Data privacy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

NORDEON GmbH
Bodo Wülfing
Rathenaustraße 2-6
31832 Springe
Tel. +49 5041 75-0
Email: bodo.wuelfing@nordeon.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

Stefan Kleinermann
Kleinermann & Sohn GmbH
Max-Planck-Str. 9
52499 Baesweiler
Email: info@das-datenschutz-team.de

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

5. Newsletter

Newsletter data

If you want to receive the newsletter offered on the website, we require your email address and information that enables us to verify that you are the owner of the email address named, and that you agree to receive the newsletter. Further data will only be collected on a voluntary basis.

The data entered in the newsletter registration form shall only be processed based on your consent (section 6 (1) 1 a) GDPR, section 49 (1) 1 a) GDPR).

The consent granted for storage of the data, email address and its use for sending the newsletter may be revoked at any time and free of charge, effective for the future, e.g. using the "unsubscribe" link in the newsletter or by simple declaration towards us.

Campaign Monitor

Our website integrates functions of the service Campaign Monitor Pty Ltd. to send out the newsletter. The provider is Campaign Monitor Pty Ltd, Level 38, 201 Elizabeth Street, Sydney, NSW 2000, Australia. The Campaign Monitor service permits organisation and analysis of newsletter dispatch.

Campaign Monitor Pty Ltd maintains a branch in 41 Corsham Street, London, N1 6DR, United Kingdom.

If you register for receiving our newsletter, the personal data you have entered will be transmitted to the services of Campaign Monitor Pty Ltd. and processed there. An appropriate data protection level for this data transmission has not been determined by the Commission of the European Union. There is the risk that the data protection rights of the data subjects cannot be enforced towards Campaign Monitor Pty Ltd.

For more information on this, see the data privacy statement of Campaign Monitor Pty Ltd: https://www.campaignmonitor.com/policies/#privacy-policy

We will store the data you provided to us for the purpose of receiving the newsletter until you unsubscribe from the newsletter; we will erase them after you unsubscribe from the newsletter. This shall not affect any data stored by us for any other purposes.

Our newsletters sent out through Campaign Monitor permit analysis of our newsletter campaigns and behaviour of the newsletter recipients. Among others, we can analyse whether and when a newsletter has been opened and which links have been clicked. The results may be assigned to the respective user. The results of analyses can be used in order to improve future newsletter campaigns and to adjust them to the needs of users more specifically.

You have the right to object to processing of your personal data for the purpose of direct marketing.

6. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.

GDPR

INFORMATION ABOUT THE HANDLING OF YOUR DATA ON OUR WEBSITE

Obligations of the General Data Protection Regulation (GDPR)

1. PRELIMINARY REMARK

The following points will provide you with information about your data. The legislator has determined the necessary information.

For any further information, please read article 12 to 22 and 34 of the GDPR. The full text is available at gdpr-info.eu. For any further questions regarding the GDPR, feel free to contact the data protection officer at any time.

2.  WHAT IS PERSONAL DATA?

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. BASIC INFORMATION

3.1 Who is responsible for processing my personal data?

NORDEON GmbH 
Rathenaustraße 2-6
D 31832 Springe

Tel.  +49 5041 75 0
E-Mail: info@nordeon.com

3.2 How can I contact your company?

Contact person: Bodo Wülfing

E-Mail: bodo.wuelfing@nordeon.com

3.3 Which authority is responsible for controlling and compliance with the GDPR?

State Data Protection and Freedom-of-Information of Niedersachsen

Prinzenstraße 5, 30159 Hannover

Tel.  +49 0511 120 45 00
E-Mail: poststelle@lfd.niedersachsen.de

3.4 How can I contact the State Data Protection and Freedom-of-Information Officer?

The Data Protection Officer for our company is Mr. Stefan Kleinermann.

Contact address:

Kleinermann & Sohn GmbH
Max-Planck-Str. 9
52499 Baesweiler

E-Mail: info@das-datenschutz-team.de

4. FURTHER IMPORTANT INFORMATION

4.1 Why does the company process my data and what is the source of the data?

We process the data to

  • make the content of our webpage available for you
  • optimize our webpage
  • communicate with you in case you have a request
  • provide you with interesting information about our products and our company

4.2 Which data will be collected of those I have not provide directly?

To optimize our website we use the data which is transmitted by your browser, “Cookies” and other tracking tools e.g. Matomo (formerly Piwik), Google analytics, etc. or plugins (Facebook, Instagram, Twitter, etc.).

  • IP address
  • referrer URL (previously visited website)
  • browser type and browser version
  • utilized operating system
  • utilized device type
  • time of access

4.3 Why can the company process my data?

The data protection law allows the processing of your data

  • to provide the content of the website pursuant to Section 6 (1) lit. b GDPR (contract initiation)
  • to optimize the content of the website (Section 6 (1) lit. f GDPR)
  • for the contact form, newsletter, warranty extension pursuant to Section 6 (1) lit. b GDPR

4.4 Which statistics will be produced based on my data?

  • number of visitors: visitors, page views, sessions,  search engines
  • visitor behavior: duration per session, page views per session and exit rate
  • site analysis: entry timing, exit timing,  error pages, most visited webpages
  • source of homepage: All sources of homepages
  • visitor locations
  • browser and systems: browser, browser version, operating systems and operating systems versions.

4.5 Who can receive my data?

  • groups of persons of our company
  • service providers which are bound by a contract and which have been instructed as to professional discretion
  • external companies when necessary e.g. postal operators

4.6 Will my data be forwarded to countries outside the EU?

There are no plans.

4.7 How long will my data be saved?

We save your data as long as necessary to contact you concerning different issues (see 4.1). Due to compulsory legal regulations we are required to save your data 6 years or in some instands 10 years. After the expiry of the data retention period we delete unnecessary data.

4.8 Must I share my data?

To achieve the goals set out in point 4.1 it is necessary to provide us with your personal data.

4.9 Profiling

Profiling does not take place.

5. WHICH RIGHTS DO I HAVE?

5.1 Note regarding your rights

As per the GDPR you have following rights, also called “rights of affected persons”:

5.2 Right to information

You have the right to request if the company processes your personal data or not. In case we process personal data, you have the right

  • to be informed why we process your personal data (see 4.1);
  • to be informed what kind of data we process;
  • to be informed what kind of recipients receive your data;
  • to be informed how long we are going to save your data;
  • to edit or delete your personal data;
  • to complain to the responsible supervisory authority;
  • to be informed about the source of your personal data in case we did not receive them from you;
  • to be informed if your personal data will  be used for an automatic decision. If this is the case, you have the right to be informed about its logic and its scope;
  • to be informed if there exists an appropriate level of protection in case your personal data has been transmitted to a country outside the EU;
  • to request a copy of your personal data. Data copies are mainly provide in electronic form. The first copy is free of charge. For any further copies, please note that copy fees are possible. A copy can only be provided in cases where the rights of another person are not infringed.

5.3. Right to rectify the personal data (Section 16 GDPR)

You have the right to request the rectification of your personal data in case it is not correct and/or incomplete (including the right to complete the personal data per explanations and messages). A rectification has to be made without undue delay.

5.4 Right to deletion of the personal data (Section 17 GDPR)

You have the right to demand the deletion of your personal data in case

  • the personal data is not essential anymore
  • the data processing has taken place due to your agreement and you have cancelled the agreement; please note that this in not valid in cases where  another legal permission exists;
  • you have entered an objection whose legal permission and interest are legitimate (Section 6 (1) e. or f.); please note that the deletion of your personal data is not required to take place where priority reasons for the data processing exists;
  • you have entered an objection for the purpose of direct marketing
  • your personal data has been processed illegally
  • the data concerns a child, whose data has been processed for information society services (=electronic service) based on the agreement (Section 8 (1) GDPR)

A right to deletion does not apply in case

  • there exists the right of freedom of expression
  • the data processing is essential
  • for compliance with a legal obligation,
  • for performing public services and interest as per the law standards (including public health) or
  • due to necessity for research purposes;
  • due to  necessity for assertion, exertion and defense of legal claims.

The deletion of personal data has to be made without undue delay. In case the personal data has been made public e.g. on the internet, we are responsible for the information transfer to other data processors about the deletion request including the deletion of links, copies and/or replications.

5.5 Right to heavy restriction on data processing (Section 18 GDPR)

You have the right to limit the data processing of your personal data

  • in case you contest the correctness of your personal data. Please note that you have the right to demand that the use of your personal data is limited during the duration of correction;
  • in case the data has been processed illegally. In that case you have the right to demand the deletion of your data instead of the restricted use of data;
  • if you need your personal data for assertion, exertion and defense of legal claims but we do not need your personal data anymore. In this case you have the right to request the restriction of the data use;
  • in case you have entered an objection concerning the data use (Section 21 (1) GDPR) and it is as yet unknown whether we are more interested in the data processing than you, you have the right to demand a restricted data use during the duration of examination.

personal data whose processing has been restricted by your demand can only be saved

  • with your permission
  • for the use of assertion, exertion and defense of legal claims
  • for the protection of the rights of other natural and legal persons
  • due to reasons of important public interest

In case the restriction is cancelled you have to be informed in advance.

5.6 Right to data portability (Section 20 GDPR)

You have the right to request your personal data in a common electronic form e.g. pdf data or excel document.

You also have the right that this data will be directly transferred to another company. The condition for this right is that your agreement is based on a contract (see 4.2) by means of automated procedures. The exertion of the right to data portability should not affect the rights and freedom of others. In case you are using the right to data portability, please note that you also have the right to deletion of your personal data (Section 17 GDPR).

5.7 Right to contradiction to certain data processing (Section 21 GDPR)

In case your personal data is processed for public services (Section 4.2) you have the right to disagree. Therefore you need to name the reasons for your contradiction e.g. particular family reasons.

In case of your contradiction we have to refrain from any further data processing concerning the reasons named in section 4.1 unless

  • compelling, vulnerable reasons exist for the data processing which prevail over your interests, rights and  freedom  
  • the data processing is necessary for the assertion, exertion and defense of legal claims.

The data use for the purpose of direct marketing can be rejected; this is also valid for profiling as far as it is related to direct marketing. In case of your contraction personal data shall not be used for direct marketing.

5.8 Prohibition of Profiling (Section 22 GDPR)

Decisions which significantly affect you should not only be based on profiling. This is not valid where profiling

  • is necessary for entering into or fulfilling a contract with you
  • is permitted due to legal provisions and these provisions include measures for the security and freedom of your rights or
  • has been taken place by your explicit agreement.

Decisions which are exclusively based on an automatic processing about special categories of personal data (=sensitive data) are only valid

  • in case of your explicit agreement or
  • if there exists a significant public interest in the data processing

and measures to secure your rights and freedom have been made.

5.9 Rights of the persons affected

For rights of the person affected please contact the office named in 3.2. Requests which are submitted electronically will usually be answered electronically.

Any information, messages and measures as set in the GDPR including the exertion of the rights of the persons affected will basically provided free of charge. We only have the right to levy a fee or not to take action in case of unjustified requests (Section 12 (5) GDPR).

Please note that we reserve the right to demand additional information if we believe there is a question regarding your identity. In case an identification is impossible, we have the right to deny your request. We will provide you with this information separately if possible (Section 12 (6) and Section 11 GDPR).

Information requests will usually be processed within one months after receipt of request.  An extension of time by another two months is possible due to the complexity of the request; in case of an extension of time we will inform you about the reasons within one month after receipt of request. In case we do not react to your request we will immediately provide you information about the reasons one month after receipt of request. We will also inform you about the possibility to address the supervisory authority or to lodge an appeal. (Section 12 (13) and (4) GDPR).

Please note that the rights of the persons affected can only be exercised within the union or the member states (Section 23 GDPR).