This data protection declaration clarifies the type, extent and purpose of processing of personal data (in the following referred to as “data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profile (hereinafter referred to collectively as “online offer”). With regard to the terms used, such as “processing” or “responsible party”, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).
- SECOLINO Deutschland GmbH
- Zeppelinstraße 8a
- 38446 Wolfsburg
- Managing Director:
- Sebastiano Testa
- Thomas Schmidt
- Contact data protection officer:
Types of data processed
- Inventory data (e.g., names, addresses)
- Contact details (e.g., e-mail, telephone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (e.g., Websites visited, interest in Content, Access times)
- Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (in the following we will refer to the persons concerned collectively as “users”).
Purpose of processing
- Provision of the online offer, its functions and contents
- Responding to contact requests and communication with users
- Security measures
- Reach measurement/ marketing
“personal data” shall mean any information relating to an identifiable natural person (in the following referred to as “sata subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as Name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural Person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all processing of data.
“Pseudonymization” shall mean the processing of personal data in such a way that the personal data cannot be related to a specific data subject without the use of supplementary information, provided that this supplementary information is kept seperate and is subject to technical and organisational measures ensuring that the personal data is not related to an identified or identifiable natural person.
“Profiling” shall mean any automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular in order to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location of that natural person.
“Controller” shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” shall mean any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal bases
In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consents is Art. 6 Para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual
measures and answering enquiries is Art. 6 Para. 1 lit. b DSGVO, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c DSGVO, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 lit. d DSGVO serves as the legal basis.
In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Such measures shall include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).
Cooperation with contract processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorisation (e.g. if the data must be transferred to third parties, such as payment service providers, in accordance with Art. 6 Para. 1
letter b DSGVO for the fulfilment of the contract), if you have given your consent, if a legal Obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosters, etc.). If we commission third parties to process data on the basis of a socalled “contract processing agreement”, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the Basis of your consent, on the basis of a legal
obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer data to a third country if the special requirements of Art. 44 ff. DSGVO. In other words, processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “Standard contractual clauses”).
Rights of data subjects
- You have the right to request confirmation as to whether or not data in question is being processed and to obtain information about this data and to receive further information and a copy of the data in accordance with Art. 15 DSGVO.
- You have accordingly Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
- Under Art. 17 DSGVO you have the right to demand that data concerning you be deleted immediately, or alternatively, under Art. 18 DSGVO, to demand that the processing of the data be restricted.
- You have the right to request that the data concerning you which you have made available to us be received in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties.
- You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
Right of withdrawal
You have the Right to revoke consents granted in accordance with Art. 7 Para 3 DSGVO with effect for the future.
Right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 DSGVO. In particular, you may object to processing for the purposes of direct advertising.
Cookies and right of objection for direct mail
Cookies and right of objection for direct mail Cookies” are small files that are stored on the user’s computer. Different information can be stored within the cookies. A cookie is primarily used to store Information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online shop or a login status can be stored. Cookies are described as “permanent” or “persistent” if they remain stored even after the browser is closed. For example, the login status can be saved if the user visits it after several days. Likewise, the interests of the users can be stored in such a cookie, which are used for range measurement or Marketing purposes. Third-party cookies” are cookies that are offered by providers other than the Person responsible for operating the online service (otherwise, if theyare only the cookies of this person,
they are called “first-Party cookies”).
If users do not want Cookies to be stored on their Computer, they are asked to deactivate the corresponding Option in the System Settings of their browser. Stored Cookies can be deleted in the system settings of the browser. The exclusion of Cookies can lead to functional limitations of this online offer.
Deletion of data
The data processed by us will be deleted or restricted in their processing in accordance with articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage
obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the
data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to the legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records,
management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
In accordance with legal requirements in Austria, the retention is in particular for 7 years in accordance with § 132 para. 1 BAO (accounting documents, vouchers/invoices,
accounts, vouchers, Commercial documents, statement of income and expenditure, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with
electronically provided services,telecommunications, radio and television services which are provided to nonentrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
Administration, financial accounting, office organization, contact management
We process data within the framework of administrative Tasks as well as the organisation of our operations, financial Accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The basis for processing is Art. 6 Par. 1 lit. c. DSGVO, Art. 6
para. 1 lit. f. DSGVO. Customers, interested parties, Business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in the
administration, financial accounting, office organisation, archiving of data, i.e. tasks which serve to maintain our Business activities, perform our tasks and provide our services. The deletion of data in relation to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, which is mainly company-related, is stored permanently.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details will be used to process the contact request and its handling in accordance with Art. 6 Para. 1 lit. b. (within the framework of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO are processed… The information provided by users may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the enquiries if they are no Longe required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
Hosting and e-mail dispatch
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and Database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating this online offer.
For this purpose, we or our Hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f DSGVO
in conjunction with Art. 28 DSGVO (conclusion of contract processing agreement).
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the website visitor spends on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of the data takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para . B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.