Legal
Privacy Policy
Contents
Introduction
With the following privacy policy we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The privacy policy applies to all personal data processing carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offer”).
The terms used are not gender-specific.
Last updated: 18 February 2020
Controller
Norbert Reiling
Managing Director
NTH Therm GmbH
Lerchenweg 11
76761 Rülzheim / Germany
Authorised representative: Norbert Reiling
E-mail: info@nth-therm.com
Overview of Processing
The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects.
Types of data processed
- Inventory data (e.g. names, addresses)
- Content data (e.g. text entries, photographs, videos)
- Contact data (e.g. e-mail, telephone numbers)
- Meta / communication data (e.g. device information, IP addresses)
- Usage data (e.g. websites visited, interest in content, access times)
- Contract data (e.g. subject matter of contract, term, customer category)
- Payment data (e.g. bank details, invoices, payment history)
Categories of data subjects
- Business and contractual partners
- Interested parties
- Communication partners
- Users (e.g. website visitors, users of online services)
Purposes of processing
- Provision of our online offer and user-friendliness
- Visit action evaluation
- Office and organisational procedures
- Interest-based and behavioural marketing
- Contact enquiries and communication
- Conversion measurement (measuring the effectiveness of marketing measures)
- Profiling (creating user profiles)
- Remarketing
- Reach measurement (e.g. access statistics, recognition of returning visitors)
- Tracking (e.g. interest-/behaviour-based profiling, use of cookies)
- Contractual services and support
- Management and response to enquiries
Applicable Legal Bases
We share the legal bases of the General Data Protection Regulation (GDPR) on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.
- Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for a specific purpose or several specific purposes.
- Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG).
Security Measures
We implement appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.
The measures include in particular securing confidentiality, integrity and availability of data by controlling physical and electronic access to data. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and responses to data threats.
SSL encryption (https): To protect the data you transmit via our online offer, we use SSL encryption. You can recognise encrypted connections by the prefix https:// in the address bar of your browser.
Data Processing in Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), this only takes place in accordance with the legal requirements.
Subject to express consent or contractually or legally required transmission, we process data only in third countries with a recognised level of data protection, or on the basis of special guarantees, such as contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).
Use of Cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit within an online offer.
Types of cookies:
- Temporary cookies (session cookies): Deleted at the latest after a user leaves an online offer and closes their browser.
- Permanent cookies: Remain stored even after the browser is closed (e.g. for login status or marketing purposes).
- First-party cookies: Set by us ourselves.
- Third-party cookies: Used mainly by advertisers to process user information.
- Necessary cookies: Absolutely required for the operation of a website.
- Statistics, marketing and personalisation cookies: Used in the context of reach measurement and tracking.
Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, data processed using cookies is processed on the basis of our legitimate interests.
General notes on revocation and objection (opt-out): You can declare your objection via the settings of your browser, e.g. by deactivating the use of cookies. You can also object to the use of cookies for online marketing purposes via https://optout.aboutads.info and https://www.youronlinechoices.com/.
- Data processed: Usage data, meta/communication data
- Data subjects: Users
- Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR)
Commercial and Business Services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) within the scope of contractual and comparable legal relationships and associated measures.
We process this data to fulfil our contractual obligations, to safeguard our rights and for administrative tasks. We only pass on the data of contractual partners to third parties to the extent required for the aforementioned purposes or to fulfil legal obligations, or with the consent of the contractual partners.
We delete the data after expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data must be retained for archiving purposes required by law (e.g. for tax purposes, generally 10 years).
- Data processed: Inventory data, payment data, contact data, contract data
- Data subjects: Interested parties, business and contractual partners
- Legal bases: Performance of contract (Art. 6(1)(b) GDPR), Legal obligation (lit. c), Legitimate interests (lit. f)
Contact
When contacting us (e.g. via contact form, e-mail, telephone or social media), the data of the enquiring persons is processed to the extent necessary to respond to the contact enquiries and any requested measures.
Responses to contact enquiries in the context of contractual or pre-contractual relationships are made to fulfil our contractual obligations or to answer (pre-)contractual enquiries, and otherwise on the basis of legitimate interests in responding to enquiries.
- Data processed: Inventory data, contact data, content data
- Data subjects: Communication partners
- Purposes: Contact enquiries and communication
- Legal bases: Performance of contract (Art. 6(1)(b) GDPR), Legitimate interests (lit. f)
Provision of the Online Offer and Web Hosting
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed.
Collection of access data and log files: We collect data on every access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, browser type and version, the user’s operating system, the referrer URL, and IP addresses.
- Data processed: Content data, usage data, meta/communication data
- Data subjects: Users
- Legal bases: Legitimate interests (Art. 6(1)(f) GDPR)
Online Marketing
We process personal data for the purposes of online marketing, which includes in particular the measurement of the effectiveness of advertising measures.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests.
Opt-out options:
- Europe: https://www.youronlinechoices.eu
- Canada: https://www.youradchoices.ca/choices
- USA: https://www.aboutads.info/choices
- Cross-territorial: https://optout.aboutads.info
Services used:
Google Analytics: Online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https://policies.google.com/privacy; Opt-out plugin: https://tools.google.com/dlpage/gaoptout.
Plugins and Embedded Functions and Content
We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos or social media buttons and posts.
The integration always requires that the third-party providers of this content process the IP address of users, since without the IP address they could not send the content to the users’ browsers. We endeavour to use only such content whose respective providers use the IP address solely for the delivery of the content.
Services used:
Google Fonts: We integrate the fonts of the provider Google, whereby the data of the users is used solely for the purpose of displaying the fonts in the users’ browser. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy policy: https://policies.google.com/privacy.
Google Maps: We integrate the maps of the “Google Maps” service of the provider Google. Data processed may include in particular IP addresses and location data of the users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy policy: https://policies.google.com/privacy.
- Data processed: Usage data, meta/communication data
- Data subjects: Users
- Legal bases: Legitimate interests (Art. 6(1)(f) GDPR)
Deletion of Data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose for processing this data has ceased to apply or it is not required for the purpose).
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an action on your part (e.g. consent) or other individual notification.
Your Rights
As a data subject under the GDPR, you have various rights, which arise in particular from Art. 15 to 18 and 21 GDPR:
- Right to object: You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.
- Right to withdraw consent: You have the right to withdraw consent given at any time.
- Right of access: You have the right to obtain confirmation as to whether data concerning you is being processed and to information about this data and further details in accordance with the legal requirements (Art. 15 GDPR).
- Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements (Art. 16 GDPR).
- Right to erasure and restriction of processing: You have the right to demand that data concerning you be deleted without delay, or alternatively to demand a restriction of processing in accordance with the legal requirements (Art. 17, 18 GDPR).
- Right to data portability: You have the right to receive data concerning you in a structured, commonly used and machine-readable format, or to request its transfer to another controller (Art. 20 GDPR).
- Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR).
Data protection contact: info@nth-therm.com
Definitions
- Visit action evaluation (conversion tracking): A procedure by which the effectiveness of marketing measures can be determined. For this purpose, a cookie is stored on the users’ devices within the websites on which the marketing measures take place, and is then retrieved again on the target website.
- IP masking: A method by which the last octet of an IP address is deleted so that the IP address can no longer serve to uniquely identify a person.
- Interest-based and behavioural marketing: Interest-based and/or behavioural marketing refers to the most precise possible predetermination of potential interests of users in advertisements and other content based on information about their previous behaviour.
- Conversion measurement: A procedure by which the effectiveness of marketing measures can be determined by means of a cookie stored on users’ devices and retrieved on the target website.
- Personal data: All information relating to an identified or identifiable natural person.
- Profiling: Any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person.
- Reach measurement (web analytics): Evaluation of visitor flows to an online offer in order to analyse the behaviour or interests of visitors in certain information.
- Remarketing / retargeting: A procedure whereby, for advertising purposes, a note is made of which products a user has shown interest in on a website, in order to remind the user of these products on other websites.
- Tracking: Tracing the behaviour of users across multiple online offers, whereby behavioural and interest information is stored in cookies.
- Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, evaluation, storage, transmission or deletion.
Created with the free privacy policy generator by Dr Thomas Schwenke