Search
Deutschland
Share

Share this page:

Data protection notice

W. Neudorff GmbH KG (hereinafter also referred to as “Controller”) takes the protection of personal data very seriously and complies with the relevant data protection provisions, in particular the regulations of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Below are the specific details of what data we process regarding the use of our website. 

I. General Information

1. Scope of data processing
We collect and the use personal data of our users categorically only to the extent as this is required to provide a functional website as well as the contents of our website and our services. We only collect and use the personal data of our users, if the processing of the data is permitted by virtue of statutory provisions or following the consent of the user. 

2. Legal basis for data processing
To the extent that we obtain the consent of the user for the processing of personal data on our website, Art. 6 (1) (a) GDPR is the legal basis for the processing of personal data.

The legal basis for the processing of personal data required for the performance of a contract where the contracting party is the user is Art 6 (1) b GDPR. This also applies to processing operations that are required to fulfil a quasi-contractual legal obligation or pre-contractual measures.

Where the processing of personal data is required for the compliance with a legal obligation which we are subject to, Art. 6 (1) (c) GDPR is the legal basis for the processing.

If the processing is required for the protection of a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f)GDPR provides the legal basis for the data protection (so-called balancing of interests). 

In addition, there are other legal bases for the processing of personal data, which we are specifically listing below, insofar as they are relevant.

3. Storage period
The personal data of the users is deleted or locked, as soon as the purpose of the storage no longer exists. For log files, the storage period is 30 days. The data can also be stored where this has been intended by the European or national legislature in EU regulations, laws or other provisions governing our company. The data can also be locked or deleted when a storage period specified by one of the above-mentioned standards expires, unless there is a requirement for the continued storage of the data to conclude or perform a contract.

4. Disclosure of personal data 
If we pass on personal details, we do so exclusively to service providers and partner companies who are supporting us to achieve the above-mentioned purposes. These companies are only permitted to use your personal details as so-called processors to fulfil their tasks on our behalf and are obligated to comply with the appropriate data protection regulations. The processors used by us are:

  • Web service provider 
  • Hosting provider
  • Distribution partner

Apart from these circumstances, however, your personal details will not be passed to third parties. 

5. Place of data processing
The personal data stored by you is processed in the countries of the European Economic Area as well as in countries outside the Agreement on the European Economic Area. The fact that the required appropriate level of data protection is ensured, may in particular result from a so-called “Adequacy Decision” by the European Commission, the so-called “EU Standard Contractual Terms” or - in the case of recipients in the USA - from the compliance with the principles of the so-called “EU-US Privacy Shield”.

II. Processing of Personal Dataon the Website

1. Availability of the website and creation of log files

a) Description of data processing

Each time our website is called up, our system automatically captures data and information from the computer system of the calling computer. 

At the same time, the following data is collected :

  • Information about the browser type and the version used
  • The user’s operating system
  • The internet service provider of the user
  • The user’s IP address
  • Date and time of the access
  • Websites from which the user’s system was directed to our website 
  • websites, which are called up by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

b) Legal basis for the data processing

The legal basis for the temporary storage of the data is Art 6 (1) f GDPR.

c) Purpose of data processing

The temporary storage of the IP address by the system is required to enable the delivery of the website to the computer of the user. For this, the IP address of the user must be stored for the duration of the session. 

Our legitimate interest in processing the data also lies in these objectives, in accordance with Art. 6 (1) (f) GDPR.

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose of being collected. If the data was captured for the availability of the website, the data is deleted after 30 days. 

e) Option to object and eliminate

The capture of the data for the availability of the website and the storage of the data in logfiles is mandatory for the operation of the website. The user does therefore not have the option to object. 

2. Contact form and e-mail contact

a) Description of data processing

Our website contains a contact form, which can be used to contact us by electronic means. If a user chooses this option, the data entered in the input screen is transmitted to us and stored. The mandatory fields are: 

  • E-mail address
  • Message

The user has further the option to provide further optional information in the input screen.

Alternatively, we can be contacted by e-mail. In this case, the personal data of the user transmitted with the e-mail is stored. 

The data is not passed on to third parties in this connection. The data is used solely for the processing of the conversation.

b) Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 (1) (f) GDPR. If the purpose of the e-mail is the conclusion of a contract of a quasi-contract legal obligation, an additional legal basis for the processing is Art. 6 (1) (b) GDPR.

c) Purpose of data processing

The processing of the personal data from the input screen serves merely for the processing of the contact. If contact is established, therein also lies the required legitimate interest in the processing of the data.

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose of being collected. Regarding the personal data form the input screen of the contact form and those which were sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when, due to the circumstances, it can be assumed that the matter has been completed. 

e) Option to object and eliminate

If the user establishes contact with us via contact form or by e-mail, he has the option to object to the storage of his personal data at any time. The objection can be made by contacting us, using the contact details provided at the end of our privacy policy. In case of an objection, the conversation with the user cannot be continued and all personal data stored during this communication will be deleted by us.

3. c) Competitions, promotions 

a) Description of data processing

We occasionally organise competitions/promotions on our website. If a user chooses this option, the data entered in the input screen for the competition is transmitted to us and stored. Such data usually consists of: 

  • First name and last name
  • E-mail address
  • Address
  • if appropriate, further details, which are identified as mandatory or optional

b) Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 (1) (b) GDPR. 

c) Purpose of data processing

The processing of the personal data from the input screen serves merely for the running of the competition or the promotion.

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose of being collected. This is often the case with competitions, when the winners have been determined and the prizes have been dispatched. Further details about the competition can be found in the respective terms and conditions of participations. 

e) Option to object and eliminate

The user can object to the storage of his personal data in principle at any time, the further participation is then, however, no longer possible. The objection can be made by contacting us, using the contact details provided at the end of the privacy policy. 

III. Use of Cookies 

1. Description of data processing

We use cookies to make our website attractive to visitors and to facilitate the use of certain features. These are small text files, which are stored in the browser or by the browser on the end terminal of the user. If a user calls up a website, a cookie can be stored on the operating system of the user. This cookie contains a character string, which enables a definitive identification of the browser when the website is called again by the browser. 

a) Cookies that are required for technical reasons

We use cookies to design our website more user-friendly. Some elements of our website require that the calling browser can be identified also after a change of the website. In the process the following data is stored and transmitted:

    • Opt-out-Cookie

    • Log-in information

b) Cookies that are not required for technical reasons, third-party cookies 

We are also using cookies on our website, which are not necessary for technical reasons, but which enable us in particular to analyse the surfing behaviour of the users. The following data can be transmitted this manner:

    • Use of the website functions

The following cookies, which are not required for technical reasons, are so-called third-party cookies:

    • Frequency at which pages are viewed (Matomo)

When our website is called, the user is informed about the use of cookies and his consent for the processing of the personal data used in this connection is obtained. In this context, reference is also made to this privacy notice. 

c) Information on changing the browser setting

The majority of browsers are set up so that you accept cookies automatically. The user can prevent the storage of cookies on his computer with the appropriate browser settings, whereby the range of functions of our website may, however, be restricted. 

2. Legal basis for the data processing

The legal basis for the processing of personal data is Art. 6 (1) (a) GDPR, if the user has given his consent to this effect.

Otherwise, the legal basis for the processing of personal data with the use of cookies is Art. 6 (1) (f)GDPR.

3. Purpose of data processing

The purpose of the use of cookies, that are required for technical reasons, is to facilitate the use of the website for the user. Some functions of our website cannot be offered without the use of cookies. For such functions it is required that the browser can also be recognised after a different website is being used. 

Cookies that are not required for technical reasons and third-party cookies are used to improve the quality of our website and its contents. By way of analysis cookies we learn how the website is being used and we therefore can continuously optimise our online offering.

The user data collected by cookies on our website are not used to create user profiles.

Our legitimate interest in the processing of the personal data in accordance with Art. 6 (1) (f) GDPR lies also in the above-mentioned purposes. 

4. e) Period of storage, Option to object and eliminate

The computer of the user stores cookies and sends these to our website. As user, you have complete control of the use of cookies. By changing the settings in your browser, you can deactivate or restrict the transfer of cookies. Cookies that are already stored can be deleted at any time. This can also be done automatically. When cookies for our website are deactivated, you may no longer be able to fully use all functions of the website.

IV. Links to Social Networks, Social Plugins 

a) Social plugins 

Our online offering is complemented by the official presence of Neudorff in the following social networks: 

- Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) 
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) 
- Google+ (Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA) 
- YouTube (a service provided by Google Inc., 901 Cherry Avenue, San Bruno, CA 94066, USA) 
- Twitter (Twitter, Inc., 1355 Market Street, San Francisco, CA 94103, USA) 
- WhatsApp (WhatsApp Ireland Ltd. , 4 Grand Canal Square, Dublin 2, IR)

Visitors to our website can access these sites via links. The links are indicated on our website by the respective logo of the relevant social network. 

In as far as we also use the so-called social plugins of the above-mentioned social networks in this regard, we integrate the Shariff solution, which enhances data protection (see www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html). The usual social media buttons already transfer user data for every page view to the relevant social networks. You create unseen contact with the servers of the social networks even when the user is not logged in or is not a member of the network. The Shariff solution here acts as an intermediary and ensures that when simply viewing our website no initial transfer of data to the social networks takes place. Only when you click on one of the social plugins can data be transferred to the respective network and stored there. The social network then receives the information that you have called up the relevant subpage of our online offering. For this to happen, you do not have to have an account with this social network nor do you have to be logged in there. If you are registered with or logged in at this point to your personal user account with the applicable social network, then the applicable social network can link the access to this website with your user account To avoid this, you have to log yourself out of your user account before clicking on the above-mentioned social plugins with the respective social network. Please note that the processing and use of personal data is the responsibility of the relevant social network and Neudorff neither has nor obtains any information concerning the actual scope and content of the transmitted data nor of its use by the relevant provider. It has to be assumed that at least the IP address and device-related data will be collected and used. In addition, it is possible that the social networks will use cookies. For further information regarding the extent of processing of your personal data by the provider of the social networks, as well as regarding setting options for the protection of your privacy, please refer to the data protection guidelines of the respective provider: 

- Facebook: www.facebook.com/about/privacy 
- Instagram: www.instagram.com/about/legal/privacy/ 
- Google+: www.google.com/intl/de/policies/privacy/ 
- YouTube: www.youtube.com/t/privacy 
- Twitter: twitter.com/de/privacy 
- WhatsApp: www.whatsapp.com/legal/

b) Integration of YouTube Videos 

On our website, we use the service provider YouTube for the integration of videos. YouTube is a service provided by Google Inc. with headquarters in 901 Cherry Avenue, San Bruno, CA 94066, USA. We use integrated YouTube videos in the so-called enhanced data protection mode, i.e. YouTube does not store any data about the users of our website unless the users view the video. If the YouTube video is clicked, this may trigger further data processing operations (e.g. the storing of cookies by YouTube) over which Neudorff does not have any influence. To find out more information concerning the purpose and extent of the collection and use of data by YouTube as well as your rights and setting options for protection as a YouTube customer, please refer to the YouTube data protection notice (www.youtube.com/t/privacy) 

Use of Google Maps 

Our website uses Google Maps of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA to display maps. When our website is called up, your browser establishes a direct connection with the Google servers. Please note that Neudorff does not have any information about the actual extent and content of the processing of data by Google. It has to be assumed that at least the IP address will be collected and used. For further information about the extent of the processing of your personal data by Google as well as setting options for the protection of your privacy, please refer to the Google data protection notice ( www.google.com/intl/de_de/policies/privacy/ ). 

You have the option of deactivating Google Maps in a simple manner, thereby preventing any data transfer to Google: To do this, deactivate JavaScript in your browser. However, we would like to point out that, in this case, you will not be able to use the map display. If you use this website without deactivating the JavaScript function then you expressly declare that you are aware of the problems relating to data protection legislation, that you agree with the processing of the data collected about you by Google in the manner previously described and for the aforementioned purpose. 

VI. Use of web analysis tools 

1. General information

Our website uses the web analysis tool “Matomo” (formerly Piwik). The analysis of the user behaviour is important, as the demand of contents can be analysed in this way and the online-offering can be optimised. 

Our legitimate interest in processing the data also lies in these objectives. 

The legal basis for the processing of personal data with the use of web analysis tools in the present form is Art. 6 (1) (f) GDPR. 

The user data collected within the scope of Matomo are not used to create user profiles.

2. Supplementary notes on the use of Matomo

Matomo uses cookies, which that are stored on your computer and enable us to analyse your use of the website. For this purpose, the usage information produced by the cookie (including your abbreviated IP address) is stored on our server and on the server of our IT service provider fishfarm netsolutions GmbH on our behalf and is only evaluated internally. Your IP address is immediately made anonymous to prevent you being identified as the user. The usage information captured by the cookie is not passed to third parties and is used to identify and optimise relevant contents of our online offering. You can prevent the use of cookies by setting up your browser software accordingly. However, this may mean that you cannot use all the functions of our website. 

If you do not wish usage information from your visit to be stored and evaluated, then you can stop this process of storage and use at any time by a mouse click. This will store a so-called opt-out cookie in your browser, which will prevent Matomo from collecting any usage information. Please be aware that deleting your cookies will also delete the opt-out cookie. In this event you will have reactivate it.

Preventing data gathering by Matomo

VII. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the DSGVO, und you have the following rights against the Controller:

1. Right of access

You have the right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed by us. 

If this is the case, you can request the following information from the Controller:

  • The purposes of the processing of your personal data;
  • the categories of personal data that is being processed;
  • the recipients or categories of recipient to whom the personal data concerning you has been or will be disclosed;
  • the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing or to object to such processing; 
  • the existence of the right to lodge a complaint with a supervisory authority;
  • all available information as to the source of the data, where the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification 

You have the right to obtain from the controller the rectification and/or completion, if the processed personal data concerning you is inaccurate or incomplete. The Controller shall carry out the correction immediately.

3. Right to restriction of processing

You can request the restriction of processing the personal data concerning you when one of the following applies:

  • you are contesting the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer requires the personal data for the purposes of the processing, but they you required the personal data for the establishment, exercise or defence of legal claims, or
  • you have objected to the processing in accordance with Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where processing of the personal data concerning you, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If the restriction of processing was restricted under the above-mentioned conditions, you shall be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Duty of erasure

You have the right to request from the controller the immediate erasure of personal data concerning you and the controller shall has the obligation to immediately erase such data if one of the following grounds applies:

  • The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based according to Art. 6 (1) (a), or Article 9 (2) (a) GDPR, and there is no other legal ground for the processing. 
  • You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR. 
  • The personal data concerning you has been unlawfully processed. 
  • The personal data concerning you has to be erased for compliance with a legal obligation in accordance with EU law or the law of a Member State to which the controller is subject. 
  • The personal data concerning you has been collected in relation to the offer of information society services in accordance with Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged in accordance with Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, such personal data. 

c) Exceptions to the duty of erasure

The right to erasure does not exist where the processing is required

  • for exercising the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by EU law or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • or the establishment, exercise or defence of legal claims.

5. Right to Notification

If you have asserted the right to rectifications, erasure or restriction of processing against the controller, the latter is obliged to notify all recipients to whom the personal data has been disclosed, of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about those recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller without hindrance from the controller to which the personal data has been provided, if

  • The processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on these provisions. 

The controller shall no longer process the personal data unless the controller can demonstrate compelling legitimate grounds worthy of protection for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If the personal data concerning you are processed for the purpose of direct advertisement, you have the right to object at any time to the processing of the personal data concerning you for such purposes; this also applies to profiling, where it is connected to such direct advertisement.

If you object to the processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.

8. Right to withdraw the consent pursuant to data protection law

You have the right to withdraw your consent pursuant to data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply, if the decision 

  • is necessary for entering into, or the performance of, a contract between you and the controller,
  • is permitted by EU law or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  • is based on your explicit consent.

However, these decisions must not be based on special categories of personal data in accordance with Article 9 (1), unless Article 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in points (1) and (3) , the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right of lodge a complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation. 

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

VIII. External links

Our website may contain links that lead to third-party websites. Where this is not obvious, we point out that it is an external link. We have no influence over the content and layout of sites provided by external providers. This privacy policy does not apply in this respect.

IX. Amendment of this Privacy Policy 

Our Privacy Policy needs to be updated from time to time to accommodate the continual development of the Internet and the associated changes in the applicable legal regulations. We will inform you here about any relevant changes. 

X. Controller 

Controller within the meaning of the GDPR and other national data protection laws of EU Member States as well as of other data protection provisions is: 

W. Neudorff GmbH KG 
An der Mühle 3 
31860 Emmerthal 
Germany

Telephone: +44 (0)5155-62440
Email: info@neudorff.de 
Website: www.neudorff.de

The full legal notice can be found here: https://www.neudorff.de/en/informationen/disclosure.html

XI. Contact details of the Data Protection Officer

The contact details of the Data Protection Officer for the Controller are:

Andreas Frick, datenschutz@neudorff.de (until 30.05.2018) 

Thomas Werning, datenschutz@neudorff.de (as of 31.05.2018)

As of: May 2018