Privacy Statement according to the European General Data Protection Regulation [GDPR]
I. Name and Address of the person responsible according:
The person legally responsible within the meaning of the General Data Protection Regulation [GDPR] and other national data protection laws of the member states of the European Union [EU], as well as other valid data protection regulations, is the:
Carl Walter Schraubwerkzeug-Fabrik GmbH & Co. KG
Hahnerberger Str. 82
Phone: +49 (202) 409240
II. Name and address of the data protection officer
The appointed data protection officer of the responsible legal person is:
Bohnen IT GmbH
Hastener Strasse 2
Phone: +49 (202) 24755 - 24
General Information of the European General Data Protection Regulation
1. General Information regarding Data Processing
In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and to keep-up with our content and services. The collection and use of personal data takes place only on regularly basis in the consent with the user. An exception applies to those cases where the permission of data processing cannot be obtained prior to use of our websites and services for the reasons of fact and the processing of data therefore is permitted by law.
2. Legal Basis for the Processing of Personal Data
a) Insofar as we obtain the permission for the processing of personal data of the legal person involved the process is legally based on and regulated by Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR).
b) For the processing of personal data necessary for the performance of a contract with a legal person involved in this contract the processing of data is legally based on and regulated by Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR). This also applies to data processing operations necessary to carry out pre-contractual actions.
c) Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, the process is legally based on and regulated by Art. 6 para. (1). c of the EU General Data Protection Regulation (GDPR).
d) In the event that vital interests of a legal person or another natural person require the processing of personal data, the processing of data is legally based on and regulated by Art. 6 (1) lit. d of the EU General Data Protection Regulation (GDPR).
e) If the processing of personal data is necessary to safeguard the legitimate interests and rights of our company and/ or a third party, and if the interests, fundamental rights and freedoms of the legal person subject to the data processing do not prevail over the first interests, the processing of data is legally based on and regulated by Art. 6 (1) lit. f of the EU General Data Protection Regulation (GDPR).
3. Data Deletion and Data Storage Duration
a) The personal data of a legal person will be deleted or blocked as soon as the purpose of the storage is dropped. In addition, the storage of personal data is may be required by European- and/ or National Legislators within the EU territory. Therefore the data storage is legally required and based on regulations, laws or other regulations to which the controller of the data is subject to.
b) Blocking or deletion of the personal data also takes place when a storage period prescribed by the valid legal regulations expires, unless there is a need for further storage of the personal data for conclusion of a contract or fulfillment of the contract.
III. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected from the side of the accessing computer:
- Information about the browser type and version used
- The operating system of the user
- The Internet service provider of the user
- Host name of the accessing computer
- Date and time of access
- Websites from which the system of the user comes to our website
- Websites that are accessed from the user's system through our website
The data collected by us are also stored in the log files of our system. Storage of these data together with other personal data of the user does not take place. Also there is no linking between the log files and personal data.
2. Legal Basis for the processing of Data
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f of the EU General Data Protection Regulation (GDPR).
3. Purpose of Data Processing
The temporary storage of the IP address by the system of the accessing computer is necessary to allow the delivery of the website to the computer of the accessing user. To do this and keep functionality, the user's IP address must be kept for the duration of the session.
For these purposes laying in our legitimate interest, we process data according to Art. 6 (1) lit. f of the EU General Data Protection Regulation (GDPR)
4. Duration of Data Storage
The collected data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting data for providing the website and website services, the data are deleted when the respective website session is completed. In the case of storing of personal data in log files, the collected data will be deleted within a period of time no longer than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Opposition and Removal Option
The collection of personal data for the provision of the website and the storage of the personal data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
IV. Service form and E-Mail Contact
1. Description and Scope of Data Processing
On our website is a service form available, which can be used to contact us via our website. If a user makes use of this option, the personal data entered in the input mask of the service form will be transmitted to us and saved.
These data are:
- machine type
- machine number
- E-Mail address
- type of maintenance required
- type of machine overhaul
- telephone number
- facsimile number
- additional, voluntary made text info
At the time of sending the filled out service form, the following personal data are also stored:
(1) IP address of the calling computer
(2) Date and time of Registration
For the processing of the personal data in context of the sending process your consent is obtained and referred to this privacy statement. Alternatively, you can contact us via the provided E-Mail addresses to be found under “Contact information” of this statement. In this case, the users’ personal data transmitted by E-Mail will be stored. In this context, there is no disclosure of personal data to third parties. The personal data are used exclusively for processing the conversation between the first and the secondary person..
2. Legal Basis for Data Processing
The legal basis for the processing of personal data transmitted in the course of sending an E-Mail is Article 6 (1) lit. f of the EU General Data Protection Regulation (GDPR). If the E-Mail contact aims to conclude a contract, then additional legal basis for the processing of the personal data provided is Art. 6 (1) lit. b of the EU General Data Protection Regulation (GDPR).
3. Purpose of Data Processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via E-Mail, this also includes our necessary, required legitimate interest in the processing of the personal data provided. Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of Storage
The data will be deleted as soon as the storage is no longer necessary for the purpose of its collection. For the personal data from the input made in the contact form and those personal data sent to us by E-Mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the statements made in the conversation that the relevant facts have been finally clarified.
5. Opposition and Removal Possibility
At any time the user has the possibility to revoke his consent to the processing of the personal data. If the user contacts us by E-Mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue. In this case, please send us an informal E-Mail regarding this matter to: info(at)cwalter.de All personal data stored in the scope of contacting us will be deleted in this case.
1. Description and scope of Data Processing
The following data is stored and transmitted in the cookies:
(1) Language Setting
(2) Log-in information
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f of the EU General Data Protection Regulation (GDPR).
3. Purpose of the Data Processing
(a) Adoption of language settings
(b) Remember keywords
(2) The user data collected through technically necessary cookies will not be used to create user profiles.
(3) This proceeding is based on our legitimate interests and the processing of personal data is legally granted according to Art. 6 (1) lit. f of the EU General Data Protection Regulation (GDPR).
4. Duration of Data Storage, Objection- and Disposal Options
VI. Web analytics service Matomo
1. Scope of processing of personal data
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO.
3. Purpose of the data processing
Matomo is used to perform an analysis of the website usage. This makes it possible to increase the user-friendliness and the improvement of needs-based content.
4. Duration of storage
The data will be deleted as soon as they are no longer needed for our recording purposes.
In our case this is the case after 6 month.
5. Opposition and removal possibility
Users can object to the anonymized data collection by the program Matomo at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, with the result that Matomo no longer collects any session data.
If users delete their cookies, this will result in the opt-out cookie being deleted as well. This must be reactivated by the users in the case. In addition, most browsers have the so-called "Do Not Track" option, which tells a website not to track your user activity. Matomo respects this option.
VII. Legal Rights of the Data Subject
The following list shows all rights of the persons concerned according to the EU General Data Protection Regulation (GDPR). Rights that have no relevance for your own website need not to be mentioned. In that regard, the listing can be shortened. If personal data of you are processed by a second party, you are so called “an affected person” within the meaning of the EU General Data Protection Regulation (GDPR) and you have the following rights against the person responsible for the processing of your personal data:
1. Right of Information
You may ask the person in charge to confirm if personal data concerning you are processed by us.
If such a processing of your personal data takes place, you the right to request information from the person responsible about the following in aspects:
(1) The purposes for which the personal data are processed
(2) The categories of personal data that are processed
(3) The recipients or categories of recipients to whom the personal data relating to you have been disclosed to or will be disclosed to
(4) The planned duration of storage of your personal data or, if specific information are not available, criteria to reveal the duration of storage
(5) The existence of a right to rectify or erase your personal data, a right to restrict the processing of your personal data by the controller of the data processing person or a right to object to such data processing
(6) The existence of a right to appeal to a supervisory legal authority;
(7) All information available on the source of the personal data if the personal data are not collected directly from the data subject
(8) The existence of automated decision-making including profiling under Article 22 (1) and (4) of the EU General Data Protection Regulation (GDPR) and, at least in these cases, meaningful information about the logic involved, and the scope and the intended impact of such processing on the data subject.
You have the right to request information about whether your personal information is transferred to a third country and/ or to an internationally operating organization. In this connection, according to Article 46 of the EU General Data Protection Regulation (GDPR) you can request the appropriate guarantees regarding this data transfer.
2. Right of Rectification
You have a right to rectification and / or completion of your personal data against the controller, in case that your personal data processed are incorrect and/ or incomplete. The responsible person must make appropriate corrections without delay.
3. Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) If you contradict the correctness of your personal data collected for a period of time allowing the controller to verify the accuracy of your personal data
(2) The processing itself is unlawful and you refuse the personal data to be deleted and instead request the restriction of the use of the personal data
(3) The controller no longer needs your personal data for the purposes of processing, but you need the personal data to assert, exercise or defend your legal rights, or
(4) If you objected to the processing pursuant to Art. 21 (1) of the EU General Data Protection Regulation (GDPR) and it is yet uncertain whether the legitimate reasons of the person responsible prevail over your reasons.
If the processing of your personal data have been restricted, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union and/ or a Member State.
If the processing of data has been restricted according to the above-mentioned conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to Delete Data
a) Obligation to Delete Data
You may require the controller to delete your personal data without delay, and the controller is required to delete that information immediately after getting notice of your request, if one of the following is applicable:
(1) The storage of your personal data is no longer necessary for the purposes for which the data were collected and/ or otherwise processed.
(2) You revoke your consent of data processing based on Article 6 (1) lit. a or Article 9 (2) lit. a of the EU General Data Protection Regulation (GDPR) and there is no other legal basis for the processing of your personal data.
(3) You object to the processing of personal data according to Article 21 (1) of the EU General Data Protection Regulation (GDPR), and there are no prior justifiable reasons for the processing, or you declare opposition to processing according to. Article 21 (2) of the EU General Data Protection Regulation (GDPR)
(4) Your personal data have been processed unlawfully.
(5) The deletion of your personal data is required to fulfill a legal obligation under the law of the European Union (EU) or the law of the Member States to which the controller is subject to.
(6) Your personal data were collected in relation to information society services offered pursuant to Art. 8 (1) ) of the EU General Data Protection Regulation (GDPR)
b) Information provided to Third Parties
If the person in charge of the processing of your personal data has made your personal data public and is according to Article 17 (1) of the EU General Data Protection Regulation (GDPR) obliged to delete this data, this person shall take appropriate measures, under taking account of the available technical possibilities and costs of its implementation, to inform other parties in charge for the processing of your forwarded personal data, that you have been identified as being an affected person and that you request the deletion of all personal data as well as any links to such personal data and/ or any copies or replications made of your personal data.
c) Exceptions The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information
(2) to fulfill a legal obligation required by the law of the European Union or of a Member State to which the controller is subject to, or to carry out a task of public interest and/ or in the exercise of official authority conferred on the controller (3) for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i and Article 9
(3) of the EU General Data Protection Regulation (GDPR);
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) of the EU General Data Protection Regulation (GDPR), to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affects the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
5. Right to Information
If you have made use of your right of rectification, erasure or restriction of processing the controller is obliged to notify all recipients to whom your personal data have been disclosed to of this to make those party correct or delete the data or restrict the processing of it, unless: this proves to be impossible or involves a disproportionate effort. You have a right to the person responsible to be informed about these recipients.
6. Right to Data Transferability
You have the right to receive information regarding the personal data you provide to the controller. The information must be send to you in a structured, common and machine-readable format manor. In addition, you have the right to transfer the data provided to you to another person without hindrance by the person responsible for providing those personal data, in so far that
(1) the processing is based on consent according to Article 6 (1) lit. a or Article 9 (2) lit. a of the EU General Data Protection Regulation (GDPR) or on a contract according to Article 6 (1) lit. b of the EU General Data Protection Regulation (GDPR)
(2) the processing is done using automated procedures.
In exercising this right, you also have the right to obtain that your personal data are transmitted directly from one person to another party, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected. The right to data transferability does not apply to the processing of personal data necessary for the performance of a task made in public interest or in the exercise of official authority the data controller is delegated to.
7. Right to Object
Pursuant to Article 6 (1) lit. e or f of the EU General Data Protection Regulation (GDPR), at any time you have the right to take an objection against the processing of your personal data for reasons that arise from your particular situation. This also applies to profiling based on these provisions. The controller will no longer process your personal data unless he can claim compelling legitimate reasons for processing that outweigh your interests, rights and freedoms or the processing is for the purpose of enforcing, exercising or defending legal claims. If your personal data are processed for direct marketing purposes, at any time you have the right to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing activities. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Regardless of Directive 2002/58/EC and in the context of use of information society services, you have the option of exercising your right to object through automated procedures that use technical specifications.
8. Right to withdraw the consent to the Data Privacy Statement
You have the right to revoke your consent to data privacy statement at any time. The revocation of consent does not affect the legality of the processed personal data before the revocation was stated..
9. Automated Decision Making on Individual Basis including Profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the controller,
(2) is permissible on the basis of European Union or Member State legislation to which the controller is subject to, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
(3) takes place with your explicit consent.
However, these decisions are not allowed to be based on special categories of personal data under Art. 9 (1) of the EU General Data Protection Regulation (GDPR), unless Art. 9 (2) lit. a or g of the EU General Data Protection Regulation (GDPR) applies and reasonable measures have been taken to protect your rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3) above, the controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state the own position and to challenge the decision made.
10. Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of the European Union that is your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data is against or violates the legal requirements of the EU General Data Protection Regulation (GDPR).
The supervisory authority to which the complaint has been submitted to shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the EU General Data Protection Regulation (GDPR).. The supervisory authority responsible for the company Example Ltd. is: :
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44