Data-protection

1. Responsible person for the processing of your personal data

1.1. With this data protection declaration, we would like to inform you about the personal data which we collect and process from you and for which purposes we do this. We regard it as our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. For this reason, we apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data. We process your personal data only to the extent that you have given us your consent to do so or if legal regulations permit us to do so. The following articles refer to the European Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 (DPA).

1.2. We, the

VRI-Verband der Reibbelagindustrie e.V.

Address: Robert-Perthel-Str. 49, 50739 Cologne (Germany)

Phone:   +49 (0)221-938808-0

Fax:       +49 (0)221-938808-29

 are “responsible” for the processing of your personal data within the meaning of Art. 4 No. 7 DSGVO.

 

You can reach our data protection service under: e-mail: infovri.de.

  

2. Commitment to user privacy

We are committed to protecting the privacy of our members, licensees and users of our website. You can visit most of our pages without giving any information about yourself. In some cases, however, we may need information in order to provide the services you request. This document is designed to provide you with a clear explanation of the data processing procedures of VRI/FEMFM.

If you have any questions or concerns regarding the VRI/FEMFM website or if you would like to know more about how we collect, store and use your personal data, you will find more information below. For further details you can contact us under infovri.de.

  

3. Definitions

The legislator requires that personal data are processed lawfully, fairly and in a way that is comprehensible to the data subject ("lawfulness, fairness, transparency"). To ensure this, we inform you about the individual legal definitions which are also used in this data protection declaration:

3.1. Personal data
"Personal data" shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an on-line identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2. Processing
„Processing” means any operation or set of operations, whether or not by automatic means, performed upon personal data, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making them available, alignment or combination, restriction, erasure or destruction.

3.3. Restriction of processing
„Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

3.4. Profiling
Profiling” means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analyzing or predicting aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or movement of that natural person.

3.5. Pseudonymization
„Pseudonymization” means the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which, in turn, ensure that the personal data cannot be attributed to an identified or identifiable natural person.

3.6. File system
„File system” means any structured collection of personal data accessible according to specific criteria, whether centralized, decentralized or organized according to functional or geographical criteria.

3.7. Responsible person
„Responsible person” shall mean a natural or legal person, public authority, agency or any other body, which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union ("EU") or national law, provision may be made for the „responsible person” or for the specific criteria for his or her designation in accordance with Union ("EU") or national law.

3.8. Contracted processors
„Processor” means any natural or legal person, public authority, agency or other body, which processes personal data on behalf of the „responsible person”.

3.9. Receiver
„Receiver” shall mean any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation task under EU or national law shall not be considered as receivers; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in compliance with the purposes of the processing.

3.10.  Third party
„Third party” means any natural or legal person, public authority, agency or any other body, other than the data subject, the „responsible person”, the contracted processor and the persons who, under the direct authority of the „responsible person” or the contracted processor, are authorized to process the personal data.

3.11.  Consent
The data subject's „consent” shall mean any freely given specific, informed and unequivocal expression of his or her wishes in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

  

4. Lawfulness of the processing

The processing of personal data is lawful only if there is a legal basis for the processing. Pursuant to Article 6 (1) (a) - (f) of the DSGVO (Deutsche Datenschutz-grundverordnung), the legal basis for processing may be, in particular:

a. The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specified purposes;

b. the processing is necessary for the performance of a contract to which the data subject is party or in order to implement pre-contractual measures taken at the request of the data subject;

c. processing is necessary for compliance with a legal obligation to which the „responsible person” is subject;

d. processing is necessary to protect the vital interests of the data subject or of another natural person;

e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the „responsible person”;

f. the processing is necessary to protect the legitimate interests of the „responsible person” or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, in particular when the data subject is a child.

  

5. Information on the collection of personal data

5.1. In the following we inform about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behavior.

5.2. If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us to answer your questions. We delete the data collected in this context after storage is no longer required, or processing is restricted, if there is a legal obligation to retain data. If you are a member or licensee of us, this is done in accordance with Art. 6 Para. 1 letter b) DSGVO for the purpose of the contract concluded with you, otherwise in accordance with Art. 6 Para. 1 letter f) DSGVO due to our legitimate interest.

  

6. Collection of personal data when visiting our website

In the case of purely informational use of the website, if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security (legal basis is Article 6 paragraph 1 letter f DSGVO):

-         IP address

-         Date and time of the request

-         Time zone difference to Greenwich Mean Time (GMT)

-         Content of the request (concrete page)

-         Access status/HTTP status code

-         Amount of data transmitted in each case

-         Website from which the request comes

-         Browser

-         Operating system and its interface

-         Language and version of the browser software.

 

7.  Further functions and offers of our website

7.1. In addition to the purely informative use of our website, we offer various services which you can use if you are interested. For this purpose, you will generally have to provide additional personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.

7.2. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, are regularly checked and we have agreed a contract with them for contracted processing in accordance with Art. 28 DSGVO. For the purpose of outsourcing certain business processes, we have a legitimate interest in concluding contracts for contracted processing with the respective service provider in accordance with Art. 6 para. 1 lit. f) DSGVO.

Listing of all service providers

HEYSE - Digital Communication                     - Leverkusen, Germany

C&S - Computer und Service GmbH              - Leverkusen, Germany

Theissen Medien Gruppe GmbH                     - Monheim, Germany

San Francisco, Artes Gráficas s.l.                   - Zaragoza, Spain

Parzeller print & media GmbH & Co. KG        - Fulda, Germany

7.3. We may also share your personal information with third parties when we offer promotions, sweepstakes, contracts or similar services in conjunction with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.

7.4. If our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer. Should your data be transferred to a third country, we will also ensure that a transfer is only made to countries that have an appropriate level of protection within the meaning of Art. 45 para. 1 DSGVO or that the person responsible in the third country in question has provided suitable data protection guarantees. These guarantees may, for example, consist of: 

·     binding, internal data protection regulations pursuant to Art. 47 DSGVO, or

·     Standard protection clauses issued by the European Commission in accordance with the examination procedure under Art. 93 (2) DSGVO.

7.5. We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. After two years, however, we will restrict processing, i.e. your data will only be used to comply with legal obligations.

  

8. Children

Our offer is basically aimed at natural and legal persons or rather at associations of persons. Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.

 

9.  Integrating Google Maps

9.1. On this website we use the offer of Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.

9.2. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned in section 7 of this declaration is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right.

9.3. The use of Google Maps is in the interest of an attractive presentation of our online offers and easy findability of the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6, (1), letter f) DSGVO.

9.4. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .

  

10. Rights of the data subject

10.1. You have the following rights in relation to the personal data concerning you:

·     Right to information (Art. 15 DSGVO)

·     Right of rectification or erasure (Art. 16, 17 DPA)

·     Right to restrict processing (Art. 18 DSGVO)

·     Right to data transferability (Art. 20 DSGVO)

·     Right of objection (Art. 21 DSGVO) 

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6, paragraph 1, letter e or f of the DSGVO. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Furthermore, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing, Art. 21, para. 2 DSGVO. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

10.2. To exercise any of your rights under clause 12.2 above, please contact us by email at infovri.de or at the address set out in clause 1 above.

10.3. You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us.

 

VRI e.V., revised version of 01 March 2020