With the following information we would like to give you, as the "data subject", an overview of our processing of your personal data and your rights under the data protection laws. A use of our internet pages is in principle possible without the input of personal data. If a data subject wishes to make use of specific services of our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, the data subject must generally consent to us processing their data.
We have implemented numerous technical and organisational measures as the group responsible for the processing of personal data in order to ensure that all personal data processed via this website are protected as completely as possible. Nevertheless, internetbased data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, everyone is free to transmit personal data to us by alternative means, for example by telephone.
2. Data controller
The data controller within the scope of the GDPR is:
Bruno Unger GmbH & Co. KG
Hellerwaldstraße 1, 56154 Boppard, Germany
Telefon: 06742 89830
Head of the data controller's office: Volker Schlösser
3. Data protection officer
The data protection officer can be reached as follows:
4. Definition of Terms
1. Personal data
Personal data is all the information which relates to an identified or identifiable individual. Identifiable refers to a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
The data subject is any identified or identifiable person whose personal data is processed by the controller responsible for the processing.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
9. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the wishes of the data subject by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
5. Legal basis of the processing
Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a particular processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or considerations, the processing is based on art. 6 para. 1 lit. b GDPR. The same applies to such processing processes which are necessary to carry out precontractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. Then the processing would be based on Art. 6 para. 1 lit. d GDPR.
Ultimately, processing operations could be based on art. 6 para. 1 lit. f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are allowed to carry out such processing procedures because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2, GDPR).
6.1 SSL/TLS encryption
This site uses an SSL or TLS encryption to ensure the security of the data processing and to protect the transmission of confidential content, such as orders, login details or contact requests which you send to us as the operator. You can recognise an encrypted connection by the fact that the address bar of the browser contains an "https://" instead of an "http://" and the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
6.2 Data collection when visiting the website
When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data which your browser transmits to our server (known as "server log files"). Our website collects a series of general data and information every time a person or an automated system accesses the website. This general data and information are stored in the server's log files. The following may be recorded
1. browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (so-called referrer),
4. the subpages, which are accessed via an accessing system on our website,
5. the date and time of access of the website,
6. a shortened Internet Protocol address (anonymised IP address),
7. the Internet service provider of the accessing system.
This general data and information do not allow us to draw any conclusions about the data subject. Rather, this information is needed,
1. to deliver the contents of our website correctly,
2. to optimise the contents of our website as well as the advertising for it,
3. to ensure the permanent functionality of our information technology systems and the technology of our website, as well as
4. to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack.
This anonymously collected data and information is therefore evaluated by it statistically with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for data processing is art. 6 para. 1 s. 1 lit. f) of the GDPR. Our legitimate interest arises from the purposes listed above for data collection.
Information is stored in the cookie which links to the specific end device which has been used. However, this does not mean that we immediately become aware of your identity.
In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimise user-friendliness. If you visit our site again to use our services, it will automatically be recognised that you have already visited us and the inputs and settings you have made are also recognised, so that you do not have to re-enter them.
The data processed by cookies is required for the purposes mentioned for the protection of our legitimate interests, as well as those of third parties according to Art. 6 para. 1 s. 1 lit. f) of the GDPR.
Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. The complete deactivation of cookies, however, may result in you being unable to use all the functions of our website.
8. Google Maps
On our website we use Google Maps (API), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps is a web service that displays interactive maps to visually represent geographic information. By using this service, you can for example view our location and reach us more easily.
In order to view the map, you have to have consented to the data transfer to Google by clicking on the button "Show map". When you access sub-pages which have an integrated Google Maps map, information about your use of our website (such as your IP address) is transferred to Google's servers in the USA and stored there. This occurs regardless of whether Google provides a user account that you are logged in to or whether you have no user account with them at all. If you are logged in to Google, your data is directly associated with your account. If you do not want your profile to be associated with Google, you need to log out of your Google account. Google stores your data (even for users who are not logged in) as user profiles and analyses it. You can withdraw your consent at any time by leaving the site. When revisiting our site, you will need to give your consent again in order to see the map.
Google Ireland Limited, with headquarters in Ireland, is certified under the "Privacy Shield", a US-European data protection accord which ensures compliance with the EU data protection level.
9. Newsletter distribution to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services, such as those already purchased, from our range by e-mail. For this purpose, in accordance with § 7 para. 3 UWG, we must not seek separate consent from you. The data processing takes place in this respect solely on the basis of our legitimate interest in personalised direct mail in accordance with art. 6 para. 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the purpose described above at any time with effect for the future by a message to the person named at the beginning. For this purpose, you only have to pay delivery costs according to the basic rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.
10. Your rights as a data subject
10.1 Right to confirmation
You have the right to request confirmation from us as to whether we are processing personal data relating to you.
10.2 The right to information art. 15 GDPR
You have the right at any time to receive free information from us about the personal data stored about you, as well as a copy of these data.
10.3 The right to rectification art. 16 GDPR
You have the right to request the rectification of your personal data without undue delay. Furthermore, considering the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
10.4 Deletion art. 17 GDPR
You have the right to demand that the personal data concerning you be deleted without delay, provided that one of the reasons provided by law is met and the processing is not required.
10.5 Restriction of processing art. 18 GDPR
You have the right to request us to restrict processing if one of the following conditions is met.
10.6 Data transferability art. 20 GDPR
You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another data controller without obstruction by the data controller to whom the personal data have been provided, provided that the processing is based on the consent provided for in art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR or in a contract in accordance with art. 6 para. 1 lit. b GDPR and processing is carried out by means of automated procedures, except where such processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
Furthermore, when exercising their right to data transferability pursuant to art. 20 para. 1 of the GDPR, the data subject has the right to require that the personal data be transmitted directly from one controller to another as far as this is technically feasible and provided that this does not affect the rights and freedoms of others.
10.7 Opposition art. 21 GDPR
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning your person, which may be processed on the basis of art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing based on a balance of interests) GDPR.
This also applies to profiling based on these provisions within the scope of art. 4 no. 4 GDPR.
If you lodge your objection, we will no longer process the personal data which concern you, unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we will process your personal data for direct marketing purposes. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
Furthermore, for reasons arising from your particular situation, you have the right to object to the processing of personal data concerning you which we use for scientific or historical research purposes or for statistical purposes pursuant to art. 89 para. 1 of the GDPR, unless such processing is necessary to fulfil a task in the public interest.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
10.8 Revocation of consent to data processing
You have the right to revoke your consent to the processing of personal data at any time.
10.9 Complaint to a supervisory authority
You have the right to complain to a data protection supervisory authority about our processing of personal data.