Tel: +49 6251 70711 - 0
Fax: +49 6251 70711 - 299
Contact details of the data protection officer
DESAG Sachverständiger für Datenschutz & Datensicherheit
Mobil: +49 1515 2886186
We welcome you to our website. The protection of your data is very important to us. Therefore, we will show you below how we process your personal data.
Data categories; data sources
In principle, we process the personal data that you provide to us in the context of an inquiry, a pre-contractual legal relationship, or a contractual relationship. In individual cases and insofar as this is necessary within the framework of the performance of the contract, we also process personal data that has been permissibly taken from publicly accessible sources (e.g. commercial register, debtors' registers, Internet) or permissibly transmitted to us by third parties (e.g. credit agencies). This may be personal data (name, birthday, legal representative), address data (address, e-mail address, contact person), financial data (name of account holder, IBAN, BIC), contract data (contract term, purchased services, cancellations), communication data (correspondence, e-mail traffic), advertising data (advertising letters) and other comparable categories of personal data.
General processing of visitor data
In principle, it is possible to use our website without providing personal data. However, we would like to point out that access data is also collected in this case and stored in the server log files. In particular, this involves the following data:
- Browser type / your browser version,
- operating system,
- the website from which you are visiting us,
- the date and time of your visit,
- your IP address.
As a rule, we evaluate this information in an anonymized form to defend against attacks and to improve our offer (processing of personal data within the framework of a balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO) and subsequently, delete it. The data cannot be traced back to your person and will not be merged with other data. However, in the event of concrete indications of illegal use, we reserve the right to subsequently evaluate the data.
Processing of personal data after consent (Art. 6 para. 1 p. 1 lit. a) DSGVO)
We obtain consent from you in individual cases for certain purposes expressly designated in connection with the collection of data (e.g. opening a customer account, contacting us via a contact form).
Data processing only takes place if you give us your consent. It may be that the processing of your request is not possible without your consent and must therefore be made dependent on it. The data will be processed exclusively for the purpose(s) expressly stated.
You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.
Cross-border data transfer (Art. 49 para. 1 sentence 1 lit. a) DSGVO)
Insofar as personal data is transferred to a third country, we comply with the data protection requirements in that the data transfer is based on standard contractual clauses or we obtain your consent to this in accordance with Art. 49 Para. 1 Sentence 1 lit. a) DSGVO.
A data transfer takes place, for example, in connection with the use of Google and Amazon services. Due to the use of these services, data is transferred to the United States of America.
The data transfer only takes place if you give us your consent.
The specific details of the recipient, the personal data transferred and the purpose of the data transfer can be found in the notes on the respective processing below.
There is a risk to your personal data as a result of the data transfer. In the United States of America, there is no level of data protection comparable to EU law (DS-GVO) and/or national regulations (e.g. BDSG) or sufficient guarantees that ensure an adequate level of data protection. Any deficits cannot be compensated by other specific guarantees due to the US legal situation. Nevertheless, depending on the service, standard contractual clauses are sometimes used in order to achieve the greatest possible protection for your data. You can find out whether standard contractual clauses are used in the information on the respective services.
You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.
Processing of personal data for contract execution or contract initiation (Art. 6 para. 1 p. 1 lit. b) DSGVO)
If a contract is concluded with us, we use personal data insofar as this is necessary to process the contractor to carry out pre-contractual measures. The purposes of the data processing depend on the concrete contents of the contract, which you can find in the contract documents.
If a contract already exists with us, we process your data in order to check that you are our contractual partner and in order to properly provide the contractual service owed.
Processing of personal data in the context of a balancing of interests (Art. 6 para. 1 p. 1 lit. f) DSGVO)
We process personal data after weighing up the interests insofar as this is necessary to protect our interests or the interests of third parties. Examples of such purposes are:
- Ensuring the IT security and integrity of our systems,
- Prevention or investigation of criminal offenses,
- asserting or defending legal claims.
If you contact us by e-mail or telephone, we process the personal data you provide in order to respond to your inquiry. We delete the data after the final processing of your inquiry unless there is a contractual or legal obligation to retain the data.
If you send us an inquiry via our contact form, we process the data you have provided on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a) DSGVO in order to process your inquiry. In principle, your data will be deleted after the inquiry has been processed, unless there is a contractual or legal obligation to retain it. If you provide us with contractually relevant information, we will transfer this to our inventory system. You can revoke your consent at any time with effect for the future via all the contact details provided.
When an order is placed via our website, we require the personal data necessary to process the order in order to conclude the contract. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) DSGVO and Art. 6 para. 1 sentence 1 lit. b) DSGVO, as these are pre-contractual measures. Insofar as a contract is concluded with us, further data processing is based on Art. 6 para. 1 p. 1 lit. b) DSGVO. You can find our General Terms and Conditions at: https://preventis.com/en/meta/legal/conditions. Insofar as you contact us within the framework of an existing contractual relationship for a purpose that is necessary for the performance of the contract, we also process this data on the basis of Art. 6 para. 1 sentence 1 lit. b) DSGVO.
You have the option of voluntarily opening a customer account through which your data will be stored within the framework of the contractual relationship with us. The data processing is based on your consent pursuant to Art. 6 paras. 1 p. 1 lit. a) DSGVO. In the case of registration, the data entered will be stored revocably. You can delete the data you have entered as well as the entire account at any time. This does not apply to data that is absolutely necessary for the implementation of the contractual relationship on which the customer account is based. In part, we process such data in the customer account that you have provided to us upon conclusion of the contract or in the course of the performance of the contract by adding, supplementing, and evaluating them to your customer account.
Various cookies may be used during your visit to our website. These are text files that are placed on your computer and, among other things, enable the smooth running of your visit to our website. In some cases, cookies are necessary to ensure the functionality or IT security of our website. The use of such function cookies is based on a legitimate interest in enabling the use of our website incl. its functions according to Art. 6 paras. 1 p. 1 lit. f) DSGVO. We may use other - unnecessary - cookies on the basis of Art. 6 paras. 1 p. 1 lit. a) DSGVO and thus on the basis of your consent. The purposes of the cookies used in each case may include:
- The enabling of the use of special functions,
- the (pseudonymized) analysis of user behavior in order to optimize our website,
- Increasing the attractiveness as well as the user comfort of our website,
- Improving and designing our offer according to needs,
Most of the cookies we use are deleted from your computer after you close the browser (session cookies). Other types of cookies may remain on your computer and enable us to recognize your computer the next time you visit our site by means of the user profile created (permanent cookies).
You can give your consent by confirming our cookie banner when you visit our website. Once you have given your consent, you can revoke it at any time with effect for the future.
If you consent to the processing of your data within the scope of the opt-in procedure, the lawfulness of the processing of your data is based on consent in accordance with Art. 6 paras. 1 p. 1 lit. a) DSGVO, so that we use your data to the extent of the consent you have given for the purposes of marketing and the evaluation of your usage behavior. For New Zealand, the European Commission has determined through a so-called adequacy decision that adequate protection of your personal data comparable to the European data protection law is ensured so that the data transfer is permissible.
Links to other websites
Our website contains links to other external websites (Facebook, Twitter, YouTube, and Instagram). These are not so-called social plugins. If you click on a link, you will call up the corresponding website and will be forwarded to it.
Insofar as we process your data on these external websites (e.g. by you contacting us via these websites), these data protection provisions apply.
In addition, the linked websites process your personal data for their own purposes. We cannot make any statement about the way in which these providers process your personal data, the purposes for which they process it, or how long they store it. Please refer to the data protection provisions of the respective provider to obtain further information about the processing of your personal data by them. You can find this under:
- Facebook: https://de-de.facebook.com/policy.php
- YouTube: https://policies.google.com/privacy?hl=de&gl=de
- Instagram: https://help.instagram.com/519522125107875
- Twitter: https://twitter.com/de/privacy
We pass on data to other third parties if and to the extent that we have delegated the performance of tasks to them. The data is only passed on insofar as this is necessary for the fulfillment of the assigned tasks.
We work together with the following companies:
- Liftric GmbH, c/o MAFINEX-Technologiezentrum, Julius-Hatry-Straße 1, 68163 Mannheim, Germany
- Immundiagnostik AG, Stubenwald-Allee 8a, 64625 Bensheim, Germany
- Kellerkinder GmbH, Gleisstraße 2, 68766 Hockenheim, Germany
Furthermore, service providers can be entrusted with tasks in the following areas, for example:
- IT maintenance
- IT development
- IT provision
If necessary, we will pass on your personal payment data to a credit institution commissioned with the payment processing (SEPA direct debit or receipt).
The data transfer always takes place on the basis of a legal norm or a suitable contract according to Art. 26 or 28 DSGVO, which ensures compliance with all data protection requirements.
Apart from that, data is only passed on in the cases provided for by law, for example in the case of a legal obligation to provide information to law enforcement authorities. In these cases, the data transfer is legitimized according to Art. 6 paras. 1 sentence 1 lit. c) DSGVO.
Data transfer to a third country
A transfer of data to a third country is intended. This transfer takes place on the basis of the consent you have given. The recipients of the data provided by you are the following companies:
- Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Matomo InnoCraft Ltd, 150 Willis St., 6011 Wellington, Neuseeland
Duration of data storage
Your personal data will be deleted by us immediately as soon as the data is no longer required for the fulfillment of contractual and legal obligations.
Personal data will be stored at least for as long as is necessary for the fulfillment of contractual obligations and the exercise of contractual rights. This period may extend beyond the actual contractual period, as the data may still be relevant after the end of the contract within the framework of the limitation periods. In addition, deletion can only take place once any retention periods under tax and commercial law have expired.
The criteria for the duration of the storage of cookies can be found in the corresponding section.
Data subject rights
As a data subject of personal data processing, you have the following rights:
You have the right to request confirmation as to whether personal data are being processed. If this is the case, you have the right to be informed about the personal data and to receive the information listed in detail in Article 15 of the GDPR.
You have the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
You have the right to request from the controller that personal data concerning you be deleted without undue delay if one of the reasons listed in detail in paragraph 17 of the GDPR applies, e.g. if the data are no longer needed for the purposes pursued (right to erasure).
You have the right to request the controller to restrict the processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you have objected to the processing, for the duration of the controller's review.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that the processing of this data is based on your consent or on a contract and the processing is carried out with the help of automated procedures (Art. 20 DSGVO). When exercising the right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, where this is technically feasible (right to data portability).
You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims (Art. 21 DSGVO).
With regard to the exercise of your rights, you can contact us at any time via the contact options offered on our website.
Right to object to direct advertising
In individual cases, we process personal data in order to carry out direct advertising. In this case, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising (Article 21 of the GDPR).
If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). You can assert this right with a supervisory authority in the member state of your residence, workplace, or the place of the alleged infringement. In Hesse, the competent supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information.
You can find more information at the following link:https://datenschutz.hessen.de/
Of course, you can also contact us directly if you are dissatisfied or have questions about data protection. The quickest way to reach our internal contact person on the subject of data protection is to use the following contact details:
DESAG expert for data protection & data security
Mobile: +49 1515 2886186
Obligation to provide data
In principle, there is no obligation to provide data. However, the provision of data may be necessary for the use of certain functions or for the conclusion of a contract. If you do not provide the required data, you will not be able to use certain functions or services or a contract cannot be concluded.