Your partner for certification
DE-ÖKO-006

Data privacy statement

Please find below our lines of conduct related to the management of our websites:

We commit to respect legal requirements. Furthermore, we strive to always adhere to the principles of data avoidance and data minimization.

1. Name and address of the responsible body and the representative for data protection and privacy:


a) The responsible body within the meanings of the Data Protection Basis Regulation and other national regulations of the European Union Member States as well as other data protection regulations is:

ABCERT AG
Martinstr. 42-44
73728 Esslingen
Germany
tel: +49 - 711 - 35 17 92 0
fax: +49 - 711 - 35 17 92 200
e-mail: info@abcert.de
www.abcert.de

b) The authorized external representative for data protection and privacy of the responsible body is:

Lisa Scheblein
SiDIT GmbH, Unterdürrbacher Str. 8, 97080 Würzburg, Germany, info@sidit.de

2. Explanation of terms


We have designed our privacy policy in accordance with the principles of clarity and transparency. However, if there are ambiguities regarding the use of different terms, the relevant definitions can be viewed here [https://dsgvo-gesetz.de/art-4-dsgvo/].

3. Legal basis for the processing of personal data


We process your personal data such as your name and first name, your e-mail address and IP address, etc. only if there is a legal basis for this. In particular, the following regulations apply under the General Data Protection Regulation

• Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given his consent to the processing of personal data concerning him for one or more specific purposes
• Art. 6 para. 1 sentence 1 lit. b DSGVO: The processing is necessary for the fulfillment of a contract of which the data subject is a party or for the performance of pre-contractual measures which are carried out at the request of the data subject.
• Art. 6 para. 1 sentence 1 lit. c DSGVO: Processing is required to fulfill a legal obligation to which the controller is subject
• Art. 6 para. 1 sentence 1 lit. DSGVO: Processing is necessary to protect the vital interests of the data subject or any other natural person
• Art. 6 para. 1 sentence 1 lit. e DSGVO: the processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority delegated to the controller
• Art. 6 para. 1 sentence 1 lit. f DSGVO: processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring personal data protection prevail, in particular where the data subject is concerned a child is acting

At the respective places of this privacy policy, however, we point out to you on which legal basis the processing of your personal data takes place.

4. Disclosure of personal data


Also in the transfer of personal data is a processing in the sense of the previous paragraph 3. However, we want to inform you here again separately on the subject of disclosure to third parties. The protection of your personal data is very important to us. For this reason, we are especially careful when it comes to sharing your information with third parties.

Disclosure to third parties therefore only takes place if a legal basis for the processing is given. For example, we pass on personal data to persons or companies who work for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf for us - in particular in a direction and control relationship with us

In accordance with the provisions of the GDPR, we conclude a contract with each of our processors in order to oblige them to comply with data protection regulations and thus to provide your data with comprehensive protection.

5. Storage duration and deletion


We retain all personal information you provide to us only for as long as is necessary to fulfill the purposes for which such information was transmitted, or as required by law. With fulfillment of the purpose and / or expiry of the legal storage periods, the data will be deleted or blocked by us.

6. SSL encryption


This website uses for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as a website operator, an SSL encryption. An encrypted connection is indicated by the browser's address bar changing from "http: //" to "https: //" and the lock icon in your browser bar.

If SSL encryption is enabled, the data you submit to us can not be read by third parties.

7. Collection and storage of personal data and their nature and purpose of use


a) When visiting the website

When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until automated deletion

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access takes place (referrer URL)
• the browser used and, if applicable, the operating system of your computer and the name of your access provider

The data mentioned are processed by us for the following purposes:

• Ensuring a smooth connection of the website
• Ensure comfortable use of our website
• Evaluation of system security and stability
• Error analysis
• for further administrative purposes

Data, which allow a conclusion on your person, such as the IP address, are deleted after 7 days at the latest. Should we save the data beyond this period of time, this data will be pseudonymised, so that an assignment to you is no longer possible.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case we use the collected data for the purpose of drawing conclusions about you.

b) Logo use
The data to be entered in the context of the use of the characters will be used for the purpose of using the offer. The collected data can be seen from the input mask during registration. These include [e-mail address, name, customer number, company, free text] and this information is stored for the purpose of protection against misuse.

By clicking on the checkbox you agree to the processing and storage of your data.

8. Cookies

On our website we use cookies. Cookies are small data packages that your browser automatically creates and that are stored on your device when you visit our website. These cookies are used to store information in connection with the device used in each case. However, a personal identification of your person is not possible through the cookies.
The data processed by cookies are for the purposes mentioned in order to safeguard our legitimate interests as well as third parties pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR required.
Most browsers automatically accept cookies based on the browser preference. However, you can configure your browser so that either no cookies are stored on your device or at least a hint is displayed before a new cookie is stored. If you completely disable the cookie function in your browser, you may not be able to use all the features of our website.
Below we explain the different types of cookies we use.

a) Session cookies
In order to make the use of our offer more pleasant, we use so-called session cookies to recognize that you have already visited individual pages on our website.

These session cookies are automatically deleted after leaving our site.

b) Temporary cookies
We also use cookies that allow us to recognize you when you re-visit our website and use our services. This way, you do not have to redo your entries and settings that you made last time.

These temporary cookies are stored on your device for a specific period of time.

c) Cookies for optimization purposes
Finally, we also use cookies for optimization purposes. These record the use of our website statistically and are evaluated for the purpose of optimizing the offer for you. The cookies allow you to recognize your Internet browser when you visit our website again.

These cookies are automatically deleted after a defined time.

9. Rights of the person concerned

You have the following rights:

a) access
According to Art. 15 GDPR you have the right to request information about your personal data processed by us. This right of access includes information about
• the processing purposes
• the categories of personal data
• the recipients or categories of recipients to whom your information has been disclosed
• the planned storage duration or at least the criteria for determining the storage duration
• the right to rectification, cancellation, limitation of processing or opposition
• the existence of a right of appeal to a supervisory authority
• the source of your personal data, if these were not collected from us
• the existence of automated decision-making, including profiling and, where appropriate, meaningful information about their details

b) correction
According to Art. 16 GDPR you have a right to immediate correction of incorrect or incomplete stored personal data with us.

c) deletion
According to Art. 17 GDPR you have the right to demand the immediate deletion of your personal data from us, as far as the further processing is not necessary for one of the following reasons:
• the personal data are still necessary for the purposes for which they were collected or otherwise processed
• to exercise the right to freedom of expression and information
• to fulfill a legal obligation that requires the processing under the law of the European Union or of the Member States to which the controller is subject or for the performance of a public interest mission or exercise of public authority delegated to the controller
• for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR
• for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing
• to assert, exercise or defend legal claims

d) restriction of processing
In accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data for one of the following reasons:
• You deny the accuracy of your personal information.
• The processing is illegal and you refuse the deletion of your personal data.
• We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
• You file an objection to the processing pursuant to Art. 21 (1) GDPR.

e) information
If you have requested the correction or deletion of your personal data or a restriction of processing under Art. 16, Art. 17 (1) and Art. 18 GDPR, we will inform all recipients who have your personal data disclosed to them because, this proves to be impossible or is associated with a disproportionate effort. You may require us to notify you of these recipients.

f) transmission
You have the right to receive your personal information provided to us in a structured, common and machine-readable format.

You also have the right to request the transfer of this data to a third party, provided that the processing was carried out using automated procedures and is based on a consent pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR is based.

g) revocation
According to Art. 7 (3) GDPR, they have the right to revoke their consent at any time to us. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.

h) complaint
According to Art. 77 GDPR you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) opposition
If your personal data are based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which is implemented by us without stating the particular situation. If you would like to exercise your right of revocation or objection, please send an e-mail to info@abcert.de

j) automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

i. necessary for the conclusion or performance of a contract between you and us

ii. is legal under the laws of the European Union or the Member States to which we are subject, and that this legislation contains reasonable measures to safeguard your rights and freedoms and your legitimate interests

iii. with your express consent

However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in i) and iii), we shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express one 's own position and to challenge the Decision is heard.

10. Modification of privacy policy

Should we change the privacy policy, this will be indicated on the website.

As at April 2nd, 2019


Corporate Design: Christian Topp
Coding: ICWT GmbH
Conception & implementation internet: ABCERT AG

Contact

datenschutz@abcert.de