Data protection information in accordance with the General Data Protection Regulation (GDPR)
Your trust is important to us. We take the protection of your personal data very seriously. Personal data is only collected, processed or used if the person concerned has consented, if it is necessary for the fulfilment of a contract or if a law permits or prescribes the collection, processing or use. With this data protection policy, we would like to inform you about details of data collection and data processing as well as about the rights to which you are entitled in this context.
1. Name and contact details of the data controller and the company data protection officer
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data protection provisions is:
Schnelter Straße 42
D- 49688 Lastrup
Tel: 04472 94040
You can contact our company data protection officer at any time with regard to data protection issues at the above business address and/or the following e-mail address.
2. Collection of personal data and type and purpose of its use
We process personal data that we receive from you in the course of our business relationship.
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
If you instruct us, we will in particular collect the following information:
- Surname, first name, surname
- Company name
- Email address
- Phone number (landline and/or mobile)
- Information necessary for the processing of the contract
As a matter of principle, we only process personal data if the user gives their consent or if the data processing is permitted by legal regulations. The legal basis is Article 6 (1) of the EU General Data Protection Regulation (GDPR). According to this regulation, processing of personal data is only permitted if the data subject consents (Art. 6 para. 1 lit. a GDPR) or the processing is necessary for one of the following purposes:
- For the performance of a contract with the data subject or for the implementation of pre-contractual measures at the request of the data subject (Art. 6 para.1 b GDPR);
- To fulfil a legal obligation of our company (Art. 6 para.1 lit. c GDPR);
- To protect vital interests of the data subject or another natural person (Art. 6 para.1 lit d GDPR);
- To perform a task which is in the public interest or which has been assigned to our company by the public administration (Art. 6 para.1 lit. e GDPR);
- To safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject for the protection of personal data are overriding (Art. 6 para.1 lit. f GDPR).
3. Transfer of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place.
We will only share your personal data with third parties if:
- You have given your express consent in accordance with Art. 6 Para. 1 lit. a GDPR;
- The transfer in accordance with Art. 6 Para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data;
- In the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR a legal obligation exists;
- This is legally permissible and necessary according to Art. 4 para. 1 lit. b GDPR for the processing of contractual relationships with you.
4. Storage period and data deletion
To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation or execution of a contract. The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Data may also be stored if this is provided for by law. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or performance of a contract. Prescribed storage periods in this sense are, for example, retention periods under tax law or commercial law.
5. Collection of access data (creation of log files)
When you access our website www.witte-lastrup.de, information is automatically sent to the server of our website by the browser used on your end device. We host our website with Strato. The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our website, Strato collects various log files including your IP addresses.
For further information, please refer to Strato’s data protection policy:
This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file
- Website from which the access is made (referrer URL)
- Browser used and, if applicable. the operating system of your computer
- The name of your service provider
- The website from which our website is accessed
- Websites and sub-websites that are accessed from our website
- The browser used and, if applicable, the operating system of your computer
Other similar data and information that serve to avert danger in the event of attacks on our system:
- To ensure a smooth connection of the website
- To ensure a comfortable use of our website
- Evaluation of system security and stability
- for other administrative purposes
The data is stored anonymously in the log files of our system. There is no linkage with other personal data of the user, our company does not draw any conclusions about the data subject.
The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. The storage is necessary to ensure the functionality of our website and the correct display of the content. Furthermore, the data serve our statistics and the continuous optimisation of our content. Finally, the data is stored in order to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
No data is passed on to third parties unless there is a legal obligation to disclose it.
Since the collection and storage of the data in the log files are absolutely necessary for the trouble-free operation of the website, the user has no possibility to object.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Insofar as the data was collected for the purpose of providing the website without interruption, this is the case when the internet session ends.
We use so-called “cookies” on our website. These are text files which are placed on your computer by our server and thus store certain data. Cookies usually contain a characteristic string of characters which enables a clear allocation of the internet browser when the user calls up the website again. This makes it possible to recognise and identify the calling browser. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies help us to make it easier for you to use the website. Through the recognition of the browser and the storage of previously entered data, the offers and contents of our website can be individually optimised in that the data entered by you (e.g. access data, search terms) do not have to be entered again each time you visit the website. The legal basis for this is Art. 6 para. 1 lit. f GDPR. However, this does not mean that we gain direct knowledge of your identity.
7. Contact form and e-mail contact
Our website www.witte-lastrup.de provides a contact form which can be used to contact our company electronically. The data entered by the user in the input mask is transmitted to us and stored. Furthermore, the IP address of the user as well as the date and time of transmission are also stored. The user’s consent is obtained for the processing of the data during the submission process. The legal basis for the processing is therefore Art. 6 para. 1 lit. a GDPR. As far as the storage of the IP address is concerned, the legal basis is also Art. 6 para. 1 lit. f GDPR.
Alternatively, it is possible to contact us via the e-mail address provided on our website. In this case, in addition to the email address, the personal data provided by the user in the email will be transmitted. The legal basis in this respect is Art. 6 para. 1 lit. f GDPR.
The processing of the data transmitted via the contact form or by e-mail serves exclusively to carry out the desired contact. Other data is stored in order to prevent or detect misuse of the website and to ensure the security of our system.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. As far as the data transmitted by the user in the contact form or in the e-mail is concerned, this is the case when the communication in question has ended, unless the content of the communication still has legal significance thereafter.
The data subject has the option to revoke consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun cannot be continued.
8. Enquiry by telephone or fax
If you contact us by telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in effectively processing the enquiries addressed to us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
9. Subscription to our newsletter
On our website www.witte-lastrup.de, you have the option of subscribing to our company newsletter. Which personal data is transmitted to us and stored by us when you subscribe to the newsletter can be seen from the input mask used for this purpose. Furthermore, the IP address of the user as well as the date and time of transmission are also stored. The consent of the user is obtained for the processing of the data as part of the registration process. The legal basis for the processing is therefore Art. 6 para. 1 lit. a GDPR. As far as the storage of the IP address is concerned, the legal basis is also Art. 6 para. 1 lit. f GDPR.
The processing of the data transmitted by the user by entering it in the registration form is necessary in order to send the newsletter. The data is not used for any other purpose. The storage of the IP address is necessary to prevent or detect misuse (especially of the e-mail address) and to ensure the security of our system.
The subscription to the newsletter can be cancelled by the data subject at any time, thus revoking the consent to send the newsletter. For this purpose, a corresponding link is provided in every newsletter e-mail sent. In this case – as well as in the case of any other objection to the use of data, which is possible at any time – the personal data stored by us as part of the newsletter subscription will be deleted. The data will therefore be stored for as long as the newsletter subscription is active.
10. Plug-ins and tools
a) Social media plug-ins
We use social plug-ins from social networks on our website on the basis of Art. 6 (1) p. 1 lit. f GDPR in order to make our company better known through them. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website as best as possible.
When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection with the servers of the social networks. The content of the plug-in is transmitted directly to your browser and integrated into the website by it.
By integrating the plug-ins, the social networks receive the information that your browser has accessed the corresponding page of our website, even if you do not have an account with the respective social network or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server and stored there.
If you are registered or logged in to the social network, they can assign your visit to our website directly to your account. If you interact with the plug-ins, the corresponding information is also transmitted directly to a server of the social networks and stored there. The information is also published on the social networks.
The social networks may use this information for the purposes of advertising, market research and demand-oriented design of their pages. For this purpose, usage, interest and relationship profiles are created.
To prevent data about you from being processed by the operator of the respective social network, you must log out of the network in question before accessing our website. In addition, you can use special tools that block data transmission (e.g. Facebook Blocker).
The purpose and scope of the data collection and the further processing and use of the data by the social networks as well as your rights in this respect and setting options for protecting your privacy can be found in the data protection information of the operator of the respective social network.
We have integrated the social media plug-ins of the following companies on our website:
Facebook Inc.: https://de-de.facebook.com/about/privacy/
Our website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. To prevent the operator from disseminating data about you, you must log out of your YouTube account before calling up our website.
Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG [German telecommunications and telemedia data protection act], insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Further information about data protection at YouTube can be found in their data protection policy at:
11. Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the ongoing optimisation of our website.
On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
a) Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on their website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG [German telecommunications and telemedia data protection act], insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
b) Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), for the purpose of demand-oriented design and ongoing optimisation of our pages. In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookies about your use of this website, such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server request, is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
c) Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie on your computer if you have accessed our website via a Google advertisement.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain.
12. Your rights as a data subject
If personal data relating to you are processed, you are a data subject within the meaning of the GDPRand you are entitled to the following rights:
a) Right to confirmation and information, Art. 15 GDPR
You can request confirmation from us at any time as to whether personal data relating to you are being processed by us. If this is the case, you have a right to be informed about the following circumstances:
- The categories of personal data which are processed;
- The recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
- The planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;
- The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- The existence of a right of appeal to a supervisory authority;
- Any available information on the origin of the data if the personal data are not collected from the data subject;
- The existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
In addition, you have a right to information as to whether personal data is transferred to a state that is not a member of the EU (so-called third country) or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
b) Right to rectification, Article 16 of the GDPR
You have the right to request that we rectify any inaccurate personal data relating to you without undue delay. Furthermore, you have the right to request us to complete incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.
c) Right to erasure, Art. 17 GDPR
You may request us to erase the personal data concerning you without undue delay if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you have been processed unlawfully.
- The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you have been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
- If the personal data concerned has been made public by us and we are obliged to erase the personal data in accordance with the above principles, we shall also be obliged to inform other data controllers that you, as the data subject, have requested the erasure of all links to this personal data or copies or replications of this personal data.
We shall take appropriate measures in this regard, including technical measures, taking into account the available technology and the costs of implementation, in order to comply with these obligations, in any case to the extent that the processing is no longer necessary, i.e. legal requirements dictate this or legitimate interests conflict with the erasure.
d) Right to restriction of processing, Art. 18 GDPR
You may request us to restrict the processing of personal data relating to you under the following conditions:
- You dispute the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and you request the restriction of the use of the personal data instead of erasure.
- The personal data is no longer needed by us for the purposes of processing, but you need this data to assert, exercise or defend legal claims.
- You have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons prevail over your reasons.
- If the processing of personal data relating to you has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. In this case, you will also be informed by us before the restrictions are lifted.
e) Right to information
If you have exercised the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. In this respect, you may request us to inform you about these recipients.
f) Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you may request that the personal data be transferred directly from one controller to another controller to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
g) Right to revoke consent under data protection law, Art. 7 (3) DSVGO
If you have given consent under data protection law, you have the right to revoke this consent at any time with effect for the future. This also applies to the revocation of declarations of consent that were given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
If you wish to exercise your right of withdrawal, please send an appropriate email to firstname.lastname@example.org or send the objection to the above business address.
h) Right to lodge a complaint with the supervisory authority, Art. 77 DSGVO
Notwithstanding the rights existing vis-à-vis us, you also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR. The supervisory authority to which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
13. Right to object, Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing by us of personal data relating to you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.
If the personal data concerning you are processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
If you wish to exercise your right to object, this can be done without any formalities and should be addressed to:
Schnelter Straße 42
D- 49688 Lastrup
Tel: 04472 94040
14. Data security
Within the website visit, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
15. Updating and amending this data protection policy
This data protection policy is currently valid and has the status September 2022.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection policy.
You can access and print out the current data protection policy at any time on our website at www.witte-lastrup.de