E-Mail: info@artos-fencing.com

Welcome to ARTOS

Privacy Policy

PRIVACY POLICY

Notice of Liability

The following data protection statement has been created with the greatest possible care. However, we expressly point out that we provide no warranty or assume any other responsibility for the accuracy, timeliness or completeness of the information provided. We reserve the right to make changes to the information without prior notification. The data protection statement has been created by the authors on the basis of literature currently available. The data protection statement serves as an initial model. It should be noted that many of the problems raised have not yet been resolved by supreme court case law, which is why different views are still being expressed on some points. No liability for correctness and completeness is assumed. It should also be noted that each case should be reviewed on an individual basis and that this model does not replace any individual legal advice.

PRIVACY STATEMENT

SECTION I. – General Information

  1. Information

We appreciate your interest in our company and our services. We consider it our primary task to protect the confidentiality of the personal data you provide and to protect it from unauthorised access. We therefore take the utmost care and apply state-of-the-art security standards to ensure maximum protection of your personal data. To this end we have adopted technical and organisational measures, which ensure that the data protection regulations are observed both by us and also by our external service providers. Please read these regulations to familiarise yourself with the nature, scope and aim of the processing of personal data by us as the providers of this website. The lawful basis on which we process your personal data is provided under Regulation (EU) 2016/679 General Data Protection Regulation.

– hereinafter referred to as the “GDPR” –

Enhanced regulatory provisions apply in Germany under the Federal Data Protection Act [Bundesdatenschutzgesetz], in supplement to the provisions of the GDPR.

– hereinafter referred to as the “BDSG” –

To the extent that no other information is provided in the future, you are neither required by law nor by contract to provide your personal data to us, nor is it absolutely necessary to conclude a contract with us. You are not fundamentally obliged to provide your personal data. Refusal to provide your personal data has no consequences for you as a user when viewing our website.

This applies only where no other information is given in the subsequent processing operations.

SECTION II. – Definitions

  1. Definitions

Legislation requires personal data to be processed lawfully, in good faith and in a manner that is reasonable for the Data Subject. In order to ensure this, we hereby inform you of the individual legal definitions which are also used in this data protection statement. This data protection statement is based on terms similar to those used by the European Commission when adopting the General Data Protection Regulation (GDPR). The terms used here are presented in abbreviated form, correspondingly and without any claim to their completeness or the legal certainty of the wording. For further information please refer to Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016, in so far as this description does not sufficiently clarify the definitions or explain the legal form.

We use the following terminology in our data protection statement, including but not limited to:

“Personal data” Personal data is all the information, which relates to an

(see Article 4(1) of the GDPR) identified or identifiable natural person

– hereinafter referred to as the “Data Subject” or “personal data” –

“Processing” Processing is any process or series of processes carried

(see Article 4(2) of the GDPR) out in the context of personal data.

“Restriction” A restriction on processing is the marking of stored

(see Article 4(3) of the GDPR) personal data with the aim of limiting its future processing.

“Profiling” Profiling is any type of automated processing in which personal data

(see Article 4(4)of the GDPR) is used to evaluate certain personal aspects relating to a natural person.

“Pseudonymisation” is the processing of personal data in such a way that

(see Article 4 Para. 5 GDPR) this can no longer be assigned to a Data Subject without the need for additional information.

“Data Controller” A data controller is the natural or legal person, who alone or

(see Article 4(7) of the GDPR) together with others decide on the purposes and means of processing.

"Processor” A processor is a natural or legal person who

(see Article 4(8) of the GDPR) processes data on behalf of the Data Subject.

“Recipient” A recipient is a natural or legal person, authority, institution (see Article 4(9) of the GDPR) or other body to whom personal data is disclosed, regardless of whether it involves a third party or not.

“Third party” A third party is a natural or legal person, who, under the direct (see Article 4(10) of the GDPR) authority of the Data Controller, is authorised to process personal data.

“Consent” Consent is each expression of will unequivocally given by the Data Subject voluntarily for a particular (see Article 4(11) of the GDPR) case in the form of a declaration or a unique action of confirmation.

SECTION III. – Data Controller

  1. Data Controller

The Data Controller in the sense of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as any other data protection laws and other regulations on data protection in the Member States of the European Union:

Artos Fencing Steffen Grollmisch GmbH & Co. KG

Ziegeleiweg 15

04435 Schkeuditz (Deutschland)

Telefon: +49 (0) 34204 70290

E-Mail: info@artos-mail.de

Web: http://www.artossilver.com http://www.artos-fencing.com

  1. DATA PROTECTION SUPERVISORY AUTHORITY

Responsible supervisory authority:

The State Commissioner for Data Protection

and the Freedom of Information

Sächsischer Datenschutzbeauftragter

Postfach 11 01 32

01330 Dresden (Deutschland)

Telefon: 0351/85471 101

Telefax: 0351/85471 109

Internet: www.datenschutz.sachsen.de

Email: saechsdsb@slt.sachsen.de

SECTION IV. - Use and Purpose of the processing and its Lawful Bases

  1. Use and Purpose of the Processing

We process personal data that we receive directly from our customers in the course of our business relationship. In addition, we process personal data that we collect from other companies, to carry out orders, to fulfil contracts or on the basis of consent we have received from you, for example. We also process personal data that we have legitimately gained and are permitted to process from publicly available sources, such as commercial registers, the press, the media or the internet. The personal data provided by you will be processed according to the applicable regulations on personal data protection, only for the purposes communicated by you and for which you have given consent for its use. In particular, for:

initiation or performance of the contract with you;

being able to process and answer your enquiries adequately and effectively;

tailoring services and offers to you;

processing your requests and orders;

providing particular information or offers to you;

maintaining legitimate business interests, in terms of customer service and customer care.

Your personal data is not disclosed to third parties without your express consent.

  1. Lawful Basis for the Processing of Personal Data

The processing of personal data is only lawful if there is a lawful basis for the processing. The lawful basis for the processing may, in accordance with Article 6(1)(a) to (f) of the GDPR, in particular be:

the Data Subject has given their consent to the processing of personal data concerning them for one or more specific purposes;

the processing is necessary for the fulfilment of a contract to which the Data Subject is a contractual party or in order to fulfil contractual requirements at the request of the Data Subject;

the processing is necessary to fulfil a legal obligation to which the Data Controller is subject;

the processing is necessary to protect the vital interests of the Data Subject or another natural person;

the processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the Data Controller;

the processing is necessary to safeguard the legitimate interests of the Data Controller or a third party, unless the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data, prevail, in particular where the Data Subject is a child.

SECTION IV. – Collection of Personal Data

  1. Server Log Files

With each visit to our website, whether by a Data Subject or via an automated system, a set of general data and information is collected for the maintenance and safe operation of our website. This general data and information is stored in the log files of the server. This data is collected only to the extent that it is technically necessary. The data remains anonymous and is evaluated exclusively for statistical purposes to improve our websites and online services. The data collected is used solely for statistical evaluations and to improve the website. We reserve the right, however, to review the server log files subsequently, in the event that concrete and valid evidence indicates an illegal use of our website.

  1. Acquisition and Processing of the Data Types in Server Log Files

Where the website is used for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee its stability and security. These items are:

websites visited

time of access

amount of data sent in bytes

source/reference from which you accessed the page

information about the internet service provider of the accessing system

browser type used and its version

operating system used for browser access

IP address used (anonymised)

website from which an accessing system reaches our website (the referrer)

the sub-pages that are controlled via an access system on our website

other similar data and information used for risk prevention in the case of attacks on our information technology systems.

When using this general data and information, Artos Fencing Steffen Grollmisch GmbH & Co. KG does not draw any conclusions about the Data Subject. Rather, this information is needed to

correctly deliver the content on our website;

optimise the contents and advertising of our website;

ensure the functionality of our information technology systems and the technology of our website;

provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack.

This data and information collected anonymously are therefore statistically evaluated by Artos Fencing Steffen Grollmisch GmbH & Co. KG with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us.

The anonymous data from the server log files is stored separately from all personal data given by a Data Subject and, therefore, does not provide any conclusions about individual persons. This means that your personal data is protected at all times. This data is processed based on Article 6(1)(f) of the GDPR under the legitimate interest in the provision and secure operation of our website. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

  1. Cookies

We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, trojan horses or other malware.

Information generated from the specific device used is stored in cookies. This does not mean, however, that we will gain immediate knowledge of your identity.

The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are erased automatically when you leave our website.

We also use temporary cookies to optimise user-friendliness. These cookies are stored on your device for a specific period of time. If you return to our website to use our services, cookies allow us to automatically recognise that you have visited our website previously and remember the inputs and settings you have made so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and analyse it for the purpose of optimising our services. These cookies allow us to automatically recognise that you have already visited our website when you visit our website again. These cookies are automatically erased after a defined period of time.

The processing of data through cookies for the purposes stated above is necessary in order to safeguard our legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1(f) GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so a message is always displayed before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the features on our website.

Cookie Opt-in

In accordance with Article 6 Paragraph 1(a) GDPR, you have given your consent to this through our opt-in cookie banner.

  1. Contact Options

On the basis of statutory regulations, the Artos Fencing Steffen Grollmisch GmbH & Co. KG website contains information that enables customers to quickly contact us electronically, as well to communicate with us directly, which also includes a general e-mail address.

If a Data Subject contacts us by e-mail or any other means of contact, the personal data transmitted by the Data Subject will be automatically stored. We process your personal data which you provide to us by e-mail contact form, etc. to answer and fulfil your requests. You are not obliged to provide your personal data. But if you do not provide us your e-mail address we cannot reply by e-mail. Personal data submitted on a voluntary basis to us is stored for purposes of processing the request and contacting the Data Subject.

This personal data is not transmitted to third parties.

By sending your message, you consent to the processing of the data transferred. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation. We will only use your e-mail address to respond to your enquiry. Your data will then be deleted, taking into account statutory and, in particular, tax and commercial law retention periods, unless you have consented to further processing and use.

  1. Communication by E-mail

Your personal data is stored using all possible technical and organisational measures so that it is not accessible to third parties. As the recipient, we cannot guarantee complete data security for e-mail communication, so we recommend that you send confidential information by post. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

  1. Form Function

Where there is the possibility of entering personal data on our website, data is disclosed on an expressly voluntary basis. Of course, this data will be handled confidentially by us.

By submitting your data, you consent to the processing of the data transferred. This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

  1. Contact Form

When contacting us via our contact form, we only collect the personal data (name, e-mail address and message text) provided by you. This processing serves to contact you and respond to your request.

Your data is processed on the basis of Article 6(1)(f) of the GDPR. You have the right to object to the data processing under Article 6(1)(f) of the GDPR on the basis of legitimate interest and not for the purpose of direct marketing for reasons that arise from your particular situation at any time. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

This personal data collected is not disclosed to third parties, unless such disclosure is required by law or serves for the legal defence of the Data Controller. We delete the data arising in this context after storage is no longer necessary, or processing is restricted, unless statutory retention obligations prevent this.

  1. Newsletter Subscription

On the Artos Fencing Steffen Grollmisch GmbH & Co. KG website, users are given the opportunity to subscribe to our company’s newsletter. The personal data transmitted to us when a request to subscribe to the newsletter is received results from the input form used for this purpose.

You can give your consent to receive our newsletter, in which we inform you of our current offers.

To subscribe to our newsletter, we use the double opt-in procedure. This means that after your request is received, an e-mail is sent to the specified e-mail address, in which we ask you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month.

Artos Fencing Steffen Grollmisch GmbH & Co. KG uses its newsletter to inform its customers and business partners at regular intervals about offers by the company. Our company’s newsletter may be received only by the Data Subject, if:

the Data Subject has a valid e-mail address;

the Data Subject has registered to receive the newsletter.

When registering for the newsletter, we also store the IP address of the computer system used by the Data Subject assigned by the Internet Service Provider (ISP) at the time of registration;

the date and time of the registration.

This data is collected in order to trace any misuse of the e-mail address of the Data Subject at a later point and therefore provides legal protection for the Data Controller. The personal data collected when registering for the newsletter will be used exclusively to send our newsletter.

In addition, subscribers to the newsletter may be notified by e-mail, if this is necessary for the operation of or registration for the newsletter service, as might be the case in the event of changes to the newsletter or technical changes.

The only information we require to send the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your e-mail address in order to send the newsletter. The lawful basis is Article 6(1)(1)(a) of the GDPR.

The processing is based on the lawful basis under Article 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of your consent until the time of revocation. You will find a link in every newsletter for the purpose of revoking your consent. It is also possible at any time to unsubscribe directly from the newsletter on the Data Controller’s website or by informing the Data Controller in any other way.

  1. Comments Function

Where it is possible to make comments on content we publish, we collect your personal data (name, e-mail address, and comment text) only to the extent that it is provided by you. The purpose of this processing is to allow comments to be made and displayed. In addition, your IP address is stored upon submission of the comment in order to prevent abuse of the comment function and to ensure the security of our information technology systems. Our legitimate interest is in the public exchange of user opinions on certain topics and products for the purpose of transparency and opinion-forming. Your interest in data protection is maintained, as you can publish your comment under a pseudonym. A certain storage period is not provided for. You can request to have your comment deleted at any time. You have the right at any time to object to data processing under Article 6(1)(f) of the GDPR and not for the purpose of direct marketing for reasons arising from your particular situation. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. This personal data collected is not disclosed to third parties, unless such disclosure is required by law or serves for the legal defence of the Data Controller.

  1. Use of Social Media Plug-Ins

We currently use the following social media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn and Flattr]. We use the two-click solution. This means that if you visit our site, initially no personal data will be passed on to these plug-ins’ providers. You can identify the provider of the plug-in by the marking on the box above its initial letter or the logo. You can communicate directly with the plug-in provider via the button. Clicking the marked field will activate it, and the plug-in provider receive the information that you have accessed the corresponding website from our website. In addition, the data mentioned under section 3 of this statement will be transmitted. In the case of Facebook and Xing, the IP address of the respective provider in Germany is anonymised immediately after collection. By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.

We have no influence on the data collected and the data handling processes, nor are we aware of the full extent of the data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or customised design of its website. Such evaluation is also carried out in particular (including for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. You must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the option to interact with social networks and other users, so that we can improve our offering and make it more interesting for you as a user. The lawful basis for this use is Article 6 (1)(1)(f) of the GDPR.

The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares this with your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid linking to your profile with the plug-in provider.

For more information on the purpose and extent of the data collection and processing by the plug-in provider, please refer to the data protection statements of these providers below. You will also find further information on your rights and settings options for protecting your privacy there.

Addresses of the plug-in providers and the link to their data protection policy:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084

http://www.facebook.com/about/privacy/your-info-on-other%2523applications and

http://www.facebook.com/about/privacy/your-info%2523everyoneinfo.

Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA;

https://policies.google.com/technologies/partner-sites?hl=en

Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

Twitter is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany;

https://t3n.de/store/page/datenschutz.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;

http://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework

Flattr Network Ltd. with its office at 2nd Floor, White Bear Yard 114A, Clerkenwell Road, London, EC1R 5DF, UK; https://flattr.com/privacy.]

SECTION VI – Use and Processing

  1. Information

We only store and process data which you voluntarily provide to us. If you make use of services, generally only data that we absolutely need to provide the services and to safeguard our own legitimate business interests is collected. If we ask you for further information, you are under no obligation to provide it.

If the processing of personal data is necessary and there is no lawful basis for such processing, we generally obtain consent for the processing the data of the Data Subject. Personal data is always processed in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), and in accordance with the state-specific data protection provisions applicable to Artos Fencing Steffen Grollmisch GmbH & Co. KG.

Artos Fencing Steffen Grollmisch GmbH & Co. KG has implemented numerous technical and organisational measures as the Data Controller in order to ensure that all personal data processed via this website is protected as best as possible. Nevertheless, internet-based data transmissions can by their very nature have security gaps, so absolute protection cannot be 100% guaranteed. For this reason, every Data Subject is free to transmit personal data to us by alternative means, for example by telephone or post.

  1. Consent

If it is necessary to obtain personal data, the processing of which is permitted or provided for on a lawful basis, we collect this from the Data Subject before processing in the form of voluntary consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

  1. Legitimate Interest

If the processing is absolutely necessary to maintain a legitimate interest of our company or a third party, and it must be ensured that the interests are proportionate and the fundamental rights and freedoms of the Data Subject do not prevail, then we conduct the processing on the basis of Article 6(1)(f) of the GDPR in a considered assessment of risks related to this and in full awareness of our fiduciary duty according to strict assessment criteria, which otherwise are not included in any of the above mentioned lawful bases. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

We are, in particular, allowed to carry out such processing procedures that sometimes become necessary because they have been specifically provided for in EU legislation. In this regard this maintains the condition that, for example, a legitimate interest could be assumed if the Data Subject is a customer of the Data Controller. (see Recital 47(2) of the GDPR).

  1. Direct Marketing

We use your e-mail address, which we have obtained within the framework of a personal contact or in connection with an agency/project undertaking or in connection with a service delivery/claim or in connection with the sale/purchase of a good/product, for the electronic transmission of marketing for our own offers, products or services, which are similar to those that you have already ordered with us, if you have not objected to such use. This data is processed on the basis of Article 6(1)(f) of the GDPR on the basis of the legitimate interest in direct marketing. You have the right at any time to object to the processing of your personal data, without giving any reasons, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. You can also use the dedicated link in the promotional e-mail. There are no other costs involved in sending this notification other than the transmission costs in accordance with the basic tariffs.

  1. Credit Check

We wish to point out that we are entitled to send all relevant data concerning outstanding claims made on the basis of non-contractual behaviour to credit agencies, in compliance with the statutory requirements.

If we make advance outlays, for example, if you pay on account or on credit, we reserve the right to obtain a credit rating. To do this, we submit the personal data required for a credit check to a credit agency. We use the information obtained about the statistical probability of default for making a balanced decision with respect to the conclusion, execution or termination of the contract. Your legitimate interests will be taken into account in accordance with the legal requirements.

This data is processed on the basis of Article 6(1)(f) of the GDPR on the basis of the aforementioned legitimate interest. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you can contact us at any time, as the Data Controller. The credit information can contain probability values (score values), which are calculated on the basis of scientifically recognised mathematical-statistical methods.

  1. Processing of Personal Data

When creating a quotation or offer acceptance, we collect and use personal data only as necessary to generate, fulfil and process quotes and/or contracts, as well as to process requests in this regard. This data must be provided in order to conclude the contract.

This data is processed on the basis of Article 6(1)(b) of the GDPR and is necessary to conclude and execute a contract with you. Service providers employed by us and acting on our behalf (order processors, see Article 28 GDPR) can process data for purposes mentioned in Section IV, Part A.

Existing services which the contractor generally uses with third parties as an ancillary service, in support of its operation or its business in the context of order processing, also fall within the sense of this statement. In such cases, personal data is processed by the operator under contract in accordance with Article 28 of the GDPR in connection with Section of the 62 BDSG.

Inasmuch as ancillary services also need to be used for the processing, the processing is based on Article 6(1)(f) GDPR on the basis of the legitimate interest in maintaining business operations. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. These include ancillary services to ensure the confidentiality, availability, integrity and capacity of the computer hardware and software used and called upon by the contractor, such as:

telecommunications providers as part of maintenance and services

cleaning and/or security services

auditors in the context of certifications

waste disposal services

data centre services

postal/transportation services

IT service providers for system maintenance and user service.

  1. Data Transfer

Your data is not disclosed to third parties, who then process it under their own responsibility, without your express consent. Only our service partners which we need to conduct the contractual relationship or service providers we use in the course of order processing are excluded from this. The scope of the disclosure of data is limited to a minimum. In all cases, we assure you that when choosing our service providers which we use in individual cases, we select these carefully and in good faith, in terms of their suitability and reliability, ensuring that they satisfy our own requirements and standards.

  1. Transmissions

Personal data is transmitted to authorised national institutions and authorities only within the framework of relevant laws or unless we are required by a court decision to do so. This data is processed on the basis of Article 6(1)(e) of the GDPR. We may transmit your personal data to the companies referred to under Section II. A. and to companies affiliated with us, to the extent permitted by the purposes set out in Section IV. A. and the lawful bases referred to in Section IV. B.

  1. Data Transfer to a Third Country

We do not envisage transmitting your data to a third country. If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the relevant offer.

  1. Categories of Recipients

Within Artos Fencing Steffen Grollmisch GmbH & Co. KG, only those persons who receive your data and are entrusted with processing the contract or handling your request. Otherwise, personal data is processed on our behalf, on the basis of contracts pursuant to Article 28 of the GDPR in conjunction with Section 62 of the BDSG. In addition to the recipient named in the respective provisions of this data protection statement, this may be to recipients in the following categories:

commercial agencies

shipping providers

payment service providers

enterprise resource planning service providers

logistics providers

cloud and IT service providers

tax and business consultants.

The recipients can be also our affiliates, insofar as this is allowed for within the purposes set forth in this statement and lawful bases.

  1. Duration of Storage

The Data Controller processes and stores the personal data of the Data Subject only for the period that is necessary to achieve the purpose of the storage. After completion of the contract, the data is first stored for the duration of the warranty period; then, taking into account any legal and, in particular, tax and commercial retention periods, your data is stored and then deleted after this period, unless you have agreed to further processing and use or unless this is otherwise determined by the European Commission or any other laws or regulations to which the Data Controller is subject.

  1. Confidentiality and Data Protection

Our employees and the service companies commissioned by us are contractually bound to confidentiality and to comply with data protection, in accordance with regulations of the German Federal Data Protection Act.

  1. Children and/or Young People

Our offer is essentially aimed at adults. Persons below the age of 18 should not transmit personal data to us without the consent of their parents or legal guardians.

We generally require no personal data from a child or children or a young person or young people, and we do not collect and or disclose such data to third parties. Nevertheless, in special circumstances, we may need and request such personal data to process an application, under our legitimate interest in the application for the establishment of a possible employment relationship.

In such cases, personal data is processed on the basis of Article 6(1)(f) of the GDPR, for the legitimate interest of the aforementioned purpose and to obtain the necessary written consent of one or more parents or guardians in the processing.

The parents or guardians may revoke their consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

If the Data Controller concludes an employment or placement contract with an applicant, the data to be transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. This data is processed on basis of Section 26(1) in conjunction with (8)(2) of the BDSG in the course of employment.

  1. Job Applications

Insofar as the application is necessary to fulfil a contract with the applicant or to carry out pre-contractual measures, the lawful basis for processing the data is based on Article 6(1)(b) of the GDPR.

If this is a speculative application, the data is processed based on Article 6(1)(a) GDPR, with the consent of the applicant.

You can revoke consent provided under the lawful basis of Article 6(1)(a) of the GDPR at any time by informing us, without affecting the lawfulness of the processing carried out on the basis of consent until the time of revocation.

Insofar as ancillary services are to be used for processing, the processing is carried out on the basis of Article 6(1)(f) of the GDPR, based on the legitimate interest in the handling of the application process. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

The lawful basis for processing the data beyond any other lawful basis is in any case the consent of the applicant in accordance with Article 6(1)(a) of the GDPR.

As part of the application process, we obtain the consent of the applicant. You can revoke consent provided under the lawful basis of Article 6(1)(a) of the GDPR at any time by informing us, without affecting the lawfulness of the processing carried out on the basis of consent until the time of revocation.

If the processing of personal data is necessary and there is no lawful basis for such processing, we generally obtain consent for the processing the data of the Data Subject. You can revoke consent provided under the lawful basis of Article 6(1)(a) of the GDPR at any time by informing us, without affecting the lawfulness of the processing carried out on the basis of consent until the time of revocation.

As far as employment between you and us is concerned, we may process the personal data already obtained from you for employment purposes. The lawful basis flows from Section 26(1) in conjunction with (8)(2) of the BDSG if this is necessary for the creation, implementation or termination of the employment relationship or for exercising or fulfilling the rights and obligations of the employees resulting therefrom.

Otherwise, the application process ends with the receipt of the rejection by the applicant.

In the event that an employment relationship between you and us does not come into effect, we may also continue to store data based on Article 6(1)(f) of the GDPR to the extent necessary to defend against possible legal claims. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

  1. Processing in the Employment Context

Data is processed on the basis of Article 88 of the GDPR in conjunction with Section 26 of the BDSG.

SECTION VII. – Technical and Organisational Measures

We have taken technical and organisational security measures to protect your personal information against loss, destruction, manipulation and unauthorised access. Our security measures are continuously updated in accordance with technological development and the state of the art,as far as economically viable and acceptable, so as to keep the confidentiality, integrity, availability and resilience of our systems and services always at the highest level.

  1. SSL Encryption

To best protect your transmitted data, we use SSL encryption on our websites. You can recognise encrypted connections by the prefix “https://” in the page link in the address line of your browser. Unencrypted pages are identified by “http://”. All data that you send to these SSL websites – such as inquiries or logins – cannot be read by third parties thanks to SSL encryption.

  1. Organisational Measures

All of our employees and all persons involved in data processing are contractually obliged to observe the data protection laws and provisions and are also bound to the confidential handling of personal data as well as to data protection and confidentiality.

  1. Automated Decision-Making

As a responsible company, we do not use automatic decision-making.

  1. Profiling

Profiling is carried out only for logistical reasons to process your order within our enterprise resource planning system.

SECTION VIII. – Rights of Data Subjects

You have the following rights pursuant to the statutory requirements under Article 15 to 21 and Article 77 of the GDPR in connection with Section 29 of the BDSG. If you wish to avail yourself of any of the following rights, you may contact our data protection officer or us, as the Data Controller, at any time using the contact details provided in this statement.

formation about your data which we store and how we process it

Correction of incorrect personal data

Deletion of your data which we store, or limitation of data processing, if we are not yet allowed to delete your data due to legal obligations

Objection to your data being processed by us

Data portability, if you have consented to data processing or have concluded a contract with us.

If you have given us your consent, you can revoke it with future effect at any time.

Right to objection under Article 21 of the GDPR

Any Data Subject has the right granted by the European Commission, for reasons arising from their particular situation, to object to the processing of personal data relating to them at any time, which is processed on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

Artos Fencing Steffen Grollmisch GmbH & Co. KG will no longer process personal data in the event of an objection, unless we can prove there are compelling reasons to continue the processing which outweigh the interests, rights and freedoms of the Data Subject, or that the processing serves to assert, exercise or defend legal claims.

If Artos Fencing Steffen Grollmisch GmbH & Co. KG processes personal data for direct mailing purposes, the Data Subject has the right to object to the processing of personal data for the purpose of such marketing at any time. This also applies to any profiling connected with such direct marketing.

If the Data Subject objects to Artos Fencing Steffen Grollmisch GmbH & Co. KG’s processing for direct marketing purposes, Artos Fencing Steffen Grollmisch GmbH & Co. KG may no longer process the personal data for these purposes.

The Data Subject has the right, for reasons arising from his/her particular situation, to object to the relevant processing of personal data which Artos Fencing Steffen Grollmisch GmbH & Co. KG carries out for scientific or historical research purposes or for statistical purposes, in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task in the public interest.

The Data Subject is also free to exercise their right of objection in relation to the use of services of an information company, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Without prejudice to any other administrative or judicial remedy, you have the right, in accordance with Article 77 of the GDPR in conjunction with Section 29 of the BDSG, to contact the supervisory authority if you believe that the processing of your personal data is not lawful.

The competent supervisory authority varies depending on your country of residence, your work or the nature of the alleged infringement. A list of supervisory authorities (for the non-public sector) and their addresses can be found (in German) at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

You also have the right to an effective judicial remedy if you consider that your rights under this regulation have been infringed as a result of processing of your personal data in breach of this regulation.

SECTION IX. – Integrated Processing Components

AddThis

This website contains components of the company AddThis. AddThis is a bookmarking provider that allows a simplified bookmarking of websites via buttons.

The operating company of AddThis is AddThis, Inc. 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA.

Each time you access one of the individual pages of this website, which is operated by us and on which an AddThis component has been integrated, the Internet browser on your IT system is automatically prompted by the respective AddThis component to download data from the www.addthis.com website. In the context of this technical procedure AddThis receives knowledge about the visit and which concrete single sides were used by your IT system. In addition, AddThis obtains information about the IP address of your IT system used, the browser type, the browser language, the website accessed before our website, the date and time of the visit to our website. AddThis uses this data to create anonymous user profiles. This data and information enable AddThis and its affiliates and partners to target visitors to our web pages with personalized and interest-based advertising.

AddThis displays personalized and interest-related advertising on the basis of a cookie set by the company. This cookie analyses the individual surfing behavior of your IT system. The cookie stores the visits to Internet pages made by the computer system.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programs.

You also have the possibility to permanently object to the processing of personal data by AddThis. To do this, you must press the opt-out button under the link https://www.addthis.com/privacy/opt-out, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on your IT system. If the cookies on your IT system are deleted after an objection, you must call up the link again and set a new opt-out cookie.

With the setting of the opt-out cookie, however, there is the possibility that our Internet pages are no longer fully usable for you.

You have given your consent to this via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.

The current privacy policy of AddThis can be found at the following link: https://www.addthis.com/privacy/privacy-policy can be downloaded.

Our activities in social networks

So that we can also communicate with you in social networks and inform you about our services, we are represented there with our own pages.

We are not the original provider (responsible) of these pages, but only use them within the framework of the possibilities offered to us by the respective providers.

Therefore we would like to point out as a precaution that your data may also be processed outside the European Union or the European Economic Area. A use can have therefore data protection risks for you, since the protection of your rights can be difficult e.g. on information, deletion, contradiction, etc. and the processing in the social networks frequently takes place directly for advertising purposes or for the analysis of the user behavior by the offerers, without this can be influenced by us. If the provider creates user profiles, cookies are often used or the user behavior is assigned directly to your own member profile of the social networks (if you are logged in here).

The processing operations of personal data described are carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user to the respective providers, the legal basis refers to Article 6(1)(a) GDPR i.V.m. Art. 7 DSGVO.

Since we have no access to the data stocks of the providers, we would like to point out that your rights (e.g. to information, correction, deletion, etc.) best apply directly to the respective provider. Further information on the processing of your data in the social networks and the possibility to make use of your right of objection or revocation (so-called opt-out), we have listed below with the respective provider of social networks used by us:

Facebook

Responsible for data processing in Europe:

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy):

https://www.facebook.com/about/privacy

Opt-out and advertising settings:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Facebook has joined the EU-U.S. Privacy Shield Agreement:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Facebook plug-ins

This website uses the plugin of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). When you visit pages on our site that have such a plug-in, a connection is established to the Facebook servers and the plug-in is displayed on the page by notifying your browser. This will tell the Facebook server which of our pages you have visited. If you are logged in to Facebook as a member, Facebook assigns this information to your personal Facebook user account. When using the plug-in functions (e.g. clicking the "Like" button, posting a comment), this information is also assigned to your Facebook account, which you can only prevent by logging out before using the plug-in. The processing is carried out on the basis of Article 6(1)(f) GDPR for the legitimate interest in the aforementioned purpose. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. If you do not want Facebook to associate the collected information directly with your Facebook profile, you must either log out of Facebook before visiting our website or block the loading of Facebook plug-ins on our pages by using a "Facebook Blocker". For more information about Facebook's collection and use of this information, your rights in this regard, and how Facebook can protect your privacy, please see Facebook's Privacy Notice:

https://www.facebook.com/policy.php

Google Maps

On our website we use Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. By using this service, you can, for example, view our location and make it easier for you to reach us.

Already when you call up the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transferred to Google's servers in the USA and stored there. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. When you're logged in to Google, your information will be directly associated with your account. If you don't want your profile associated with Google, you'll need to log out of your Google Account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. In particular, such evaluation shall be carried out in accordance with Article 6(1)(f) GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the demand-oriented design of its website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Google LLC, headquartered in the USA, is certified for the us-European privacy agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

If you do not agree with the future transmission of your data to Google within the scope of the use of Google Maps, there is also the possibility to completely deactivate the web service of Google Maps by switching off the application JavaScript in your browser. Google Maps and thus also the map display on this website can then not be used.

You have given your consent to this via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.

The terms of use of Google can be found under the following link: https://policies.google.com/terms?hl=en-GB&gl=en, the additional terms of use for Google Maps can be found under the following link: https://www.google.com/intl/en_US/help/terms_maps.html

Detailed information on data protection in connection with the use of Google Maps can be found on Google's website ("Google Privacy Policy"): https://www.google.de/intl/en_us/policies/privacy/

Google+

The data controller has integrated the Google+ button as a component on this website. Google+ is a so-called social network. A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Google+ enables users of the social network to create private profiles, upload photos and network via friendship requests, among other things. Google+ is operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Each time you access one of the individual pages of this website that is operated by us and on which a Google+ button has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google+ button to download a display of the corresponding Google+ button from Google. As part of this technical process, Google obtains information about which specific subpage of our website is visited by the person concerned. More detailed information on Google+ is available at https://developers.google.com/+/. If the person concerned is logged into Google+ at the same time, Google recognizes which specific page of our website the person concerned is visiting each time the person concerned accesses our website and for the entire duration of that person's visit to our website. This information is collected by the Google+ button and assigned by Google to the Google+ account of the person concerned. If the data subject clicks on one of the Google+ buttons integrated on our website and thereby makes a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly available in accordance with the terms and conditions accepted by the data subject in this regard. A Google+1 recommendation made by the data subject on this website will subsequently be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in this account, in other Google services, such as the search engine results of the Google search engine, the Google account of the data subject or in other places, such as on websites or in connection with advertisements. Google is also able to link your visit to this website with other personal data stored by Google. Google also records this personal information for the purpose of improving or optimising Google's various services. Google receives information from the Google+ button that the individual concerned has visited our site whenever the individual concerned is logged into Google+ at the same time as they visit our site, whether the individual clicks the Google+ button or not. The processing is carried out on the basis of Article 6(1)(f) GDPR for the legitimate interest in the aforementioned purpose. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR.

If a transmission of personal data to Google is not desired by the person concerned, this person can prevent such a transmission by logging out of his Google+ account before accessing our website.

Further information and the applicable privacy policy of Google can be found at https://www.google.de/intl/en_us/policies/privacy/.

You can find more Google hints on the Google+1 button at https://developers.google.com/+/web/buttons-policy

Google+ / Youtube

Responsible for data processing: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy policy:

https://policies.google.com/privacy

Opt-out and advertising settings:

https://adssettings.google.com/authenticated

Google has joined the EU-U.S. Privacy Shield Agreement:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Instagram Plug-In

This website uses plug-ins from the Instagram online service operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). When you visit pages on our site that contain such a plug-in, a connection is established to the Instagram servers and the plug-in is displayed on the page by notifying your browser. This will transmit to the Instagram servers both your IP address and the information which of our pages you have visited. If you are logged into Instagram, Instagram assigns this information to your personal user account. When using the plug-in functions (e.g. clicking the "Instagram" button), this information is also assigned to your Instagram account, which you can only prevent by logging out before using the plug-in. The processing is carried out on the basis of Article 6(1)(f) GDPR for the legitimate interest in the aforementioned purpose. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. If you do not want Instagram to associate the collected information directly with your Instagram account, you must either log out of Instagram before visiting our site or block your browser from loading the Instagram plug-in on our site by using an add-on, such as the script blocker "NoScript" (noscript.net).

For more information about Instagram's collection and use of this information, your rights in this regard, and how Instagram can protect your privacy, please see Instagram's Privacy Notice: https://help.instagram.com/155833707900388

PHP Web Stat

On our website we use the analysis tool PHP Web Stat of the PHP Web Stat (Sternbuschweg 2, 46562 Voerde). Data processing serves the purpose of analysing this website and its visitors. For this purpose, data is collected and stored for marketing and optimisation purposes. This data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. The cookies enable the recognition of the Internet browser. The data collected with the PHP Web Stat technologies will not be used to personally identify the visitor to this website and will not be merged with persb. data about the bearer of the pseudonym without the separately given consent of the person concerned. The processing is carried out on the basis of Article 6(1)(f) GDPR out of a legitimate interest in the need-based and targeted design of the website. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. The collection and storage of data may be revoked at any time with effect for the future. To do this, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Twitter

Responsible for data processing in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy policy:

https://twitter.com/en/privacy

Information about your data:

https://twitter.com/settings/your_twitter_data

Opt-out and advertising settings:

https://twitter.com/personalization

Twitter has joined the EU-U.S. Privacy Shield Agreement:

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Twitter plug-ins

The functions of the Twitter service are integrated on our website. Twitter is a social media portal from Twitter Inc.,795 Folsom St., Suite 600, San Francisco, CA 94107, (USA). We use Twitter plug-ins. If you call up a corresponding page containing such a plug-in, the data will be exchanged with the Twitter servers located in the USA. Even in the case of interactions that are possible with the various Twitter plug-ins, the relevant information about you is collected and transmitted to Twitter and stored. In addition, if you are a member of Twitter and log in to Twitter during the time you use the plug-in, the information collected about your visit to the site will be linked to your Twitter account and shared with other users. The processing is carried out on the basis of Article 6(1)(f) GDPR for the legitimate interest in the aforementioned purpose. If you do not want Twitter to link and merge the information with your Twitter account information, you must log out of Twitter before visiting our website.

For more information on the collection and use of data by Twitter, please visit https://twitter.com/en/privacy

YouTube (Videos)

We have integrated components from YouTube on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time you access one of the individual pages of this website, which is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at the following link: https://www.youtube.com/intl/en-GB/yt/about/ can be downloaded. As part of this technical process, YouTube and Google receive information about which specific subpage of our website is visited by you.

If the person concerned is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google receive information through the YouTube component that you have visited our website whenever you are logged into YouTube at the same time as you visit our website, regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google in this way, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website.

You have given your consent to this via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.

The privacy policy published by YouTube, which can be found at the following link: https://www.google.de/intl/en_us/policies/privacy/ provide information about the collection, processing and use of personal data by YouTube and Google.

SECTION X. – Shop System

If you would like to order from our online shop, you must provide us with your personal data which we need to complete your order in order to conclude the contract. The information required for processing the contract is marked separately; any further information is voluntary. We use the data provided by you to process your order. For this purpose, we can pass on your payment data to our own bank. The lawful basis for this is Article 6(1)(1)(f) of the GDPR.

You can voluntarily create a customer account, allowing us to store your data for future purchases. When you create an account under “My Account”, the data you provide will be stored revocably. All other data, including your user account, can always be deleted in the customer area.

We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years we limit the processing of your data, that is, your data will only be used to comply with legal obligations.

To prevent unauthorised access to your personal data by third parties, especially financial data, the order process is encrypted using TLS technology.

You can place an order at any time without registering or setting up a customer account.

  1. End Customer Registration

You have the opportunity to register on our website by providing personal data. The personal data transmitted to us depends on the input mask used for the registration.

Lawful Basis

The personal data entered by the Data Subject in the form as part of this registration will be processed solely for the purpose of creating and sending your offer. This data is collected and stored by the Data Controller only for their own purposes.

This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

The personal data entered by you is collected and stored exclusively for internal use, by the Data Controller and only for their own purposes.

We may disclose your data to one or more contracted processors, such as couriers, who also use your personal information solely for internal use. This is attributable to us as the Data Controller.

The data arising in connection with your orders will be saved to your user profile and in particular linked to your master data.

Once all the provisions have been fulfilled, the withdrawal period has expired, and a request to delete your registration data has been received, your data will be promptly blocked for further use on the website and purged from our systems after the end of the tax and commercial storage periods, unless you further expressly give consent to the use of your data voluntarily or further data use is reserved for us which is allowed by law and about which we will inform you separately in writing. Your master data will be blocked for further use and fully deleted once the tax and commercial retention periods expire.

  1. Customer Account

You have the option of setting up a customer account. Setting up a customer account requires your consent that your master data specified in the set-up process, namely

surname, first name

delivery address

billing address

date of birth

contact details

login details

payment information,

is saved to your customer account.

We use personal details that you provide to us for an order or to open a customer account in our online shop to process the contractual relationship.

The type of data collected is indicated in the input forms. The purpose of data processing is to improve your shopping experience and to simplify order processing.

  1. Types of Data

All data that is provided or entered to process an order is stored. This includes:

surname, first name

delivery address

billing address

date of birth

contact details

e-mail address

payment information.

Data that is absolutely necessary for delivery or order processing is passed on to third-party service providers.

Access is created when you as the Data Subject voluntarily provide this data and thereby give your consent for your data to be stored.

  1. Lawful Basis

Your customer account is created when you as the Data Subject voluntarily provide this data and thereby give your consent for your data to be processed.

This data is processed on the basis of Article 6(1)(a) of the GDPR with your consent.

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

The personal data entered by you is collected and stored exclusively for internal use, by the Data Controller and only for their own purposes.

  1. Use and Disclosure

The personal data entered by you is collected and stored exclusively for internal use, by the Data Controller and only for their own purposes. The Data Controller may disclose your data to one or more contracted processors, such as couriers, who also use the personal data solely for internal use, which should be assigned to us as the Data Controller.

The registration of the Data Subject by the voluntary provision of personal data is used solely by the Data Controller to provide the Data Subject with content or services that can only be offered to registered users due to the nature of the circumstances.

The data arising in connection with your registration and your order will not be saved to a user profile and, in particular, will not be linked to your master data.

When registering on the website of the Data Controller, the IP address assigned by the internet service provider (ISP) of the Data Subject, the date and time of registration are also stored. This data is stored for your financial protection; misuse of our systems can only be prevented if basic user data is available if needed.

This data is processed based on Article 6(1)(f) of the GDPR for the legitimate interest of storing the IP address for security reasons and in the event that the Data Subject infringes the rights of third parties or, if necessary, exculpates them in the event of a breach of law. You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

  1. Deletion

Once all the provisions have been fulfilled, the withdrawal period has expired, and a request to delete your customer account has been received, your data and account will be promptly blocked for further use and purged from our systems after the end of the tax and commercial storage periods, unless you further expressly give consent to the use of your data voluntarily or further data use is reserved for us which is allowed by law and about which we will inform you separately in writing. Once a request to delete your registration data has been received, your data will be promptly blocked for further use and purged from our systems after the end of the tax and commercial storage periods, unless you further expressly give consent to the use of your data voluntarily or we reserve the right to further data use which is allowed by law and about which we will inform you separately in writing.

Your right to request to have your registration data deleted remains completely unaffected by this. This is still possible at any time and can be exercised either by sending a message to us or by a designated function for deleting your registration on the website. Your customer account can only be deleted if there are no further active orders for your master data record. An order can still be placed without setting up a customer account. After your customer account has been completely settled, your master data will also be blocked for further use and properly deleted after expiry of the tax and commercial retention periods.

  1. iii.Becoming a Trade Partner

You have the option of registering on our website by providing personal data as a trading partner. The personal data transmitted to us depends on the input mask used for the registration. The data entered in the form as part of this registration will be processed solely for use in the trading partner account. Access to our trading partner area is obtained by entering your access data specified in the customer account and the password which you have chosen personally.

The data arising in connection with your orders will be saved to your customer account and in particular linked to your master data.

  1. Types of Data

All data, as mentioned in this declaration under section X paragraph 5 and which are specified or entered in the context of an order processing, will be stored. This includes additionally,

company

point of contact

vat ID

Data that is absolutely necessary for delivery or order processing is passed on to third-party service providers.

Access is created when you as the Data Subject voluntarily provide this data and thereby give your consent for your data to be stored.

  1. Lawful Basis

Your data is processed for initial registration on the basis of Article 6(1)(a) of the GDPR through your consent to processing.

You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation. After activating your user profile for the trade partner area, your data is processed on the basis of Article 6(1)(b) of the GDPR in the context of a contractual relationship as a trading partner. You may revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of consent until the time of revocation.

  1. Use and Disclosure

The personal data entered by you is collected and stored exclusively for internal use, by the Data Controller and only for their own purposes. The Data Controller may disclose your data to one or more contracted processors, such as couriers, who also use the personal data only for internal use, which is attributable to the Data Controller. The data arising in connection with your orders will be saved to your user profile and in particular linked to your master data.

By registering as trade partners on the website, the IP address provided by your internet service provider (ISP) and the date and the time of registration are also stored. This data is only stored to prevent data from being misused, and, where required, to clarify offences committed. In this respect, the storage of this data is required by the Data Controller for security purposes. This data is processed on the basis of Article 6(1)(b) of the GDPR and is necessary to execute a contract with you. This data will not be passed on to third parties where there is no requirement to do so by law, except to our service partners which we need to conduct the contractual relationship, or service providers which we use in the course of order processing.

  1. Deletion

Once the contract has been terminated either unilaterally or by mutual agreement, the individually agreed deadlines have passed and a request to delete your trade partner account has been received, your data and account will be promptly blocked for further use and purged from our systems after the end of the tax and commercial storage periods, unless you further expressly give consent to the use of your data voluntarily or further data use is reserved for us which is allowed by law and about which we will inform you separately in writing. Your right to request to have your registration data deleted remains completely unaffected by this. This is still possible at any time and can be exercised either by sending a message to us or by a designated function for deleting your account. Your account can only be deleted if there are no other active orders on your master data record. You can place an order at any time without a trade partner account. After your customer account has been completely settled, your master data will also be blocked for further use and properly deleted after expiry of the tax and commercial retention periods.

  1. iv.Grading System

We use a customer rating system. After you have placed your order, we ask you to evaluate and comment on your purchase from us. For this purpose, you will be contacted by us within the framework of the contract, where we use a technical system provider in the context of order processing. This data is processed on the basis of Article 6(1)(f) of the GDPR in the legitimate interest of truthful, verified evaluations of our services. You have the right at any time to object to the processing of your personal data, for reasons arising from your particular situation, based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

Your e-mail address will only be used for this purpose and, in particular, not for further marketing and will not be passed on to other third parties. The personal data stored in this context in the technical system of the buyer rating tool will be deleted in accordance with the statutory data protection legislation.

  1. Shipping Status

We will pass on your e-mail address to the courier in the course of processing the contract, provided that you expressly agreed to this in the ordering process. The transmission allows us to inform you by e-mail of the shipping status through our logistics partner. You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement.

SECTION XI. – Integrated Payment Methods

PayPal

The Data Controller has integrated components from PayPal into this website. PayPal is an online payment service provider. Payments are processed through PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments by credit cards if a user does not have a PayPal account. A PayPal account is managed using an e-mail address, which is why there is no classic account number. PayPal makes it possible to make online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the Data Subject selects PayPal as a payment option during the order process in our online shop, the Data Subject’s data will be automatically transmitted to PayPal. By selecting this payment option, the Data Subject consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data connected with the order is also necessary for the processing of the purchase contract. The purpose of data transmission is to process payments and prevent fraud. The Data Controller will transfer personal data to PayPal in particular if there is a legitimate interest for the transfer.

Personal data exchanged between PayPal and the Data Controller may be transferred by PayPal to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness. PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for the data to be processed in the order. This data is processed on the basis of Article 6(1)(f) of the GDPR under the legitimate interest in the above-mentioned purpose. You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR by notifying us. To exercise this right, you may contact us at any time, as the Data Controller or our data protection officer, using the contact details provided in this statement. Revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

You will find the applicable PayPal data protection regulations at

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Section XII. – Statutory or Contractual Provisions

  1. Provision of Personal Data

We inform you that the provision of personal data can partly be required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner).

  1. Consequences of Failure to Provide Personal Data

A failure to provide personal data can mean that a contract cannot be concluded with you. Before providing any data, you are welcome to contact our data protection officer if you have any questions. They will inform you whether the provision of personal data is legally or contractually determined and whether it is absolutely necessary for the conclusion of the contract with you or whether there is an obligation to provide personal data and what the consequences of a failure to provide the personal data are.

  1. Obligation to Provide Data

Sometimes you may be required to supply us with your personal data in order to conclude a contract, which must be processed by us as a result. For example, you are required to provide us with your personal data if our company wishes to enter into a contract with you.

  1. Objection to Spam E-Mails

We hereby expressly object to the use of contact details for the purpose of sending unsolicited marketing and information material, which must be published within the scope of the imprint obligation. We expressly reserve the right to take legal action in the event of the unsolicited sending of marketing information, such as spam e-mails.

  1. Links to Third Parties

If you use external links which appear on our website, then this data protection statement does not extend to these links. In so far as external links appear, we assure you that no breaches of the applicable data protection laws on the linked websites were identified at the time that the link was included. However, we have no influence on the compliance and implementation of the legal data protection regulations by other providers. Please visit the website of the respective provider to read its data protection policy and for details of its contact for data protection.

  1. Responsibility for Contents

Under Section 7(1) of the German Telemedia Act [Telemediengesetz] (TMG), as a service provider we are responsible for our own content on this website in accordance with general legislation. According to Sections 8 to 10 to the TMG, as the operator of this website, we are not obliged to monitor information transmitted or stored on this site by third parties or to monitor the site for signs of illegal activity. Obligations to remove or block the use of information under general legislation remain unaffected.

The free and freely accessible contents of this website were produced with the utmost care. We however expressly point out that we accept no liability or other responsibility for the accuracy, timeliness or completeness of the content provided in this data protection statement. The contents do not serve as legal advice on which you can rely when complying with the legal regulations on data protection – in particular the GDPR – nor can this replace individual legal advice.

  1. Liability

Liability claims against Artos Fencing Steffen Grollmisch GmbH & Co. KG which refer to damages of a material or intangible or immaterial nature caused by applying the content presented in this data protection statement or using potentially incorrect and incomplete or misleading content are excluded, provided that on the part of Artos Fencing Steffen Grollmisch GmbH & Co. KG no demonstrably intentional or grossly negligent fault exists.

  1. Legal Effect and Choice of Jurisdiction

Insofar as sections or individual terms in this data protection statement are not, or are no longer or not fully, applicable to the legal situation in question, the content and validity of the remaining parts of the document remains unaffected. German law applies. For consumers, this choice of law applies only insofar as the protection provided is not revoked by mandatory provisions of the laws of the state in which the consumer has their habitual residence (favourability principle).

  1. Other Provisions

Changes to the law or to our internal processes may required this data protection statement to be modified. In the event of such a change, we will inform you of this, insofar as possible, six weeks before the changes enter into force. You should read this policy every now and then to stay up to date on how we protect your data and continuously improve our website’s content. If we make material changes to the collection, use and/or disclosure of your personal data that you make available to us, we will advise you in a clear and prominent notification on the website.

You generally have a right of withdrawal with respect to the consent you have granted. Please note that unless you exercise your right of withdrawal), the current version of the privacy policy applies.

In the course of the development of legal provisions, Artos Fencing Steffen Grollmisch GmbH & Co. KG expressly reserves the right to amend parts of the statement or the statement in its entirety without separate announcement, to supplement it, to delete it or to cease publication temporarily or permanently. In addition, due to our lack of intention to be legally bound, no contractual relationship between us and you as the user of this content is created by obtaining this freely accessible content. For questions and suggestions on the topic of data protection at Artos Fencing Steffen Grollmisch GmbH & Co. KG, please contact: info@artos-mail.de

We will update this data protection statement when needed, based on the current circumstances, such as changes to legal requirements. The version published here applies.

-

This data protection statement was created by Artos Fencing Steffen Grollmisch GmbH & Co. KG.

Last updated 01/2021