Data protection
Data protection
A: INFORMATION ON THE COLLECTION OF PERSONAL DATA
I. In the following, we would like to inform you about the collection of personal data when using our website. Personal data is all data that relates to you personally, e.g. name, address or email address.
II. The responsible party according to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is OroTox® International – owner Christiane Lechner, Tatzelwurmweg 5, D-82031 Grünwald, telephone: 089 38 17 91 05, fax: 089 38 17 91 06, Email: office@orotox.de.
B: COLLECTION OF PERSONAL DATA (TYPE AND PURPOSE)
1. When you visit our website
When using the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes in particular:
- IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– amount of data transferred
– Website from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.
The purpose of data processing is to establish a smooth connection to the website, to guarantee the comfortable use of our website and to enable the evaluation of system security and stability.
The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. We do not use the data collected for the purpose of drawing conclusions about individuals.
II. When contacting us via email or the contact form
When you contact us by email or via the contact form, the data you provide (such as your name and email address) will be stored by us in order to answer your questions.
The data processing for the purpose of contacting us is carried out in accordance with Art. 6 Paragraph 1 Clause 1 Letters a) and b) of GDPR on the basis of your voluntarily given consent, if necessary also for the implementation of pre-contractual or contractual measures that are carried out at your request.
III. Contact by telephone
If you contact us by telephone, the data you provide (your name and telephone number) will be stored by us so that we can call you back if necessary.
The data processing for the purpose of contacting us is carried out in accordance with Art. 6 Paragraph 1 Clause 1 Letters a) and b) of GDPR on the basis of your voluntarily given consent, if necessary also for the implementation of pre-contractual or contractual measures that are carried out at your request.
IV. For orders
As a customer, you can place orders. We collect, among other things, the title, first name, last name, email address, address, telephone number (landline and/or mobile).
This data is collected for the following purposes:
• to identify you as our customer;
• for the purpose of contract execution;
• for billing purposes;
• for the purpose of debt collection;
• for the implementation of electronic payment transactions;
• for the settlement of payment obligations;
• to carry out contractually agreed delivery executions;
• for handling complaints;
• in the interest of comprehensive customer service/customer loyalty measures;
• Execution of contractually agreed delivery executions and
• handling complaints.
The legal basis is Art. 6 Paragraph 1 Clause 1 Letter b) GDPR.
C: SHARING DATA
1. Transfer to providers
The data is forwarded to the provider by system technology. The provider operates its servers within Europe. The data you send us via the contact form is also forwarded to this provider, as the provider also provides the email server.
II. Further cases of transfer
01. Service providers and vicarious agents
In addition, only those who need your data to fulfill contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes. These are companies in the categories of IT services, telecommunications, advice and consulting.
Under these conditions, recipients of personal data may be, for example:
- auditors, consultants;
- Lawyers;
- Public bodies and institutions where there is a legal or regulatory obligation.
02. Analysis tools
Furthermore, data is passed on through the use of Google Analytics. Details can be found in E: of this privacy policy.
03. Other cases of transfer
As a general rule, your personal data will not be passed on to third parties. We will only pass on your personal data to third parties if:
• you have given your express consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a) of GDPR,
• the transfer according to Art. 6 Para. 1 Clause 1 Letter f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation to disclose data pursuant to Art. 6 Paragraph 1 Clause 1 Letter c) of GDPR, and
• this is legally permissible and is necessary for the processing of contractual relationships with you according to Art. 6 Paragraph 1 Clause 1 Letter b) of GDPR.
D: USE OF COOKIES
We sometimes use cookies on our website. These are small files that your browser automatically creates and that are stored on your device. The cookie stores information that is related to the device used. However, this does not mean that we immediately know your identity. Please also note that cookies cannot cause any damage to your device.
The use of cookies serves to make the use of our services more pleasant for you. For example, we use so-called session cookies to be able to recognize which of our website pages you have already visited. This data is automatically deleted after you leave our site.
In addition, temporary cookies may be used to optimize user-friendliness, which are stored on your device for a specific period of time. Cookies are used in accordance with Art. 6 Paragraph 1 Clause 1 Letter f) of GDPR on the basis of legitimate interests.
Many browsers accept cookies automatically. You can configure your browser so that cookies are not saved on your computer or a message appears when a cookie is about to be created. If you do not allow cookies, a so-called opt-out cookie will be set in your browser. This cookie is used solely to assign your objection. Preventing cookies may result in individual functions of the website no longer being available.
Please also note that an opt-out cookie can only be used for the browser from which the cookie was set. In addition, cookies that were set when visiting other websites are not recorded. However, you can delete all cookies at any time via your browser. You can find out how to do this in the help function of your browser.
E: USE OF GOOGLE
I. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
You can prevent cookies from being saved by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can also check out of Google Analytics by clicking the following link: Yes, I would like to check out.
This website uses Google Analytics with the extension "anonymizeIp()". This means that IP addresses are processed in a shortened form, so that personal references can be excluded. If the data collected about you can be personally identified, this will be excluded immediately and the personal data will be deleted immediately.
We use Google Analytics to analyze the use of our website and to regularly improve it. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Clause 1 Letter f of GDPR.
For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.
II. Google Maps
The website uses Google Maps to visually display geographic information. When using Google Maps, Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043) also collects, processes and uses data about the use of the Maps functions by visitors to the website.
For more information about data processing by Google, please see Google’s privacy policy, which you can access at www.google.com/privacypolicy.html.
We use Google Maps on the basis of a legitimate interest within the meaning of Art. 6 (1) (f) GDPR, as we want to optimize our online offering.
You can also check them out by clicking on the following link: https://adssettings.google.com/authenticated.
Q: JQUERY
This website uses Ajax and jQuery technologies to optimize loading speeds, for example. For this purpose, program libraries are called from Google servers. Google's CDN (content delivery network) is used. If you have previously used jQuery on another Google page, your browser will use the copy stored in the cache. If this is not the case, this requires a download, whereby data from your browser is sent to Google! Inc. ("Google"). Your data will be transferred to the USA. You can find out more at: https://developers.google.com/speed/libraries/#jquery and in the privacy policy of google.de.
G: USE OF FONTS
I. Font Awesome
This site uses so-called web fonts provided by Fonticons, Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that our website was accessed via your IP address. Web fonts are used in the interest of a uniform and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Font Awesome, please visit https://fontawesome.com/help and see the Fonticons, Inc. privacy policy: https://fontawesome.com/privacy.
II. Google Web Fonts
External fonts, Google Fonts, are used on these websites. Google Fonts is a service provided by Google Inc. ("Google"). These web fonts are integrated by calling a server, usually a Google server in the USA. This transmits to the server which of our websites you have visited. The IP address of the browser on the device of the visitor to these websites is also stored by Google.
When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. Web fonts are used in the interest of a uniform and appealing presentation of our online offerings.
This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
For more information, please see Google’s privacy policy, which you can access here: www.google.com/fonts#AboutPlace:about and www.google.com/policies/privacy/ .
H: LINKS TO THIRD PARTY WEBSITES
The links published on our website are researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of the linked pages. We are not responsible for the content of the linked pages and expressly do not adopt the content of these pages as our own. The provider of the website to which reference is made is solely liable for illegal, incorrect or incomplete content and for damages resulting from the use or non-use of the information. The liability of the person who merely refers to the publication via a link is excluded. We are only responsible for third-party references if we have positive knowledge of them, i.e. also of any possible illegal or criminal content, and it is technically possible and reasonable for us to prevent their use.
I: YOUR RIGHTS
You have the right:
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
• to request the immediate correction of inaccurate or completion of your personal data stored by us in accordance with Art. 16 GDPR;
• to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller;
• to revoke your consent at any time in accordance with Art. 7 Paragraph 3 GDPR. This means that we may no longer continue the data processing based on this consent in the future and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or of our company headquarters. The Bavarian State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach, Germany, telephone: +49 (0) 981 53 1300, fax: +49 (0) 981 53 98 1300, email: poststelle@lda.bayern.de is responsible for our company headquarters.
J: RIGHT OF OBJECTION
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation.
If you object, your personal data will no longer be processed unless compelling legitimate grounds for the processing can be demonstrated which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
The objection must be addressed to us, just send an email to: office@orotox.de.
K: STORAGE DURATION
I. This website does not store the complete IP addresses of website users, or they are deleted immediately after the end of use of the website.
II. The stored usage processes will be deleted after 7 months at the latest.
III. If you write to us by email or via the contact form or call us, the data will be deleted after the query has been answered, generally 6 months after the last communication. This only applies if the contact relates to a specific customer relationship. In this case, a memo may be saved in the customer file. If there are statutory retention periods in this regard, archiving can take up to ten years. After that, the data will be permanently deleted; in the meantime, the data will be blocked so that access to this data is no longer possible. The blocking phase begins at the end of the year following the end of the contract.
IV. The personal data we collect to process your order will be deleted after the end of the contract unless the law stipulates different retention periods. If there are statutory retention periods, archiving can take up to ten years. After that, the data will be permanently deleted. In the meantime, the data will be blocked so that it is no longer possible to access this data without further ado. The blocking period begins at the end of the year following the end of the contract.
L: OBLIGATION TO PROVIDE DATA
As far as the collection and processing of the so-called server log files is concerned, the information is mandatory. The provision of personal data, name and email address, when contacting us via the contact form is also mandatory.
In addition, the name, address, email address and any other information marked as necessary are mandatory when placing an order.
Providing additional data is voluntary.
M: AUTOMATED DECISION MAKING
Automated decision-making in accordance with Art. 22 GDPR does not take place.
N: CHANGE OF INTENDED USE
Personal data is processed for the purpose for which it was collected. The purpose of use will not be changed.
O: DATA SECURITY
When you visit our website, we use the common SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted using encryption by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
P: CURRENTNESS AND CHANGES TO THIS PRIVACY POLICY
This privacy policy is currently valid and is dated 2018.
Due to the further development of our website and offers on it or due to changes in legal or official requirements, it may become necessary to change this privacy policy. You can access and print out the current privacy policy on the website at any time.