Data protection bulletin for Kleen-Tex Industries GmbH, Fürhölzl 2, 6341 Ebbs, Austria
The consistent regulations of the EU General Data Protection Regulation (GDPR) have been in effect since May 25, 2018 with regard to data protection. In this data protection bulletin we provide information about the processing of your personal data by Kleen-Tex Industries GmbH, Fürhölzl 2, 6341 Ebbs (“Kleen-Tex” and/or “we” and/or “responsible party”) according to the provisions of the GDPR and of the data protection law (DSG 2018).
Please read through our data protection bulletin carefully. If you have questions or comments on our data protection bulletin, you may contact us at [email protected]
1. Responsible Party and Summary Information
1.1 Name and Contact Data of the Person Responsible for Data Processing
This data protection bulletin applies to the data processing by
Kleen-Tex Industries GmbH
KLEEN-TEX - SHOP
Phone: +43 5372 61380
Represented by the General Manager: Dr. Carolin Porcham
for the Shop-Website www.kleentexshop.eu
1.2 Types of Processed Data:
- General data (e.g., master customer data, names, addresses).
- Contact data (e.g., email, addresses, telephone numbers)
- Content data (e.g., text inputs)
- Contract data (e.g., contract topic, duration, customer category).
- Payment data (e.g., bank link, payment history)
- Usage data (e.g. web pages visited, interest in content, access times).
- Meta data/communication data (e.g. device information, IP addresses).
1.3 Processing of special categories of data (Art. 9, para. 1 GDPR)
No processing of special categories of data will occur.
1.4 Categories of Persons Affected by the Processing
- Interested persons
- Business partners
- Visitors and users of the online solicitation
1.5 Purpose of the Processing
- Provision of the online solicitation, its content and functions.
- Provision of contractual products, services and customer administration.
- Responding to contact inquiries and communication.
- Marketing, advertising and market research.
- Privacy Protocols.
1.6 Automated Decisions in an Individual Case
Credit assessment in the case of prior service as per Art. 22 GDPR.
2. Purpose of Data Processing, Legal Basis and Entitled Interests that can be Pursued by the Responsible Party or a Third Party, and Categories of Receivers
2.1 Calling of Our Websites/Applications
For each access to websites/applications, information is sent by the particular internet browser of your particular terminal to the server at our website and is temporarily saved in protocol data files, also known as Logfiles. The saved data sets contain the following data, which are stored until they are automatically deleted: Date and clock time of the call, name of the calling page, IP address of the calling device, referrer URL (origin URL from which you arrived at our website), the volume of data transmitted, load time, also product and version information about the used browser, and also the name of your internet access provider.
The legal basis for the processing of the IP address is Article 6 paragraph 1 letter f) of the GDPR.
- Our justifiable interest is indicated in order to ensure a smooth establishment of the connection,
- to ensure a convenient use of our website
- to evaluate system security and stability.
Based on the information it is not possible to draw any direct conclusion about your identity, and we shall not attempt to infer any such conclusion.
The data will be saved, and after the aforestated purpose has been achieved, will be automatically deleted. The usual schedule for deletion is governed according to the criterion of necessity.
2.1.2 Cookies, Tracking, Targeting Methods, Social-media Plug-ins
2.2 Initiation, Implementation and/or Completion of a Contract
2.2.1 Data Processing upon Initiation of Contract
When you register on one of our websites and/or conclude an additional contract with us, we process the data necessary for the initiation, implementation or completion of the agreement with you. These data include:
- First and last name
- Invoice and delivery address
- Invoice and payment data
- Telephone number
The legal basis for this data collection is Article 6 paragraph 1 letters a) and b) GDPR, that is, you provide the data based on the particular contractual relationship (e.g. administration of your customer/user account, handling of a purchase contract) between you and us. In addition, for processing of your email address in the case you make a purchase via our websites, we are legally required to send you an electronic order confirmation (Article 6 paragraph 1 letter c) GDPR).
If we do not use your data for advertising purposes (see Section 3.3) we will save the data collected for contract administration for the duration of the contract, and until expiration of the legal basis or expiration of any potential contractual warrantee and guarantee term. After passage of this time, we will retain the information on the contractual relationship required under commercial and tax law for the time established by law. During this time, the data will only be processed anew in the event of an audit by the financial authority.
Furthermore, the following data processing is necessary for administration of a purchase agreement via our websites:
Your payment data will be passed to a payment service provider, hired by us for handling the payment(s). We will pass information about your delivery address to the logistics companies and shipping partners under contract to us. To ensure that the product delivery is in accord with your wishes, we provide your email address and - if available - telephone number to the logistics companies and/or shipping partners tasked by us for making the delivery. The shipper may contact you in advance of delivery to coordinate any details with you. The particular data will be passed solely for the specific purposes and will be deleted again after completion of delivery.
2.2.2 Transfer of Data to Transportation Providers
We work with logistics companies/transport companies and/or shipping partners to ensure delivery of ordered products. The following data can be passed to them in order to facilitate delivery or arrival of the ordered products: First and last name, mailing address, email address, phone number (e.g. to announce arrival of your shipment).
Legal basis for the data processing is Art. 6 para. 1 letter b) GDPR.
We process your payment information for administration and crediting of your payments, for example, when you buy or acquire a product on kleentexshop.eu. Depending on the type of payment, we direct your payment information to third parties (for example, to your credit card company for credit card payments).
Legal Basis for the data processing is Art. 6 para. 1 letter a), Art. 6 para. 1 letter b) GDPR, and also Art. 6 para. 1 letter f) GDPR.
2.2.4 Credit Check and Transfer to Credit Agencies
In the case of delivery before payment, we reserve the right - in order to protect our justifiable interests - to obtain information on your identity and credit history in order to assess the credit risk, based on mathematic-statistical methods used by service companies specialized in this field (financial credit agencies).
As a part of the credit check, we can pass the following personal data of the customer (name, mailing address, date of birth) to the credit reporting agencies.
We process the information received from the credit reporting agencies about the statistical probability of a default of payment in order to make an appropriate and reasonable decision about the set-up, implementation and termination of the contractual relationship. In the case of a negative outcome of the credit check, we reserve the right to refuse a payment on receipt of invoice or to refuse any other service.
The decision about whether or not to make delivery before payment will be make in accordance with Art. 22 GDPR, solely on the basis of an automated decision in each individual case; this decision is handled by our software based on the information from the credit reporting agency.
If we obtain your express consent, the legal basis for the credit check and transfer of the customer’s data to the credit agencies, is your consent pursuant to Art. 6 para. 1 letter a) GDPR. If your consent is not obtained, our justifiable interests in your creditworthiness are based legally on Art. 6 para. 1 letter f) GDPR.
2.2.5 Use of Data for Prevention of Fraud
The data you provide during a purchase can be used to check whether this is an atypical ordering process (e.g. simultaneous purchase of a number of products to the same address by using different customer accounts). We have a fundamental, justifiable interest in performing this kind of check. The legal basis for the data processing is Art. 6 para. 1 letter f) GDPR.
2.2.7 Heidelpay GmbH
2.3 Data Processing for Advertising Purposes
2.3.1 Advertising by Mail
We have a fundamental, justifiable interest is using your data for marketing purposes. We process the following data for this purpose: First and last name, mailing address, email address.
In addition, we are entitled to use the stated data for marketing purposes, while observing the legal requirements. The goal is to provide you with advertising oriented toward your actual or probable interests, and not to annoy you with unwanted advertising.
Your saved data will not be passed to a third party.
The data can also be used to bring you individualized online advertising, and the advertising can be handled by outside vendors and/or agents. The legal basis for the use of personal data for marketing purposes is Art. 6 para. 1 letter f) GDPR.
Reference to your Right of Objection
You may object to the use of your personal data for the mentioned marketing purposes at any time and at no cost, with future effect, by visiting [email protected]
If you file an objection, then your data will be blocked from any further advertising. We should point out that in some cases, even after receipt of your objection, temporarily some advertising material may still be sent to you. This is because of the advance-time necessarily required for technical reasons and does not mean that we have failed to process your objection.
The following information relates to the content of our newsletter, and to the registration, sending and statistical evaluation methods, and to your right of objection. By subscribing to our newsletter, you state your agreement to receive the newsletter and to the subscription method.
Content of the newsletter: We send newsletters, emails and other electronic notifications with advertising information (hereinafter the “newsletter”) only with the consent of the receiver or based on other legal permission. To the extent that a subscription to the newsletter whose content has been paraphrased, they are definitive for the consent of the user [sic]. In addition, our newsletter contains information about our services and our company.
Double opt-in and log records: A subscription to our newsletter is handled by what is known as a double opt-in method. That is, after your registration, you will receive an email that asks you to confirm your registration. This confirmation is required so that no one with outside email addresses can register. The log-ins to the newsletter are recorded in order to document the registration process in accordance with the legal requirements. This includes the saving of log-in and the confirmation time, and also the IP address. Likewise, the changes to your data saved by the newsletter service provider will be recorded.
Sending of the newsletter and the related measure of its success are based on a consent of the receiver according to Art. 6 para. 1 a) Art. 7 GDPR in connection with § 107 para. 2 Telecomm Law (TKG), or if your consent is not needed, on the basis of our justifiable interests in direct marketing according to Art. 6 para. 1 f) GDPR in connection with § 107 para. 2 & 3 TKG.
Documentation of the registration process is based on our justifiable interests according to Art. 6 para. 1 f) GDPR. Our interest is aimed at the use of a user-friendly and secure newsletter system, which serves both our business interests and also the expectations of the user, and that further allows us to retain evidence of your consent.
Service provider: Sending of the newsletter is handled by the service provider “MailChimp,” a newsletter sending platform offered by the US vendor Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection policy of the service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy-Shield-agreement and offers a guarantee of compliance with the European data protection standard (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The newsletter service provider is employed on the basis of our justifiable interests as per Art. 6 para. 1 f) GDPR and based on a contract processing agreement as per Art. 28 para. 3 line 1 GDPR.
The service provider can use the receiver’s data in a pseudomized form, that is without association with a user, in order to optimize or improve their own services, e.g. for technical optimizing of the newsletter delivery and the presentation of the newsletter or for statistical purposes. However, the service provider does not use the data from our newsletter receivers to contact them otherwise, or to transfer the data to third parties.
Measure of success: The newsletters contain a “web beacon,” that is, a pixel-size file which is called by our server when opening the newsletter, or is called by the service provider’s server. Due to this call up, initially technical information, such as information about your browser and your system, and also your IP address and time of call are collected. This information is used for technical improvement of services, based on the technical data or the target groups and your reading behavior, based on the calling site (which can be determined with the aid of the IP address) or access times. Included among the collected statistical data is whether the newsletters are opened, when they are opened and which links are clicked on.
For technical reasons, this information is allocated to the individual newsletter receivers. However, it is neither our intent, nor that of the service provider, to monitor individual users. Rather, we use the evaluations to recognize reader customs and to tailor our content to them, or to send different content according to the interests of our users. It is not possible to opt-out of the measure of success; rather, in such a case the entire newsletter subscription must be cancelled.
Cancellation/opt-out - you can opt out of your subscription at any time, with future effect, by sending a message to [email protected], or by clicking on the opt-out at the end of every newsletter
2.4 Online Presence and Webpage Optimizing
2.4.1 Cookies - General Information
Most of the cookies we use are deleted again at the end of the browser session (known as session cookies). We can use these cookies, for example, to offer you comprehensive shopping cart displays where you can see how many articles are already in your shopping cart and the current cost of your purchase. Other cookies remain on your computer and enable us to recognize your computer again at your next visit (known as permanent or cross-session cookies). In particular, cookies are used to make our offers more user-friendly, more effective and safe. Due to these data files it is possible, for example, that you will see on the page certain information tailored to your specific interests.
Of course, you can set your browser so that it will not place our cookies on your terminal. The Help function in the menu list of most web browsers will show you how to configure your browser not to accept any new cookies, how to tell your browser to let you know when you get a new cookie, or even how you can delete all cookies and block all cookies in future.
The procedure is as follows:
In Internet Explorer:
In the “Extras” menu, select the “Internet options” item.
Click on the “data protection” item.
Now you can change the security settings for the internet zone. Here you specify whether and what cookies to accept or reject.
Confirm your selection with “OK.”
In the “Extras” menu, select the “Settings” item.
Click on “data protection.”
In the drop-down menu, select the item “Set up user-friendly settings.”
In Google Chrome:
On the Chrome menu click on the symbol list of the browser.
Now select the “settings.”
Click on “expanded.”
Under “Security and data protection,” click on “Content settings.”
Under “Cookies,” you can make the desired settings for saving of cookies.
However, we should point out that in this case you may not be able to access the full and complete functionality of this website.
If these cookies and/or the information contained therein pertains to personal data, then the legal basis for the data processing is Art. 6 para. 1 letter f) GDPR. Our interest in optimizing our website is justified within the meaning of the above-referenced regulation.
2.4.2 Google Analytics
Based on Article 6 para. 1 letter f) GDPR, we use Google Analytics, a web analysis service of Google Inc. (“Google”) to optimize our web pages and for needs-based configuration of our website. Google Analytics uses what are known as “cookies.” These are text files which are saved on your computer and which allow an analysis of your usage of this website.In this connection, pseudomized usage profiles are prepared and cookies are used. The information about your use of this website generated by the cookie is as follows:
- Used operating system
- Referrer URL (page previously visited),
- Host name of accessing computer (IP address),
- Clock time of server request
Under contract to the operator of this website, Google uses this information to evaluate your usage of the website so as to generate reports about website activity and to provide services to the website operator associated with website use and internet usage. The IP address passed from your browser will not be combined with other data by Google within the scope of Google Analytics.
We only use Google Analytics with active IP anonymizing. This means that the user’s IP address will first be abbreviated by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to the Google server in the USA and abbreviated there.
You can prevent the saving of cookies by making the appropriate setting in your browser software; however, we should point out that in such a case, you may not be able to fully exploit all functions of this website. Moreover, you can prevent the transfer to Google of data related to your use of the website by the cookie (including of your IP address), and also the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, especially for browsers on mobile terminals, you can block the data acquisition by Google Analytics by clicking on this link. This will place an opt-out cookie that will block the acquisition of your data upon any future visits to this website. The opt-out cookie applies only in this browser and only for our website, and is placed on your device. If you delete your cookies in this browser, then you will have to set the opt-out cookie again. Additional information about data protection in connection with Google Analytics is found on the Google Analytics webpage.
Google is certified under the Privacy-Shield-agreement and offers a guarantee of compliance with the European data protection standard (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The user’s personal data will be deleted or anonymized after 14 months.
2.4.4 Google AdWords
Our website uses the service of Google AdWords. Google AdWords is an Online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
In this regard, we use firstly the Remarketing function within the Google AdWords service. With the Remarketing function we can refer the users of our website to other websites within the Google display network (on Google itself, called “Google displays” or on other websites) for their interest-based advertising. In this regard the interaction of users of our website is analyzed, e.g. indicating which offers are of interest to users, about how to display to visitors to our website the targeted advertising on other web pages. To this end Google saves a number in the browsers of users who visit certain Google services or websites in the Google display network. The user visits are detected by means of the number designated as “cookies.” This number is used for unambiguous identification of a web browser on a particular computer, and not for identification of a person; personal data is not saved. Legal Basis for the data processing
2.4.5 Google Conversion-Tracking
Furthermore, within the scope of our use of the Google AdWords service, we use what is known as Conversion Tracking. When you click on a Google-based ad, a cookie will be set on your computer/terminal for conversion tracking. These cookies become invalid after 30 days, do not contain any personal data and are not used for personal identifying of the user. The information obtained by means of the conversion cookies are used to prepare conversion statistics for AdWords clients who have obtained the conversion tracking function.
Legal Basis for the data processing
is Art. 6 para. 1 letter f) GDPR.You can prevent the saving of cookies by making the appropriate setting in your browser software; however, we should point out that in such a case, you may not be able to fully exploit all functions of this website. In addition, you can deactivate interest-based displays on Google, and also interest-based Google displays in the web (within the Google display network) in your browser, by clicking the “off” button at http://www.google.de/settings/ads or by making the deactivation at http://www.aboutads.info/choices/. Additional information on possible settings in this regard, and about Google data privacy is found at https://www.google.de/intl/de/policies/privacy/?fg=1.
We use the software NewRelic on our website. This enables an analysis of your website usage. The information stored by the cookie about your use of this website (including your IP address) is transferred to a NewRelic server in the USA. We process the data due to our predominant interest in the optimal marketing of our online offer according to Art.6 Par. 1 f) DSGVO. NewRelic will use the stored information to evaluate your use of the website, to compile reports on website activities for the website operators and to provide further services related to website and internet use. NewRelic is certified according to the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation: https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active Further information on data protection can be found here: https://newrelic.com/termsandconditions/privacy
2.5 Customer Account/User Account
You can withdraw your consent at any time, either within your account or at the end of the newsletter. After registration, you have full access to our service and to our offers.
If you set up a user/customer account, your collected data will be processed based on Article 6 para. 1 letter b) and a) GDPR.
You are allowed to delete your customer account at any time. However, please note that this does not simultaneously mean a deletion of the data visible in your customer account if you have once ordered from us. The deletion of your data occurs automatically after expiration of our retention requirements under applicable commercial and tax law. Legal basis for this additional data processing is Art. 6 para. 1 letter c) GDPR and also Art. 6 para. 1 letter f) GDPR.
2.6 Contact Us
You can contact us by several different means. By email, by telephone or by post. When you contact us, we use the personal data that you have voluntarily provided in this respect, solely for the purpose of responding to you and for processing of your inquiry.
Legal Basis for the data processing is Art. 6 para. 1 letter a), Art. 6 para. 1 letter b), Art. 6 para. 1 letter c) GDPR and also Art. 6 para. 1 letter f) GDPR.
2.7 Customer Reviews/Comments
There are various ways for you to publish your own reviews of [email protected] (such as product reviews). If you provide reviews of products, brands and styles, we process the personal data that you input as a part of your commentary or that you have provided voluntarily. You can publish comments on kleentexshop.eu under a pseudonym and/or your first name and abbreviated last name. If users leave comments or other contribution on www.kleentexshop.eu, their IP addresses are saved for 7 days, based on our justified interests within the meaning of Art. 6 para. 1 letter f) GDPR. This is done for our own safety, in case someone leaves comments or contributions with unlawful content (insults, prohibited political propaganda etc.).
The legal basis for this data processing is Art. 6 para. 1 letter a), Art. 6 para. 1 letter b) and also Art. 6 para. 1 letter f) GDPR.
3. Online Presence and Incorporated Content and Functions
3.1. Online Presence in Social Media and Social Plugins
We maintain an online presence in social networks and platforms in order to communicate with customers, users and other interested people and to inform you about our services.
We should point out that user data can be processed outside the territory of the European Union. Thus might involve certain risks for users because the enforcement of users’ rights may be made more difficult. With respect to US vendors who are certified under the Privacy Shield, we should point out that they are thus obligated to maintain the EU data protection standards.
Furthermore, the user’s data is usually processed for market research and advertising purposes. For instance, user profiles can be prepared from the usage behavior and derived user interests. The usage profiles can then be used to display advertising both inside and outside of the platforms; these ads should presumably correspond to the user’s interests. For this purpose, usually cookies will be saved on the user’s computer which save the user’s usage behavior and interests. Also, the user’s profile can also contain data independently of the devices used by the user (especially when the user is a member of the particular platform and is logged into the platform).
Processing of personal user data takes place on the basis of our justified interests in a providing effective communication with users in accordance with Art. 6 para. 1 letter f) GDPR. If the user is requested to provide consent for the specific data processing by the particular manager of the platform, then the legal basis for the processing is Art. 6 para. 1 (a, Art. 7 GDPR.
For a detailed description of the particular processing and opt-out features, we refer to the following linked statement of the vendor.
Also in the event of general inquires and the enforcement of user rights, we point out that these can be most effectively attained directly from the vendors. Only the vendors have access to the user’s data and can undertake appropriate measures directly and provide information. Nonetheless, if you do need help, then you can contact us.
specifically for pages:
https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,
3.2. Incorporation of Third-Party Services and Content
Within our online offers and based on our justifiable interests (that is, our interest in analysis, optimizing and the financial operation of our online offers, within the meaning of Art. 6 para. 1 letter f) GDPR) we use the content or service offers from third party vendors in order to incorporate their content and services, such as videos or lettering (hereinafter consistently designated as “content”).
This always presumes that the third-party vendors of this content know the IP address of the user, since the content cannot be sent to the user’s browser without the IP address. Thus the IP address is required for the display of this content. We endeavor to use only that content from vendors who use the IP address solely for delivery of their content. Also, third-party vendors can use pixel tags (invisible graphics, also called “Web Beacons”) for statistical or marketing purposes. The pixel tags can also evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information can also be saved in cookies on the user’s device, and can also contain technical information about the browser and operating system, the referring webpages, time of visit and other data about the use of our online offer, and can also be linked to related information from other sources.
3.2.1. Use of Facebook Social Plugins
Based on our justifiable interests (that is, our interest in analysis, optimizing and the financial operation of our online offers, within the meaning of Art. 6 para. 1 letter f) GDPR) we use social plugins of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
This includes content such as pictures, videos or text and links that allow users to share the content of the online offers within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy-Shield-agreement and offers a guarantee of compliance with the European data protection standard (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer which contains a plugin, the user’s device establishes a direct link to the Facebook servers. The content of the plugin is passed by Facebook directly to the user’s device and it is then linked to the online offer. Usage profiles can be constructed for the particular user from this processed data. Therefore, we have no influence on the scope of the data that Facebook collects with these plugins and the user is advised accordingly.
Due to the incorporation of plugins, Facebook obtains information that a user has called up the corresponding page of the online offer. If the user is logged into Facebook, then Facebook can assign the visit to the user’s Facebook account. If users interact with the plugins, for example, by touching the Like button or give a comment, then the corresponding information is passed from your device directly to Facebook and is saved there. If a user is not a Facebook member, there is still the possibility that Facebook will learn of and save the user’s IP address. According to Facebook, only an anonymized IP address is saved in Germany.
The scope and purpose of the data collection and the subsequent processing and use of the data by Facebook, and also the user’s related rights and opt-out procedures to protect the user’s privacy can be found in the Facebook data privacy instructions: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about this online offer and link it to his member data saved at Facebook, then before using our online offer the user must log off from Facebook and delete the cookies. Additional settings and objections to the use of data for advertising purposes can be filed within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or on the USA pagehttp://www.aboutads.info/choices/ or the EU-page http://www.youronlinechoices.com/. The settings are handled regardless of the platform, that is, they are accepted for all devices, such as desktop computers or mobile devices.
You can exclude yourself from the tracking through facebookhere.
4. Cooperation with Contract Processors, Cooperative Parties and Third Parties
If within the scope of our processing, we disclose data to other persons and companies (Contract Processors, Cooperative Parties and Third Parties), transfer such data to them or otherwise grant them access to the data, then this shall occur only on the basis of a legal permission (e.g. when a transfer of data to third parties, such as to payment administrators, is necessary in fulfillment of a contract), users have granted consent, a legal obligation so requires, or on the basis of our justifiable interests (e.g. for use of employees, web hosts, etc.).
4.1. Transmittal to Third Countries
If we process data in a third country (i.e. outside of the European Union (EU), the European Economic Zone (EEZ) or the Swiss Federation ), or if this occurs as a part of our cooperation with third-party service providers, or if we disclose or transfer data to other persons or companies, this shall only occur if it is in fulfillment of our (pre)contractual duties, on the basis of your consent, or based on a legal requirement, or based on our justifiable interests. Under the proviso of legal or contractual consent, we process or send the data into a third country only in compliance with the legal prerequisites. That is, the processing occurs e.g. based on separate guarantees, such as the officially recognized adherence to one of the data protection standards current in the EU (for example, the “Privacy Shield” in the USA), or by observing officially recognized, special contractual stipulations.
4.2 Data Transfer within the Corporate Group
If we disclose, transfer or otherwise allow access to data by other companies of our corporate group, in particular for administrative purposes, then this shall occur as a justified interest, and additionally is based on one of the principles corresponding to legal requirements. Disclosure may occur, in particular to our parent company in the USA, Kleen-Tex Industries Inc., 50 Hurt Plaza SE, Suite 1040, Atlanta, Georgia 30303, USA.
5. Your Rights
In addition to your right to rescind your consent provided to us, under certain legal circumstances you are also entitled to the following additional rights:
- - the right to information about your personal data saved by us (Art. 15 GDPR), in particular you can request information about the purpose of the processing, the category of personal data, the categories of receivers to whom your data was or will be disclosed, the planned retention time, the origin of your data, provided it was not collected from you directly;
- - the right to correct erroneous data or to supplement correct data (Art. 16 GDPR),
- - the right to erase your data saved by us (Art. 17 GDPR), provided there is no required legal or contractual retention period or other legal duty or right for continued retention of the data by us,
- - the Right to Restrict the Processing of your data (Art. 18 GDPR), provided you dispute the accuracy of the data, the processing is unlawful, but you waive its erasure, the responsible party no longer needs the data but you still need it to enforce, exercise or defend your rights relating to legal claims, or if, pursuant to Art. 21 GDPR you have filed an opposition against the processing of the data,
- - the Right to Data Portability pursuant to Art. 20 GDPR, that is, the right to receive, in a currently machine-readable format, the data we have saved about you, or to request transfer of such data to another party nominated by you,
- - the right to file a complaint with the oversight authority. Generally you may refer to the oversight authority cognizant for your usual place of residence or your workplace, or at our corporate headquarters.
You may enforce your entitled rights against us by referring to this web address: [email protected].
5.2 Right to Object
Under the provisions of Art. 21 para. 1 GDPR you have the right to object to the data processing on grounds relating to your particular situation.
5.3 Right of Cancellation
When we are processing data based on your given consent, you have the right at any time to cancel your provided consent. The cancellation of consent shall not mean that the data processing occurring on the basis of your consent up to the time of the cancellation shall be rendered void.
6. Data Security
All your personal, transmitted data, including your payment data, is transmitted via the generally recognized and secure SSL Standard (Secure Socket Layer). SSL is a secure and proven Standard, which is also being used for online banking, for example. You can recognize a secure SSL-connection, inter alia, by the appended ‘s’ to the http (thus: https://...) in the address line of your browser, or by the lock symbol in the lower region of your browser.
In addition, we make use of proprietary technical and organizational security means in order to protect your personal data saved by us, against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security means are being constantly improved in accordance with advances in technology.