Data protection statement in accordance with GDPR
- Name and address of the data controller
- General information on data processing
- Provision of the website and creation of log files
- Rights of the data subject
- External services
1. Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Dipl.-Ing. Nikolaus Hertle
ITZ Plus Biberach GmbH
Freiburger Straße 40
88400 Biberach an der Riß
2. General information on data processing
2.1 Scope to which personal data is processed
We only collect and utilise the personal data of our users insofar as this is necessary for the provision of an operational website and of our content and services. Collection and utilization of our users' personal data is only undertaken periodically with the user's consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.
2.2 Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 lit. of the EU General Data Protection Regulation as a legal basis for processing personal data.
For the processing of personal data necessary for performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b of the GDPR is the legal basis. This also applies to processing necessary for pre-contractual activities.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR is the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 lit. d of the GDPR is the legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the data subject do not prevail, Article 6 para. 1 lit. f of the GDPR is the legal basis for processing.
2.3 Data deletion and storage duration
The data subject’s personal data will be deleted or blocked as soon as the purpose of storage ceases to exist. Furthermore, data may then be stored if this has been provided by the European or national legislation in EU regulations, laws or other provisions to which the data controller is subject. We will block or delete data once the prescribed retention period has expired, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3. Provision of the website and creation of log files
3.1 Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information regarding the used browser type and version
- The user’s operating system
- The IP address of the user
- date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system via our website
The data is also stored in our system log files, whereby the IP address is shortened immediately after it is has been recorded, with the IPv4 address on the first two bytes and an IPv6 address on the first 32 bits. Personal profiles cannot be deduced from these reduced IP addresses. This data is not stored together with any other personal data we may have collected about you.
3.2 Legal basis for data processing:
The legal basis for the temporary storage of data and the log files is Article 6 para. 1 lit. f) of the GDPR.
3.3 Purpose of data processing
Temporary storage of IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the IP address of the user must remain stored for the duration of the session.
The log files are stored in order to ensure the functionality of the website. Furthermore, the data are used to optimise the website and to ensure the safety of our information technology systems. The data are not evaluated for marketing purposes in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) of the GDPR.
3.4 Storage duration
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. When collecting the data for providing the website with it, this is the case when the respective session is completed.
When data are stored in log files, this happens after seven days at the latest. Further storage is possible. In this case, users’ IP addresses are shortened, so that they can no longer be assigned to the requesting computer.
3.5 Options for objecting to the collection of your data and requesting its deletion
Collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there is no option to object on the part of the user.
The website does not use any cookies that require approval
5. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the controller:
5.1 Right to information:
You have the right to obtain information from the controller about the extent to which your personal data are being processed by us.
If processing is taking place, you can request the following information from the controller:
- the purposes for which your personal data is being processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom your personal data have been or will be disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;
- the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data, or to object to such processing;
- the existence of a right to appeal to a supervisory authority;
- all available information regarding the source of the data if the personal data has not been collected from you, the data subject;
- the existence of automated decision making including profiling according to Article 22 para 1 and 4 of the GDPR and, at least in these cases, meaningful information regarding the logic involved and the scope and intended effect of such processing with respect to the data subject
You also have the right to be informed whether your personal data have been transferred to a third country or to an international organisation. In this respect, you can request the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.
This right of information may be limited to the extent that it is likely to render impossible or seriously affect the realisation of the research or statistical purposes and the restriction is necessary for the performance of the research or statistical purposes.
5.2 Right to rectification
You have a right to request the rectification and/or completion of your personal data by the controller if the personal data being processed is incorrect or incomplete. The controller must make the rectification without delay.
Your right to rectification may be limited to the extent that it is likely to render impossible or seriously affect the realisation of the research or statistical purposes and the restriction is necessary for the performance of the research or statistical purposes.
5.3 Right to restriction of processing
Under the following conditions, you may request the restriction of processing of your personal data:
- if you contest the correctness of your personal data for a period of time that enables the controller to verify the correctness of the personal data;
- if the processing is unlawful, you decline your right to the erasure of your personal data and instead demand that the use of your personal data be restricted;
- if the data controller no longer needs your personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims, or
- if you have objected to the processing pursuant to Article 21 para. 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh yours.
If the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing of your personal data has been restricted pursuant to the above conditions, you shall be notified by the controller before the restriction is lifted.
Your right of restriction may be limited to the extent that it is likely to render impossible or seriously affect the realisation of the research or statistical purposes and the restriction is necessary for the performance of the research or statistical purposes.
5.4 Right to deletion
a. Obligation to delete data
You may demand the controller to delete your personal data without delay, and the controller shall be required to delete that information immediately if one of the following is true:
- If your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You revoke your consent to the processing pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a of the GDPR and there is no other legal basis for processing.
- You object pursuant to Article 21 para. 1 of the GDPR and there are no overriding legitimate reasons for processing, or you object to the processing pursuant to Article 21 para. 2 of the GDPR.
- If your personal data were processed unlawfully.
- If your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- If your personal data were collected in relation to the information society services offered pursuant to Article 8 para. 1 of the GDPR
b. Information to third parties
If the controller has made the personal data concerning you public and pursuant to Article 17 para. 1 of the GDPR is obligated to the erasure of personal data, it shall take appropriate measures also of a technical nature taking into account the available technology and implementation costs, in order to notify data controllers who process the published personal data, in particular to delete all links to such personal data or copies or replications of such personal data, insofar as the processing is not required.
The right to deletion does not exist if the data processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation requiring the data to be processed under the law of the Union or the Member States to which the data controller is subject, or to perform a task in the public interest, or in the exercise of official authority delegated to the controller;
- for reasons of public interest in the field of public health, pursuant to Article 9 para. 2 lit. h and i and Article 9 para. 3 of the GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 para 1 of the GDPR, to the extent that the law referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or
- to assert, exercise or defend legal claims;
5.5 Right to information
If you have asserted your right to rectification, erasure or restriction of processing with the data controller, the latter is obliged to communicate such rectification or erasure of data or restriction of processing carried out to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
With regard to the controller, you have a right to be informed about these recipients.
5.6 Right to data portability
You have the right to receive the personal data you made available to the data controller in a structured, common and machine readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, insofar as
- the processing is based on a consent pursuant to Article 6 para 1 lit. a of the GDPR or Article 9 para 2 lit. a of the GDPR, or on a contract pursuant to Article 6 para. 1 lit. b of the GDPR and
- the processing is performed by automated means.
Furthermore, when exercising this right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This should not affect the rights and freedoms of other persons.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to the data controller.
5.7 Right of objection
You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data, which, pursuant to Article 6 para. 1 lit. e or f of the GDPR takes place, this also applies to profiling based on these provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
Notwithstanding the Directive 2002/58/EC, you also have the possibility, in connection with the use of information society services, to exercise your right of opposition by means of automated procedures using technical specifications.
You also have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Article 89 para 1 of the GDPR.
Your right of objection may be limited to the extent that it is likely to render impossible or seriously affect the realisation of the research or statistical purposes and the restriction is necessary for the performance of the research or statistical purposes.
5.8 Right to revoke consent under data protection law
You have the right to revoke your consent to data processing at any time. Revoking consent does not affect the legality of any processing that took place beforehand.
5.9 Automated decision-making in individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have a legal effect on you or similarly impact upon you in a considerable manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the controller,
- is permitted by Union or Member State legislation to which the data controller is subject, and where such legislation contains appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
- is made with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9 para 1 of the GDPR, unless Article 9 para. 2 lit. a or g applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
5.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.
The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
6 External services
6.1 Use of social media links
We currently use various links to different social media platforms, such as LinkedIn, Facebook, Instagram and Pinterest. This refers to links, not social media plug-ins. If you click on one of the links, you will be directed to the respective website provider and your IP address will be transmitted as a result. If you are simultaneously logged into a respective social media account, the respective provider may collect further data under certain circumstances.