Data Privacy Statement
- General information
These data privacy guidelines regulate and provide information about how personal data is handled and processed through the following controller (for the purposes of the General Data Protection Regulation), other data protection laws applicable in EU member states, and other provisions related to data privacy:
Dr. Zwissler Holding AG
represented by its board members Dr. Ulrich Zwissler, Marc W. Lorch & Dr. Ulrike Neubauer
Heuchlinger Straße 33-35
Tel: +49 7323 82-10
Fax: +49 7323 82-57
The controller’s data protection officer can be reached under the following address:
Jürgen Mollenkopf Karl-Benz-Str. 6 73312 Geislingen Tel.: +49 73 31 I 30 709 - 0 Fax: +49 73 31 I 30 70 9 - 13 Email: firstname.lastname@example.org
We wish to inform you hereby about the type, scope and purpose of the personal data we will collect, use and process, and to clarify the rights to which you are entitled.
These data privacy guidelines apply both to our online services (e.g., websites, apps and social media), and to our other offline activities (e.g., service provision, communication and documentation).
You don’t have to provide any personal data to use the website. “Personal data” means any information that refers to an identified or identifiable natural person.
However, if you wish to be able to take advantage of certain services our company offers through our website, your personal data may need to be processed.
“Processing” means any operation performed in connection with personal data with or without the help of automatic procedures, such as collecting, recording, organising, filing, storing, adjusting or altering, reading, requesting, using, deleting, destroying, or another form of providing data.
If there is no legal basis for processing, we will generally obtain the data subject’s permission.
“Consent” means any expression of intent that the data subject voluntarily gives in the form of a declaration or other unambiguous affirming action to make understood that they agree to the processing of the personal data concerning them.
Your personal data, such as names, addresses, email addresses and telephone numbers, are always processed in compliance with the General Data Protection Regulation (GDPR) and the country-specific data protection provisions that apply to our company.
As the controller, our company has implemented numerous technical and organisational measures to ensure that personal data processed through this website is as safe as possible. However, due to security flaws, absolute protection cannot be guaranteed.
For this reason, you may convey personal data to us in other ways, such as over the telephone or in writing.
Many cookies contain what is knowns as a cookie ID: a unique identifier of the cookie. This consists of a character string through which websites and servers can be allocated to the specific browser in which the cookie was stored. This enables the websites and servers visited to differentiate the individual browser of the data subject from other browsers that contain other cookies. This means that certain internet browsers can be recognised and identified through the cookie ID.
To that end, we use session cookies to identify that you have visited individual pages on our website. These are deleted automatically when you leave our site.
We also use temporary cookies, which are stored on your end device for a pre-determined period, to optimise user-friendliness. If you revisit the site, it automatically recognises that you have visited us before, as well as the settings and information you used, so you don’t have to enter them again.
The data processed through cookies are necessary for the aforementioned purposes of guarding our legitimate interests and those of third parties under Art. 6(1)(1)(f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a notice will always appear before a new cookie is placed.
Whenever you wish, you can adjust your browser settings to prevent our website from setting cookies. This will permanently object to cookies being set. Furthermore, cookies that have already been set can be deleted at any time through an internet browser or other software programmes. All common internet browsers can do this. If you deactivate the setting of cookies in your browser, you may not be able to fully use all our website’s functions under certain circumstances.
- Recording of general and personal data
Whenever you or an automated system accesses our website, it records general data and information. These are temporarily stored in a log file of the server.
The following information can be recorded until it is deleted automatically:
- browser type and version,
- the operating system used by the accessing system, as well as the name of the access provider,
- the website from which an accessing system arrived at our website (“referrer URL”),
- the sub-websites that were directed to our website through an accessing system,
- the date and time of the website access,
- the Internet Protocol address (IP address) of the accessing computer,
- the internet service provider of the accessing system and
- other similar data and information that serve to avert danger if our information technology system is attacked.
These data and this information will never be used to draw conclusions regarding personal data or to identify anyone personally. Rather, this information is needed to
- ensure that smooth connections to the website are established, and that the website can be used comfortably
- optimise the content and advertisements for our website,
- evaluate system security and stability
- provide the law enforcement authorities with the information they need for criminal prosecution in the event of a cyber attack
- achieve other administration purposes.
The legal basis for the data processing is Art. 6(1)(1)(f) GDPR. Our legitimate interests arise from the purposes of data collection listed above. We will never use the collected data to draw personal conclusions about you.
The anonymously collected data and information will be evaluated statistically, with the goal of increasing data protection and data security in our company. This should ensure an optimal level of protection for the personal data we process.
The anonymous data of the server log files is stored separately from all personal data disclosed by a data subject.
- Use of Google Maps
To display maps for the purpose of creating access routes, we use Google Maps on our website; Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you use Google Maps, information about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there.
Please check the provider’s website for their usage conditions.
- Data protection provisions for using and applying Google Analytics with an anonymisation function
To continually optimise our website and give it a needs-based design, we use Google Analytics as a component of our website. Google Analytics is a web analysis service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (https://www.qooqle.de/intl/de/about). Web analysis means the detection, collection and evaluation of data on the behaviour of website visitors. A web analysis service collects inter alia data about the internet site from which a data subject has arrived at another site (the “referrer” site), which subpages of the internet site were accessed, how often a subpage was viewed, and for how long.
In connection with the use of Google Analytics, pseudonymised usage profiles are created and cookies are used. Google Analytics places cookies on the IT systems of people who visit our website.
The information the “cookies” generate about the use of our website and personal data such as browser type and version, operating system used, referrer URL (previously visited site), hostname of the accessing computer (IP address), and time of server request, are transmitted to a Google server in the USA and stored there. Google might forward these data (which have been collected using the technical procedure) to third parties.
This procedure allows the influx of visitors on our website to be analysed. Google uses the data and information gained to analyse how our internet site is used, to compile reports for us which indicate the activity on our internet sites, and to render additional services connected with the use of our internet site (among other purposes).
Our website uses Google Analytics with an IP anonymisation function. In this case, Google will truncate (and therefore, anonymise) your IP address within member states of the European Union, or in other Contracting Parties to the EEA Agreement. By their own account, Google will never combine your IP address with other Google data.
Whenever you wish, you can adjust your browser settings to prevent our website from placing cookies. This will permanently object to cookies being set.
Changing the browser settings in such a way will also prevent Google from placing cookies on the data subject’s IT system. In addition, cookies that Google Analytics has already placed can be deleted at any time via the browser or other software programmes. But please be aware that if you delete them, some of our website’s functions might not be fully usable under certain circumstances.
You can also prevent Google from collecting and processing the data related to the use of this website, including your IP address, which was generated by Google Analytics or the cookies. To do so, you must download and install a browser add-on under the link: https://tools.google.com/dlpage/gaop-.
As an alternative to the browser add-on (especially for browsers on mobile end devices), you can prevent recording through Google Analytics by clicking this link. An opt-out cookie will be placed, which prevents your data from being recorded when you visit our website in the future. The opt-out cookie applies only in this browser, and only for our website, and is placed on your device. If you delete the cookies in your browser, you must reset the opt-out cookie.
- Use of YouTube
To incorporate videos on our website, we use the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Normally, your IP address will be sent to YouTube and cookies installed on your computer as soon as you access a page with embedded videos. To the extent that we embed YouTube videos, however, this will occur using the expanded data privacy mode, which means that YouTube will contact Google’s “double click” service, but, according to Google’s data privacy statement, no personal data will be evaluated.
Therefore, YouTube will not store any information about you just because you access and visit our website, unless you watch the video. If you click on the video, your IP address will be transmitted to YouTube and YouTube will learn that you have seen the video. If you are logged into YouTube, this information will also be allocated to your user account, which you can prevent by logging out of YouTube before retrieving the video.
After that, we have no knowledge of or influence over any possibility that YouTube will collect or use your data.
You can obtain additional information from YouTube’s data privacy statement under ww- w.google.de/intl/de/policies/privacy/.
As to how cookies are handled and deactivated in general, we otherwise refer to our general representations in this data privacy statement.
- Use of Google web fonts
For uniform presentation of fonts on our website, we use web fonts provided by Google. When you visit our site, your browser loads the required fonts into your cache to display texts and fonts correctly. If your browser does not support web fonts, a default font from your computer will be used.
- Use of Font Awesome
For uniform presentation of fonts or icons, this site uses those provided by Fonticons, Inc. When you visit a page, your browser loads the required fonts or icons into your cache to display texts, fonts and icons correctly.
To do so, the browser you use must connect to the servers of Fonticons, Inc. This informs Fonticons, Inc. that you have visited our website through your IP address. We use Font Awesome to present our online services in a unified, appealing way. This constitutes a legitimate interest as defined by Art. 6(1)(1)(f) GDPR.
If your browser does not support Font Awesome, a default font from your computer will be used. You will find more information about Font Awesome under https://fon- tawesome.com/help and in the data privacy statement of Fonticons, Inc.: https://fonta- wesome.com/privacy.
- SSL encryption
To give your transmitted data optimal protection, we use an SSL encryption. You can recognise encrypted connections by the prefix "https://" in the page link in your browser’s address line. Unencrypted sites are labelled with “http://”.
Thanks to the SSL encryption, none of the data you transmit to this website (during requests or logins, for example) can be read by third parties.
- Routine correcting and blocking of personal data
Once personal data have been collected, we will process and store them only until the purpose of their storage has been achieved, or if their processing and storage has been provided for by the European body issuing directives and ordinances, or by another legislature, in statutes or provisions, to which we are subject.
When the storage purpose no longer applies, or a storage period prescribed by the European body issuing directives and ordinances or another competent legislature expires, the personal data will be routinely blocked or erased in accordance with statutory provisions.
- Rights of the data subject
Since personal data might be collected when our website is used, you are entitled to the following rights as the person affected by the processing of personal data (the “data subject”):
- Right to confirmation
As the data subject, you have the right granted by the European body issuing directives and ordinances to demand that we confirm whether your personal data are being processed. You may assert that right at any time by consulting with an employee responsible for the data processing.
- Right to information in accordance with Art. 15 GDPR
As the data subject, you have the right granted by the European body issuing directives and ordinances to demand that we inform you at no charge about the personal data concerning you that are being stored or processed, and to receive a copy of this information. In particular, you may demand information about:
- the purposes of processing
- the category of personal data
- the recipients or categories of recipients to whom the personal data were or will be disclosed, especially if those recipients are international organisations or located in third countries
- the period planned for storing the personal data, or if this is impossible, the criteria for determining that period
- the existence of a right to have the personal data concerning you rectified or erased, to object to their processing, or to have their processing restricted
- the existence of a right to complain to a supervisory authority
- the origin of the data, or if the personal data were not collected from you, all available information about the origin of the data
- the existence of automated decision-making, including profiling under Art. 22(1 and 4) GDPR and – at least in these cases – meaningful information about pertinent details
If personal data concerning you are transmitted to a third country or international organisation, you have the right to obtain information about the adequate guarantees related to the transmission.
If you wish to assert this right to information, you may do so at any time by consulting with an employee responsible for the data processing.
- c)Right to rectification of the personal data under Art. 16 GDPR
As the data subject, you have the right granted by the European body issuing directives and ordinances to demand that incorrect personal data concerning you be rectified without undue delay. You may also demand that incomplete personal data be completed (while considering the purpose of the processing).
If you wish to assert this right to rectification, you may do so at any time by consulting with an employee responsible for the data processing.
- d)Right to erasure of the personal data under Art. 17 GDPR
As the data subject, you have the right granted by the European body issuing directives and ordinances to demand from us that the personal data concerning you be erased – unless those data must be processed to exercise the right to free information and expression of opinion, to fulfil a legal obligation, for reasons in the public interest, or to assert, exercise or defend against legal claims – if one of the following grounds exists:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
- you withdraw your consent on which the processing is based under Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
- you object to the processing under Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing under Art. 21(2) GDPR.
- the personal data were illegally processed.
- the personal data must be erased to fulfil a legal obligation under EU or Member State law to which we are subject
- the personal data were collected in regard to information society services offered pursuant to Art. 8(1) GDPR.
If one of the aforementioned reasons applies and you wish for personal data stored with us to be erased, you may at any time consult an employee responsible for the data processing. That employee will then see that the data are erased without undue delay.
If we have made the personal data public, and if we as the controller for the purposes of Art. 17(1) GDPR are obligated to erase those data, we shall take adequate measures, insofar as this is technically possible after exhausting technical means, to inform other controllers who process the published personal data and make sure the personal data are erased, provided no processing is necessary. The employee responsible for processing personal data will do what is necessary on a case-by-case basis.
- Right to have the processing of personal data restricted under Art. 18 GDPR
As the data subject, you have the right granted by the European body issuing directives and ordinances to demand that we restrict the processing if one of the following conditions is met:
- You dispute the correctness of the personal data, for a duration which enables us to check its correctness.
- The processing is unlawful but you waive your right to have the personal data erased, instead demanding that their use be restricted, and we no longer need your data
- We no longer need the personal data for the purposes of their processing, but you need them to assert, exercise or defend against legal claims.
- You have filed an objection against the processing under Art. 21(1) GDPR and it has not yet been established whether our legitimate reasons override your reasons
If one of the aforementioned reasons applies and you wish for personal data stored with us to be erased, you may at any time consult an employee responsible for the data processing, who will then initiate the restriction.
- Right to data portability
As the data subject, you have the right granted by the European body issuing directives and ordinances to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller, provided the processing is based on consent in accordance with Art. 6(1)(1)(a) GDPR or Art. 9(2) GDPR or on a contract in accordance with Art. 6(1)(1)(b) GDPR, and the processing is accomplished with the help of automated procedures, unless the processing is needed to perform a task lying in the public interest or in the exercise of official authority vested in us.
Moreover, when exercising your right to data portability under Art. 20(1) GDPR, you have the right to demand that we transmit your personal data directly to another controller if the technical conditions for doing so have been met and if doing so will not compromise anyone’s rights or freedoms.
You may assert your right to data portability at any time by consulting with an employee responsible for the data processing.
- Right to objection in accordance with Art. 21 GDPR
As the data subject, you have the right granted by the European body issuing directives and ordinances to lodge an objection at any time against the processing of the personal data concerning you, provided your personal data is being processed on the basis of legitimate interests in accordance with Art. 6(1)(1)(e and f) GDPR.
The right to object assumes that reasons exist that are related to your particular situation or that the objection is aimed at direct marketing.
If you object, the personal data concerning you will no longer be processed unless we can verify compulsory legitimate grounds for the processing which override your interests, rights and freedoms. The same applies if the processing serves to establish, exercise or defend against legal claims.
If we are processing personal data for direct marketing purposes, you may object to that processing at any time without having to provide information about a particular situation (and even if no such situation exists). This also applies to any profiling to the extent that it is related to direct marketing.
If you lodge an objection with us to having personal data processed for direct marketing purposes, we will stop doing so.
Moreover, you have the right, for reasons related to your particular situation, to lodge an objection against the processing of personal data concerning you that is performed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to objection, you can consult
an employee directly who is responsible for processing the data. An objection emailed to the address indicated on our website will also suffice.
Moreover, in connection with the use of information society services, you may exercise your right to object using an automatic procedure in which technical specifications are used (regardless of Directive 2002/58/EC).
- Automatic decision-making in individual cases (including profiling)
As the data subject, you have the right granted by the European body issuing directives and ordinances to not be subject to a decision based exclusively on automated processing—including profiling—which legally affects or otherwise significantly impairs you, provided such decision
- is not necessary to conclude or fulfil a contract between you and us, or
- is permitted under EU or Member State law to which we are subject and which stipulates reasonable measures for guarding your rights, freedoms and legitimate interests, or
- is made with your express consent.
If the decision is necessary to conclude or fulfil a contract between you and us or is made with your express consent, we take reasonable measures to guard your rights, freedoms and legitimate interests.
If you wish to assert rights related to automated decision-making, you may do so at any time by consulting with an employee responsible for the data processing.
- Right to revoke consent granted under data protection laws in accordance with Art. 7(3) GDPR
As the data subject, you have the right granted by the European body issuing directives and ordinances to withdraw at any time consent you have granted us to process personal data; such withdrawal will obligate us to discontinue any data processing based on that consent.
If you wish to assert your right to withdraw consent, you may do so at any time by consulting with an employee responsible for the data processing.
- Legal basis for the processing
Art. 6(1)(1)(a) GDPR serves our company as a legal basis for the processing operations in which we obtain consent for a particular processing purpose. If personal data must be processed to perform a contract
with you (for the rendering of services or delivery, for example), such processing will be based on Art. 6(1)(1)(b) GDPR. The same applies to such processing operations that are necessary for pre-contractual measures, such as inquiries about services.
If we are required by law to process personal data – under tax obligations, for example – such processing will be based on Art. 6 (1)(1)(c) GDPR.
By way of exception, the processing of personal data can be necessary to protect vital interests of the data subject or another natural person. This is the case, for example, if you suffer an injury in our company and contact data or other vital information must be forwarded to a doctor, a hospital or other third parties. In this case, the processing would be based on Art. 6(1)(1)(d) GDPR.
Lastly, processing operations may also be based on Art. 6(1)(1)(f) GDPR if such operations are not covered by any of the aforementioned legal bases, the processing is necessary to protect the legitimate interests of our company, and our interests do not override your interests, fundamental rights and freedoms. We are permitted to perform such processing operations above all if they have been specifically mentioned by the European legislature. That legislature has taken the view that a legitimate interest could be assumed, for example, if you are our contract partner (recital 47, sentence 2 GDPR).
- Legitimate interests in processing performed by us or a third party
If personal data is processed on the basis of Art. 6(1)(1)(f) GDPR, our legitimate interest consists in performing our business activity to the benefit of all our employees’ welfare.
- Storage period for personal data
The storage period for personal data will be the statutory retention periods in question. After that period expires, the data in question will be routinely erased unless they are needed to initiate or fulfil a contract.
- Statutory or contractual provisions for providing the personal data; Necessity for the contract conclusion; Obligation of the data subject to provide the personal data; Possible consequences of non-provision
We hereby inform you that the provision of personal data can be prescribed or provided for by law (such as tax provisions) or can result from contractual regulations (such as information given to a contract partner). For example, contract conclusion can require that you provide us with personal data that we must then process. For example, you must provide us with personal data if you enter a contract with our company, since otherwise no contract can be formed.
At your request, an employee who is responsible for the data processing will explain to you on a case-by-case basis whether the provision of the personal data is prescribed by law or a contract or is necessary for contract conclusion. You may also ask such an employee whether you are obligated to disclose your personal data and what consequences would ensue if you did not.