Privacy Policy

#

This privacy policy will inform you about the type, the extent and reason for processing personal data (called „data“ in the following) within our online offers and the connected websites, functions and contents as well as external online presences, for example our social media profiles (called „online offer“ in the following). Regarding used terms like „personal data“ or their „processing“ we refer you to the definitions in article 4 of the General Data Protection Regulation (GDPR).

#

Responsibility lies with:

Name/company: PCI Diagnosetechnik GmbH & Co. KG

Street no.: Schulstraße 44

Post code, location, country: 93339 Riedenburg, Germany

Commercial registry/No.: Commercial registry A Regensburg, No.: HRA 8085

Manager: Andreas Vetter

Telephone number: +49 (0) 9442 905603

E-Mail address: mail@pci-diagnosetechnik.de

#

Data protection official:

E-Mail address: datenschutz@pci-diagnosetechnik.de

#

Types of processed data:

  • Inventory data
  • Contact data
  • Content data
  • Contract data
  • Payment data
  • Usage data
  • Meta / Communication data

#

Processing special categories of data (article 9 paragraph 1 GDPR):

Generally, no special categories of data will be processed unless they are added by the user, for example entered into an online form.

#

Categories of the persons affected by processing:

  • Clients / Interested parties / forwarders.
  • Visitors and users of the online offer.

We will call affected persons „users“ in the following.

#

Purpose of processing:

  • Putting the online offer, its contents and functions at the clients disposal.
  • Performance of contractual service and customer care.
  • Answering contact inquiries and contact with users.
  • Marketing, advertisement and market research.
  • Security measures.

#

State: 22.03.2019

#

  1. Essential legal basis

Under article 13 GDPR we will share the legal basis of our data processing with you. Provided the legal basis is not mentioned in the privacy policy, the following applies: the legal basis for obtaining consent is article 6 paragraph 1 lit. a and article 7 GDPR, the legal basis for processing to perform our services and contractual duties and to respond to inquiries is article 6 paragraph 1 lit. b GDPR, the legal basis for processing to fulfil our legal duties is article 6 paragraph 1 lit. c GDPR and the legal basis for processing to adhere to our legitimate interest is article 6 paragraph 1 lit. f GDPR. In case processing personal data is necessary for vitally important matters of the person in question or another natural person, article 6 paragraph 1 lit. d GDPR is the legal basis.

#

  1. Changes and updates of the privacy policy

We would ask you to inform yourself about the content of our privacy policy regularly. We will adjust the privacy policy as soon as the changes of data processing by us make it necessary. We will inform you should changes make cooperation on your part (for example consent) or any other individual notification necessary.

#

  1. Security measures
    1. Under article 32 GDPR, under consideration of the state of the art, the costs and type of implementation, the extent, the circumstances and the purpose of processing as well as the different probabilities of occurrence and the severity of the risk for the rights and the freedom of natural persons, we will take fitting technical and organisational measures to ensure a level of protection appropriate to the risk; These measures include confidentiality assurance, integrity and availability of data through controlling the physical access to the data as well as your access, the entering, disclosure, securing, the availability and their separating. Furthermore, we have set up a process which guarantees the perception of data subject rights, deletion of data and reaction to endangerment of data. Moreover, we already take the protection of your personal data into account during development / selection of hardware, software and procedure, according to the principle of data protection through technical design and data protection-friendly pre-settings (article 25 GDPR).
    2. The security measures especially include the encoded transmission of data between your browser and our server.

#

  1. Cooperation with order processors and third parties
    1. Provided that we, within the scope of processing data, disclose data to other people and businesses (order processors or third parties), transmit them or give them access to the data, this only takes place on the basis of a legal permission (for example when a transmission of the data to third parties, like payment service providers, under article 6 paragraph 1 lit. b GDPR, is necessary for the fulfilment of the contract), you have given consent, we are under a legal obligation, or on the basis of our legitimate interests (for example when employing contractors, web hosters etc.).
    2. Provided we employ third parties with the processing of data on the basis of a so called „order processing contract“, it is based on article 28 GDPR.

#

  1. Transmissions to third countries
    1. Provided we process data in a third country (meaning outside the European Union (EU) or outside the European Economic Area (EEA)) or provided this is happening within the scope of utilisation of services from third parties or disclosure / transmission of data to third parties, this only takes place if it is for the fulfilment of our (pre)contractual obligations, on the basis of your given consent, because of a legal obligation or on the basis of our legitimate interests. Subject to legal and contractual permissions, we process or let the data be processed in a third country when the special pre-requisites of article 44 and the following, GDPR are at hand. Meaning, processing will, for example, take place on the basis of special guarantees like the officially recognised assessment of one of the EU appropriate data security standards (for example, „Privacy Shield“ for the USA) or observing the officially recognised special contractual obligations (so called „standard contract clauses“).
    2. We would like to inform you that the product we sell requires the „VCDS“ software to function (download on www.vcdspro.de/download), for usage to its full extent the meta / communication data, as well as the inventory data in case of a registration, which you enter into a registration form, will be transmitted to the servers of Ross-Tech, LLC, 881 Sumneytown Pike, Lansdale PA 19446, USA. For usage to its full extent this is absolutely necessary because the latest version of the software can only be put at your disposal through matching the meta / communication data. Furthermore, matching the registration data is absolutely necessary for reasons of security, to ensure that the person entered into the registration form is the rightful owner of the interface hardware. This makes it possible to lock the interface hardware in case of theft and to protect the rightful owner from damage caused by illegal usage by unauthorized persons. The user must explicitly confirm the notice of transmission of stated data to a third country before sending the registration information. The user will be informed about the processing of the data in compliance with the applicable privacy policy there by Ross-Tech, LLC.

#

  1. Rights of the affected persons
    1. You have the right to demand a confirmation about if the relevant data is being processed and information about this data, as well as further information and a copy of the data, in accordance with article 15 GDPR.
    2. In accordance with article 16 GDPR you have the right to demand the completion of the data that concerns you or the correction of the incorrect data that concerns you.
    3. In accordance with article 17 GDPR you have the right to demand that the data concerning you be deleted immediately or alternatively, in accordance with article 18 GDPR, demand that the processing of the data be limited.
    4. In accordance with article 20 GDPR you have the right to receive the concerning data that you have provided and to demand that the data be transmitted to other persons responsible.
    5. Additionally, in accordance with article 77 GDPR you have the right to file a complaint with the competent supervisory authority.

#

  1. Revocation right

You have the right to revoke given consent for the future according to article 7 paragraph 3 GDPR.

#

  1. Right of objection

According to article 21 GDPR you can object to the future processing of the data concerning you. You can especially object to processing for reasons of direct advertising.

#

  1. Cookies and right of objection for direct advertising

We use temporary and permanent Cookies, meaning small files that are saved on the users devices (for a definition of the term and its function see the last paragraph of this privacy policy). To some extent, Cookies serve the security or are necessary for the operation of our online offer (for example, for displaying the website) or to save the users decision when confirming the Cookie banner. Additionally, we and our technology partners use Cookies for reach measurement and for marketing, which users are informed about in the course of the privacy policy.

A general objection to the use of cookies which are used for online marketing can be raised with a number of services, especially in the case of tracking, on the US American site http://www.aboutads.info/choices/ or the site of the EU http://www.youronlinechoices.com/. Furthermore, cookies can be stored by deactivating them in the browser settings. Please note that not all functions of the online offer can be used in this case.

#

  1. Deletion of data
    1. The data processed by us will be deleted or limited in their processing in accordance with articles 17 and 18 GDPR. Should it not be explicitly stated within the scope of this privacy policy, the data we have stored will be deleted as long as it is no longer necessary for its intended purpose and if no legal duty to preserve records is in effect. Provided the data is not deleted because it is necessary for other and legal reasons, their processing will be limited. Meaning, the data will be locked and not be processed for other reasons. This, for example, affects data which needs to be preserved for reasons relating to the commercial law / the tax law.
    2. According to statutory provisions storage, especially for 6 years, will take place according to article 257 paragraph 1 German Commercial Code (account books, inventories, opening balance sheets, annual financial statements, commercial letters, vouchers, etc) and for 10 years according to article 147 paragraph 1 Revenue Code (books, records, advices, commercial and business letters, documents relevant for taxing, etc.).

#

  1. Online shop
    1. We process inventory data (for example names, addresses and contact data of users) and contract data (for example utilisation of services, names of contacts, payment information) to fulfil our contractual duties and services in accordance with article 6 paragraph 1 lit. b GDPR. The entries marked as mandatory in online forms are necessary to form a contract.
    2. Users can set up a user account in which they can look through their orders. Within the scope of registration, the mandatory entries will be shared with the users. The user data is not public and cannot be subscripted by search engines. When users delete their user account, the respective data of the user account will be deleted, except their storage is necessary for reasons relating to commercial law / the tax law according to article 6 paragraph 1 lit. c GDPR. It is up to the users to store their data when they have deleted their account before the end of the contract. We have the right to irretrievably delete all the user data stored during the contract duration.
      1. We would like to inform you that stating your telephone number is also mandatory for creating a user account. For reasons of data economy, we will exclusively use the telephone number in case of a problem during the shipment process (for example unsuccessful delivery). The telephone number will not be disclosed to third parties without consent.
    3. Within the scope of registration and repeated logging in as well as utilisation of our online services we will store the IP address and the point in time of the respective action. The storage will take place on the basis of our legitimate interest as well as the users interest in protection from misuse and other unauthorised usage. A disclosure of this data to third parties usually does not take place except when it is necessary for asserting our claims or if there is a legal obligation according to article 6 paragraph 1 lit. c GDPR.
    4. We process usage data (for example visited sites of our online offer, interest in our products) and content data (for example entries into the contact form or user profile) for advertising purposes in a user profile, to show the user product cues based on utilised services.
    5. The deletion will take place after expiration of legal seller’s warranties and other comparable obligations, the necessity of storage will be checked every 3 years; in case of the legal archiving obligations the deletion will take place after expiration (end of the duty to preserve records in terms of commercial law (6 years) and according to the tax law (10 years)); entries into the user account will remain until deletion.

#

  1. Contacting us
    1. When contacting us (through contact form or e-mail) the information given by the user will be processed for handling of the contact request and its execution in accordance with article 6 paragraph 1 lit 1 b) GDPR.
    2. The information given by the user will be transmitted to our e-mail box and can be stored there.
    3. We will delete the requests, provided they are no longer necessary. The necessity will be checked annually. In case of the legal archiving obligations, deletion will take place after their expiration (end of the duty to preserve records in terms of commercial law (6 years) and according to the tax law (10 years)).

#

  1. Product rating
    1. When users comment on a product rating or contribute in another way, their user data is stored on the basis of our legitimate interest of article 6 paragraph 1 lit. f.
    2. This is a security measure for our sake in case someone enters illegal content in the comments or contributions (insults, illegal political propaganda, etc.). In such a case, we can be held responsible for these comments or contributions, which is why we are interested in the identity of the author.
    3. Product ratings can only be entered after successful registration. After an autonomous deletion of the profile the possibly connected rating will be deleted as well.

#

  1. Collection of access data and logfiles
    1. On the basis of our legitimate interest in accordance with article 6 paragraph 1 lit. f. GDPR we collect data about every access to the server on which the service is located (so-called server logfiles). The access data includes the name of the accessed website, file, date and time of the access, transmitted amount of data, notification of successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously accessed site), IP address and the enquiring provider.
    2. Logfile information will be stored for a maximum of 7 days and deleted afterwards for security reasons (for example for clarification of abuse or defraudation). Data, the continued storage of which is necessary for proof, is exempt from deletion until the respective case is definitively solved.

#

  1. Online presence in social media
    1. We have online presences on social networks and platforms to communicate with clients, interested parties and users that are active there and to inform them about our services. When accessing the respective networks and platforms the terms and conditions and data processing guidelines of the respective operators apply.
    2. If not stated differently in our privacy policy, we will process the data of the users, provided they communicate with us on social networks and platforms, for example if they post something to our online presence or if they send us messages.

#

  1. Cookies & reach measurement
    1. Cookies are important information which are transmitted to users web browsers by our web server or web servers of third parties and are stored there for a later access. Cookies can be small files or other types of information storage.
    2. We use „Session Cookies“ which are only stored for the duration of the current access to our online presence (for example, to enable the storage of your log-in status or the shopping cart which enables the usage of our online offer in the first place). A Session Cookie will contain a randomly generated unique identification number, a so-called Session-ID. Additionally, a cookie contains the indication of the source and the storage period. These Cookies cannot store any other data. Session Cookies will be deleted when you are no longer using our online offer and, for example, log out or close the browser.
    3. Users are informed about the application of Cookies for pseudonymous reach measurement within the scope of this privacy policy.
    4. Should users be opposed to cookies being stored on their computer, we would ask you to deactivate the respective option in the system settings of your browser. Stored Cookies can be deleted in the system settings of the browser. Deactivating Cookies can lead to some functional limitations of this online offer.
    5. You can object to the use of Cookies for reach measurement and advertisement on the deactivation site of the network advertisement initiative (http://optout.networkadvertising.org/) and additionally on the US American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

#

  1. Google Analytics
    1. We use Google Analytics, a web analysis service of Google LLC („Google“) on the basis of our legitimate interests (meaning interest in analysis, optimisation and economic operation of our online offer in accordance with article 6 paragraph 1 lit. f. GDPR). Google uses Cookies. The information produced by the Cookie about usage of the online offer by the users will be generally transmitted to and stored on a Google server in the USA.
    2. Google is certified under the Privacy Shield treaty and with that, is guaranteed to uphold the European privacy policy (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    3. Google will use this information on our behalf to evaluate the usage of our online offer by the users, to assemble reports about the activity within this online offer and to provide additional services related to the usage of the online offer and the internet usage. In doing so, pseudonymous user profiles of the users can be created from the processed data.
    4. We only use Google Analytics with activated IP anonymisation. Meaning, the users IP address will be shortened within member states of the European Union or in other contractual states of the treaty on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptions.
    5. The IP address which was transmitted by the users browser will not be combined with any other data from Google. Users can prevent the storage of Cookies with the respective option in the browser software; additionally, users can prevent Google’s acquisition of the data produced by the Cookie and relevant to your usage of the online offer as well as prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Opt-Out-Cookies prevent the future acquisition of your data when accessing this website. To prevent the acquisition by Universal Analytics on other devices as well you must use the Opt-Out on all used systems. If you click here, the Opt-Out Cookie will be set: deactivate Google Analytics
    6. Further information about data usage by Google, options and means of objection is found on Googles websites: https://www.google.com/intl/de/policies/privacy/partners  („Data usage through Google by using websites or apps of our partners”), https://policies.google.com/technologies/ads („Data usage for advertising purposes“), https://adssettings.google.com/authenticated („Manage information which Google uses to show you advertisements“).

#

  1. Newsletter
    1. With the following, we will inform you about the contents of our newsletter as well as the registration, shipping and the statistic evaluation process and your right of objection. By subscribing to our newsletter, you agree to receive the newsletter and to the described process.
    2. Content of the newsletters: We send newsletters, e-mails and other electronical messages with promotional information (called „newsletter“ in the following) only with the consent of the receiver or a legal permission. Provided the contents are paraphrased specifically within the scope of registration for the newsletter, they are essential for the consent of the users. Additionally, our newsletters include information about our products, (special) offers and our company.
    3. Double opt-in and protocolling: Registration for our newsletter includes a double opt-in procedure, meaning, after registration you will receive an e-mail which will ask you to confirm the registration. This confirmation is necessary so nobody can opt-in with an e-mail address which is not theirs. Registrations for the newsletter are protocolled in order to be able to prove it in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the e-mail address entered in the registration.
    4. Credentials: Entering the e-mail address is enough for registration for the newsletter. Optionally, we would ask you to enter your name so we can address you personally in the newsletter.
    5. Sending the newsletter takes place on the basis of given consent by the receiver in accordance with article 6 paragraph 1 lit. a, article 7 GDPR read in conjunction with article 7 paragraph 2 no. 3 Unfair Competition Act (UC) / on the basis of a legal permission in accordance with article 7 paragraph 3 UC.
    6. Protocolling of the registration procedure takes place on the basis of our legitimate interest in accordance with article 6 paragraph 1 lit. f GDPR and serves as evidence for given consent to receive the newsletter.
    7. Cancellation / Revocation: You can cancel the receipt of our newsletter / revoke your consent at any time. A link to cancel the newsletter is found at the end of every newsletter. If the users simply registered for the newsletter and cancelled this registration, your personalised data will be deleted.

#

  1. Incorporation of third-party services and contents
    1. On the basis of our legitimate interest (meaning, interest in analysis, optimisation and economic operation of our online offer in accordance with article 6 paragraph 1 lit. f GDPR) we use content / service offers of third parties in our online offer to incorporate their contents and services, for example videos or fonts (called „contents“ in the following). This always requires the third-party supplier of these contents to perceive the IP address of the users because without an IP address the contents cannot be sent to the browser. The IP address is therefore necessary for displaying these contents. We are committed to only using contents whose supplier uses the IP address solely for supplying the contents. Additionally, third-party suppliers can use so called „Pixel-Tags“ (invisible graphics, also called „Web Beacons“) for statistical or marketing purposes. Through these „Pixel-Tags“, information like the visitor traffic on the pages of this website can be evaluated. This pseudonymous information can also be stored on the users device in Cookies and include, among other things, technical information regarding the browser and the operating system, referencing websites, visiting hours and further information about the usage of our online offer and it can be connected to such information from other sources.
    2. The following depicts an overview of third-party suppliers and their contents, next to links to their privacy policies, which include further information about the processing of data and so-called opt-out options:
  • If our customers use payment services of third parties (for example PayPal), the terms and conditions and the privacy policy of the respective third-party apply which are available on the respective websites / transaction applications.
  • External fonts from Google, LLC., https://www.google.com/fonts („Google Fonts“). The incorporation of Google Fonts takes place when accessing a Google server (usually in the USA). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
  • Videos from the platform “YouTube” of the third-party supplier Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
  • External code of the JavaScript framework “jQuery”, made available by the third-party supplier jQuery Foundation, https://jquery.org.