Data Protection

Privacy Statement - English Translation

In case there is any incompatibility between our german privacy statement and the english translation, the German version of all the texts shall prevail.

I. Name and Address of the Responsible

The Responsible in accordance with the data protection regulation (EU-DSGVO) and other national data protection laws of the Member States as well as other data protection provisions is:

H. ZANDER GmbH & Co. KG
Am Gut Wolf 15
52070 Aachen, Germany
Tel.: +49 241 910 501-0
Email: info@zander-aachen.de
Website: www.zander-aachen.de

II. Name and Address of the Data Protection Officer

The Data Protection Officer of the Responsible is:

Mrs. Christiane Nittschalk
H. Zander GmbH & Co. KG
Am Gut Wolf 15
52070 Aachen, Germany
Tel.: +49 241 910 501-16
Email: privacy@zander-aachen.de
Website: www.zander-aachen.de

III. Data processing in general

1. Scope of personal data processing

We collect and use personal data of the users in principle only where necessary in order to ensure a functioning website as well as our contents and services. The collection and use of personal data of our users shall only be permissible subject to the prior agreement of the user. An exception applies for such cases, in which obtaining prior consent was actually not possible and the processing of the data is permitted by applicable law and regulation.

2. Legal basis for the processing personal data

As far as we obtain authorisation for processing personal data of the individual, Art. 6 Para. 1(a) of the EU-General Data Protection Regulation (GDPR) applies as a legal basis.

With regard to the processing of personal data, that is necessary for the performance of the contract, of which the individual is a contracting party, Art. 6 Para. 1 (b) of the GDPR applies as a legal Basis. This also applies to processing, that is necessary for the performance of pre-contractual measures.

As far as processing of personal data is necessary to fulfil legal obligations, our company is subjected to Art. 6 Para. 1 (c) of the GDPR applies as a legal basis.

In the event, that vital interests of the individual or any other natural person require the processing of personal data, Art. 6 Para. 1(d) of the GDPR applies as a legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests and fundamental rights and freedoms of the individual don’t outweigh the first mentioned interest, Art. 6 Para. 1 (f) of the GDPR applies as a legal basis.

3. Data deletion and storage duration

The personal data from the individual will be deleted or blocked of, as soon as the purpose of storage is no longer pursued. A storage can additionally be made, if it is intended by the european or national legislature in union law regulations and laws, the individual is subjected to. An erasure or blocking also takes place, if the data retention period from the mentioned standards, expires, unless the necessity for further storage of the data to conclude or fulfil the contract is given

4. Links to other websites

Please keep in mind, that our website can contain links to third party websites, whos personal data management may differ from ours. If you enter personal data on third party websites, your data is subject to the data protection guidelines of the respective website. We recommend, to examine the data protection guidelines of all visited websites.

IV. Provision of the website and the creation of log files

1. Specification and extent of data processing

With every visit of our website, our system (web service) automatically collects data and information from the computer system of the visiting computer.

The following data is collected:

  • IP address of the device with which you are accessing the website
  • Type of Browser, with which you access
  • The website you previously accessed
  • Date and time of the access

The IP address will only be stored, if it contributes to the functionality of our website (technically necessary). The IP addresses will otherwise be anonymised. In the created log files the IP addresses are anonymised.

The data is also stored in log files of our system. A storage of this data with other personal data from the user does not take place.

2. Legal basis for data processing

Art. 6 Para. 1 (f) of the GDPR is the legal basis for the temporary storage of the data and log files.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the users computer. Therefore the IP address of the user has to be stored for the duration of the visit.

The storage in the log files takes place, to ensure the functionality of the website. In addition the data helps us to optimise the website and to ensure the safety of our information technology system. An evaluation of the data for marketing purposes does not take place in this context. 

Within these purposes our legitimate interest for the data processing according to Art.6 Para. 1 (f) of the GDPR is also represented.

4. Duration of the retention

The data will be deleted, as soon as it is no longer necessary for the purpose of its collection. In terms of data collection to provide the website, this is the case as soon as the current session is closed.

Regarding the storage of the data in log files, this is the case after seven days at most. A further storage is possible. In this case, the IP address from the user will be erased or alienated, so that an assignment of the calling client is no longer possible.

5. Objection and disposal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. As a result there is no possibility to object for the user.

V. The usage of cookies

1. Specification and extent of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser may be identified even after a page change.

a. Session cookies

The following data is stored and transmitted in the cookies:
- used browser
- operating system
- visited websites
Deletion of the cookies takes place after the current session has been terminated.

b. Cross-site request forgery cookie (csrf)

To ensure, that your data entered in our forms cannot be manipulated:
- your entered data
Deletion of the cookies takes place after the current session has been terminated.

c. Cookie-bar with data protection notice

The following data is stored and transmitted in the cookies.
- if you have clicked the cookie agreement as read
Deletion of the cookies takes place one month after your last visit of our website.

d. Pop-up newsletter cookie

The following date is stored and transmitted in the cookies:
- if you clicked on the newsletter pop-up
Deletion of the cookies takes place one month after your last visit of our website

In addition, we use cookies on our website that allow an analysis of the users browsing habits (see also point VIII Web analysis by Matomo).

The following data can be transmitted this way:

  • Entered search words
  • Frequency of page views
  • Duration of website visit
  • Made downloads
  • Country of origin of the Connection
  • Used browser
  • Used operating system

The data from the user that is collected this way is pseudonymised by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data from the users.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this privacy policy. In this context an indication on how to prevent the storage of cookies in the browser settings will be shown.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 (f) GDPR.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For this, it is necessary, that the browser is recognised even after a page change.

We require cookies for the following applications:

  • Newsletter registration / cancellation
  • Acceptance of the privacy policy
  • Manipulation protection of your entered data, e.g. in the request form
  • Page change

The user data collected through technically necessary cookies will not be used to create user profiles.

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through analysis cookies, we learn how the website is used and by that constantly optimise our offer.

When using our website, a unique web analytics cookie is stored in your browser in order to pseudonymise and analyse various statistical data. If you wish not to use this cookie, click the following link to place the Matomo / Piwik deactivation cookie in your browser.

You will then see the following text: "Tracking is currently not active for you because your browser has informed us that you do not want tracking. This is a browser setting. To re-enable tracking, you must disable the so-called "Do Not Track" setting in your browser settings. "

Within these purposes our legitimate interest for the data processing according to Art.6 Para. 1 (f) of the GDPR is also represented.

4. Duration of retention, objection and deletion possibilities

Cookies are stored on the computer of the user and transmitted to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their fullest extent.

VI. Newsletter

1. Specification and extent of data processing

On our website you can subscribe to a free newsletter. By doing so the data from the input mask will be transmitted to us.

- the e-mail address.

In addition, the following data will be collected and stored during registration:

(1) IP address of the calling computer

(2) Date and time of registration

During the registration process your consent for processing the data is required and a reference to this privacy policy is made. If you request or purchase goods or services from us and thereby enter your e-mail address, it can subsequently be used by us for sending a newsletter. In such a case, the newsletter will only include direct advertisement for similar goods or services of our company. In connection with the processing of date for the newsletters, there will be no disclosure of the data to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after the user has registered for the newsletter and given the consent is Art. 6 Para. 1 (a) of the GDPR. The legal basis for sending the newsletter as a result of an offer or sale of goods or services is § 7 (3) UWG.

3. Purpose of the data processing

The collection of the user's e-mail address serves the delivery of the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

4. Duration of the retention

The data will be deleted, as soon as it is no longer necessary for the purpose of its collection. The users e-mail address is therefore stored as long as the subscription to the newsletter is active. Other personal data collected during the registration process will be deleted after a period of seven days.

5. Objection and deletion possibility

The subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter.

This also allows a revocation of the consent to store the personal data collected during the registration process.

VII. Contact form and e-mail contact

1. Specification and extent of data processing

On our website a contact form is available, which can be used to contact us electronically. If a user uses this option, the data entered in the input mask will be transmitted to us and stored. The following data will be stored:

  • first given name
  • Surname*
  • Company*
  • Department
  • Street, house number*
  • Postcode / town*
  • Country*
  • Phone*
  • E-mail*

(All fields marked with * are mandatory).

  • Your given information on the desired catalog documents.
  • Your questions.

At the time of sending the message, the following data is also stored:

(1) The IP address of the user

(2) Date and time of registration

During the registration process your consent for processing the data is required and a reference to this privacy policy is made.

Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, there will be no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data is, after the user has given the required consent, Art. 6 Para. 1 (a) of the GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1(f) of the GDPR.

If the e-mail contact aims to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 (b) of the GDPR.

3. Purpose of the data processing

The processing of personal data from the input mask serves only the processing of the contact. In the case of contact via e-mail, this also includes the required legitimate interest in processing the data.Other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of the retention

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends, as soon as all relevant facts and questions have been clarified.

5. Objection and deletion possibility

The user has the possibility at any time to revoke his consent to process the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. If this is the case, the conversation can not be continued.

Send us an e-mail to privacy@zander-aachen.de or a fax (+49 241 910 501 38) with your revocation of the consent or the objection of storage. All personal data stored in the course of contacting will be deleted in this case.

VII. Web analysis by Matomo (former PIWIK)

1. Extent of processing the personal data

On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behaviour of our users. The software places a cookie on the users computer (for cookies see above). If individual pages of our website are called, the following data is stored:

(1) Two bytes of IP address from the calling system from user

(2) The called website

(3) The website from which the user came to the accessed website (referrer)

(4) The subpages that are called from the called web page

(5) The length of stay on the website

(6) The frequency of calling the website

The software runs exclusively on the servers of our website. A storage of the users personal data from takes place only there. A transfer of the data to third parties does not take place.

The software is set so that the IP addresses are not completely stored but 2 bytes of the IP address are masked (eg. 192.168.xxx.xxx). This way, an assignment of the shortened IP address to the calling computer is no longer possible.

2. Legal basis for the processing of personal data

The legal basis for processing the users personal data is Art. 6 Para. 1 (f) of the GDPR.

3. Purpose of the data processing

The processing of the users personal data enables us to analyse the surfing behaviour of our users. By analysing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes, our legitimate interest lies in the processing of the data according to Art. 6 Para. 1 (f) of the GDPR. Through the anonymisation of the IP address the users interests in protection of personal data is sufficiently taken into account.

4. Duration of the retention

The data will be deleted as soon as it is no longer needed for our recording purposes. This is the case after 60 days.

(See https://matomo.org/docs/privacy)

5. Objection and deletion possibility

Cookies are stored on the users computer and transmitted to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

We offer an opt-out of the analysis process on our website for our users. For this you must follow the appropriate link. This way, another cookie is set on your system, which signals our system not to save the data of the user. If in the meantime the user deletes the corresponding cookie from his own system, he must set the opt-out cookie again.

For more information on the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/.

IX. Webanalysis by Google analytics

If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited (“Google”) is used on this website. The use includes the “Universal Analytics”  operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. This data protection notice is provided by “https://www.intersoft-consulting.de" .

1. Extent of processing the personal data

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit "https://www.google.com/analytics/terms/gb.html" or "https://policies.google.com/?hl=en" .

2. Legal basis for the processing of personal data

The legal basis for the use of Google Analytics is your consent in accordance with <a href="https://gdpr-info.eu/art-6-gdpr/" Art. 6 para. 1 lit. a GDPR.

3. Purpose of the data processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

4. Duration of the retention

The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

5. Objection and deletion possibility

You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the "https://tools.google.com/dlpage/gaoptout?hl=en" Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: "javascript:gaOptout()" Disable Google Analytics.

6. Recipients or Categories of Recipients

The recipient of the collected data is Google.

7. Transfer to Third Countries

Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision. You can download the certificate https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

X. Rights of the person concerned

If you process personal data, you are a person concerned for the purpose of the GDPR and have the following rights towards the responsible party.

1. Right to information

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is done, you can request information from the responsible party about the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

(4) the planned duration of the retention of your personal data or, if specific information is not available, criteria for determining the duration of the retention;

(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict the processing by the responsible party or a right to object to such processing;

(6) the existence of a right to appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data is not collected from the data subject;

(8) the existence of an automated decision-making, including profiling under Art. 22 Para. 1 and 4 of the GDPR and – in this case - meaningful information about the logic involved, as well as the extent and intended impact of such processing for the person concerned.

You have the right to request information about whether your personal information is transmitted to a third country or an international organisation. In this context, you can request information about the appropriate guarantees in accordance with. Art. 46 of the GDPR in connection with the transmission .

2. Right of rectification

You have a right of rectification and / or completion towards the responsible party, if the personal data you process is incorrect or incomplete. The responsible party must make the correction without delay.

3. Right to restrict the processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal information for a period of time that allows the responsible party to verify the accuracy of your personal information;

(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand a usage restriction of the personal data;

(3) the responsible party no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or

(4) if you have objected to the processing in accordance to Art. 21 Para. 1 of the GDPR and it is not yet certain whether the legitimate interests of the responsible party outweigh your interests.

If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restricted processing has been restricted,  according to the conditions mentioned above, you will be informed by the person in charge before the restriction is lifted.

4. Right to deletion

a) obligation to delete

You may call on the responsible party to delete your personal information without delay, and the responsible party is required to delete that information immediately if one of the following is true:

(1) Personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent, on which the processing according to Art. 6 Para. 1  (a) or Art. 9 Para. 2 (a) of the GDPR is based on and there is no other legal basis for processing.

(3) You provide an objection to processing in accordance with Art. 21 Para. 1 of the GDPR and there are no prior justifiable reasons for the processing, or you provide objection to processing according to. Art. 21 Para. 2 of the GDPR.

(4) Your personal data has been processed unlawfully.

(5) The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the responsible party is subjected.

(6) The personal data concerning you was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 of the GDPR.

b) Information to third parties

If the person in charge has made the personal data concerning you public and is, according to Art. 17 Para. 1 of the GDPR, obligated to delete it, he or she has to take appropriate measures, including technical measures, taking available technologies and costs of implementation into account, to inform all responsible parties, who process the personal data that you, the person concerned, are requesting deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right of deletion does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfil legal obligations that require processing under Union or Member State law to which the responsible party is subjected to or for the performance of a task of public interest or in the exercise of official authority the responsible party has been delegated to;

(3) for reasons of public interest in the field of public health according to Art. 9 Para. 2 (h) and (i) and Art. 9 Para. 3 of the GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 Para. 1 of the GDPR, as long as to the the law referred to in subparagraph (a) is likely to impair or render the processing impossible, or

(5) to assert, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of the processing towards the responsible party, he / she is obliged to notify all recipients, to whom your personal data has been disclosed, of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have a right to the responsible party to be informed about these recipients.

6. Right to object

You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data according to Art. 6 Para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The responsible party will no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object against the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EG, you have the option, in connection with the usage of information society services, of exercising your right to object through automated procedures that use technical specifications.

7. Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of the consent does not affect the legality of the carried out processing on the basis of the consent until the revocation.

8. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority, to which the complaint has been submitted, informs the complainant about the status and results of the complaint, including the possibility of a judicial remedy according to Art. 78 of the GDPR.