Provider and Responsible Entity according to Data Protection Regulation
D-65926 Frankfurt am Main
Tel.: +49 69 305 7256
Fax: +49 69 305 80554
Eugen Müller, Aventis Foundation, Industriepark Höchst, D-65926 Frankfurt am Main, Germany firstname.lastname@example.org
The legal framework for this privacy statement is established by the General Data Protection Regulation (GDPR). When terms like “personal data” and their “processing” are used in this statement, we refer to the definitions provided in Article 4 of the General Data Protection Regulation (GDPR).
The personal data processed for the operation of the online service include inventory data (such as the names and email addresses of newsletter subscribers), usage data (such as the web pages visited while using the online service) and content data (such as individual posts in comment sections).
The term “user” applies to every individual whose data are processed by us to provide our online service. This includes every individual who visits our website to access and use our online service. The terminology used, including terms like “user”, is intended to be gender-neutral.
When we process our users’ personal data, we strictly adhere to the relevant data protection regulations. This means that we will only collect and process user data if we have the legal permission to do so, or in other words: if we are contractually or legally required to collect and process them to perform our contractual obligations (e.g. to process orders) and provide our online service; if the users explicitly consent to the collection and processing of their personal data; and if it is necessary for the purposes of the legitimate interests pursued by us (i.e. for the analysis, optimization, efficiency and security of our online service pursuant to Art. 6 (1) of the General Data Protection Regulation GDPR, in particular for the measurement of target reach parameters).
We explicitly refer to the following legal texts as the legal grounds for the following requirements: Art. 6 (1) lit a and Art. 7 GDPR for consent; Art. 6 (1) lit b GDPR for the processing of personal data for the fulfillment of our contractual obligations; Art. 6 (1) lit c GDPR for the processing of personal data for the fulfillment of our legal obligations; and Art. 6 (1) lit f GDPR for the processing of personal data for the pursuit of our legitimate interests.
All of our security measures, be they of organizational, contractual or technical nature, live up to state-of-the-art standards and procedures, to ensure that all relevant data protection regulations are adhered to, and in order to protect the data we process against any accidental or intentional manipulation, loss, destruction or unauthorized access.
One example is the encryption of all data transferred between your browser and our server.
To pursue our legitimate interests in accordance with Art. 6 (1) lit f GDPR, we collect data that record information on the access to the server that hosts this service (so-called server log files). These access data include the name of the website or file accessed by the user, the time and date of the access, the volume of data transmitted, the report of successful retrieval, the browser type and version and operative system used by the user, the HTTP referer, the IP address and the name and address of the accessing provider.
These log files are stored for security purposes (e.g. to investigate abusive or fraudulent activities) and retained for a maximum of seven days before they are deleted. Any data needed as potential evidence will be retained until the respective incident is resolved.
Cookies are small files or pieces of data sent from our web server or third-party web servers and stored in our users’ web browsers for later retrieval. Their purpose is to record information on the user’s browsing activity and to provide this information to the server that sent them.
We use “session cookies” that are only stored in your computer’s temporary memory while you navigate our website (e.g. to enable you to save your login status, use the shopping cart function and to use our online service in general). Session cookies record a randomly generated but unique identification number, the so-called session ID. Unlike other cookies, session cookies do not carry any information on their origin and expiration date. They are not able to store any other data and are deleted as soon as you stop navigating our website or close your browser.
If you do not want our servers to send cookies to your computer, please disable cookies in your browser settings. You can use your settings to delete all cookies that have been stored in your browser. Please note that disabling certain types of cookies may interfere with the use of certain functions on our website.
Google is certified under the Privacy Shield Agreement, which guarantees that the company will adhere to European regulations on data protection. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate how users use our online service, to compile reports on the activities provided within this online offering and to provide us with further services related to the use of this online offering and the general internet usage. These data may be used to create pseudonymous user profiles.
We only use Google Analytics with activated IP anonymization. This means that Google will shorten the user’s IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US before being shortened there.
The IP address submitted by the user’s browser will not be linked to other data provided by Google. Users can adjust their browser settings to disable cookies that record data on their use of the online service. They can also stop Google from retrieving and processing the data collected by the cookies by downloading and installing the browser plug-in available on: http://tools.google.com/dlpage/gaoptout? hl = en.
The following paragraphs will provide you with information on the content of our newsletter, the registration and notification process, the statistical evaluation procedures as well as your right to cancel the service and revoke your consent. By subscribing to our newsletter, you agree to receive the newsletter and consent to the procedures described below.
Content of the newsletter: We will only send newsletters, emails or any other digital messages with advertising information (hereinafter referred to as “newsletter”) if the recipient has explicitly agreed to receive the newsletter, or if we have any other kind of legal permission to do so. If the content of the newsletter is explicitly described in the context of the subscription process, the user will be explicitly asked to consent to the receipt of this kind of content. Our newsletters also contain information on our products, offers, promotions and organization.
Double opt-in and logging: If you want to sign up for our newsletter, you have to go through a so-called double opt-in process. That means that after signing up, you will receive an email asking you to verify your email address and confirm your registration. This is necessary to ensure that no-one is able to register with an email address that is not rightfully owned by himself. Since we are legally required to document the registration process, all subscriptions will be registered in a log file. This means that we will also save the exact time and date when you subscribed for the newsletter and confirmed your email address. We will also log any changes to your data stored with the newsletter operator.
Newsletter operator: The newsletter will be operated and sent by the newsletter servicing platform Evalanche, provided by its operator SC-Networks. SC-Networks will process and store the collected data exclusively on servers located in Germany. The contact details for the newsletter operator are as follows: SC-Networks, Enzianstr. 2, 82319 D-Starnberg, Tel.: +49 8151 / 555 16 0, Fax: +49 8151 / 555 16 29, https://www.sc-networks.de.
Subscription data: To sign up and subscribe for the newsletter, you only have to provide your name and email address. Information on your corporate affiliation is optional.
Statistical analysis: The newsletters contain a so-called “web beacon”. A web beacon is a pixel-sized file that delivers certain data to the newsletter operator as soon as the subscriber opens and reads a newsletter message. This includes mostly technical information, such as information on your browser and operating system, your IP address and the time and date of the data retrieval. This information will help the newsletter operator to improve the technical performance of its services by providing specific insights on the users’ reading and usage habits. Statistical data analysis includes determining if the newsletters is opened, when it is opened and which links are clicked. Technically speaking, it is possible to link this information to the individual newsletter recipients. However, neither we nor the newsletter operator intend to observe and monitor individual users. We merely intend to use the statistical and analytical data to learn more about the reading habits of our users and to adapt and develop the content we send them, or to customize the content we send them to their individual preferences.
For the contraction of the newsletter operator and the collection of statistical and analytical data or subscription data, we refer to our right to pursue our legitimate interests pursuant to Art. 6 (1) lit f of the GDPR. We are genuinely interested in using a user-friendly and secure newsletter system that serves both our own professional interests and the expectations of our users.
Cancellation/Revocation: You have the right to unsubscribe from or cancel our newsletter and revoke your consent at any given time. If you chose to do so, you automatically revoke your consent to receive messages from the newsletter operator and have your usage and subscription data collected. Please note that it is not possible to only revoke your consent to one of these procedures: the services provided by the newsletter operator or the collection of usage data for statistical purposes. To unsubscribe from and cancel our newsletter, please look for the respective link at the bottom of each newsletter message. If you have only subscribed to the newsletter, your personal data will be deleted as soon as you unsubscribe and cancel.
Our users have the right to request information on the collection and storage of their personal data. This information will be provided free of charge.
They also have the right to request the correction of inaccurate data, the restriction of the data collection and processing as well as the deletion of their personal data. Wherever applicable, they are of course also free to assert their rights to data portability and to file a complaint with the competent legal authorities if they feel like their personal data may have been unlawfully collected and processed.
Users have the right to revoke their consent to specific data processing procedures. If they do so, they automatically acknowledge the implications that this may have on the services we provide.
The personal data collected by us will be deleted as soon as they are no longer needed for their specific purpose, provided that we are not legally required to retain them. If we are not yet allowed to delete personal user data because they are still needed for other lawful purposes, we will automatically limit their processing. This means that the data will be blocked and not used for any other purposes than the ones they are specifically needed for. This may apply to user data that we are required to retain due to commerce and tax regulations.
We are legally required to retain personal data for 6 years according to Section 257 (1) of the German Commercial Code HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.), as well as for 10 years according to Section 147 (1) of the German Fiscal Code AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
We reserve the right to change this privacy statement, so as to adapt it to new legal situations or changes in the service and data processing procedures. However, this only applies to the parts in which we explain and inform you on general or specific data processing procedures. As soon as we need our users’ explicit consent, and as soon as parts of the privacy statement concern the contractual relationship with our users, the changes will only be implemented after our users have agreed to them.
We also ask our users to actively and regularly seek new information on the content of this privacy statement.
Users have the lawful right to object to the further processing of their personal data, especially when it comes to the processing of personal data for purposes of direct and personalized marketing.