- Basic information about data processing (2.);
- The use of data that you intentionally provide to us (3.);
- Data processing that is performed automatically (4.);
- Special forms of data processing that we do not perform directly but rather are performed by third parties (5.);
Finally, we discuss specifics about your rights (6.).
1. Controller and data protection officer
The controller within the meaning of the GDPR is;
Technoform Caprano + Brunnhofer GmbH
34117 Kassel, Germany
info [at] technoform [dot] com (info[at]technoform[dot]com)
We have appointed a third-party data protection officer for our company:
He may be reached at:
Pietsch IT GmbH
Wilhelmshöher Strasse 1
34590 Wabern, Germany
T: +49 (0)5683-923440
Email: datenschutz [at] pietsch-it [dot] de (datenschutz[at]pietsch-it[dot]de)
2. Basic information about data processing
We take the protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.1. Processing personal data
In particular, we collect and use personal data from users of our website to provide our website(s) and their contents as well as our services. For example, this is the case if you send us a contact request via our website, e.g. because you are interested in our products or services or have any other questions. On the basis of your consent, we also use usage data for analytical purposes in order to learn more about the use of our online offerings; this enable us to continuously improve our website.
We handle your personal data in a confidential manner and in accordance with applicable data protection laws and regulations such as the GDPR.
This website uses TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection in your browser’s address bar when it changes from ‘http://’ to ‘https://’ and the padlock icon is displayed in your browser’s address bar. Data you transmit to us cannot be read by third parties if TLS encryption is enabled. Data you transmit to us cannot be read by third parties if TLS encryption is enabled.
2.2. Data processing in third countries
In some cases, data from users of our website is also processed in so-called third countries. This refers to countries outside the European Union (‘EU’) or the European Economic Area (‘EEA’). This is done either to perform our (pre-)contractual obligations, on the basis of consent, on the basis of a legal obligation or in pursuit of our legitimate interests. However, processing in this manner is only performed if the special requirements of Art. 44 et seq. GDPR have been satisfied. An adequate level of data protection is also ensured in such cases. This is because, in such cases, either there are adequate safeguards in place to ensure that a level of data protection comparable to that in the EU (e.g. by means of an adequacy decision from the European Commission), or we conclude special contractual obligations with our service providers that ensure this level of data protection (so-called EU standard contractual clauses and additional contractual measures if applicable).
3. Data that you provide us voluntarily
We require personal data in cases where you voluntarily make use of certain services, for example by contacting us via our contact form. If you provide us personal data for such purposes, we will process it in order to respond to your request (Art. 61)(b) GDPR). In some cases, we offer you additional services in this context. For example, you can receive updates concerning products, technologies, materials or events. We will ask for your consent before we process your data for these purposes (Art. 6(1)(a) GDPR).
4. Data that is processed automatically
4.1. Server log files
The hosting provider for our website automatically collects and stores information automatically transferred by your browser in so-called server log files. This information comprises
- Name of the website/file accessed;
- Date and time of access;
- The quantity of data transmitted;
- Report of successful access;
- Browser type and version, user’s operating system;
- Referrer URL (the previously visited website);
- IP address and the requesting provider.
This is done to protect us from abuse (e.g. detecting attacks on our websites or fraud attempts). Accordingly, this data is not aggregated with other data sources. Our hosting provider retains this data for a period of two weeks. This data is then deleted. The basis for data processing in this context is our legitimate interest in the secure operation of our website; Art. 6(1)(f) GDPR.
4.2. Data collected by cookies
This website uses so-called cookies in some instances. Cookies do not cause any damage to your computer and do not contain any viruses. The purpose of cookies is to make our website more user-friendly, functional and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit.
You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies generally, or just for certain cases, and activate the automatic deletion of cookies when closing your browser. Disabling cookies may limit your ability to use some of the functions of this website.
5. Third-party data processing
We commission service providers in connection with the operation of our website. In some cases, third parties also process personal data. This is done solely in conformance with applicable legal requirements.
We use Matomo, an analytics tool by InnoCraft Inc., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Matomo uses “1st-party cookies” which are set directly on our website and which can be uploaded onto your browser from there. For more information about these cookies, see: https://matomo.org/faq/general/faq_146/.
When you use our website, we capture the following information:
• User’s anonymised IP address
• Date and time of the request
• Page Title
• Page URL
• URL of the page which was accessed before the current page (Referrer URL)
• Screen resolution
• Time in the local user’s timezone
• Files which can be clicked and downloaded (Download)
• Links to an external domain which can be clicked (Outlink)
• Page generation time (the time needed by the server to generate the pages for the user to download: page speed)
• User location: country, region, town, approximate latitude and longitude (Geolocation)
• Main language of the browser (Accept-Language-Header)
• User agent of the browser (User-Agent-Header)
• Queries on the website
The purpose of the data processing is the statistical evaluation and analysis of performance of our website and how visitors use our website. This is done in an anonymised or at least pseudonymised way. Using Matomo also facilitates the optimisation of the website.
All cookies which contain information about the use of the website will be automatically deleted after 13 months at the latest.
When using this analysis tool, we use a cloud solution from the provider, InnoCraft. This means that the data listed above are also forwarded to the provider. InnoCraft processes this data on our behalf in strict accordance with our instructions and we have finalised a job processing contract in accordance with Article 28 GDPR (https://matomo.org/matomo-cloud-dpa/). InnoCraft does not pursue its own purposes with this data processing.
We use this analysis tool on the basis of our legitimate interests to efficiently and effectively optimise our website, Article 6 (1)(f) GDPR. You can opt out of the data processing at any time, by using the opt-out function:
5.2 Fastly CDN
Our website uses the Fastly Content Delivery Network (CDN) to deliver content. The Fastly CDN is operated by Fastly Inc, General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. The Fastly CDN makes content from our website available on various servers distributed around the world. This shortens the loading time of the website, achieves higher fail-safety and provides increased protection against data loss. The content embedded on this website, such as images and videos, is obtained from Fastly CDN when the page is accessed. Through this access, information about your use of our website may will be transferred to servers of Fastly in other EU countries and stored there. When transferring data to the USA or another third country outside the EU that does not have a level of data protection equivalent to the GDPR, we conclude standard contractual clauses with the Fastly CDN and, if necessary, take other necessary measures to ensure an adequate level of data protection.
6. Your rights
If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation. You are therefore entitled to assert the rights described below. You may contact our data protection officer presented above at any time if you have any questions about these rights, or other questions concerning the subject of personal data.
6.1. Right of access; Art. 15 GDPR
You have a right to request confirmation as to whether or not we are processing your personal data at no charge. You also have the right to obtain details about any such data processing and to receive a copy of such data.
6.2. Right to rectification; Art. 16 GDPR
You have a right to have your personal data rectified if inaccurate. In addition, you may request the completion of your data should it be incomplete.
6.3. Right to erasure and restriction of processing
Data stored by us will be erased as soon as it is no longer required for its intended purpose and erasure does not conflict with any statutory retention obligations. Otherwise, in accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.
6.4. Right to data portability; Art. 20 GDPR
You have the right to receive personal data concerning you that we have processed and to have such data transferred to another controller.
6.5. Right to object; Art. 21 GDPR
You may object to processing of personal data concerning you which is based on the pursuit of our legitimate interests (Art. 6(1)(f) GDPR). You also have the right to object, in particular if your data is used for direct marketing purposes or on grounds relating to your particular situation.
6.6. Right to withdraw consent; Art. 7(3) GDPR
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In some cases, we may provide you convenient technical means to opt out. Should this not be the case in any particular situation, you may contact our data protection officer in order to withdraw your consent.
6.7. Right to lodge a complaint with a supervisory authority
We do, of course, endeavour to ensure that you may effectively enforce your rights. Should you believe that your data has been processed unlawfully, you may (without prejudice to any other legal remedy) lodge a complaint with the competent supervisory authority.