Your trust in the correct handling of your data is am important prerequisite for the success of our web presence. The collection, processing (data storage, alteration, transmission, blocking and deletion) and use of your data takes place exclusively under compliance with the applicable data protection regulations. With this data protection statement we would like to inform you as to how your data is processed when using our website.
The responsible party as defined by the General Data Protection Regulation and other national data privacy laws of EU member states as well as other data privacy regulations is:
nobilia-Werke J. Stickling GmbH & Co. KG
Waldstraße 53-57
33415 Verl
Germany
Phone: + 49 (0) 5246 508 0
Email: info@nobilia.de
Website: www.nobilia.de
The responsible party's data protection officer is:
Data Protection Officer
c/o nobilia-Werke J. Stickling GmbH & Co. KG
Waldstraße 53-57
33415 Verl
Germany
Phone: + 49 (0) 5246 508 0
Email: datenschutz@nobilia.de
1. EXTENT OF THE PROCESSING OF PERSONAL DATA
As a rule we only collect and use the personal data of our users insofar as this is required for providing a functional website as well as our content and services. In general, our users' personal data is only collected and used with our users' consent. An exception applies in cases in which the factual situation makes it impossible to request consent before processing the data or processing the data is permitted by legal provisions.
2. LEGAL FOUNDATION FOR PROCESSING PERSONAL DATA
If we request the consent of the affected person for processing personal data, Art. 6 section 1 (a) of the EU data protection regulation (GDPR) serves as a legal foundation.
If we process personal data for the purpose of executing a contract of which the affected person is a party, Art. 6 section 1 (b) GDPR serves as a legal foundation. This also applies to processing required for pre-contractual measures.
If processing is required to maintain a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the affected person do not override the aforementioned interest, Art. 6 section 1 (f) GDPR serves as a legal foundation for processing.
3. DATA ERASURE AND STORAGE PERIOD
The personal data of the affected person is deleted or blocked, as soon as the purpose of storage is no longer valid. Beyond this point, storage is permissible, if European or national lawmakers have provided for this possibility in EU regulations, laws or other directives to which the responsible party is subject. The data is also blocked or deleted, when a mandatory retention period specified by the above-mentioned standards expires, unless further storage of the data is required for concluding or executing a contract.
1. DESCRIPTION AND EXTENT OF DATA PROCESSING
Any time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
(1) information about the browser type and version used,
(2) the user's operating system,
(3) the public IP address of the user,
(4) date and time of access,
(5) websites from which the user's system has accessed our website,
(6) transferred data volume and
(7) notification, whether the request was successful.
This data is also saved in the log files of our system. This data is not saved together with other personal data of the user.
2. LEGAL FOUNDATION FOR DATA PROCESSING
The legal foundation for temporary storage of the data and the log files is Art. 6 section 1 (f) GDPR.
3. PURPOSE OF DATA PROCESSING
Temporary storage of the IP address by the system is required to permit provision of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
The data is stored in log files to ensure the function of the website. In addition, we use this data to optimise our website and safeguard the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
The above-mentioned purposes constitute our legitimate interest in processing this data according to Art. 6 section 1 (f) GDPR.
4. STORAGE PERIOD
The data is deleted as soon as it is no longer required for the purpose for which it was collected. If data was collected to provide the website, this is the case as soon as the associated session is terminated.
Moreover, we save the following access data in the log files:
(1) the site from which you visit us or the name of the requested file,
(2) date and time of the request,
(3) the transferred data volume,
(4) notification, whether the request was successful,
(5) the public IP address of the requesting computer,
(6) referring URLs,
(7) type of browser used,
(8) operating systems used.
This data is processed for the purpose of permitting use of our website (establishing a connection), for system security, for technical administration of the network infrastructure and to optimise our web presence. Data is not disclosed to third parties nor is there any other utilisation. A personalised user profile is not created.
If data is saved in log files, it is deleted after no more than 30 days. Further storage is possible. In this case, the IP addresses of the user are deleted or made unidentifiable, so that it is no longer possible to associate them with the accessing client.
5. OPTION OF OBJECTION AND ERASURE
Collecting the data to provide the website and storing the data in log files is absolutely necessary for operating the website. This means that the user has no option to object.
If personal data related to your person is processed, you are the affected person as defined by GDPR and you have the following rights toward the responsible party:
1. RIGHT OF ACCESS
You can request a confirmation by the responsible party indicating whether we are processing personal data related to your person.
If this is the case, you can demand information on the following:
(1) the purposes for which your personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to which the personal data was disclosed or will still be disclosed;
(4) the planned duration of storage of your personal data or, if specific information cannot be given, criteria for determining the duration of storage;
(5) the existence of a right to correction or deletion of your personal data, a right to limitation of processing by the responsible party or a right to object against this processing;
(6) the existence of a right to submit a complaint to a supervisory authority;
(7) all available information about the origin of the data, if the personal data is not collected from the affected person;
(8) the existence of automated decision making including profiling in accordance with Art. 22 section 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the extent and envisaged effect of such a manner of processing on the affected person.
You have the right to request information from us on whether the relevant personal data is transmitted to a third country or to an international organisation. In this context, you can demand to be informed about appropriate safeguards in accordance with Art. 46 GDPR in the context of this transmission.
2. RIGHT TO RECTIFICATION
You have the right to demand that the responsible party rectify and/or complete any personal data related to your person, if this data is incorrect or incomplete. The responsible party must make the correction as soon as possible.
3. RIGHT TO RESTRICTION OF PROCESSING
Under the following circumstances, you can demand that processing of your personal data be restricted:
(1) If you dispute the correctness of your personal data, namely for a period of time which makes it possible for the responsible party to check that your personal data is correct;
(2) If processing is illegitimate and you do not wish for your personal data to be deleted and instead request restriction of the use of your personal data;
(3) If the responsible party no longer requires your personal data for processing purposes, but you still require the data for asserting, exercising or defending legal claims
(4) If you have filed an objection based on Art. 21 section 1 GDPR and it is not yet clear whether the responsible party's legitimate interests override yours.
If processing of your personal data was restricted, your personal data may only - with the exception of storage - be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.
If processing was restricted according to the above-mentioned prerequisites, the responsible party will inform you before this restriction is lifted.
4. RIGHT TO ERASURE
a) Erasure obligation
You have the right to have personal data referring to your person deleted immediately and the responsible party is obligated to delete this data immediately, if one of the following reasons applies:
(1) The personal data referring to your person is no longer required for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which processing was based in accordance with Art. 6 section 1 (a) or Art. 9 section 2 (a) GDPR and there is no other legal foundation for processing.
(3) Based on Art. 21 section 1 GDPR, you object to the processing of your data and there are no overriding legitimate reasons for processing, or you object to the processing based on Art. 21 section 2 GDPR.
(4) The personal data related to your person was processed illegitimately.
(5) Erasure of your personal data is required to meet a legal obligation according to European Union law or the law of EU member states, to which the responsible party is subject.
(6) The personal data related to you was collected based on offered information society services according to Art. 8 section 1 GDPR.
b) Transmission to third parties
If the responsible party has published the personal data related to your person and is obligated to delete it according to Art. 17 section 1 GDPR, the responsible party will take adequate measures, including of a technical nature, taking into account the available technology and its implementation cost, to inform those responsible for data processing, who are processing the personal data in question, that you as the data subject have demanded that they delete all links to this personal data or copies and duplicates of this personal data.
c) Exceptions
There is no right to erasure, if processing is required
(1) for exercising the right to free speech and information;
(2) to meet a legal obligation which requires processing according to European Union law or the law of one of its member states, to which the responsible party is subject, or to fulfil a task that is in the public interest or a task of official authority assigned to the responsible party;
(3) for reasons of public interest with regard to public health according to Art. Art. 9 section 2 (h) and (i) as well as Art. 9 section 3 GDPR;
(4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 section 1 GDPR, provided that the right to erasure is expected to make achieving these aims of processing impossible or to severely impact them, or
(5) to assert, exercise or defend legal claims.
5. RIGHT TO INFORMATION
If you have exercised your right to correction, erasure or restriction of processing against the responsible party, the responsible party is obligated to report this correction or erasure of data or processing restriction to all recipients to whom your relevant personal data has been disclosed, unless this proves to be impossible or involves disproportionate effort.
You have the right to request that the responsible party inform you about these recipients.
6. RIGHT TO OBJECT
You have the right to object to processing of personal data related to your person at any time for reasons based on your specific situation, if this processing is based on Art. 6 section 1 (e) GDPR; this also applies to profiling based on these provisions.
The responsible party will not continue to process the personal data related to your person, unless the responsible party can prove interests worthy of protection for this processing which override your interests, rights and freedoms, or if processing is for the purpose of asserting, exercising or defending legal claims.
If the personal data related to your person is being processed for the purpose of targeted advertisement, you have the right to object to the processing of the personal data related to your person for the purpose of this type of advertising at any point; this also applies to profiling related to such targeted advertisement.
If you object to the processing of your personal data for the purpose of targeted advertising, your personal data will no longer be processed for this purpose.
You have the option of exercising your right to object in the context of use of information society services - irrespective of directive 2002/58/EC - by means of automated processes using technical specifications.
7. RIGHT TO WITHDRAW THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You may withdraw your declaration of consent under data protection law at any point. Withdrawal of your consent does not affect the legitimacy of the data processing performed up to that point based on your consent.
8. RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to other legal remedies based on administrative law or court decisions, you have the right to file a complaint with a supervisory authority, especially in the member state that is your location, the location of your workplace or the location of the alleged breach, if you believe that processing of your personal data violates GDPR.
The supervisory authority with which the complaint has been filed informs the complainant about the status and result of the complaint including the option of legal remedy according to Art. 78 GDPR.
The responsible supervisory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany
Phone: +49 (0) 211 38424-0
Fax: +49 (0) 211 38424-10
Email: poststelle@ldi.nrw.de