The protection of your personal data is of particularly high importance to our company. Your personal data shall be handled by us confidentially and in accordance with the statutory guidelines.
For this reason, we would like to provide you with detailed information below regarding what data are collected during your visit to our website, for what purpose the data are collected and how you can restrict the data collection.
During the usage of our website, usage data shall be collected. This involves the usage of servers. In principle, the usage of the Internet site of the NEAG AG is possible without providing any personal data. Insofar as an affected person would like to utilise special services provided by our company via our Internet site, a processing of personal data could nonetheless become required. If the processing of personal data is required and no legal basis exists for such processing, we shall generally obtain a consent from the affected person.
The processing of personal data, e.g. of the name, the postal address, the e-mail address or telephone number of an affected person, shall always be undertaken in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection guidelines that are valid for the NEAG AG. As a rule, we shall request these data only then if you contact us via our webpages.
By means of this Data Protection Declaration, our company would like to inform the public regarding the type, scope and purpose of the personal data which we collect, use and process. Furthermore, the affected persons shall be instructed of their rights via this Data Protection Declaration.
As the responsible party for the processing, NEAG AG has implemented numerous technical and organisational measures in order to ensure the most gapless protection possible for the personal data which are processed via our webpages. However, Internet-based data transmissions can in principle have security gaps so that absolute protection cannot be guaranteed. For this reason, each affected person shall be at liberty to also provide personal data to us via alternative routes, e.g. by telephone.
1. Name and Address of the Responsible Party for the Processing
The responsible party in accordance with the General Data Protection Guidelines, the other data protection laws valid in the member countries of the European Union and other provisions with a data protection law character shall be:
Norddeutsche Energie AG
Barmbeker Straße 4b
2. Contact to the Data Protection Officer
Each affected person may–at any time–directly contact our Data Protection Officer regarding all questions and issues related to data protection.
The Data Protection Declaration of NEAG is based on the definitions which have been used by the European lawmakers when decreeing the General Data Protection Regulation (GDPR). Our Data Protection Declaration is supposed to be easily readable and comprehensible both to the public as well as also our customers and business partners. In order to guarantee this, we would like to explain the definitions used in detail beforehand.
In this Data Protection Declaration, we shall use, among others, the following terms defined below:
a) Personal Data
Personal data shall be considered to be all information which refers to an identified or identifiable natural person (hereafter, “Affected Person”). A natural person shall be considered to be identifiable who, directly or indirectly, can be identified–particularly by means of a categorisation to an identifier such as a name, an ID number, locational data, an online name or another or multiple special characteristics which are the expression of the physical, physiological, genetic, psychological, business, cultural or social identity of this natural person.
b) Affected Person
Affected Person shall be considered to be each identified or identifiable natural person whose personal data are processed by the party responsible for the processing.
Processing shall be considered to be each process, or each such series of processes, implemented with or without the assistance of automated procedures in conjunction with personal data such as the collection, recording, organisation, filing, storage, adaptation or modification, reading-out, querying, usage, disclosure via transmission, dissemination or any other form of supplying, reconciliation or linking, restriction, deletion or destruction thereof.
d) Restriction of the Processing
Restriction of the processing shall be considered to be the flagging of stored personal data with the goal of restricting its future processing.
Profiling shall be considered to be each type of automated processing of personal data whereby these personal data shall be used in order to assess certain personal aspects that refer to a natural person–particularly in order to analyse or forecast aspects regarding work performance, financial situation, health, personal preferences, interests, reliability, behaviour, place of residence or relocation of this natural person.
Pseudonymisation shall be considered to be the processing of personal data in such a manner whereby the personal data can no longer be assigned to a specific person without the utilisation of additional information insofar as this additional information is stored separately and subjected to technical and organisational measures which guarantee that the personal data cannot be assigned to an identified or identifiable natural person.
g) Responsible Party or the Party Responsible for the Processing
The responsible party or the party responsible for the processing shall be considered to be the natural or juridical person, government agency, institution or another party who, solely or collectively with others, makes decisions regarding the purposes of and the resources for the processing of personal data. If the purposes of and the resources for this processing have been prescribed by the law of the European Union or the law of the member countries, then the responsible party and/or the specific criteria for his appointment may be prescribed by the law of the European Union or the law of the member countries.
h) Contracted Data Processor
The contracted data processor shall be considered to be any natural or juridical person, government agency, institution or any other party which processes personal data by mandate from the responsible party.
Recipient shall be considered to be a natural or juridical person, government agency, institution or any other party to whom personal data are disclosed regardless of whether the recipient is a third party or not. Government agencies, which may possibly receive personal data within the parameters of a specific investigation mandate in accordance with the law of the European Union or the law of the member countries, shall nonetheless not be considered to be recipients.
j) Third Party
A third party shall be considered to be a natural or juridical person, government agency, institution or any other party with the exception of the Affected Person, the responsible party, the contracted data processor and the persons who have been authorised to process the personal data subject to the direct responsibility of the responsible party or the contracted data processor.
Consent shall be considered to be any statement of intention voluntarily rendered by the Affected Person for the specific case in an informed manner and transparently in the form of a declaration or any other transparently-confirming action whereby the Affected Person announces that he is in agreement with the processing of his personal data.
By using cookies, NEAG AG can supply the users of this Internet site with user-friendlier services which would not be possible without placing the cookie.
The Affected Person may–at any time–prevent the placement of cookies by our Internet site by correspondingly changing the settings on his Internet browser and thus permanently object to the placement of cookies. Furthermore, any cookies that have already been placed may–at any time–be deleted via an Internet browser or other software programmes. This is shall be possible in all commonplace Internet browsers. If the Affected Person deactivates the placement of cookies in the Internet browser being used, he may possibly not be able to comprehensively use all functions of our Internet site.
5. Collection of General Data and Information
The Internet site of NEAG AG shall, during each accessing of the website by an Affected Person or an automated system, collect a series of general data and information. These general data and information shall be stored in the server’s log files. The following may be collected:
(1) Browser types and versions used,
(2) The operating system used by the accessing system,
(3) The Internet site from which an accessing system reaches our Internet site (so-called referrer),
(4) The subpages which are controlled via an accessing system on our Internet site,
(5) The date and the time of day of an accessing of the Internet site,
(6) An Internet protocol address (IP address),
(7) The Internet service provider of the accessing system and
(8) Other similar data and information which serve the purpose of warding off risks in the event of attacks on our information technology systems.
When using these general data and information, the NEAG AG shall draw no inferences regarding the Affected Person. Rather, this information shall be required in order to
(1) Correctly supply the contents of our Internet site,
(2) Guarantee the permanent functionality of our information technology systems and the technology of our Internet site as well as
(3) Supply the information required for criminal investigations to law enforcement agencies in the event of a cyber-attack.
Thus, these anonymously-collected data and information shall be evaluated by the NEAG AG, upon the one hand, statistically and, on the other hand, with the goal of increasing the data protection and the data security at our company in order to ultimately guarantee an optimal protection level for the personal data which we process. The anonymous data from the server log files shall be stored separately from all personal data provided by an Affected Person.
6. Registration on Our Internet Site
The Affected Person shall have the option of registering on the Internet site of the party responsible for the processing while being required to provide personal data. In this regard, which personal data are transmitted to the party responsible for the processing shall be stated in the respective input mask which is used for the registration. The personal data inputted by the Affected Person shall be collected and stored exclusively for internal usage by the party responsible for the processing and for his own purposes. The party responsible for the processing may disseminate the personal data to one or more contracted data processors which shall likewise use the personal data exclusively for internal usage by the party responsible for the processing.
Furthermore, by registering on the Internet site of the party responsible for the processing, the IP address awarded by the Internet service provider (ISP) to the Affected Person, the date as well as the time of day of the registration shall be stored. The storage of these data shall be undertaken before the backdrop that, only by so doing, can the misuse of our services be prevented and, as required, these data shall enable the detection of criminal acts that have been committed. In this regard, the storage of these data shall be required in order to safeguard the party responsible for the processing. In principle, these data shall not be disseminated to third parties insofar as no statutory obligation exists to disclose or the disclosure thereof serves the purpose of the investigation of criminal acts.
The registration of the Affected Person while voluntarily providing personal data enables the party responsible for the processing to offer the Affected Person content or services which can be offered only to registered users based upon the nature of the object. Registered persons shall have the option of–at any time–requesting the changing of the personal data provided during the registration or completely being deleted from the database of the party responsible for the processing.
Upon request at any time, the party responsible for the processing shall issue to each Affected Person information regarding which personal data have been stored regarding the Affected Person. Furthermore, upon the request of or instruction from the Affected Person, the party responsible for the processing shall correct or delete his personal data insofar as no statutory retention obligations oppose this. In this context, all of the employees of the party responsible for the processing shall act as contact persons for the Affected Person.
7. Contact Option via the Internet Site
In accordance with the statutory directives, the Internet site of the NEAG AG contains data which enable a visitor to quickly contact our company electronically as well as to engage in direct communication with us which likewise includes a general address for the so-called electronic mail (e-mail address). Insofar as an Affected Person contacts the party responsible for the processing via e-mail or a contact form, the personal data transmitted by the Affected Person shall be automatically stored. Such personal data transmitted voluntarily by an Affected Person to the party responsible for the processing shall be stored for purposes of the processing or for contacting the Affected Person. These personal data shall not be disseminated to third parties.
8. Routine Deletion and Blocking of Personal Data
The party responsible for the processing shall process and store the personal data of the Affected Person only for the timeframe which is required for the attainment of the storage purpose or insofar as this was prescribed by the European lawmakers or any other lawmakers in laws or guidelines which the party responsible for the processing must follow.
If the storage purpose ceases to be valid or a storage timeframe prescribed by the European lawmakers or any other competent lawmakers lapses, the personal data shall be blocked or deleted routinely and in accordance with the statutory directives.
9. Rights of the Affected Person
a) Right of Confirmation
Each Affected Person has the right, which has been granted by the European lawmakers, to demand a confirmation from the party responsible for the processing regarding whether his personal data are being processed. If an Affected Person would like to exercise this right of confirmation, he may–at any time–contact an employee of the party responsible for the processing.
b) Right to Information
Each Affected Person, whose personal data are being processed, shall have the right, which has been granted by the European lawmakers, to–at any time–receive free-of-charge information regarding the personal data saved about his person and a copy of this information from the party responsible for the processing. Furthermore, the European lawmakers have granted the Affected Person the right to request the following information:
• The processing purposes
• The categories of personal data which are being processed
• The recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed–particularly in the case of recipients in non-EU countries or international organisations
• If possible, the planned duration for which the personal data are being stored or, if this is not possible, the criteria for the determination of this timeframe
• The existence of a right to the correction or deletion of his personal data or a restriction of the processing by the responsible party or a right of objection to this processing
• The existence of a right to submit a complaint to a government supervisory agency
• If the personal data are not collected from the Affected Person: All available information regarding the origin of the data
• The existence of automated decision-making including profiling in accordance with Article 22 Para.1 and 4 GDPR and–at least in these cases–detailed information regarding the logic involved as well as the scope and the intended ramifications of such a processing for the Affected Person
Furthermore, the Affected Person shall have a right to information regarding whether personal data have been transmitted to a non-EU country or to an international organisation. Insofar as this is the case, then the Affected Person shall also have the right to receive information regarding the suitable guarantees in conjunction with the processing.
If an Affected Person would like to exercise this right to information, he may–at any time–contact an employee of the party responsible for the processing.
c) Right of Correction
Each Affected Person shall have the right, which has been granted by the European lawmakers, to demand the prompt correction of his personal data which are incorrect. Furthermore, the Affected Person shall have the right, subject to the consideration of the purposes of the processing, to demand the completion of incomplete personal data–including via a supplemental declaration.
If an Affected Person would like to exercise this right of correction, he may–at any time–contact an employee of the party responsible for the processing.
d) Right of Deletion (Right to be Forgotten)
Each Affected Person shall have the right, which has been granted by the European lawmakers, to demand from the responsible party that his personal data be promptly deleted insofar as one of the following reasons is valid and insofar as the processing is not required:
• The personal data have been collected for such purposes or processed in any other manner for which they are no longer required.
• The Affected Person revokes his consent, upon the basis of which the processing is undertaken in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR and no other legal basis for the processing exists.
• The Affected Person lodges an objection to the processing in accordance with Art. 21 Para. 1 GDPR and no prevailing justified reasons for the processing exist or the Affected Person lodges an objection to the processing in accordance with Art. 21 Para. 2 GDPR.
• The personal data have been illegally processed.
• The deletion of the personal data is required in order to fulfil a legal obligation in accordance with the law of the European Union or the law of the member countries which the responsible party must follow.
• The personal data have been collected with regards to the services offered by the information society in accordance with Art. 8 Para. 1 GDPR.
Insofar as one of the aforementioned reasons is valid and an Affected Person would like to request the deletion of the personal data which have been stored by NEAG AG, he may–at any time–contact an employee of the party responsible for the processing in this regard. The employee of the NEAG AG shall ensure that the deletion request is promptly fulfilled.
If the personal data have been publicly disclosed by NEAG AG and our company, as the responsible party in accordance with Art. 17 Para. 1 GDPR, is obliged to delete the personal data, then the NEAG AG shall, subject to the consideration of the available technology and the implementation costs, undertake appropriate measures–including of a technical nature–in order to notify other responsible parties which process the published personal data that the Affected Person has demanded from these other responsible parties that they delete all links to these personal data or of copies or replications of these personal data insofar as the processing is not required. The employee of the NEAG AG shall ensure that the required action be undertaken in the individual case.
e) Right to Restriction of the Processing
Each Affected Person shall have the right, which has been granted by the European lawmakers, to demand from the responsible party the restriction of the processing if one of the following requirements has been fulfilled:
If the correctness of the personal data is disputed by the Affected Person and indeed for a duration which enables the responsible party to verify the correctness of the personal data.
The processing is illegal, the Affected Person rejects the deletion of the personal data and instead demands the restriction of the usage of the personal data.
The responsible party no longer requires the personal data for the purposes of the processing, but the Affected Person nonetheless requires them for the assertion, exercising or warding-off of legal claims.
The Affected Person has lodged an objection to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the justified reasons of the responsible party outweigh those of the Affected Person.
Insofar as one of the aforementioned requirements has been fulfilled and an Affected Person would like to demand the restriction of the personal data which have been stored by the NEAG AG, it may - at any time - contact an employee of the responsible party. The employee of the NEAG AG shall affect the restriction of the processing.
f) Right to Data Portability
Each Affected Person, whose personal data are being processed, shall have the right, which has been granted by the European lawmakers, to receive his personal data, which have been provided by the Affected Person to a responsible party, in a structured, popular and machine-readable format. Moreover, he shall also have the right to transmit these data to another responsible party without any objections being lodged by the responsible party to whom the personal data have been provided insofar as the processing is based upon the consent granted in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or upon a contractual agreement in accordance with Art. 6 Para. 1 lit. b GDPR and the processing is undertaken via an automated process, insofar as the processing is not required for the fulfilment of a task, lies in the public interest or encompasses the exercising of public authority which has been assigned to the responsible party.
Furthermore, the Affected Person, during the exercising of his right to data portability in accordance with Art. 20 Para. 1 GDPR, shall have the right to request that the personal data be transmitted directly by one responsible party to another responsible party insofar as this is technically feasible and insofar as the rights and freedoms of other persons are not restricted by so doing.
In order to assert the right of data portability, the Affected Person may–at any time–contact an employee of NEAG AG.
g) Right of Objection
Each Affected Person shall have the right, which has been granted by the European lawmakers, to–at any time for reasons based upon his specific situation–to lodge an objection to the processing of his personal data which is being undertaken in accordance with Art. 6 Para. 1 lit. e or f GDPR. This shall also be valid for a profiling supported by these provisions.
In the event that an objection has been lodged, the NEAG AG shall no longer process the personal data unless we can document mandatory reasons for the processing that are worthy of protection which outweigh the interests, rights and freedoms of the Affected Person or the processing serves the purpose of the assertion, exercising or warding-off of legal claims.
If NEAG AG processes the personal data in order to conduct direct advertising, then the Affected Person shall have the right to - at any time - lodge an objection to the processing of the personal data for the purpose of such advertising. This shall also be valid for the profiling insofar as it is in conjunction with such direct advertising. If the Affected Person submits an objection to NEAG AG regarding the processing of his personal data for the purpose of direct advertising, then NEAG AG shall no longer process the personal data for these purposes.
In addition, the Affected Person shall have the right–for reasons based upon his specific situation–to lodge an objection to the processing of his personal data which is undertaken by the NEAG AG for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR unless such processing is required in order to fulfil a task in the public’s interest.
In order to exercise the right of objection, the Affected Person may directly contact any employee of NEAG AG or any other employee. Furthermore, the Affected Person shall be at liberty, in conjunction with the usage of the services of the information society and notwithstanding Guideline 2002/58/EC, to exercise his right of objection via an automated procedure whereby technical specifications are used.
h) Automated decision-making in the individual case including profiling.
Each Affected Person shall have the right, which has been granted by the European lawmakers, to not be subjected to decision-making which is based upon exclusively automated processing–including profiling–which creates legal ramifications for the Affected Person or similarly and substantially restricts the Affected Person insofar as the decision-making (1) is not required for the conclusion or the fulfilment of a contractual agreement between the Affected Person and the responsible party or (2) in accordance with the legal guidelines from the European Union or the member countries which the responsible party must follow, is permissible and these legal guidelines contain appropriate measures for the safeguarding of the rights and freedoms as well as the rightful interests of the Affected Person or (3) is undertaken with the express consent of the Affected Person.
If the decision-making (1) is required for the conclusion or the fulfilment of a contractual agreement concluded between the Affected Person and the responsible party or (2) is undertaken with the express consent of the Affected Person, NEAG AG shall undertake appropriate measures in order to safeguard the rights and freedoms as well as the rightful interests of the Affected Person whereby this shall include at minimum the right upon the part of the responsible party to have a person intervene to submit its own viewpoint and contest the decision-making.
If the Affected Person would like to assert rights with regards to the automated decision-making, he may–at any time–contact an employee of the responsible party.
i) Right to Revocation of a Consent Granted under Data Protection Law
Each Affected Person shall have a right, which has been granted by the European lawmakers, to–at any time–revoke a consent for the processing of personal data.
If the Affected Person would like to assert his right to revoke a consent, he may–at any time–contact an employee of the responsible party.
10. Data Protection Provisions for Using and Applying Analytical Tools (among others, Google Analytics)
In order to be able to optimise our website, we collect visitor statistics at multiple levels regarding the usage of our website. We wish to briefly discuss these usages below:
At the database level, at the editorial level, we can access registration data at any time and thus, for example, find out the registration figures for an event or how the origin of the participants breaks down statistically. Independent of the personal data, the server shall also store some technical data ("Metadata") such as visiting times or the IP address. These data can also be summarised and statistically evaluated in order to optimise the technical usability of the Internet site and identify problems.
Moreover, we use server-side analytical software which provides us with highly-detailed insights into the surfing behaviour of our visitors. Thus, for example, we can identify which subpages are visited how often, at what time of day there are the most visits and how often visitors return.
This website uses Google Analytics, a web analysis service from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The usage encompasses the operational mode of “Universal Analytics”. Thus, it is possible to categorise data, sessions and interactions across multiple devices to a pseudonym user ID and thus to analyse the activities of a user across devices.
Google Analytics uses so-called “cookies”–text files which are stored on your computer and which enable an analysis of your usage of the website. As a rule, the information generated by the cookie regarding your usage of this website shall be transmitted to a Google server in the USA and stored there. However, in the event of the activation of IP anonymisation on this website, your IP address shall be shortened beforehand by Google within the member countries of the European Union or in other contracting countries to the European Economic Area Convention. Only in exceptional cases shall the entire IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser for Google Analytics shall not be commingled with other data by Google.
By mandate from this website’s operator, Google shall use this information in order to evaluate your usage of the website, in order to draft reports regarding the website activities and in order to render additional services associated with the usage of the website and the Internet to the website’s operator. Based upon these purposes, we have a rightful interest in the data processing. The legal basis for the usage of Google Analytics is § 15 Para. 3 of the German Telemedia Act and/or Art. 6 Para. 1 lit. f GDPR. The data which we send and link to cookies, user identifiers (e.g. user ID) or advertising IDs shall automatically be deleted after 14 months. The deletion of the data, whose retention timeframe has been reached, shall automatically be undertaken once per month. You can find detailed information regarding the usage terms and conditions and data protection at www.google.com/analytics/terms/de.html and/or at policies.google.com.
You can prevent the storage of cookies by correspondingly changing the settings on your browser software; however, we wish to point out that, in this case, you may not be able to comprehensively use all functions of this website. Moreover, you can prevent the collection of data (including your IP address), which has been generated by the cookie and refers to your usage of the website, from being sent to Google as well as the processing of these data by Google by downloading and installing the browser add-on. Opt-out cookies will prevent the future collection of your data when visiting this website.
In order to prevent the data collection by Universal Analytics across various devices, you must implement the opt-out on all systems used. If you click here, the opt-out cookie shall be placed: deactivate Google Analytics
11. Data Protection Provisions for the Usage of YouTube
The responsible party has integrated YouTube components into this Internet site. YouTube is an Internet video portal that enables video publishers to, upon a free-of-charge basis, publish video clips and which also enables other users to, likewise upon a free-of charge basis, to view, rate and comment on these video clips. YouTube permits the publication of all types of videos which is why both complete films and TV shows, but also music videos, trailers or videos created by the users themselves can be accessed via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Through each retrieval of one of the individual pages of this Internet site that is operated by the responsible party and into which a YouTube component (YouTube video) has been integrated, a request shall automatically be sent by the respective YouTube component to the Internet browser on the information technology system of the Affected Person to download a displaying of the corresponding YouTube component from YouTube. Additional information regarding YouTube can be reviewed at www.youtube.com/yt/about/de/ During this technical process, YouTube and Google shall be notified of which concrete subpage of our Internet site the Affected Person has visited.
Insofar as the Affected Person is logged-in to YouTube at the same time, YouTube shall, upon the visiting of a subpage which contains a YouTube video, be notified of which concrete subpage of our Internet site the Affected Person has visited. This information shall be collected by YouTube and Google and categorised to the respective YouTube account of the Affected Person.
YouTube and Google shall always then receive a notification via the YouTube component that the Affected Person has visited our Internet site if the Affected Person is simultaneously logged-in to YouTube when visiting our Internet site; this shall occur regardless of whether the Affected Person has clicked on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desired by the Affected Person, this transmission can be prevented by logging out of your YouTube account before visiting our Internet site.
The data protection guidelines published by YouTube, which can be reviewed at www.google.de/intl/de/policies/privacy/, provide insights regarding the collection, processing and usage of personal data by YouTube and Google.
12. Data Protection for Job Applications and Job Application Procedures
The responsible party shall collect and process the personal data of job applicants for the purpose of implementing the job application procedure. The processing can also be done electronically. This shall then particularly be the case if an applicant transmits corresponding job application documents electronically, e.g. by e-mail or via a web form located on the Internet site, to the responsible party. If the responsible party concludes an employment agreement with an applicant, the transmitted data shall be stored for the purpose of the implementation of the employment relationship in accordance with the statutory directives. If the responsible party has concluded no employment agreement with the applicant, then the application documents shall automatically be deleted two months after the rejection decision is announced insofar as a deletion is not opposed by any other rightful interests of the responsible party. Another rightful interest in this sense shall be, for example, a documentation obligation for a procedure in accordance with the Allgemeinen Gleichbehandlungsgesetz [General Equal Opportunity Act] (AGG).
13. Legal Basis for the Processing
Art. 6 I lit. a GDPR shall serve our company as the legal basis for processing procedures whereby we shall obtain a consent for a specific processing purpose. If the processing of personal data is required for the fulfilment of a contractual agreement whose contractual party is the Affected Person such as, for example, is the case for processing procedures which are required for a delivery of goods or the rendering of any other service or counter-performance, then the processing shall be based upon Art. 6 I lit. b GDPR. The same shall be valid for such processing procedures which are required for the implementation of pre-contractual measures, e.g. in the cases of inquiries regarding our products or services. If our company has a legal obligation, based upon which a processing of personal data becomes required, e.g. for the fulfilment of tax obligations, then the processing shall be based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data could be required in order to protect vital interests of the Affected Person or of another natural person. This would be the case, for example, if a visitor would be injured on our company’s premises and consequently his name, his age, his medical insurance fund data or any other vital information would have to be disclosed to a physician, a hospital or other third parties. Then the processing would be based on Art. 6 I lit. d GDPR. Last but not least, the processing procedures could be based on Art. 6 I lit. f GDPR. Processing procedures can be supported by this legal basis which are covered by none of the aforementioned legal bases if the processing is required in order to safeguard a rightful interest of our company or of a third party insofar as the interests, fundamental rights and fundamental freedoms of the Affected Person do not outweigh this. Thus, we shall be permitted to conduct such processing procedures particularly because they have been specifically mentioned by the European lawmakers. In this regard, the European lawmakers have expressed their belief that a rightful interest could be assumed if the Affected Person is a customer of the responsible party (Recital 47 Clause 2 GDPR).
14. Rightful Interests in the Processing being Undertaken by the Responsible Party or a Third Party
If the processing of personal data is based on Article 6 I lit. f GDPR, our rightful interest shall be the implementation of our business activities to the benefit of the welfare of all our employees and our shareholders.
15. Timeframe for which the Personal Data are Stored
The criterion for the timeframe of the storage of personal data shall be the respective statutorily-prescribed retention timeframe. After the lapsing of the timeframe, the corresponding data shall be routinely deleted insofar as they are no longer required for the fulfilment or negotiation of a contractual agreement.
16. Statutory or Contractual Provisions for the Supplying of Personal Data; Necessity for the Conclusion of the Contractual Agreement; Obligation of the Affected Person to Supply the Personal Data; Potential Consequences of the Failure to Provide Such Personal Data
We wish to inform you that the supplying of personal data may sometimes be prescribed by law (e.g. tax guidelines) or in contractual provisions (e.g. data regarding the contractual partner). Occasionally, in order to conclude a contractual agreement, it may be required that an Affected Person supply us with personal data which we must then subsequently process. For example, the Affected Person shall be obliged to supply us with personal data if our company concludes a contractual agreement with him. A failure to provide such personal data would result in the consequence that the contractual agreement could not be concluded with the Affected Person. Before the Affected Person supplies personal data, the Affected Person must contact one of our employees. Our employee shall inform the Affected Person in the individual case regarding whether the supplying of the personal data is prescribed by law or contractually or is required for the conclusion of a contractual agreement, regarding whether an obligation exists to supply the personal data and which the ramifications would be of such a failure to supply the personal data.
17. Existence of Automated Decision-Making
As a responsible company, we forego automated decision-making or profiling.
This Data Protection Declaration was drafted while using the data protection declaration generator of the DGD Deutsche Gesellschaft für Datenschutz [German Society for Data Protection] GmbH which works as an external data protection officer in Straubing in cooperation with Attorney for Data Protection Law Christian Solmecke.