Data protection declaration according to GDPR

1. Who is responsible for data processing?

Responsible is :

edv-anwendungsberatung
zühlke & bieker gmbh
Martinistrasse 11
45657 Recklinghausen

represented by the managing directors Carsten Bieker and Marc Zühlke

2. Name and address of the data protection officer

You can contact the data protection officer of the responsible at

edv-anwendungsberatung
zühlke & bieker gmbh
z.Hd. des Datenschutzbeauftragten (persönlich)
Martinistrasse 11
45657 Recklinghausen
Telefon +49 2361 90543-13
E-Mail: datenschutz@zubIT.de

Attn. of the Data Protection Officer (personal)

3. Which personal data are processed by us?

We process personal data that we receive from our customers, suppliers or other interested parties in the course of our business relationship. Furthermore, to the extent necessary for our business relationship, we process personal data that we legitimately obtain from publicly accessible sources. In addition, we process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of a consent given by you. Depending on the legal basis, the following categories of personal data are involved:

Categories of processed data:

• Addresses
• Contact details (e.g., e-mail, telephone numbers)
• Content data (e.g. text input, photographs, videos, recording of a screen session)
• Usage data (e.g., visited websites, interest in content, access times).
• Meta/communication data (e.g., device information, IP addresses).
• Letter of application, curriculum vitae and certificates

4. The source of the data

We process personal data that we receive directly from our customers, suppliers, interested parties or applicants in the context of the respective business relationship, in the context of a contract initiation, for the establishment of an employment relationship or in the context of a voluntary transmission and consent from you.

The legal basis and purpose of our own processing can be found in Section 5).

If you are addressed by us via direct advertising (e-mail) or newsletter, further data may be collected. Details and your rights can be found in section 10).

In addition, statistical data, cookies and GoogleAnalytics are used in connection with the use of this website for range analysis. See section 11 for details.

This privacy policy applies only to information collected from our website.

Our websites may contain links to other websites or services (GoogleMaps, YouTube) which do not belong to us and are not controlled by us. If you call up an external link from our site, the third-party provider may save that you have called up this link from our website. Alternatively, you can copy a link and open it directly in a new browser session.

5. Purpose of processing and legal basis

We process your personal data in particular in compliance with the EU Data Protection Ordinance (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.

5.1 On the basis of a consent granted by you (Art. 6 para. 1 a GDPR, § 26 para. 2 BDSG)

If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, this consent forms the legal basis for processing such data, e.g.

• Sending an eMail or inquiry via the contact form
• Use of the online chat
• Subscribe to a newsletter
• Sending product information based on a request

5.2 Fulfilment of a contract (Art.6 Para. 1 b GDPR)

We use your personal data to process customer and supplier orders. Within this contractual relationship we will process your data in particular to carry out the following activities, e.g. Contract-related contact, order management, purchasing, delivery and invoicing, ongoing customer and supplier support, handling of complaints, and receivables management.

5.3 To fulfil legal obligations (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

We use your personal data to process customer and supplier orders. Within this contractual relationship we will process your data in particular to carry out the following activities, e.g.

• Control and reporting obligations
• Prevention/defense of criminal acts

5.4 On the basis of a legitimate interest (Art. 6 para. 1 f GDPR)

In certain circumstances, we process your data to protect a legitimate interest. In doing so, we weigh up the interests of the person concerned and only process data if this is not contrary to statutory regulations, e.g.

• We store requests for certain products or services of our company in our CRM system in order to be able to inform you about news.
• We identify potential interested parties and their contact data from public directories and the Internet pages of potential interested parties
• We send product information and news (email / newsletter) to customers & prospective customers, if we assume based on the available information to the receiver that the sent information could be of interest for the receiver and the legitimate interests of the affected person do not oppose it.

In the course of a pre-contractual order initiation as well as with customers and suppliers, we can obtain consultation and data exchange with credit agencies to determine creditworthiness and default risks.

5.5 For the decision on the establishment of an employment relationship (§ 26 Paragraph 1 Sentence 1 BDSG)

The legal basis for the processing of your applicant data is § 26 Paragraph 1 Sentence 1 BDSG. Thereafter, personal data may be processed for employment purposes if this is necessary for the decision to establish an employment relationship.

6. Cooperation with contract processors and third parties

If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 lit. b GDPR for contract fulfilment is necessary), if you have consented, if a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data based on a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

7. Transfers to third countries

Generally, data is not transferred to third countries.

If, exceptionally, we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs within the framework of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if this is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 ff. Process GDPR. This means, for example, processing is carried out based on special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

8. Duration of storage

We store your personal data at least as long as it is necessary to fulfil our legal and contractual obligations.

Should storage of the data no longer be necessary for the fulfilment of contractual or legal obligations, your data will be deleted taking into account the technical possibilities, unless further processing is necessary for the following purposes:

• Fulfilment of commercial and tax storage obligations. In accordance with statutory requirements in Germany, the records are kept in particular for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
• Preservation of evidence within the framework of the statutory statute of limitations.

If storage is no longer necessary for customers, interested parties or suppliers due to contractual or legal obligations, but we assume, taking into consideration the legitimate interests of the person concerned, that a new contact can also be in the interest of the person concerned at a later date, the contact data can also be stored if

• the data subject has given his or her consent to the further storage of the data
• it was a specific product enquiry or service of our company and we continue to offer or request this or similar service
• there has been continued contact with the person concerned

The right to immediate deletion in accordance with Art. 17 GDPR is expressly pointed out - see also Section 11) Dispatch of newsletters and e-mail (direct mail).

Applicant data will be deleted within 6 months after completion of the application process.

9. Rights of the affected party

You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

You have correspondingly, in accordance with Article 16 of the DSBER, the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

Right of revocation for consents

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other persons responsible.

In accordance with Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.

You can contact our responsible authority as follows:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
PO Box 20 04 44
40102 Düsseldorf, Germany
E-Mail: poststelle@ldi.nrw.de
Internet: https://www.ldi.nrw.de

10. Sending newsletters and emails (direct mail)

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask are transmitted to us, at least the e-mail address and, if applicable, further voluntary data such as company affiliation and name of the person concerned.

We send emails (direct mail) and newsletters, considering the interests of the person concerned, if

• the recipient has subscribed to the newsletter
• the recipient has given his or her consent for us to contact him or her by e-mail
• the recipient is the customer and we can assume a legitimate interest based on the customer relationship
• we have received the recipient's contact details based on other data processing and can take an interest in the content of the message on the basis of the data available

When sending a newsletter/direct advertising, the recipient is informed of his rights pursuant to Art. 7 para. 3 GDPR (revocation of consent), Art. 17 GDPR (deletion) or 18 GDPR (blocking). The recipient can declare these rights simply and free of charge by clicking on the link connected to the e-mail or by replying to the sender's address. A block is immediately valid for the email address used.

We will also gladly consider a postal or telephone declaration to the person responsible, but we need the data to identify the e-mail address used and the person affected.

In connection with data processing for the dispatch of newsletters, no data is passed on to third parties, with the exception of the contract processor commissioned for this purpose pursuant to Art. 28 GDPR. The data will be used exclusively for sending the newsletter.

11. Automatically collected data, cookies and GoogleAnalytics

Automatically collected communication and metadata when using our website

When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention: IP address; date and time of the request; content of the request (specific page); access status/HTTP status code; data volume transmitted in each case; website from which the request comes; browser; operating system and its interface and language and version of the browser software.

We collect this data to ensure a smooth connection to the website; to ensure comfortable use of our website; to evaluate system security and stability and for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally. The data in the server log is stored until it is automatically deleted.

Storage of cookies when using our website

We use cookies when you visit our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These will be deleted automatically after leaving our site.

In addition, we also use other cookies that are stored on your end device for a specified period of time to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

The data processed by cookies is required for the above-mentioned purposes in order to safeguard our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our website. Please refer to your browser's instructions/help on how to adjust the settings for your browser accordingly.

hCaptcha

We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI's privacy policy and terms of use, please visit the following links: (https://www.hcaptcha.com/privacy) and (https://www.hcaptcha.com/terms).

Range analysis of the use of our website / Google Analytics

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer.

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).

This website uses Google Analytics with the extension "_anonymizeIp()". As a result, the IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately, and the personal data will be deleted immediately.

We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit. f GDPR. Below you will find further information from the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: http://www.google.com/analytics/terms/de.html
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html
and the privacy policy: http://www.google.de/intl/de/policies/privacy

12. Changes and status of the data protection declaration

We ask you to inform yourself regularly about the contents of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary.

This data protection declaration is valid as of May 2018 The links listed in our data protection declaration were checked and retrieved on June 5, 18.