Privacy Statement - English Translation
In case there is any incompatibility between our german privacy statement and the english translation, the German version of all the texts shall prevail.
The Responsible in accordance with the data protection regulation (EU-DSGVO) and other national data protection laws of the Member States as well as other data protection provisions is:
H. ZANDER GmbH & Co. KG
Am Gut Wolf 15
52070 Aachen, Germany
Tel.: +49 241 910 501-0
The Data Protection Officer of the Responsible is:
Mrs. Christiane Nittschalk
H. Zander GmbH & Co. KG
Am Gut Wolf 15
52070 Aachen, Germany
Tel.: +49 241 910 501-16
We collect and use personal data of the users in principle only where necessary in order to ensure a functioning website as well as our contents and services. The collection and use of personal data of our users shall only be permissible subject to the prior agreement of the user. An exception applies for such cases, in which obtaining prior consent was actually not possible and the processing of the data is permitted by applicable law and regulation.
As far as we obtain authorisation for processing personal data of the individual, Art. 6 Para. 1(a) of the EU-General Data Protection Regulation (GDPR) applies as a legal basis.
With regard to the processing of personal data, that is necessary for the performance of the contract, of which the individual is a contracting party, Art. 6 Para. 1 (b) of the GDPR applies as a legal Basis. This also applies to processing, that is necessary for the performance of pre-contractual measures.
As far as processing of personal data is necessary to fulfil legal obligations, our company is subjected to Art. 6 Para. 1 (c) of the GDPR applies as a legal basis.
In the event, that vital interests of the individual or any other natural person require the processing of personal data, Art. 6 Para. 1(d) of the GDPR applies as a legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests and fundamental rights and freedoms of the individual don’t outweigh the first mentioned interest, Art. 6 Para. 1 (f) of the GDPR applies as a legal basis.
The personal data from the individual will be deleted or blocked of, as soon as the purpose of storage is no longer pursued. A storage can additionally be made, if it is intended by the european or national legislature in union law regulations and laws, the individual is subjected to. An erasure or blocking also takes place, if the data retention period from the mentioned standards, expires, unless the necessity for further storage of the data to conclude or fulfil the contract is given
Please keep in mind, that our website can contain links to third party websites, whos personal data management may differ from ours. If you enter personal data on third party websites, your data is subject to the data protection guidelines of the respective website. We recommend, to examine the data protection guidelines of all visited websites.
With every visit of our website, our system (web service) automatically collects data and information from the computer system of the visiting computer.
The following data is collected:
The IP address will only be stored, if it contributes to the functionality of our website (technically necessary). The IP addresses will otherwise be anonymised. In the created log files the IP addresses are anonymised.
The data is also stored in log files of our system. A storage of this data with other personal data from the user does not take place.
Art. 6 Para. 1 (f) of the GDPR is the legal basis for the temporary storage of the data and log files.
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the users computer. Therefore the IP address of the user has to be stored for the duration of the visit.
The storage in the log files takes place, to ensure the functionality of the website. In addition the data helps us to optimise the website and to ensure the safety of our information technology system. An evaluation of the data for marketing purposes does not take place in this context.
Within these purposes our legitimate interest for the data processing according to Art.6 Para. 1 (f) of the GDPR is also represented.
The data will be deleted, as soon as it is no longer necessary for the purpose of its collection. In terms of data collection to provide the website, this is the case as soon as the current session is closed.
Regarding the storage of the data in log files, this is the case after seven days at most. A further storage is possible. In this case, the IP address from the user will be erased or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. As a result there is no possibility to object for the user.
The following data can be transmitted this way:
The data from the user that is collected this way is pseudonymised by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data from the users.
The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 (f) GDPR.
We require cookies for the following applications:
The user data collected through technically necessary cookies will not be used to create user profiles.
The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through analysis cookies, we learn how the website is used and by that constantly optimise our offer.
When using our website, a unique web analytics cookie is stored in your browser in order to pseudonymise and analyse various statistical data. If you wish not to use this cookie, click the following link to place the Matomo / Piwik deactivation cookie in your browser.
You will then see the following text: "Tracking is currently not active for you because your browser has informed us that you do not want tracking. This is a browser setting. To re-enable tracking, you must disable the so-called "Do Not Track" setting in your browser settings. "
Within these purposes our legitimate interest for the data processing according to Art.6 Para. 1 (f) of the GDPR is also represented.
On our website you can subscribe to a free newsletter. By doing so the data from the input mask will be transmitted to us.
- the e-mail address.
In addition, the following data will be collected and stored during registration:
(1) IP address of the calling computer
(2) Date and time of registration
The legal basis for processing the data after the user has registered for the newsletter and given the consent is Art. 6 Para. 1 (a) of the GDPR. The legal basis for sending the newsletter as a result of an offer or sale of goods or services is § 7 (3) UWG.
The collection of the user's e-mail address serves the delivery of the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.
The data will be deleted, as soon as it is no longer necessary for the purpose of its collection. The users e-mail address is therefore stored as long as the subscription to the newsletter is active. Other personal data collected during the registration process will be deleted after a period of seven days.
The subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter.
This also allows a revocation of the consent to store the personal data collected during the registration process.
On our website a contact form is available, which can be used to contact us electronically. If a user uses this option, the data entered in the input mask will be transmitted to us and stored. The following data will be stored:
(All fields marked with * are mandatory).
At the time of sending the message, the following data is also stored:
(1) The IP address of the user
(2) Date and time of registration
Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
In this context, there will be no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
The legal basis for processing the data is, after the user has given the required consent, Art. 6 Para. 1 (a) of the GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1(f) of the GDPR.
If the e-mail contact aims to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 (b) of the GDPR.
The processing of personal data from the input mask serves only the processing of the contact. In the case of contact via e-mail, this also includes the required legitimate interest in processing the data.Other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends, as soon as all relevant facts and questions have been clarified.
The user has the possibility at any time to revoke his consent to process the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. If this is the case, the conversation can not be continued.
Send us an e-mail to firstname.lastname@example.org or a fax (+49 241 910 501 38) with your revocation of the consent or the objection of storage. All personal data stored in the course of contacting will be deleted in this case.
On our website we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behaviour of our users. The software places a cookie on the users computer (for cookies see above). If individual pages of our website are called, the following data is stored:
(1) Two bytes of IP address from the calling system from user
(2) The called website
(3) The website from which the user came to the accessed website (referrer)
(4) The subpages that are called from the called web page
(5) The length of stay on the website
(6) The frequency of calling the website
The software runs exclusively on the servers of our website. A storage of the users personal data from takes place only there. A transfer of the data to third parties does not take place.
The software is set so that the IP addresses are not completely stored but 2 bytes of the IP address are masked (eg. 192.168.xxx.xxx). This way, an assignment of the shortened IP address to the calling computer is no longer possible.
The legal basis for processing the users personal data is Art. 6 Para. 1 (f) of the GDPR.
The processing of the users personal data enables us to analyse the surfing behaviour of our users. By analysing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes, our legitimate interest lies in the processing of the data according to Art. 6 Para. 1 (f) of the GDPR. Through the anonymisation of the IP address the users interests in protection of personal data is sufficiently taken into account.
The data will be deleted as soon as it is no longer needed for our recording purposes. This is the case after 60 days.
We offer an opt-out of the analysis process on our website for our users. For this you must follow the appropriate link. This way, another cookie is set on your system, which signals our system not to save the data of the user. If in the meantime the user deletes the corresponding cookie from his own system, he must set the opt-out cookie again.
For more information on the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/.
If you process personal data, you are a person concerned for the purpose of the GDPR and have the following rights towards the responsible party.
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is done, you can request information from the responsible party about the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the retention of your personal data or, if specific information is not available, criteria for determining the duration of the retention;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict the processing by the responsible party or a right to object to such processing;
(6) the existence of a right to appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of an automated decision-making, including profiling under Art. 22 Para. 1 and 4 of the GDPR and – in this case - meaningful information about the logic involved, as well as the extent and intended impact of such processing for the person concerned.
You have the right to request information about whether your personal information is transmitted to a third country or an international organisation. In this context, you can request information about the appropriate guarantees in accordance with. Art. 46 of the GDPR in connection with the transmission .
You have a right of rectification and / or completion towards the responsible party, if the personal data you process is incorrect or incomplete. The responsible party must make the correction without delay.
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that allows the responsible party to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand a usage restriction of the personal data;
(3) the responsible party no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you have objected to the processing in accordance to Art. 21 Para. 1 of the GDPR and it is not yet certain whether the legitimate interests of the responsible party outweigh your interests.
If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restricted processing has been restricted, according to the conditions mentioned above, you will be informed by the person in charge before the restriction is lifted.
a) obligation to delete
You may call on the responsible party to delete your personal information without delay, and the responsible party is required to delete that information immediately if one of the following is true:
(1) Personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing according to Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) of the GDPR is based on and there is no other legal basis for processing.
(3) You provide an objection to processing in accordance with Art. 21 Para. 1 of the GDPR and there are no prior justifiable reasons for the processing, or you provide objection to processing according to. Art. 21 Para. 2 of the GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the responsible party is subjected.
(6) The personal data concerning you was collected in relation to the information society services offered in accordance with Art. 8 Para. 1 of the GDPR.
b) Information to third parties
If the person in charge has made the personal data concerning you public and is, according to Art. 17 Para. 1 of the GDPR, obligated to delete it, he or she has to take appropriate measures, including technical measures, taking available technologies and costs of implementation into account, to inform all responsible parties, who process the personal data that you, the person concerned, are requesting deletion of all links to such personal data or of copies or replications of such personal data.
The right of deletion does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil legal obligations that require processing under Union or Member State law to which the responsible party is subjected to or for the performance of a task of public interest or in the exercise of official authority the responsible party has been delegated to;
(3) for reasons of public interest in the field of public health according to Art. 9 Para. 2 (h) and (i) and Art. 9 Para. 3 of the GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 Para. 1 of the GDPR, as long as to the the law referred to in subparagraph (a) is likely to impair or render the processing impossible, or
(5) to assert, exercise or defend legal claims.
If you have the right of rectification, erasure or restriction of the processing towards the responsible party, he / she is obliged to notify all recipients, to whom your personal data has been disclosed, of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to the responsible party to be informed about these recipients.
You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data according to Art. 6 Para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The responsible party will no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
If the personal data relating to you is processed for direct marketing purposes, you have the right to object against the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EG, you have the option, in connection with the usage of information society services, of exercising your right to object through automated procedures that use technical specifications.
You have the right to revoke your data protection declaration at any time. The revocation of the consent does not affect the legality of the carried out processing on the basis of the consent until the revocation.
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority, to which the complaint has been submitted, informs the complainant about the status and results of the complaint, including the possibility of a judicial remedy according to Art. 78 of the GDPR.