Privacy Policy
This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the related websites, functions, and content, as well as external online presences, such as our social media profiles (collectively referred to as “online offering”). With regard to the terms used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Zierhut Industriebehälter GmbH
Rudolf-Diesel-Ring 9
89415 Lauingen
Managing Director: Tobias Zierhut
Email:
info@zierhut24.de
Imprint:
https://www.zierhut24.de/impressum/
Types of data processed:
– Inventory data (e.g., names, addresses).
– Contact details (e.g., email, telephone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Purpose of processing
– Provision of the online offering, its functions, and content.
– Responding to contact inquiries and communicating with users.
– Security measures.
– Reach measurement/marketing.
Terms used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Processing” means any operation or set of operations performed upon personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymization” means processing personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
The “controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Legal basis for processing
Pursuant to Article 13 of the GDPR, we inform you of the legal basis for our data processing activities. If the legal basis is not specifically mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures is Article 6(1)(b) of the GDPR, the legal basis for processing for compliance with our legal obligations is Article 6(1)(c) of the GDPR, and the legal basis for processing for the purposes of our legitimate interests is Article 6(1)(f) of the GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
Security measures
Pursuant to Article 32 of the GDPR, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, as appropriate, the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, disclosure, availability, and separation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and response to data breaches. We also consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).
Cooperation with processors and third parties
If we disclose or transmit data to other individuals and companies (processors or third parties) in the course of our processing, grant them access to the data, or otherwise allow them to access the data, this will only be done on the basis of a legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract pursuant to Article 6(1)(b) of the GDPR), if you have consented, if a legal obligation provides for it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).
If we engage third parties to process data based on a so-called “data processing agreement,” this is done on the basis of Article 28 of the GDPR.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transmitting data to third parties, this will only take place if it is to fulfill our (pre-)contractual obligations, on the basis of your consent, a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data in a third country if the special requirements of Articles 44 et seq. GDPR are met. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognized determination of an EU level of data protection equivalent to that in the EU (e.g., for the USA through the Privacy Shield) or compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation as to whether data concerning you is being processed and information about this data, as well as further information and a copy of the data in accordance with Article 15 of the GDPR.
According to Article 16 of the GDPR, you have the right to demand the completion of data concerning you or the rectification of inaccurate data concerning you.
Hier ist die Übersetzung des restlichen Abschnitts:
“`html
You have the right, pursuant to Art. 17 GDPR, to demand that the relevant data be immediately deleted, or alternatively,
pursuant to Art. 18 GDPR, to demand a restriction of the processing of the data.
You have the right, pursuant to Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us,
and to request their transmission to other controllers.
Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right to Withdraw Consent
You have the right to withdraw consent given pursuant to Art. 7 para. 3 GDPR with future effect
Right to Object
You can object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection
may in particular be made against processing for the purposes of direct marketing.
Cookies and Opt-Out for Direct Marketing
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies.
A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after
their visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted
after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in
an online shop or a login status can be stored. Cookies are referred to as “permanent” or “persistent” that remain stored
even after the browser is closed. For example, the login status can be saved if users visit it after several days. Likewise,
the interests of users used for range measurement or marketing purposes can be stored in such a cookie. “Third-party cookies”
are cookies that are offered by providers other than the responsible operator of the online offer (otherwise, if only their
cookies are spoken of as “first-party cookies”).
We may use temporary and permanent cookies and clarify this in the context of our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their
browser’s system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies
can lead to functional restrictions of this online offer.
A general objection to the use of cookies for online marketing purposes can be explained for a large number of services,
especially in the case of tracking, via the US website
http://www.aboutads.info/choices/
or the EU website
http://www.youronlinechoices.com/. Furthermore, the
storage of cookies can be achieved by disabling them in the browser settings. Please note that then not all functions of
this online offer can be used.
Deletion of Data
The data processed by us will be deleted or restricted in their processing according to Articles 17 and 18 GDPR. Unless
expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer
required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data
is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This
means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored
for commercial or tax reasons.
According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 para. 1
AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, documents relevant
for taxation, etc.) and 6 years according to § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
According to legal requirements in Austria, the storage is carried out in particular for 7 years in accordance with § 132
para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of revenues and
expenditures, etc.), for 22 years in connection with real estate and for 10 years for documents related to electronically
provided services, telecommunications, broadcasting and television services which are provided to non-entrepreneurs in EU
member states and for which the Mini-One-Stop-Shop (MOSS) is used.
Business-related Processing
In addition, we process
– contract data (e.g., subject matter of the contract, term, customer category),
– payment data (e.g., bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer
care, marketing, advertising and market research.
Hosting
The hosting services we use serve to provide the following services: infrastructure and
platform services, computing capacity, storage space and database services, security services and technical maintenance
services that we use for the purpose of operating this online offering.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and
communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate
interests in an efficient and secure provision of this online offering pursuant to Art. 6 para. 1 lit. f GDPR in conjunction
with Art. 28 GDPR (conclusion of order processing agreement).
Collection of Access Data and Log Files
We, or our hosting provider, collect data on the basis of our legitimate interests within
the meaning of Art. 6 para. 1 lit. f. GDPR on every access to the server on which this service is located (so-called
server log files). Access data includes the name of the website accessed, file, date and time of access, amount of
data transferred, message about successful access, browser type and version, the user’s operating system, referrer
URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the investigation of abuse or fraud actions) for a maximum
of 7 days and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until
the respective incident has been finally clarified.
Administration, Financial Accounting, Office Organization, Contact Management
We process data within the scope of administrative tasks as well as organization of our
business, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data
that we process within the framework of providing our contractual services. The processing bases are Art. 6 para. 1 lit.
c. GDPR, Art. 6 para. 1 lit. f. GDPR. Those affected are customers, prospects, business partners and website visitors.
The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving
of data, i.e., tasks that serve to maintain our business activities, perform our tasks and provide our services. The
deletion of data with regard to contractual services and contractual communication corresponds to the information given
in these processing activities.
Here we disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors as well as other
fee agencies and payment service providers.
Furthermore, we store information on suppliers, event organizers and other business partners based on our business
interests. Mostly, this data related to companies is stored permanently.
Business Analysis and Market Research
In order to operate our business economically, to recognize market trends, customer and
user wishes, we analyze the data available to us on business transactions, contracts, inquiries, etc. In doing so, we
process inventory data, communication data, contract data, payment data, usage data, meta and communication data.
websites relating to the browser and your system, as well as your IP address and time of retrieval.
This information is used to improve our services technically, based on technical data or user behavior patterns identified through IP addresses (which can be determined) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be attributed to individual newsletter recipients. However, it is neither our intention nor, if used, that of the shipping service provider, to observe individual users. The evaluations serve us more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) lit. f GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is generally transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement, providing a guarantee of compliance with European data protection law (
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with other services related to the use of this online offering and internet usage. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of users within member states of the European Union or other parties to the Agreement on the European Economic Area will be shortened by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings; users can also prevent Google from collecting the data generated by the cookie and related to their useprevent Google-related data related to the online offering and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on Google’s data usage, settings, and opt-out options can be found in Google’s privacy policy (
https://policies.google.com/technologies/ads), as well as in Google’s settings for displaying ads
(https://adssettings.google.com/authenticated).
User personal data will be deleted or anonymized after 14 months.
Google Re/Marketing Services
Based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) GDPR), we use the marketing and remarketing services (short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European data protection laws (
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to present users with ads that potentially correspond to their interests. For example, if users are shown ads for products they have been interested in on other websites, this is called “remarketing”. For these purposes, Google executes a code from Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are embedded into the website when our and other websites where Google Marketing Services are active are called up. These tags help store an individual cookie, i.e., a small file, on the user’s device (instead of cookies, comparable technologies may also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites the user has visited, which content they are interested in, and which offers they have clicked on, as well as technical information on the browser and operating system, referring websites, visit time, and other information about the use of the online offering. The user’s IP address is also recorded, with us informing Google Analytics that the IP address is shortened within member states of the European Union or other signatory states to the Agreement on the European Economic Area and only in exceptional cases will it be transmitted in full to a Google server in the USA and shortened there. The IP address will not be merged with data from the user within other Google offerings. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, they may be shown ads tailored to their interests.
User data is processed pseudonymously within the scope of Google Marketing Services. This means that Google does not store and process, for example, the name or email address of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States.
Google Marketing Services we use include, among others, the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Thus, cookies cannot be tracked through the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers receive the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users.
We may use Google AdSense to include third-party ads. AdSense uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet.
Furthermore, we may use the “Google Tag Manager” to integrate and manage Google Analytics and marketing services into our website.
For more information on Google’s data usage for marketing purposes, please visit the overview page:
https://www.google.com/policies/technologies/ads, and Google’s privacy policy can be viewed at
https://www.google.com/policies/privacy.
If you wish to opt out of Google Marketing Services’ interest-based advertising, you can use the settings and opt-out options provided by Google:
http://www.google.com/ads/preferences.
We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties, and users there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g., by writing posts on our online presences or sending us messages.
Integration of Third-Party Services and Content
Within our online offering, based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for displaying this content. We endeavor to use only such content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as be linked to such information from other sources.
Youtube
We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google Fonts
We integrate the fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google Maps
We integrate the maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include IP addresses and location data of the users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
