Responsibility lies with:
Name/company: PCI Diagnosetechnik GmbH & Co. KG
Street no.: Schulstraße 44
Post code, location, country: 93339 Riedenburg, Germany
Commercial registry/No.: Commercial registry A Regensburg, No.: HRA 8085
Manager: Andreas Vetter
Telephone number: +49 (0) 9442 905603
E-Mail address: firstname.lastname@example.org
Data protection official:
E-Mail address: email@example.com
Types of processed data:
- Inventory data
- Contact data
- Content data
- Contract data
- Payment data
- Usage data
- Meta / Communication data
Processing special categories of data (article 9 paragraph 1 GDPR):
Generally, no special categories of data will be processed unless they are added by the user, for example entered into an online form.
Categories of the persons affected by processing:
- Clients / Interested parties / forwarders.
- Visitors and users of the online offer.
We will call affected persons „users“ in the following.
Purpose of processing:
- Putting the online offer, its contents and functions at the clients disposal.
- Performance of contractual service and customer care.
- Answering contact inquiries and contact with users.
- Marketing, advertisement and market research.
- Security measures.
- Essential legal basis
- Under article 32 GDPR, under consideration of the state of the art, the costs and type of implementation, the extent, the circumstances and the purpose of processing as well as the different probabilities of occurrence and the severity of the risk for the rights and the freedom of natural persons, we will take fitting technical and organisational measures to ensure a level of protection appropriate to the risk; These measures include confidentiality assurance, integrity and availability of data through controlling the physical access to the data as well as your access, the entering, disclosure, securing, the availability and their separating. Furthermore, we have set up a process which guarantees the perception of data subject rights, deletion of data and reaction to endangerment of data. Moreover, we already take the protection of your personal data into account during development / selection of hardware, software and procedure, according to the principle of data protection through technical design and data protection-friendly pre-settings (article 25 GDPR).
- The security measures especially include the encoded transmission of data between your browser and our server.
Cooperation with order processors and third parties
- Provided that we, within the scope of processing data, disclose data to other people and businesses (order processors or third parties), transmit them or give them access to the data, this only takes place on the basis of a legal permission (for example when a transmission of the data to third parties, like payment service providers, under article 6 paragraph 1 lit. b GDPR, is necessary for the fulfilment of the contract), you have given consent, we are under a legal obligation, or on the basis of our legitimate interests (for example when employing contractors, web hosters etc.).
- Provided we employ third parties with the processing of data on the basis of a so called „order processing contract“, it is based on article 28 GDPR.
Transmissions to third countries
- Provided we process data in a third country (meaning outside the European Union (EU) or outside the European Economic Area (EEA)) or provided this is happening within the scope of utilisation of services from third parties or disclosure / transmission of data to third parties, this only takes place if it is for the fulfilment of our (pre)contractual obligations, on the basis of your given consent, because of a legal obligation or on the basis of our legitimate interests. Subject to legal and contractual permissions, we process or let the data be processed in a third country when the special pre-requisites of article 44 and the following, GDPR are at hand. Meaning, processing will, for example, take place on the basis of special guarantees like the officially recognised assessment of one of the EU appropriate data security standards (for example, „Privacy Shield“ for the USA) or observing the officially recognised special contractual obligations (so called „standard contract clauses“).
Rights of the affected persons
- You have the right to demand a confirmation about if the relevant data is being processed and information about this data, as well as further information and a copy of the data, in accordance with article 15 GDPR.
- In accordance with article 16 GDPR you have the right to demand the completion of the data that concerns you or the correction of the incorrect data that concerns you.
- In accordance with article 17 GDPR you have the right to demand that the data concerning you be deleted immediately or alternatively, in accordance with article 18 GDPR, demand that the processing of the data be limited.
- In accordance with article 20 GDPR you have the right to receive the concerning data that you have provided and to demand that the data be transmitted to other persons responsible.
- Additionally, in accordance with article 77 GDPR you have the right to file a complaint with the competent supervisory authority.
- Revocation right
You have the right to revoke given consent for the future according to article 7 paragraph 3 GDPR.
- Right of objection
According to article 21 GDPR you can object to the future processing of the data concerning you. You can especially object to processing for reasons of direct advertising.
- Cookies and right of objection for direct advertising
Deletion of data
- According to statutory provisions storage, especially for 6 years, will take place according to article 257 paragraph 1 German Commercial Code (account books, inventories, opening balance sheets, annual financial statements, commercial letters, vouchers, etc) and for 10 years according to article 147 paragraph 1 Revenue Code (books, records, advices, commercial and business letters, documents relevant for taxing, etc.).
- We process inventory data (for example names, addresses and contact data of users) and contract data (for example utilisation of services, names of contacts, payment information) to fulfil our contractual duties and services in accordance with article 6 paragraph 1 lit. b GDPR. The entries marked as mandatory in online forms are necessary to form a contract.
- Users can set up a user account in which they can look through their orders. Within the scope of registration, the mandatory entries will be shared with the users. The user data is not public and cannot be subscripted by search engines. When users delete their user account, the respective data of the user account will be deleted, except their storage is necessary for reasons relating to commercial law / the tax law according to article 6 paragraph 1 lit. c GDPR. It is up to the users to store their data when they have deleted their account before the end of the contract. We have the right to irretrievably delete all the user data stored during the contract duration.
- We would like to inform you that stating your telephone number is also mandatory for creating a user account. For reasons of data economy, we will exclusively use the telephone number in case of a problem during the shipment process (for example unsuccessful delivery). The telephone number will not be disclosed to third parties without consent.
- Within the scope of registration and repeated logging in as well as utilisation of our online services we will store the IP address and the point in time of the respective action. The storage will take place on the basis of our legitimate interest as well as the users interest in protection from misuse and other unauthorised usage. A disclosure of this data to third parties usually does not take place except when it is necessary for asserting our claims or if there is a legal obligation according to article 6 paragraph 1 lit. c GDPR.
- We process usage data (for example visited sites of our online offer, interest in our products) and content data (for example entries into the contact form or user profile) for advertising purposes in a user profile, to show the user product cues based on utilised services.
- The deletion will take place after expiration of legal seller’s warranties and other comparable obligations, the necessity of storage will be checked every 3 years; in case of the legal archiving obligations the deletion will take place after expiration (end of the duty to preserve records in terms of commercial law (6 years) and according to the tax law (10 years)); entries into the user account will remain until deletion.
- When contacting us (through contact form or e-mail) the information given by the user will be processed for handling of the contact request and its execution in accordance with article 6 paragraph 1 lit 1 b) GDPR.
- The information given by the user will be transmitted to our e-mail box and can be stored there.
- We will delete the requests, provided they are no longer necessary. The necessity will be checked annually. In case of the legal archiving obligations, deletion will take place after their expiration (end of the duty to preserve records in terms of commercial law (6 years) and according to the tax law (10 years)).
- When users comment on a product rating or contribute in another way, their user data is stored on the basis of our legitimate interest of article 6 paragraph 1 lit. f.
- This is a security measure for our sake in case someone enters illegal content in the comments or contributions (insults, illegal political propaganda, etc.). In such a case, we can be held responsible for these comments or contributions, which is why we are interested in the identity of the author.
- Product ratings can only be entered after successful registration. After an autonomous deletion of the profile the possibly connected rating will be deleted as well.
Collection of access data and logfiles
- On the basis of our legitimate interest in accordance with article 6 paragraph 1 lit. f. GDPR we collect data about every access to the server on which the service is located (so-called server logfiles). The access data includes the name of the accessed website, file, date and time of the access, transmitted amount of data, notification of successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously accessed site), IP address and the enquiring provider.
- Logfile information will be stored for a maximum of 7 days and deleted afterwards for security reasons (for example for clarification of abuse or defraudation). Data, the continued storage of which is necessary for proof, is exempt from deletion until the respective case is definitively solved.
Online presence in social media
- We have online presences on social networks and platforms to communicate with clients, interested parties and users that are active there and to inform them about our services. When accessing the respective networks and platforms the terms and conditions and data processing guidelines of the respective operators apply.
Cookies & reach measurement
- Cookies are important information which are transmitted to users web browsers by our web server or web servers of third parties and are stored there for a later access. Cookies can be small files or other types of information storage.
- We use „Session Cookies“ which are only stored for the duration of the current access to our online presence (for example, to enable the storage of your log-in status or the shopping cart which enables the usage of our online offer in the first place). A Session Cookie will contain a randomly generated unique identification number, a so-called Session-ID. Additionally, a cookie contains the indication of the source and the storage period. These Cookies cannot store any other data. Session Cookies will be deleted when you are no longer using our online offer and, for example, log out or close the browser.
- Should users be opposed to cookies being stored on their computer, we would ask you to deactivate the respective option in the system settings of your browser. Stored Cookies can be deleted in the system settings of the browser. Deactivating Cookies can lead to some functional limitations of this online offer.
- Google will use this information on our behalf to evaluate the usage of our online offer by the users, to assemble reports about the activity within this online offer and to provide additional services related to the usage of the online offer and the internet usage. In doing so, pseudonymous user profiles of the users can be created from the processed data.
- We only use Google Analytics with activated IP anonymisation. Meaning, the users IP address will be shortened within member states of the European Union or in other contractual states of the treaty on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptions.
- The IP address which was transmitted by the users browser will not be combined with any other data from Google. Users can prevent the storage of Cookies with the respective option in the browser software; additionally, users can prevent Google’s acquisition of the data produced by the Cookie and relevant to your usage of the online offer as well as prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Opt-Out-Cookies prevent the future acquisition of your data when accessing this website. To prevent the acquisition by Universal Analytics on other devices as well you must use the Opt-Out on all used systems. If you click here, the Opt-Out Cookie will be set: deactivate Google Analytics
- Further information about data usage by Google, options and means of objection is found on Googles websites: https://www.google.com/intl/de/policies/privacy/partners („Data usage through Google by using websites or apps of our partners”), https://policies.google.com/technologies/ads („Data usage for advertising purposes“), https://adssettings.google.com/authenticated („Manage information which Google uses to show you advertisements“).
- With the following, we will inform you about the contents of our newsletter as well as the registration, shipping and the statistic evaluation process and your right of objection. By subscribing to our newsletter, you agree to receive the newsletter and to the described process.
- Content of the newsletters: We send newsletters, e-mails and other electronical messages with promotional information (called „newsletter“ in the following) only with the consent of the receiver or a legal permission. Provided the contents are paraphrased specifically within the scope of registration for the newsletter, they are essential for the consent of the users. Additionally, our newsletters include information about our products, (special) offers and our company.
- Double opt-in and protocolling: Registration for our newsletter includes a double opt-in procedure, meaning, after registration you will receive an e-mail which will ask you to confirm the registration. This confirmation is necessary so nobody can opt-in with an e-mail address which is not theirs. Registrations for the newsletter are protocolled in order to be able to prove it in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the e-mail address entered in the registration.
- Credentials: Entering the e-mail address is enough for registration for the newsletter. Optionally, we would ask you to enter your name so we can address you personally in the newsletter.
- Sending the newsletter takes place on the basis of given consent by the receiver in accordance with article 6 paragraph 1 lit. a, article 7 GDPR read in conjunction with article 7 paragraph 2 no. 3 Unfair Competition Act (UC) / on the basis of a legal permission in accordance with article 7 paragraph 3 UC.
- Protocolling of the registration procedure takes place on the basis of our legitimate interest in accordance with article 6 paragraph 1 lit. f GDPR and serves as evidence for given consent to receive the newsletter.
- Cancellation / Revocation: You can cancel the receipt of our newsletter / revoke your consent at any time. A link to cancel the newsletter is found at the end of every newsletter. If the users simply registered for the newsletter and cancelled this registration, your personalised data will be deleted.
Incorporation of third-party services and contents
- On the basis of our legitimate interest (meaning, interest in analysis, optimisation and economic operation of our online offer in accordance with article 6 paragraph 1 lit. f GDPR) we use content / service offers of third parties in our online offer to incorporate their contents and services, for example videos or fonts (called „contents“ in the following). This always requires the third-party supplier of these contents to perceive the IP address of the users because without an IP address the contents cannot be sent to the browser. The IP address is therefore necessary for displaying these contents. We are committed to only using contents whose supplier uses the IP address solely for supplying the contents. Additionally, third-party suppliers can use so called „Pixel-Tags“ (invisible graphics, also called „Web Beacons“) for statistical or marketing purposes. Through these „Pixel-Tags“, information like the visitor traffic on the pages of this website can be evaluated. This pseudonymous information can also be stored on the users device in Cookies and include, among other things, technical information regarding the browser and the operating system, referencing websites, visiting hours and further information about the usage of our online offer and it can be connected to such information from other sources.
- The following depicts an overview of third-party suppliers and their contents, next to links to their privacy policies, which include further information about the processing of data and so-called opt-out options: