A. Name and contact details of the data controller
B. Scope of processing of personal data, purpose of processing
- 1. Access to our website and creation of log files
- 2. Contact form and establishment of contact by email by the user
- 3. Postal advertising (letter post)
- 4. Analysis tools
C. Rights of concerned person(s)
- 1. Right to information / Right of access
- 2. Right to rectification
- 3. Right to restriction of processing
- 4. Right to erasure
- 5. Right to information
- 6. Right to data portability
- 7. Right to object
- 8. Right to withdraw the declaration of consent under data protection law
- 9. Automated individual decision-making including profiling
- 10. Right to lodge a complaint with a supervisory authority
A. Name and contact details of the data controller
The person responsible for data processing (data controller) within the meaning of the GDPR - General Data Protection Regulation (cf. “Datenschutz-Grundverordnung -DSGVO”**) and in accordance with other provisions of data protection law is:
DIFK Deutsches Institut für Feuerfest und Keramik GmbH,
General Manager: Thomas Kaczmarek
Rheinstraße 58, 56203 Höhr-Grenzhausen, Germany
Phone: 02624 94 33-200
B. Scope of processing of personal data, purpose of processing
1. Access to our website and creation of log files
a) Description of data processing, storage
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and the version used,
- the operating system of the user,
- the IP address of the user,
- date and time of access,
- websites from which the user's system accesses our website (referrer URL),
- the subpages of our homepage called up by the user,
- name of the downloaded file,
- message as to whether the call was successful
These data are deleted from the log files of the system after 7 days, unless their further processing is exceptionally necessary to protect our legitimate interests (e.g. to cause a blocking of IP addresses, to file a criminal complaint). The data will then be erased as soon as they are no longer required for the purpose of their collection.
These data will not be stored and/or combined with other personal data of the user.
b) Purpose and legal basis of data processing
The data mentioned under a) shall be collected,
- to enable delivery of the website to the user's computer. The legal basis for this is Art. 6 paragraph 1, lit. (f) GDPR. The temporary recording of the IP address to display the pages called up by the user is technically necessary for this and represents a legitimate interest pursued by us within the meaning of Art. 6 paragraph 1 sentence 1 (f) GDPR, which does not conflict with any overriding interests of the user.
- in order to ensure the security of our web server and the trouble-free operation of our website, e.g. monitoring to prevent or detect hacker attacks. The purposes mentioned represent a legitimate interest pursued by us within the meaning of Art.6 paragraph 1 sentence 1 (f) GDPR, which does not conflict with any overriding interests of the user.
c) Disclosure / recipient(s) of data
The collected data will be stored by our web hosting provider, who works on our behalf and provides us with storage space for our website. In addition, our web hosting provider furnishes other related services, such as storing the associated data processing operations, ensuring that the website is accessible on the Internet. The service provider is established in the European Union or in a country of the European Economic Area.
The data collected in accordance with a) will not be disclosed to third parties, unless this is necessary in the event of attacks on our IT, see b) above, for example within the scope of a criminal complaint filed with the law enforcement authorities.
d) The possibility of objection
The collection of the IP address for the provision of the website, and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user. With regard to the other personal data processed in accordance with 1 a), you shall have the right to object to the processing at any time for reasons arising from your particular situation, cf. the further information under Section C.
2. Contact form and establishment of contact by email by the user
a) Description of data processing, storage
Several contact forms are available on our website which can be used for electronic contact. If you take this opportunity as a user, then the data you enter in the input mask will be transmitted to us. The email address, the subject and your message are mandatory fields. The provision of further information is voluntary and will be used to contact you by telephone or personally, if necessary.
In addition, we collect and store the following data in each case:
- Your IP addresses and
- Date and time your enquiry was sent.
Alternatively, you can contact us via the email addresses provided by us. In this case, the personal data of the user transmitted with the email will be stored.
The data will be used to answer the enquiry. If you provide us with your name and postal address, we will process these data in accordance with section B 3. (postal advertising).
The data will be erased as soon as they are no longer required for the purpose which they have been collected for. This shall not apply to data we require for postal advertising, as long as you do not object to this use. If the enquiry relates to a concluded contract or a contract under negotiation, the communication contents and times will be stored until any claims arising therefrom are time-barred.
Otherwise, the personal data from the input mask of the contact form and those data sent by email will be restricted for further processing and will only be used to defend against possible legal claims once the respective conversation with the user has ended. The conversation is regarded to be terminated when it can be inferred from the circumstances that the relevant facts have been definitely settled. After expiry of the limitation period, the data will be deleted.
The additional personal data collected during the sending process will be erased after a period of seven days, at the latest.
b) Purpose & legal basis of data processing
The processing of personal data from the input mask takes place for the processing (handling) of the contact requests. Your email address and any other data you might provide will be stored in order to answer your enquiry. The legal basis for this is Art. 6 paragraph 1 lit. (f) GDPR. The same shall apply to your communication with us by email.
The purpose of storing your IP address and the time of establishing contact is to provide evidence of your enquiry and, if necessary, to clarify any possible misuse of your personal data. The legal basis for the processing of this data is also Art. 6 paragraph 1 lit. (f) GDPR.
If the purpose of establishing contact is to conclude a contract, the additional legal basis for the processing is Art. 6 paragraph 1 lit. (b) GDPR.
In this context, data shall not be disclosed to third parties. The data will be used exclusively for processing and answering the contact request.
The collected data will be stored by our web hosting provider who works on our behalf and provides us with storage space for our website, and he stores the associated data processing procedures. This service provider has been carefully selected and commissioned by us, is bound by our instructions and is controlled regularly. The service provider is established in the European Union or in a country of the European Economic Area.
d) Possibility/right of objection and removal
The user can object to the use of his personal data at any time. In such a case, the conversation cannot be continued. Section C applies in addition.
3. Postal advertising (letter post)
a) Description of data processing, storage, purpose, disclosure
If you provide us with your name and postal address, we will save them for the possible future despatch of postal advertising (letter post) on our products. If necessary, the data will be made accessible to an external service provider during franking and despatch. This service provider acts in accordance with our instructions and on our behalf. This service provider is established in the European Union. Any other disclosure to third parties will not take place. The data will be deleted as soon as they are no longer required for the purpose of their collection, or when you have objected to the processing.
b) Legal basis of the data processing, possibility/right of objection
The legal basis for the data processing mentioned under a) is Art. 6 paragraph 1 lit. (f) GDPR. The sending of product information by letter post is a legitimate interest of our company. You shall have the right to object to this use of your personal data at any time. In such a case, we will cease sending the letter post advertising. Section C applies in addition.
4. Analysis tools
Use of the tracking tool "Matomo" in case of granted consent
a) Description and scope of data processing, storage, deletion
The Matomo tool is deactivated when you visit our website. If you you’re your consent to its use, we collect your anonymised browsing behaviour when visiting our website, and then evaluate it statistically. We use the "Matomo" tool for this purpose. This is an open source software, which we have stored on the web server we have rented. The software is set as to process your IP address in a shortened form.
We have adapted the Matomo tool accordingly, to prevent it from using "cookies" to analyse browsing behaviour. Cookies are text files, which can be stored by your web browser when you visit a website. Cookies contain a characteristic string of characters allowing to uniquely identify the browser when the website is viewed again or after a page change (calling up different sub-pages).
The information collected by Matomo is stored on the web server rented by us, through which the website can be accessed. We can view the data collected online and have statistical analyses sent to us (reports on website activities). The data is deleted after 18 months. The reports created are stored by us for 36 months and will, then, be deleted.
b) Purpose of data processing, disclosure
Processing the personal data of website visitors enables us to analyse their browsing behaviour. This allows us to determine which information/which sub-pages of our website are of particular interest to website visitors and/or which website content is of little interest. In addition, we can see how quickly and how often recently created website content is read. The evaluation enables us to align the website content with the presumed special user interest determined in this way and to optimise it in this respect (hereinafter also referred to as "legitimate interest of our company in data processing"). The data will not be disclosed to third parties.
c) Legal basis for data processing
In accordance with Article 5 (3) of EU Directive 2002/58/EC, the storing of information, or the gaining of access to information already stored in the user's terminal equipment is only permitted on condition that the user has given his or her consent. In the affirmative (i.e., if consent is given), we collect and analyse the information collected. If this data is personal, its processing shall be lawful on the basis of the consent given, cf. Art. 6 paragraph 1. lit. a. GDPR.
d) Withdrawal of consent, other measures
You can withdraw your consent given at any time, cf. section C, by clicking on the highlighted link in the next paragraph ("Click here..."). This will place a deactivation cookie in your browser, which will prevent the collection of your website usage.
C. Rights of the concerned person(s) / data subject
As a concerned person or data subject, you shall have the right to free information about your personal data stored by us and, if applicable, the right to rectification, restriction of processing, erasure, information to third parties, data portability, objection, withdrawal of consent granted under data protection law, non-implementation of automated decisions and/or complaint to be lodged with the responsible data protection supervisory authority. Further details can be found in the following information.
If you have any questions regarding data processing or the exercise of your rights, please contact us or our data protection officer; see the contact information under A. and B. of this text.
1. Right to information / Right of access
If we process your personal data, you shall have the right to request from us, as the responsible data controller, information free of charge as to whether we process your personal data. Where this is the case, you as the concerned person shall have the right to access information about this personal data and to the following information:
- the purposes of the processing of the personal data;
- the categories of personal data being processed;
- the recipients and/or categories of recipients to whom the personal data concerning you has been or will be disclosed;
- the envisaged period for which the personal data concerning you will be stored or, if not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of personal data concerning you, or restriction of processing by the data controller or to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from you as the data subject, all available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
You shall have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR, which relates to such transfer.
2. Right to rectification
You shall have a right to obtain from us, as the responsible data controller, rectification of inaccurate data concerning you, and you shall have the right to have incomplete personal data completed by us by means of providing a supplementary statement.
3. Right to restriction of processing
You shall have the right to request restriction of processing your personal data where one of the following conditions applies:
- you dispute the accuracy of the personal data concerning you, the processing of the data will be restricted for a period enabling us, as the responsible controller, to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and you request the restriction of their use instead;
- we, as the responsible data controller, no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- you have objected to processing pursuant to Art. 21 paragraph 1) GDPR and we, as the responsible data controller, verify the lawfulness of your objection. As long as it is not yet clear whether the legitimate grounds of the responsible controller override your reasons, the processing of the data will be restricted.
Where the processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, you shall be informed by us, as the responsible controller, before the restriction of processing is lifted.
4. Right to erasure
a) Duty to delete
You shall have the right to obtain from us as the responsible controller the erasure of your personal data immediately, and we as the responsible controller shall be obliged to erase this personal data without undue delay where one of the following grounds applies:
- The personal data concerning you are no longer necessary in relation to the purposes which they have been collected for or otherwise processed.
- You withdraw your consent on which the processing is based pursuant to Art. 6 paragraph 1 lit. (a) or Art. 9 paragraph 2 lit. (a) GDPR, and there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
- The personal data relating to you have been collected in relation to the offer of information society services referred to in Art. 8 paragraph 1 GDPR.
b) Information to third parties
If we, as the data controller, have made public the personal data relating to you, and we are obliged pursuant to Art. 17 paragraph (1) GDPR to erase those personal data, we as the data controller - taking account of available technology and the cost of implementation - shall take reasonable steps, including technical measures, to inform the data controllers, which are processing the personal data, that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data.
The right to deletion and information to third parties shall not apply to the extent the processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which we as the responsible controller are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9 paragraph 2 lit. (h) and (i) and Art. 9 paragraph 3 GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 paragraph 1 GDPR, insofar as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
- for the establishment, exercise or defence of legal claims.
5. Right to information
We shall notify all recipients to whom your personal data has been disclosed of any rectification, erasure or restriction of processing, unless this proves to be impossible or involves disproportionate effort.
You shall have the right vis-à-vis us, as the responsible data controller, to be informed about those recipients.
6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to us as the responsible controller, in a structured, commonly used and machine-readable format. In addition, you shall have the right to transmit those data to another responsible controller without hindrance from us as the responsible controller, to which the personal data have been provided, to the extent:
- the processing is based on consent pursuant to Art. 6 paragraph 1 lit. (a) GDPR or Art. 9 paragraph 2 lit. (a) GDPR or on a contract pursuant to Art. 6 paragraph 1 lit. (b) GDPR, and
- the processing is carried out by automated means.
In exercising this right, you shall have the further right to have your personal data transmitted directly from us as the responsible controller to another responsible controller to the extent this is technically feasible. This shall not adversely affect the rights and freedoms of other persons.
The exercise of the right to data portability shall not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the responsible data controller.
7. Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) lit. (e) or (f) GDPR, including profiling based on those provisions.
We as the controller shall no longer process the personal data relating to you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object to processing your personal data by automated means using technical specifications.
8. Right to withdraw the declaration of consent under data protection law
You shall have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of your consent will not affect the lawfulness of processing based on your consent before its withdrawal.
9. Automated individual decision-making including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply, if the decision
- a) is necessary for entering into, or performance of, a contract between you and us as the responsible party (as the data controller),
- b) is authorised by Union or Member State law to which we are subject as responsible data controller and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
- c) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data pursuant to Art. 9 paragraph 1 GDPR, unless Art. 9 paragraph 2 lit. (a) or (g) applies and suitable measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.
In the cases referred to in (a) or (c), we as the responsible data controller shall implement suitable measures to safeguard your rights and freedoms, as well as your legitimate interests, including at least the right to obtain human intervention on our part as the responsible controller, to express our own position and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.