Do you have any questions or suggestions?
Get in touch with me now.
Privacy
I. Controller
The controller as defined by the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:
Storch-Ciret Holding GmbH
Platz der Republik 6
42107 Wuppertal
Telephone: +49 (0) 202 49 20 - 0
Fax: +49 (0) 202 49 20 – 111
E-mail: info(at)storch-ciret.com
Represented by: Daniel Rogusch, Daniel Taudien, Goran Kovacev
Registration court and registration number
Wuppertal District Court, HRB 2463
VAT identification number in accordance with section 27a of the VAT Act (UStG)
VAT ID no. DE 121 100 678.
The data protection officer pursuant to GDPR and BDSG is:
Storch-Ciret Business Services GmbH
Data protection officer
Marc Strohmeyer
Platz der Republik 6
42107 Wuppertal
Telephone: +49 (0) 202 49 20 - 0
E-mail: datenschutzbeauftragter(at)storch-ciret.com
II. General information on data processing
(1) Personal data is only processed if it is necessary for the provision of a functioning website including content and services. Processing takes place regularly only with the data subject’s consent. In exceptional cases, processing will be carried out without the data subject’s consent if it is not possible for genuine reasons and the processing of the data is permitted by legal regulations.
(2) Article 6(1)(a) GDPR serves as the legal basis for the processing of personal data, insofar as the data subject’s consent has been obtained for the processing of personal data.
Art. 6(1)(b) GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary to fulfil a contract to which the data subject is a contracting party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Art. 6(1)(c) GDPR serves as the legal basis for the processing of personal data, insofar as the processing of personal data is necessary to meet a legal obligation to which the company is subject.
Art. 6(1)(f) GDPR serves as the legal basis for the processing of personal data, insofar as this is necessary for the processing in order to safeguard a legitimate interest of the company or a third party and where the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest.
(3) The data subject’s personal data will be erased or blocked as soon as the purpose for which it was stored ceases to apply. In addition, data can be stored if this is stipulated by relevant national or European regulations. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
III. Use of the website
(1) Whenever the website is accessed, the system automatically collects data and information from the accessing computer’s system.
The following data is collected:
1. IP address
2. Date and time of request
3. Time zone difference to Greenwich Mean Time (GMT)
4. Content of website
5. Access status (HTTP status)
6. Amount of data transferred
7. Web browser
8. Browser language and version
9. Operating system
10. Website from which you accessed the website
The data is saved in the system’s log files. This data is not stored together with the user’s other personal data.
(2) The legal basis for this is Article 6(1)(f) GDPR.
(3) The IP address needs to be logged and temporarily stored so the website can be displayed on your terminal device. For this purpose, your IP address must be stored for the duration of your visit to the website. This data is not evaluated for marketing purposes.
(4) The data is erased when the respective session is ended. If this data is stored in log files, this will take place after no more than seven days. Data may be stored for longer. In this case, the user’s IP address will be erased or alienated so that it is no longer possible to identify the accessing client.
(5) To make the website available, data must be collected and stored in log files. Consequently, users are not granted the option to object to the above.
IV. Use of CleverPush
(1) CleverPush is a push notification service. This is used by us to send users of our service push messages about new articles in selected subject areas.
(2) This service is provided by CleverPush: CleverPush GmbH, Nagelsweg 22, 20097 Hamburg. The Cleverpush privacy policy can be found here: cleverpush.com/en/privacy.
(3) CleverPush does not collect any user data such as IP addresses or similar, which could provide direct information about the respective user. When entering the notification distribution list, only a type of identifier, which varies from browser to browser, is sent to our servers. This identifier is assigned by the browser manufacturers (Google, Mozilla, Apple, etc.) and enables us to send the notifications to the respective browsers.
(4) The push messages from CleverPush can be deactivated on the mobile end device or PC via the following links: lexi.storch-ciret.net
V. Use of cookies
(1) The website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. This cookie contains a characteristic character string that enables the browser to be uniquely identified when the website is accessed again. Cookies cannot transmit viruses to the end device or run programs themselves.
Cookies are used to make a website more user-friendly. In some parts of the website, the accessing browser may also need be identified after changing page.
Transient cookies are automatically deleted when the session is closed. These include session cookies, which save the session ID, which can be used to assign different requests from the web browser to the same session. This makes it possible to recognise the end device again during a new session.
Persistent cookies are automatically erased after a specified storage period, which may differ depending on the cookie. The associated settings can be deleted at any time in the web browser’s settings.
The following data is stored in the cookies:
1. Log-in information
2. Language settings
3. Search terms entered
4. Number of hits to the website
5. Use of the website’s individual functions
(2) The legal basis for this is Article 6(1)(f) GDPR.
(3) The purpose of using technically necessary cookies is to simplify the use of websites for users. Some of the website’s functions cannot be provided without the use of cookies. For this to occur, it is necessary for the browser to be recognised even after changing page.
The user data collected by technically necessary cookies is not used to create user profiles.
(4) Cookies are stored on the user’s computer and transmitted by the user to our website. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to make full use of all the website’s functions.
VI. Contact forms and e-mail contact
(1) The website uses contact forms that can be used to make contact by electronic means. When used, the data entered in the input field is transmitted to the website and stored there. This data comprises the following:
1. Surname
2. Company name
3. Address
4. E-mail address
5. Telephone number
6. Content of the action of making contact
The following data is also collected when contacting us:
1. Accessing computer’s IP address
2. Date and time of making contact
Data collected in this context is not passed on to third parties. The data is used exclusively to process the conversation.
(2) The legal basis for the processing of data is Art. 6(1)(a) GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR.
If the purpose of making contact by e-mail is to conclude or fulfil a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
(3) Personal data from the input field is processed solely for the purpose of processing the action of making contact. If contact is made by e-mail, this also constitutes a necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process is used to prevent the misuse of the contact form and to ensure the security of the IT systems.
(4) The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the personal data from the input field of the contact form and data sent by e-mail, this applies when the respective conversation with the data subject has ended. The conversation is ended when it can be deduced from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be erased after a period of seven days at the latest.
(5) The data subject has the option of withdrawing their consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time at info@storch-ciret.com. But if you do so, the conversation cannot be continued.
In this case, all personal data stored when you made contact will be erased.
VII. Encrypted data transfer
During login or contact, all data is transmitted via SSL/TLS technology over an encrypted connection. The SSL certificate required for this, which is installed on the servers, was issued by an independent organisation.
An encrypted connection can be recognised by the browser’s address line changing from http:// to https://.
As soon as the encrypted SSL/TLS connection is established, the information that you enter with the shop can no longer be read by third parties.
VIII. Rights of the data subject
If personal data is processed by , the user is a “data subject” as defined by GDPR and they have the following rights in respect of the controller:
1. Right to be informed
The data subject may request confirmation from the controller as to whether their personal data is being processed.
If such processing takes place, the controller may be asked to provide information on the following:
(1) The purposes for which the personal data is being processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data concerned has been or will be disclosed;
(4) The planned length of time the personal data will be stored or, if specific information on this is not possible, criteria for determining the length of the storage period;
(5) The existence of a right to rectify or erase personal data, a right to restrict processing by the controller or a right to object to such processing;
(6) The existence of a right to lodge a complaint with a supervisory authority;
(7) All available information on the origin of the data if the personal data is not collected from the data subject;
(8) The existence of automated individual decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, and the scope and intended effects of such processing for the data subject.
The data subject has the right to request information on whether the personal data is being transferred to a third country or to an international organisation. In this context, the data subject may ask to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to rectification
The data subject has a right to rectification and/or completion with respect to the controller if the personal data processed is incorrect or incomplete. The controller must make the rectification without delay.
3. Right to restrict processing
The data subject may ask for the processing of their personal data to be restricted under the following conditions:
(1) If you dispute the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) The processing is unlawful, the data subject’s request to erase the personal data is declined and the data subject instead asks for the use of the personal data to be restricted;
(3) The controller no longer needs the personal data for the purposes of the processing, but it is required for the establishment, exercise or defence of legal claims, or
(4) If the data subject submits an objection to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override the grounds of the data subject.
Where the processing of personal data has been restricted, such data may only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing is restricted in accordance with the above-mentioned conditions, the data subject will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
The data subject has the right to ask the controller to erase the personal data without undue delay and the controller is obliged to erase this data without undue delay if one of the following reasons applies:
(1) The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
(2) The consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR is withdrawn and there is no other legal basis for the processing.
(3) The data subject raises an objection to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or an objection to the processing is raised pursuant to Article 21(2) GDPR.
(4) The personal data has been unlawfully processed.
(5) The personal data needs to be erased to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data has been processed in relation to the information society services offered pursuant to Art. 8(1) GDPR.
b) Information to third parties
If the controller has made the personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, it must take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that are processing the personal data that data subjects have requested from them the erasure of all links to, or copies or replications of, such personal data.
c) Exceptions
There is no right to erasure if processing is necessary
(1) for the purpose of exercising the right to freedom of expression and information;
(2) for the purpose of fulfilling a legal obligation which requires processing in accordance with the law of the Union or the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority conferred on the controller;
(3) on the grounds of the public interest in respect of public health pursuant to Article 9(2)(h) and (i) as well as Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, where the right referred to in (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
(5) for the establishment, exercise or defence of legal claims.
5. Right to be informed
If the right to rectification, erasure or restriction of processing has been enforced against the controller, the controller must inform all recipients to whom the personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
The controller has the right to be informed about these recipients.
6. Right to data portability
The data subject has the right to receive the personal data provided to the controller in a structured, commonly used and machine-readable format. In addition, the data subject has right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
(2) processing is carried out by automated means.
In exercising this right, the data subject also has the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of power vested in the controller.
7. Right to object
The data subject has the right to object at any time, for reasons arising from their particular situation, to the processing of the personal data which is based on Art. 6(1)(e) or (f) GDPR, this also applies to profiling based on these provisions.
The controller can no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
If the personal data is processed for direct marketing purposes, the data subject has the right to object to the processing of the personal data for the purpose of such advertising at any time; this also applies to profiling, insofar as it is associated with such direct marketing.
If the processing has been objected to for direct marketing purposes, the personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, the data subject may exercise the right to object in relation to the use of information society services by means of automated procedures using technical specifications.
8. Right to withdraw consent under data protection law
The data protection declaration of consent may be withdrawn at any time. Withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of consent until such consent is withdrawn.
9. Automated individual decision-making, including profiling
The data subject has the right to not be subject to a decision based solely on automated processing – including profiling – which has a legal effect on the data subject or similarly significantly affects the data subject. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between the data subject and the controller,
(2) is permitted by Union or Member State law to which the controller is subject and that law contains appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3) is taken with the data subject’s express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) and appropriate measures have been taken to protect the rights and freedoms and the data subject’s legitimate interests.
With regard to the cases referred to in (1) and (3), the controller must take appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to set out their own position and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, the data subject has a right to lodge a complaint with a supervisory authority, in particular in the Member State where the data subject resides, the place of work or the place of the alleged infringement, if there is a view that the processing of personal data violates the GDPR.
The supervisory authority to which the complaint was lodged must inform the complainant of the status and results of the complaint, including the option of a judicial remedy pursuant to Art. 78 GDPR.