Responsibility lies with:
Name/company: PCI-Diagnose-Technik GmbH & Co. KG
Street no.: Schulstraße 44
Post code, city, country: 93339 Riedenburg, Germany
Commercial registry / no.: Commercial registry A Regensburg, no.: HRA 8085
General manager: Andreas Vetter
Telephone number: +49 (0) 9442 905603
E-mail address: firstname.lastname@example.org
Data protection official:
E-mail address: email@example.com
Types of processed data:
- Contact data (for example e-mail, telephone numbers)
- Content data (for example entered texts, photos, videos)
Processing special categories of personal data (article 9, paragraph 1 GDPR):
Generally, no special category data is processed, unless it was submitted for processing by the user, for example, entered into an online form.
Categories of persons affected by processing:
- Customers / interested parties
- Visitors and users of our online offer
From here on out, affected persons will be called “users”.
Purpose of processing:
- Making the online offer, its contents and functions available
- Provide contractual service / customer service
- Answering contact requests and communication with users
1. Essential legal basis
3. Security measures
- Under stipulation of article 32 GDPR, we, in consideration of the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the differrent occurence probabilities and the gravity of the risks for the rights and liberties of natural persons, adopt appropriate technical and organisational measures to guarantee a level of security appropriate to the risk; These measures include securing confidentiality, integrity and availability of data by controlling the physical access to the data as well as their access, input, sharing, securing of availability and their separation. Furthermore, we have established measures which guarantee awareness of data subject rights, deletion of data and reaction to endangerment of the data. Moreover, we already take the protection of personal data into account during development / selection of the hardware, software and the procedures, according to the principle of data protection by design and by default (article 25 GDPR).
- Such security measures include the encrypted transmission of data between your browser and our server.
4. Cooperation with order processors and third parties
- Provided, within the framework of processing, we reveal, transmit or make data available to other persons and companies (order processors or third parties) in any way, this takes place only on the basis of a legal permission (for example if a transmission of data to third parties like payment service providers – according to article 6, paragraph 1 lit. b GDPR – is necessary to fullfil the contract), if you have given consent, if a legal obligations dictates it or on the basis of our legitimate interests (for example when utilizing comissioners, web hosts etc.).
- Provided we comission third parties to process data on the basis of a so-called “data processing agreement”, this takes place only on the basis of article 28 GDPR.
5. Transmission to third countries
Processing of data in a third country (meaning outside the European Union (EU) or the European Economic Area (EEA)), processing of data as part of a claim to third-party services or disclosure / transmission of data to third parties can only take place to fullfil our (pre)contractual duties on the basis of your consent, due to a legal obligation or on the basis of our legitimate interest. Subject to legal or contractual permissions, we will only process the data / let it be processed in a third country if the special prerequisites of article 44 et seq. GDPR are met. Meaning, processing will take place, for example, on the basis of special guarantees like the officially recognized assessment of a data protection level corresponding to the EU (for example through “Privacy Shield” for the USA) or adherence to officially recognized special contractual duties (so-called “standard contract clauses”).
6. Rights of affected persons
- You have the right to demand a confirmation as to whether data concerning you is being processed, about disclosure of this data as well as further information and a copy of the data according to article 15 GDPR.
- According to article 16 GDPR, you have the right to have incomplete personal data completed and have inaccurate personal data rectified.
- According to article 17 GDPR, you have the right to demand immediate deletion of data concerning you, or alternatively, according to article 18 GDPR, demand restriction of processing.
- You have the right to receive the personal data concerning you, that you have made available to us, and to demand their transmission to other persons responsible according to article 20 GDPR.
- Furthermore, according to article 77 GDPR, you have the right to lodge a complaint with a supervisory authority.
7. Right of revocation
You have the right to revoke given consent with immediate effect, according to article 7, paragraph 3 GDPR.
8. Right to object
You can object to the upcoming processing of data concerning you at any time, according to article 21 GDPR. In particular, when the objection is in regards to the processing for reasons of direct advertising.
9. Cookies and right to object to direct advertising
10. Deletion of data
- Preservation of data for 6 years as stated in article 257, paragraph 1 German Commercial Code (account books, stock, opening balance sheets, annual financial statements, account letters, journal vouchers, etc.) and for 10 years as stated in article 147 paragraph 1 AO (books, records, management reports, journal vouchers, account / commercial letters, documents relevant for taxing, etc.).
11. Performing contractual duties
- We process contact data as well as content data of users of our online presence should they initiate contact with us through our contact form or any other way. Data is processed to fulfill our contractual duties and services under article 6, paragraph 1 lit. b GDPR. Input fields marked as essential in online forms are required to establish a contract.
- Deletion will take place after expiration of seller’s warranties or comparable obligations. In the case of legal obligations to preserve, deletion will take place after their expiration (6 years in commercial law, 10 years in fiscal law); Data in customer accounts will remain until the account is deleted.
- When contacting us (via contact form or e-mail), the user data will be processed to handle the contact request and its completion under article 6, paragraph 1 lit. b) GDPR.
- The user data can be saved in our e-mail mailbox.
- We delete request should they no longer be required. In the case of legal obligations to preserve, we will delete them after their expiration (6 years in commercial law, 10 years in fiscal law).
13. Collection of access data and logfiles
- On the basis of our legitimate interest, we collect data about every access to our server on which this service is located (so-called server logfiles), under article 6, paragraph 1 lit. f. GDPR. This access data includes the name of the accessed website, file, time and date of access, transmitted data amount, report about successful access, browser type and version, operation system of the user, referrer URL (previously visited site), IP-address and the provider.
- Logfile information is only saved for 7 days for security reasons (for example to resolve abuse or defraudation) and deleted afterwards. Data, the continuous preservation of which is required for evidence are exempt from deletion until the final clarification of the respective incidence.
14. Online presences in social media
- We maintain online presences on social networks and platforms to communicate with customers / interested parties / active users and to inform them about our services. When accessing the respective networks and platforms, the general terms and conditions as well as the data processing guidelines of the respective operator apply.
15. Cookies & reach measurement
- Cookies are information transmitted from our webserver or the webservers of third parties to the users web-browser and saved there for later retrieval. Cookies can be small files or any other type of information storage.
- Should users object to cookies being saved on their computer, we would ask them to deactivate the respective option in the browser system settings. Saved cookies can be deleted in the browser system settings. Deactivating cookies may lead to functional limitations of this online offer.
- With the following, we aim to inform you about the contents of our newsletter as well as the sign up, emailing, statistic evaluation process and your right ot object. By subscribing to our newsletter, you agree to receiving it and to the described processes.
- Newsletter content: We only send out newsletters, e-mails and other electronical notifications with promotional information (called “newsletter” in the following) with the consent of receiving party or a legal permission. Provided the newsletter contents are concretely paraphrased as part of registration, they are essential for the users consent. Furthermore, our newsletters include information about our products, offers, special offers and our company.
- Double-opt-in and recording: Registration takes place with a so-called double-opt-in process. This means, after registering you will receive an e-mail which asks you to confirm your registration. This confirmation is necessary so no one can sign-up with others e-mail addresses. Newsletter registrations are recorded to prove registrations took place according to legal requirements. This includes saving the time of registration and confirmation as well as the entered e-mail address.
- Registration data: Stating your e-mail address is enough to sign up for the newsletter. Please note that, after stating the e-mail address to sign-up for our newsletter, you will be redirected to our online shop. Here, you can optionally enter a name to be personally addressed in the newsletter.
- Emailing the newsletter takes place on the basis of consent given by the receiver under article 6, paragraph 1 lit. a and article 7 GDPR in conjunction with article 7, paragraph 2, no. 3 UC / on the basis of legal permission under article 7, paragraph 3 UC.
- Recording of the registration process takes place on the basis of our legitimate interests under article 6, paragrap 1 lit. f GDPR and serves to prove consent given to receive the newsletter.
- Cancellation / revocation: You can cancel the newsletter subscription at any time / revoke your given consent. A link to cancellation can be found at the end of every newsletter. If the user only registered for the newsletter and cancelled this registration, the personal data will be deleted.
17. Inclusion of third-party services and contents
- Within our online offer, we utilize third-party content and service offers to incorporate their contents and services, such as videos or fonts (called “contents” in the following) on the basis of our legitimate interests (interest in analysis, optimization and economic operation of our online offer under article 6, paragraph 1 lit. f. GDPR). This means, the third-parties involved will be able to see the IP-address, because without it, they would not be able to send the contents to browsers. Therefore, the IP-address is required to display these contents. We work hard to only use contents the providers of which use the IP-address exclusively to provide contents. Third-party providers can also use so called “pixel tags” (invisible graphics, also called “web beacons”) for statistical / marketing reasons. Through these pixel tags, information such as the visitor traffic on websites can be evaluated. Moreover, the pseudonymous information can be saved on the users device in cookies and, among other things, include technical information about the browser and operating system, redirecting websites, visiting time as well as other data about the utilization of our online offer; Additionally, it can be connected with such information from other sources.
- The following listing gives an overview of third-party providers as well as their contents and links to their privacy policies which include further information about data processing and revocation options (so-called “opt-out”) that may already have been stated here: