Data Protection & Source Disclaimer
We are very pleased that you are interested in our company. The executive management of ferax e.K. places great value on data protection. The use of our company website is basically possible without entering personal data. However, if a person wishes to use customized services via our website then the processing of person-related data may be necessary. Should it be necessary to process personal data and if there is no given statutory basis for this processing then in general we ask the consent of the person concerned.
Processing of personal data, for example name, address, e-mail address or telephone number of the affected person is always undertaken in conformity with the data protection regulation and in compliance with the specific state data protection regulations valid for ferax e.K. By means of this data privacy statement our company wishes to inform the public about the type, the scope and the purpose of the personal data which we collect, use and process. Further, persons concerned are informed by means of this data privacy statement about the rights to which they are entitled.
ferax e.K. as the entity responsible for the processing, has implemented numerous technical and organizational measures in order to provide protection which is as complete as possible in order to secure personal data which is processed through this website. Nevertheless, internet-based data transmissions in general can prove to have gaps in security such that absolute protection cannot be guaranteed. For this reason any person concerned has the right to let us have personal data by alternative means, for example by telephone.
- Definition of terms
The data privacy declaration of the ferax e.K. company is based on the terms used by European directives and regulations legislation as set forth in the Data Protection Regulations (DS-GVO). Our data privacy declaration should be easy to read and understandable by the general public, our customers and our business partners. To guarantee this we would first like to explain the terms used.
In this data privacy declaration the terms used include the following:
Personal data are all items of information which relate to an identified or identifiable natural person (hereinafter “person concerned“). A natural person is deemed to be identifiable, when the person can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, site data, online identification or one or more characteristics which express physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
The person concerned is any identified or identifiable natural person, whose personal data are processed by the party responsible for the processing.
Processing is any procedure carried out with or without the aid of an automated system or any such series of procedures in connection with personal data such as the collection, recording, organizing, filing, saving, adjustment or modification, readout, retrieval, use, disclosure through transfer, distribution or other form of making data available, comparison or linking, restriction, deletion or destruction.
Restriction of processing
Restriction of processing is the marking of saved personal data with the aim of limiting their future processing.
Profiling is any form of automated processing of personal data in order to evaluate specific personal aspects related to a natural person, in particular to analyze or forecast aspects relating to work performance, economic status, health, personal preferences, interests, reliability, behavior, domicile or change of residence of this natural person.
Pseudonymisation is the processing of personal data in a way that these can no longer be attributed to a specific person without the addition of supplementary information, insofar as this additional information is stored separately and is subject to technical and organizational measures which guarantee that the personal data are attributed to an identified or identifiable natural person.
Responsible entity for the processing
The responsible entity or the party responsible for the processing is the natural or juristic person, authority, institution or other entity which decides alone or jointly with others on the purposes and means of processing personal data. Should the purposes and means of this processing be specified by Union jurisdiction or the right of member states, the responsible entity or the specific criteria of his appointment according to Union jurisdiction of the rights of member states can be provided for.
The authorized processor is a natural or juristic person, authority, institution or other entity which processes personal data at the order of the responsible company.
The recipient is a natural or juristic person, authority, institution or other entity to which personal data are disclosed, regardless of whether this entity is a third party or not. Authorities which possibly receive personal data under the terms of a specific investigation order according to Union jurisdiction or the law of member states however, are not deemed recipients.
A third party is a natural or juristic person, authority institution or other entity apart from the person concerned, who is authorized by the responsible entity, the authorized processor or persons directly responsible to the responsible party or the authorized processor for the processing of personal data.
Consent is any notice of exercise of will made freely by the person concerned who, for the specified case gives his consent in unmistakable form as a declaration or by other clear act of confirmation wherein the person concerned makes it clear that he agrees to the processing of his personal data.
- Name and Address of the entity responsible for processing
Responsible under the terms of the Data Protection Regulations, or other data protection laws valid in member states of the European Union and other regulations in respect of data protection laws is:
Owner Wolfgang Müller
Collection of general data and information
Each time the Internet site of ferax e.K. is called up by the person concerned or an automated system the website collects a series of general data and items of information. These general data and information are saved in the log files of the server. These could be (1) the types and versions of the browsers used, (2) the operating system used by the system for access, (3) the website from which our website is accessed (so-called Referrers), (4) the sub-websites which are controlled by an accessing system on our Internet site, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP-address), (7) the Internet Service Provider of the accessing systems and (8) other similar data and information which serve to fend off dangers in the case of attacks on our information technology systems.
When using such general data and information, ferax e.K. does not draw any conclusions in respect of the person concerned. This information is instead required to (1) provide the contents of our Internet site correctly, (2) optimize the contents of our Internet site including advertising, (3) guarantee the long-term functioning of our information technology systems and the technical operation of our Internet site and also (4) in the event of a cyberattack, to provide the prosecuting authorities with necessary information for prosecution proceedings. This anonymously collected data and information are therefore evaluated by ferax e.K. on the one hand as statistics and also with the aim of increasing data protection and data security in our company, such that the optimum level of protection is ensured for all personal data we process. The anonymous data of the server log files are saved separately from all personal data entered by a person concerned.
Routine deletion and stoppage of personal data
Personal data of the person concerned shall be processed and saved by the entity responsible for processing solely for the period of time required to achieve the purpose of recording or insofar as this is provided for by the European Directives and Regulations or by another judicial authority to which the responsible processor is subject.
Should the purpose of saving become invalid or should the duration of data saving expire, as specified by the European Directives and Guidelines or another responsible judicial authority, the personal data are routinely blocked or deleted in accordance with statutory regulations.
- Rights of the person concerned
Right to confirmation
All persons concerned have the right granted by the European Directives and Regulations legislators to demand from the responsible processing party a confirmation in respect of whether the latter will process personal data. Should a person concerned wish to exercise this right to confirmation, he can at any time contact the personnel of the company responsible for processing.
Right to information
All persons concerned in respect of the processing of their personal data have the right granted by European Directives and Regulations legislation to demand at any time information free of charge from the responsible processing party about the personal data recorded about his person and to receive a copy of this information. Further, the European Directives and Regulations legislation has categories for personal data which are processed, the recipient or categories of recipients to whom the personal data were disclosed or are still disclosed, in particular in the case of recipients in third countries or international organizations, if possible the planned duration for which period the personal data are stored or, if this is not possible, the criteria for the stipulation of this period of time, the existence of a right of correction or deletion of their personal data or the restriction of processing by the party responsible or the right of objection against this processing, the existence of a right of appeal before a supervisory authority if the personal data are not collected by the person concerned: All available information on the source of the data, the existence of automated decision-making including profiling pursuant to Article 22 para. 1 and 4 DS-GVO and — at least in these cases — meaningful information about the logic involved and together with the scope and desired impact of such processing for the person concerned. Further, the person concerned also has the right to information about if and whether his personal data are transferred to a third country or international organization. If this is the case, the person concerned also has the right to receive information relating to appropriate guarantees in respect of the transfer of personal data.
Should a person concerned exercise this right to information, he can at any time contact the personnel of the responsible processing party.
Right to correction
All persons concerned have the right granted by the European Directives and Regulations legislators to demand the immediate rectification of incorrect personal data. Further, the person concerned also has the right, taking due account of the purposes of the processing, to demand the completion of incomplete personal data, including by means of a supplementary declaration.
Should a person concerned exercise this right to correction, he can at any time contact the personnel of the responsible processing party.
Right to deletion (the right to be forgotten)
All persons concerned in respect of the processing of their personal details have the right as granted by the European Directives and Regulations legislators to demand from the responsible party that the personal data be immediately deleted insofar as one of the following reasons applies and provided that the processing is not necessary: Personal data are collected for such purposes or processed in other ways for which they are no longer required.
The person concerned shall revoke his consent to processing on the basis of Art. 6 paragraph 1, lit. a DS-GVO or Art. 9 para. 2, lit. a DS-GVO and there is no other valid justification for processing. The person concerned shall file his objection to processing as set forth in Art. 21, paragraph 1 DS-GVO and there are no justifiable grounds for processing which have priority, or the person concerned enters an objection to processing according to Art. 21 paragraph 2 DS-GVO. The personal data were processed unlawfully.
Deletion of the personal data is necessary for the fulfilment of a statutory obligation according to Union law or the law of the member states, to which the responsible party is subject.
The personal data were collected in connection with services offered by the information provider pursuant to Art. 8 paragraph 1 DS-GVO.
Insofar as one of the above grounds applies and a person concerned would like to arrange for the deletion of personal data saved by the company ferax e.K., he can at any time contact personnel of the company responsible for processing. The employee of ferax e.K. shall ensure that the deletion procedure is undertaken immediately.
In the case that personal data are made public by ferax e.K. and our company is responsible in accordance with Art. 17 para. 1 DS-GVO and obliged to delete the personal data, ferax e.K. takes all appropriate measures, taking into account the available technology and costs of implementation, also of a technical kind, in order to inform other parties responsible for data processing which process the published personal data, that the person concerned has demanded from these other parties responsible for the data processing that all links be deleted in respect of these personal data or demands copies or duplicates of such personal data insofar as processing is not required. ferax e.K. personnel shall arrange the necessary steps in individual cases.
Right to restriction of processing
All persons concerned who are affected by the processing of personal data have the right granted by the European Directives and Regulations legislators to demand from those responsible the restriction of processing under one of the following conditions:
The person concerned disputes the correctness of the personal data and this for a period of time such that allows the responsible party to examine the correctness of the personal data.
Processing is unlawful, the person concerned refuses deletion of the personal data and instead demands the restriction of use of the personal data.
The responsible party no longer needs the personal data for processing purposes, the person concerned however, needs these fort he enforcement, implementation or defense of legal claims.
The person concerned has filed an objection against processing pursuant to Art. 21 paragraph 1 DS-GVO and it has not yet been determined whether the legitimate grounds of the responsible party outweigh those of the affected person.
Insofar as one of the above conditions is applicable and a person concerned would like to demand restriction of personal data stored by ferax e.K., he can at any time contact an employee of the party responsible for processing. The employee of ferax e.K. shall arrange restriction on processing.
Right of data transfer
All persons affected by the processing of their personal data have the right granted by the European Directives and Regulations legislators that they shall receive in a structured, customary and machine-readable format, the personal data which concerns them and which were made available to a responsible processor. In addition, the person concerned also has the right to transfer these data to another responsible party without restriction of the responsible party to whom the personal data were made available insofar as the processing is based on the consent according to Art. 6 paragraph 1 lit. a DS-GVO or Art. 9 paragraph 2 lit. a DS-GVO or on a contract according to Art. 6 paragraph 1 lit. b DS-GVO and the processing is carried out with the aid of automated procedures, insofar as the processing is not necessary in the sense of a task which is in the public interest or carried out by public authority which was assigned to the responsible party.
Further, the person exercising his right to data portability pursuant to Art. 20 paragraph 1 DS-GVO has the right to effect that the personal data are transferred directly from one responsible party to another responsible party insofar as this is technically possible and insofar as this does not compromise the rights and freedoms of other persons.
The person concerned can at any time contact an employee of ferax e.K. for the enforcement of the right to data portability.
Right of objection
All persons affected by the processing of personal data have the right granted by the European Directives and Regulations legislators that for reasons arising from their specific situation they can at any time enter an objection against the processing of personal data which concerns them, on the basis of Art. 6 paragraph 1 lit. e or f DS-GVO. This also applies to profiling supported by these regulations.
In the case of an objection, ferax e.K. no longer processes the personal data unless we can prove compelling reasons worthy of protection for the processing which overweigh the interests, rights and freedoms of the person concerned, or the processing serves the enforcement, exercising or defense of legal entitlements.
If ferax e.K. processes personal data in order to carry out targeted advertising, then the person concerned has the right to enter objection at any time against the processing of his personal data for such marketing purposes. This also applies in the case of profiling, insofar as this is connected with such targeted advertising. Should the person concerned object to ferax e.K. processing for purposes of targeted advertising, then ferax e.K. shall no longer process personal data for these purposes.
In addition, the person concerned has the right to enter objection for reasons arising from a specific situation against processing of his personal data which are used by ferax e.K. for scientific or historic research purposes or for purposes of statistics pursuant to Art. 89 paragraph 1 DS-GVO, unless such processing is required for the fulfillment of a task in the public interest.
To exercise the right of objection the person concerned can contact directly any employee of ferax e.K. or another employee. Further, in connection with the use of services of the information society, notwithstanding Directive 2002/58/EG, the person concerned may exercise his right of objection by means of automated systems in which technical specifications are used.
Automated decisions in individual cases, including profiling
All persons concerned who are affected by the processing of their personal data have the right granted by the European Directives and Regulations legislators, not to submit to a decision based exclusively on an automated process, including profiling, which achieves legal effect against the person or compromises him considerably in a similar way insofar as the decision (1) is not necessary for conclusion or fulfillment of a contract between the person concerned and the responsible party, or (2) is permissible on the basis of statutory regulations of the Union or member states to which the responsible party is subject and these statutory regulations contain appropriate measures for upholding the rights and freedoms as well as the legitimate interests of the person concerned or (3) is undertaken with the expressed consent of the person concerned.
If the decision is necessary (1) for the conclusion of the fulfillment of contract between the person concerned and the responsible party or (2) is undertaken with the expressed consent of the person concerned, ferax e.K. shall take appropriate measures in order to maintain the rights and freedoms as well as the legitimate interests of the person concerned, which means at least the right to obtain intervention of a person on the part of the responsible party, the representation of his own standpoint and the appeal against the decision.
Should the person concerned wish to enforce rights in respect of automated decisions, he can at any time contact an employee of the party responsible for the processing.
Right of revocation of a data privacy law consent
All persons concerned who are affected by the processing of their personal data have the right granted by the European Directives and Regulations legislators, to revoke at any time his consent to the processing of personal data.
Should the person concerned wish to enforce his right of revocation of consent, he can at any time contact an employee of the party responsible for the processing.
- Legal basis of processing
Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing procedures whereby we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the person concerned is the contractual party, as is the case for example in processing procedures which are necessary for the delivery of goods or the performance of a service or return service, processing is based on Art. 6 I lit. b DS-GVO. The same applies for such processing procedures which are required in order to carry out pre-contractual measures such as enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example, to meet tax obligations, processing is based on Art. 6 I lit. c DS-GVO. In rare cases processing of personal data could be necessary in order to protect vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our company were injured and as a result his name, age, health insurance details or other essential information would have to be given to a doctor, a hospital or another third party. Then processing is based on Art. 6 I lit. d DS-GVO.
Finally, processing procedures could also be based on Art. 6 I lit. f DS-GVO. This is the legal basis for processing procedures which are not covered by any of the above legal bases, when processing is required to maintain a legitimate interest of our company or of a third party insofar as the interests, fundamental rights and basic freedoms of the person concerned do not outweigh these. Such processing procedures are permitted in particular because they were cited in European jurisdiction. Here the opinion is that a legitimate interest can be assumed if the person concerned is a customer of the responsible party (Recital 47 Sentence 2 DS-GVO).
- Legitimate interests in processing pursued by the responsible party or a third party
If processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the execution or our business activity to the benefit or all our employees and our shareholders.
- Period of time for which personal data are stored
The criterion for the duration of personal data storage is the respective statutory retention period. After expiry of the set period the corresponding data are routinely deleted, insofar as they are no longer required for the performance of a contract or initiation of a contract.
- Statutory or contractual regulations for the provision of personal data; requirement for entering into a contract; obligation of the person concerned to provide personal data; possible consequences if personal data is not provided
We explain to you that the provision of personal data is in part regulated by law (e.g. tax regulations) or can arise from contractual regulations (e.g. details about the contractual partner).
It can also be necessary that a person shall make his personal data available to us in order to conclude a contract which subsequently has to be processed by our company. The person concerned is obliged, for example, to provide us with personal data if our company enters a contract with him. If personal data are not provided, as a consequence the contract with the person concerned cannot be concluded.
Prior to the provision of personal data by the person concerned, the latter shall contact one of our employees. Our employee explains to the person concerned whether in his individual case the provision of personal data is prescribed by law or by contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and the consequences if personal data are not provided.
- Automated decision-making
As a company aware of its responsibility we waive automated decision-making and profiling.
This Data Privacy Declaration was compiled by means of the Data Privacy Declaration Generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH [German Society for Data Protection] which operates as “https://dg-datenschutz.de/datenschutz-dienstleistungen/externer-datenschutzbeauftragter/”>External Privacy Officer, Dortmund, in cooperation with "https://www.wbs-law.de/it-recht/datenschutzrecht/">Law Office for Data Protection, Cologne, Christian Solmecke.