(As of: 03/2020)
Here we inform you about the processing of personal data when using our website, e.g. our website www.prometho.de or www.varionyl.de or our social media.
Personal data is all data that can be related to you personally, i.e. name, address, e-mail, IP address or user behaviour.
The definition of the terms used e.g. "processing", "responsible person" or "data subject" are referred to in Article 4 of the GDPR. In particular the following can be found there:
"Personal data" is all the information that relates to an identified or identifiable natural person( "data subject"); An identifiable person is a natural person who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. (Art. 4 Nr. 1 GDPR).
"Processing" is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, the use, disclosure by transmission, distribution or another form of provision, comparison or linking, restriction, deletion or destruction (Art. 4 Nr. 2 GDPR).
"Responsible" or "responsible body" is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data (Art. 4 Nr. 7 GDPR).
"Processor" is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible (Art. 4 Nr. 8 GDPR). In particular, the terms "processing" and "personal data" are very extensive, so that almost every handling of data can be understood as such.
01. Who is the responsible body?
We are responsible for processing your data:
Managing directors: Ruth Hoffmann, Jens-Christoph Hoffmann
Beim Weißen Stein 13
Telephone: 0 26 34 / 980 488
Telefax: 0 26 34 / 981 551
02. Is there a data protection officer?
We are not legally obliged to appoint a data protection officer.
03. Who is affected by data processing?
If you, for example, as an interested party, customer, applicant, supplier, service provider or other visitor visit our website, the processing of your personal data takes place within the framework of the legal regulations or this declaration. All visitors to our website are named as the collective term "user".
04. What data do we collect from you and for what purposes or on what legal basis do we process it?
If you visit our website without registering or transmitting information to us in any other way, only the personal data on the browser you are using will be tranmitted to our server. To the best of our knowledge, the data listed below are processed. This is technically necessary to display our website and to guarantee its stability and security:
- IP address of the computer making the enquiry
‐ Date and time of the enquiry
‐ Name and URL of the file accessed
‐ Access status / HTTP status code
‐ Amount of data transferred
‐ Website, from which the enquiry comes from (Referrer URL)
‐ Browser used
‐ Operating system
If you also transmit personal data to us, e.g. as part of an enquiry by e-mail, we will also process, among other things, when applicable, the following data:
- Inventory data (e.g. name, address
‐ Contact data (e.g. e‐mail address, telephone number)
‐ Content data (e.g. text input, photos)
‐ Usage data (e.g. sites visited, access times)
‐ Communications/ metadata (e.g. device information, IP addresses)
We process your personal data when you visit our website, in particular for the following purposes:
- To provide the functions and content of our online offer
‐ To guarantee a smooth connection to our website
‐ To guarantee comfortable use of our website
‐ To assess and guarantee system security and stability as well as general security measures.
‐ To answer any contact enquiries or to communicate with you
‐ Other administrative purposes
‐ To render agreed services
Unless we provide a specific legal basis in the context of this data protection declaration, the following applies to the processing of your personal data: The legal basis for obtaining consent is in Article. 6 para. 1 a, Article. 7 GDPR. The legal basis for data processing to fulfil our services and implement (pre) contractual measures and to answer any enquiries is in Article 6 para. 1 lit. b GDPR. For data processing to fulfil legal obligations Article. 6 para. 1 lit. c GDPR is the legal basis. Should vital interests of the data subject or another natural person make data processing necessary, the legal basis is in Article 6 para1 lit. d GDPR. Data processing to safeguard our legitimate interests is based on Article 6 para 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes of data collection. The legal basis for the processing of applicant/employee data is in § 26 para 1 S. 1 BDSG in conjunction with Article 88 para. 1 GDPR.
If we disclose this to third parties as part of the processing of your personal data, transfer it to them or otherwise grant them acces to the data, this will only be done on the basis of legal permission, insofar as you consented to it, we are legally obliged to do so or on the basis of our legitimate interests. Legal permission exists, in particular, if the disclosure of the data is necessary to fulfil contractual obligations (e.g. with payment or shipping service providers). A legitimate interest can exist if we use data for direct advertising or to prevent fraud. A legitimate interest can also exist, e.g. when using web or e-mail hosts , cloud providers or similar service providers. Such service providers often work as so-called processors or with joint responsibility on the basis of a corresponding contract. You are also obliged to comply with the data protection regulations and to also contractually guarantee this. The legal basis for such order processing measures is in Article 28 GDPR and for joint responsibility Article 26 GDPR
05. Who do we transfer your data to?
Unless stated otherwise in the data protection declaration, we regularly work with the following recipients, in particular:
- Shipping service provider
‐ E‐mail host
‐ Web host
‐ Web service provider, where applicable
We carefully select the external service providers. In the case of order processing measures (Article 28 GDPR), these companies are contractually bound by our instructions and are regularly checked by us. Further information can be found in the following descriptions of the individual services. The legal basis for the transmission of your personal data is mentioned in point 4 above.
06. Is your data transmitted to locations outside the EU?
Transmission of your personal data to third countries (i.e. outside the EU or the EEA) or to an international organisation is only provided as an exception in certain cases. Further information can be found in the descriptions of the individual services. If we process your personal data in a third country or have it processed by third parties, this will only take place if it is to fulfil our (pre) contractual obligations or on the basis of your consent, a legal obligation or our legitimate interests. Your personal data will only be processed in a third country if the special requirements of Article 44 f GDPR are met, unless there are legal or contractual permits in individual cases. This means that data processing is carried out, e.g. on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the European Union (e.g. for the USA through the so-called "EU-US Privacy Shield") or compliance with special, recognised contractual obligations (especially the so-called "EU standard contractual clauses).
07. How long do we process your data?
The duration of the storage of your personal data is measured regularly based on existing statutory retention periods (e.g. according to commercial or tax law). Unless otherwise stated below, your personal data will be routinely deleted after the expiry of a possible relevant period, provided that they are no longer required to fulfil or initiate a contract, we no longer have an overriding legitimate interest in further storage and/or if you have not consented to further storage.
In Germany there are special retention periods i.e. in the following areas:
‐ according to commercial law ( 6 years for opening balance sheets, annual financial statements, accounting records and similar)
‐ according to tax law (10 years for all documents relevant to tax law)
‐ according to the General Act for Equal Treatment and industrial tribunal law (6 months for documents from unsuccessful applicants)
08. What are your rights?
Regarding the processing of your personal data you have the following rights:
‐ The right to information
‐ The right to rectification
‐ The right to cancellation
‐ The right to restriction of processing
‐ The right to data portability
‐ The right to object
‐ The right to withdraw consent
‐ The right to complain
The last three rights are explained in more detail below. If you have any questions about your rights, do not hesitate to contact us. The contact details can be found above in the sections concerning the responsible body.
09. When and how can you object to data processing
If your personal data are processed based on legitimate interests in accordance with Article 6 Para 1 sentence 1 lit. f GDPR, you have the right to object to the processing of data at any time. This means that we will no longer be able to continue processing your personal data in the future, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or serve the data processing for the enforcement, exercise or defence of legal claims.
However, the right to object only applies if there are reasons that arise from your particular situation or if your objection is directed towards direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
If you would like to implement your right to cancellation, a message to our postal address or an e-mail is sufficient (see above under point 01).
10. When and how can you withdraw your consent?
You can withdraw the consent you have given us at any time. As a result, we are no longer allowed to continue processing your personal data in the future, which is based on this consent. If you would like to implement your right to cancellation, a message to our postal address or an e-mail is sufficient (see above under point 01).
11. Where can you complain?
With regard to us processing your personal data, you have the right to complain to a data protection supervisory board. A list with the state data protection supervisory authorites can be found at the following address:
12. When and why is it necessary to provide your data?
In the context of any contact enquiries, please provide us with your personal data(e.g. name, address or e-mail address.
The provision of your personal data is partly required by law (e.g. through provisions of tax law). It can also be necessary to carry out (pre) contractual measures. Failure to provide your personal details would result in the contract not being concluded or your request not being able to be answered.
To carry out contracts or pre-contractual measures or to communicate with us, the provision of the following data is mandatory:
- First name and surname
‐ When applicable, telephone number (e.g. for enquiries or to answer enquiries)
Unless otherwise stated in this data protection declaration, all other information is voluntary.
13. Does automated decision making (e.g. profiling) take place?
Automated decision making including profiling does not take place.
14. How can you contact us?
You can contact us by mail, fax, telephone or e-mail. Our contact details can be found above under the section about the responsible body.
If you, for example, contact us by e-mail, we will automatically save the personal data you voluntarily provided us with for the purpose of processing your enquiry or for contacting you. This data is not passed on to third parties.
15. How do we secure our website?
Taking the latest technology the implementation costs, and the type, scope, circumstances and purposes of processing as well as the different probabilities and severity of risks to the rights and freedoms of natural persons into account, we undertake suitable technical and organisational measures to ensure that a level of protection appropriate to the risk (Article 32 GDPR). These measure include, in particular, ensuring the confidentiality, integrity and availability of data.
In addition, we have set up business processes which, in particular, ensure the protection of data subject rights, the deletion of data and the reaction to data security breaches. Furthermore, we observe the principles of data protection law, including data protection through technology design and data protection-friendly default settings (privacy by design and privacy by default, Article 25 GDPR).
16. What are cookies and how do we use them?
The so-called transient (or also temporary) cookies are automatically deleted when you close your browser. In particular this includes session cookies. These store a certain identifier (the so-called session ID), which means that your end device can be recognised when you return to our website. Through this, for example, the content of the virtual shopping cart of an online shop or the login status is saved. The session cookies are deleted when you log out or close the browser.
The so-called persistent (or also permanent) cookies are automatically deleted after a certain period of time; the duration of storage differs depending on the cookie. Through this user information for range measurement or for marketing purposes or a log in status can be stored for a long time. So-called first-party cookies and third-party cookies have to be differentiated for both temporary and permanent cookies. The former are set by the responsible body, the others by third parties.
On our website we can use temporary or permanent cookies, as well as first and third-party cookies, for example, to be able to identify you for subsequent visits if you have an account with us (otherwise you would have to log in again for each visit). You will receive further information about this below in the context of our data protection declaration.
17. How do we handle applicant data?
If required, we also offer job advertisements on our website which can be replied to electronically (i.e. by e-mail or PDF files); We also accept on spec applications. Applicant data is processed electronically to process the application process. This application data includes, in particular, name, address, telephone number, e-mail address, date of birth, training information or grades.
If an application results in the conclusion of a contract, the application data can be saved for the usual organisational and administrative process of the respective personnel file. Otherwise, i.e., if applicants are not successful, the application data will be deleted six months after the applicant has been notified that he/she was not successful. This applies in the case of there being no specific legal requirements to the contrary or the respective applicant has expressly consented to his/her application data being stored for a longer period. The legal basis for processing is § 26 para. 1 S. 1 GDPR in conjunction with Article 88 para 1 GDPR.
18. How and for what do we use Google WebFonts?
We use Google WebFonts on our website to integrate external fonts (provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin, 4 Ireland). When you visit our website, the fonts required are loaded into the cache of your browser in order to correctly display the content of our website. To do this, your browser connects to the provider's servers, which means that the latter gains knowledge of your IP address in particular. Further information about Google WebFonts can be found under the following address: developers.google.com/fonts/faq. Google's private policies can be found under the following address: policies.google.com/privacy?hl=de.
The processing of your data (e.g. the IP address) therefore represents a legitiamte interest in accordance with Article 6 para 1 lit. f GDPR
19. Which social media profile do we use?
We operate the profiles listed below on social networks in order to get in touch with active users and to inform them about our services. When accessing the respective networks the respective terms and conditions and the data protection information of the respective operators apply. Unless otherwise stated in our private policy, users' data will only be processed if they contact us within social networks, e.g. write posts on our profile pages or send us messages.
Our social media profile:
LinkedIn (Data protection notice)
Please get in touch with us by phone or e-mail
Phone +49 (0) 2634 email@example.com