is processed for the purpose of direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such advertising at any time; this also applies to profiling in so far as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right to object in relation to the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under Data Privacy law

You have the right to revoke your declaration of consent under Data Privacy law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.

9. Right to submit a complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to submit a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you consider that the processing of your personal data is in breach of the GDPR. The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.