The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with content relevant to data protection is the following:
ORGATEX GmbH & Co. KG
represented by ORGATEX Verwaltungsgesellschaft mbH, Langenfeld, Germany; in turn represented by Managing Director Jürgen May
Telephone: +49 (0)2173 1064-0
Fax: +49 (0)2173 1064-50
- Data protection officer
If you have any questions about data protection, please write us an e-mail or contact our Data Protection Officer directly:
IT Südwestfalen AG
Kalver Straße 23
58515 Lüdenscheid, Germany
Tel. +49 (0)2351-67257300
- General information
- Definitions pursuant to Art. 4 GDPR
The terms we use in this Privacy Statement include the following:
‘Personal data’ refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). A natural person is deemed identifiable if he or she can be identified, directly or indirectly, in particular through assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.
A data subject is any identified or identifiable person whose personal data are processed by the controller in charge of the processing.
‘Processing’ is taken to denote any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in future.
Controller or party responsible for processing
The controller or party responsible for processing means the natural or legal person, public authority, agency or any other body which, acting alone or jointly with others, determines the purposes and means of the processing of personal data; Where the purposes and means of such processing are laid down by the laws of the European Union or by the laws of Member States, the identity of the controller or the criteria governing the controller’s designation can be provided for pursuant to European Union law or the law of the Member States.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, regardless of whether or not this is a third party. Authorities that may be entitled to receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate are not, however, regarded as recipients.
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorised to process personal data under the direct authority of the controller or processor.
- Basis in law for processing
Art. 6 (I) (a) GDPR provides our company with the basis in law for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or consideration, processing is performed on the authority of Art. 6 (I) (b) GDPR. The same applies to such processing operations as are necessary to carry out pre-contractual measures, such as in cases of enquiries about our products or services. If our company is subject to a legal obligation as a result of which processing of personal data is required, for example to fulfil tax obligations, the processing is based on Art. 6 (I) (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our company were to be injured and that person’s name, age, health insurance data or other vital information subsequently had to be passed along to a physician, a hospital or other third parties. The processing would then be based on Art. 6 (I) (d) GDPR. Finally, processing operations can be based on Art. 6 (I) (f) GDPR. Processing operations not covered by any of the aforementioned legal bases are rooted in this basis in law if processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests and the fundamental rights and freedoms of the data subject do not take precedence. We have express authority to carry out such processing operations as these have been specifically mentioned under European law. In this respect, the law represented the view that a legitimate interest can be assumed if the data subject is a customer of the controller (Recital 47, sentence 2, GDPR).
- Recording of general information
Information of a general nature is automatically recorded whenever you access our website. This information (server log files) includes, for instance, the type of browser used, the operating system used, the domain name of your internet service provider, and similar data. None of the information collected permits conclusions about your personal identity. This information is necessary for technical reasons in order to correctly display the website content you have requested; it is mandatorily transmitted whenever you use the Internet. We can perform statistical analysis of anonymous information of this type in order to improve our Internet presentation and the technology underlying it. The basis in law for the processing of these data is Art. 6 (1) (f) GDPR, which permits processing of data for the fulfilment of a contract or of pre-contractual measures.
These access data are evaluated exclusively in order to ensure trouble-free operation of the website and for the improvement our offer. These data are collected pursuant to Art. 6 (1) Sentence 1 (f) GDPR; their collection is in furtherance of our interest in a correct presentation of our offer. All access data are erased not later than seven days after the end of your visit to the website.
Within the context of processing carried out on our behalf, a third-party provider furnishes us with services for the hosting and presentation of the website. This is also in furtherance of our interest in a correct presentation of our offer. All of the data collected during use of this website or in forms provided for that purpose in the online shop, as described below, are processed on the third-party provider’s servers. Processing on other servers takes place only within the framework described here.
The aforementioned service provider (third party) has its main office in a country/state in the European Union or in the European Economic Area.
- Storage period
The criterion for the period of storage of personal data is the statutory retention period in question. After the deadline, the corresponding data are routinely erased if they are no longer required to fulfil or initiate a contract.
- Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in so-called server log files. This information comprises:
- Browser type and browser version
- The operating system used
- Referrer URL
- The host name of the accessing computer
- The time of the server request
- IP address
For technical reasons, and particularly to ensure a secure and stable Internet presentation, these data are transmitted to our webspace provider. The data thus collected are stored temporarily but not together with any other of your data.
The basis in law for this storage is provided by Art. 6 (1) (f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our Internet presentation.
The data are deleted again within seven days, unless continued storage is required for evidentiary purposes. Otherwise, data will be excluded from deletion until investigation of an incident has been finally resolved.
- Data collection and use for the processing of contracts and the opening of a customer account
We collect personal data if you voluntarily provide us with this data in connection with your order, when contacting us (e.g. via contact form or e-mail), or when opening a customer account. Mandatory fields are marked as such, as in these cases we require the data for contract processing, to process your contact, or to open your customer account, and you cannot complete the order and/or open the account, or cannot establish the contact without this information. Specifically, the following disclosures are mandatory:
- company name
- form of address
- first and last names
- e-mail address
as well as voluntarily provided telephone, fax and mobile phone numbers
We use the data you provide for contracting and processing your requests, pursuant to Art. 6 (1) Sentence 1 (b) GDPR. After completion of the contract or deletion of your customer account, your data will be restricted for further use and deleted after the mandatory storage periods defined in tax and commercial legislation, unless you have given your express consent for further use of your data, or unless we have reserved the right to a more extensive use of the data as permitted by law and about which we inform you below. Where not prohibited by provisions of tax or commercial law or other legal provisions, your account can be deleted at any time, either by sending a message to the contact address listed below or using the button provided for this purpose within your account.
In addition, the following information is processed:
- Contract data (e.g. subject matter of the contract, term, customer category).
- Payment data (e.g., bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
- Data transfer
- Newsletter and postal advertising
If you sign up for our newsletter, we use the data necessary, or separately provided by you, to send you our e-mail newsletter regularly based on your consent given in accordance with Art. 6 (1) Sentence 1 (a) GDPR.
You can unsubscribe from the newsletter at any time. You can do this either by sending a message to the contact point described below, or via a link provided in the newsletter for this purpose. After you have unsubscribed, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, as permitted by law and as described to you in this Statement.
Postal advertising and your right to object
Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. to send interesting offers and information about our products by post. This serves to protect our legitimate interests in an advertising approach to our customers in accordance with Art. 6 (1) Sentence 1 (f) GDPR.
- Contact form
The website contains disclosures that permit quick electronic contact with our company as well as direct communication with us. The last and first names, the telephone number and a general e-mail address are also recorded in this context. If a data subject contacts the controller responsible for processing by e-mail or via a contact form, any personal data transmitted by the data subject are automatically stored. Such personal data voluntarily transmitted by a data subject to the controller responsible for processing are stored for the purpose of processing or of contacting the data subject. These personal data will not be disclosed to third parties. Furthermore, the data are erased after the purpose for which they have been provided ceases to apply.
a) Session cookies
Our Internet presentation makes use of what are known as ‘cookies’. Cookies are small text files or other storage technologies transmitted to and stored on your computer by the Internet browser you use. These cookies process certain specific information about you, such as your browser or location data or your IP address.
This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping-cart function. The basis in law for this processing is Art. 6 (1) (b) GDPR, insofar as these cookies are processed to initiate or process contractual relationships.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our Internet presentation. In this case, the basis in law is Art. 6 (1) (f) GDPR.
These session cookies are deleted when you close your browser.
b) Third-party-provider cookies
Please refer to the following information for details, specifically for the purposes and the bases in law of such third-party-provider cookies.
c) Option for removal
You can prevent or limit the installation of cookies by means of your browser settings. You can also always delete stored cookies at any time. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its manufacturer or support service. Browser settings cannot prevent so-called flash cookies from being set, however. Instead, you will need to change the setting on your Flash player. The steps and measures that this requires are also a function of the Flash player you are using. If you have any questions, please also use the help function or consult the documentation for your Flash player or contact its manufacturer or user support.
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
- Google Analytics
For website analysis, this website uses Google (Universal) Analytics, a web-analysis service of Google LLC (www.google.de). This serves to protect our legitimate interests in an optimal presentation of our offer in accordance with Art. 6 (1) Sentence 1 (f) GDPR. Google (Universal) Analytics uses methods that enable analysis of use of the website, such as cookies. As a rule, the information collected about your use of this website is transmitted to a Google server in the USA and stored there. Activation of IP anonymisation on this website, though, will shorten your IP address within Member States of the European Union, or in other Signatory States to the Agreement on the European Economic Area, prior to transmission. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. As a matter of principle, Google will not merge the anonymised IP address transmitted by your browser with other data within the scope of Google Analytics. Once the purpose for collecting the data and its use by Google Analytics have come to an end, the data collected in this connection will be deleted.
Google LLC has its main office in the USA and is certified under the EU-US Privacy Shield. As a result of this agreement between the US and the European Commission, the latter has established that companies certified under the Privacy Shield have an adequate level of data protection.
You may prevent capture of the data generated by the cookie relative to your usage of the website (incl. your IP address) by Google, along with processing of these data by Google, by downloading and installing the browser plug-in available through the following link: http://tools.google.com/dlpage/gaoptout?hl=de
- YouTube video plug-in
This website incorporates third-party content. This content is provided by Google LLC (‘Provider’).
YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
The advanced privacy setting has been enabled for videos from YouTube that are included on our website. This means that no user information is collected and stored by YouTube unless they play a video. The inclusion of videos serves to protect our legitimate interests in optimal marketing of our offer in accordance with Art. 6 (1) Sentence 1 (f) GDPR.
- Google Fonts
Our website uses Google Fonts to display external fonts. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter referred to as ‘Google’). Through certification under the EU-US Privacy Shield (‘EU-US Privacy Shield’)
Google guarantees that it will follow the EU’s privacy regulations when processing data in the USA. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
The basis in law for this is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the optimisation and efficient operation of our website.
Accessing our website establishes a connection to Google from which Google can identify the website from which your request has been sent and the IP address to which the fonts are to be transmitted for display.
At https://adssettings.google.com/authenticated and https://policies.google.com/privacy, Google offers further information, particularly with regard to the options available for preventing data usage.
- Rights of data subjects
Where the personal data stored about you are concerned, you have the following rights vis-à-vis the operator:
- Information (Art. 15 EU GDPR)
- Rectification (Art. 16 EU GDPR)
- Erasure or restriction of processing (Art. 17 and 18 EU GDPR)
- Objection to processing (Art. 21 EU GDPR)
- Data portability (Art. 20 EU GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 EU GDPR) You have the right at any time to be provided with information about personal data we have stored about you. You also have the right to request correction, blocking, or, to the extent allowed by statutory requirements for data storage of business transactions, deletion of your personal data. Please contact our Data Protection Officer for this purpose.
In order for your data to be blocked at all times, it must, for monitoring purposes, be stored in a locked file. You may also request that data be deleted, unless there is a statutory requirement for it to be archived. If such a requirement exists, we will block your data upon request.
Changes to, or revocation of, your consent with future effect can be made by sending us a written notification to this effect.
- Changes to our privacy provisions