Data protection statement according to the EU General Data Protection Regulation (GDPR)
I. FULL NAME AND CONTACT DETAILS OF THE PERSON RESPONSIBLE - CONTROLLER
The person responsible, or Personal Data Controller or Controller, within the meaning of the General Data Protection Regulation and other national data protection laws of Member States as well as other data protection regulations, is:
Private Joint Stock Company “Ventilation Systems” (or PrJSC “VENTS”)
1, M. Kotsiubynsky Street
01030 Kiev. Ukraine
Tel.: + 380 44 401 62 50
E-mail: administration@vеnts.ua
Web-site: https://ventilation-system.com
Company Registration ID: 30637114
VAT ID: 306371126597
FULL NAME AND ADDRESS OF THE PERSONAL DATA OPERATOR
The person responsible, or Personal Data Operator, within the meaning of the General Data Protection Regulation, other data protection laws in force in Member States of the European Union and other legal provisions on data protection, is:
Private Joint Stock Company “Ventilation Systems” (or PrJSC “VENTS”)
Vladimir Golovaschuk (Головащук Владимир Андреевич), DPO (Data Protection Officer)
36, Sobornosti Street
08154 Boyarka City, Kievo-Svyatoshinskiy District, Ukraine
Tel.: + 380 44 401 62 50 (ext. 2149)
E-mail: dpo@ventilation-system.com
Mailing Address: Ukraine, 08154, Boyarka City, PO box 321 (with mark ‘For Vladimir Golovaschuk’)
II. GENERAL INFORMATION ON DATA PROCESSING
1. Scope of personal data processing
The protection of your privacy throughout the course of processing personal data is an important concern to us.
We only process the personal data of our users if this is necessary to provide a functional website as well as for our content and services. The processing of the personal data of our users takes place regularly only after the consent of the user. An exception applies in those cases where prior consent cannot be obtained due to practical reasons, and the processing of the data is permitted by legal regulations, or when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party according to Article 6 (1) (a) of GDPR or other valid reasons set forth in Article 6.
The use of our website is generally possible without collecting personal data. In the event of collection of personal data (for example, name, address or e-mail addresses) on our sites, this is always done, as far as is possible, on a voluntary basis. This data will not be passed on to third parties without your express permission.
2. Legal basis for processing of personal data
If we obtain the consent of the person concerned for the processing of personal data, Art. 6 para. 1 lit. (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for this.
In the processing of personal data required for the performance of a contract to which the person concerned is a party, Art. 6 para. 1 lit. (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is required to fulfill a legal obligation that our company is subject to, then Art. 6 para. 1 lit. (c) of the GDPR serves as the legal basis.
In the event that vital interests of the person in question or of another individual require the processing of personal data, Article 6(1) (d) of the GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the above-mentioned interest, Art. 6 para. 1 lit. (f) of the GDPR serves as the legal basis for processing.
3. Data deletion and storage period
The personal data of the person in question will be deleted or blocked as soon as the purpose of processing and the legal ground ceases to apply. Furthermore, the data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the Personal Data Controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. SSL/TLS encryption
In order to guarantee the confidentiality of communication with you, we use so-called SSL/TLS encryption in accordance with the current state of technology. You can recognize these encrypted connections by the name "https://" in the page link in the address line of your browser and by the green lock symbol in the address line. Unencrypted pages are marked by "http://". Data that you transmit to this website, for example, when placing orders or inquiries, cannot be read by third parties thanks to SSL encryption.
III. PROVISION OF WEBSITE AND CREATION OF LOG FILES
1. Description and scope of data processing
Every time a user accesses our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Websites from which the user's system reaches our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. (f) of the GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. (f) of the GDPR also corresponds to these purposes.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for attaining the purpose for which it was collected, and where there is no other legal ground for the processing. In case of collection of data for the provision of a website, this means the end of the respective session.
If the data is stored in log files, this happens no later than after seven days at the latest. Further storage is possible. In this case, the IP addresses of users are deleted or distorted in such a way that they can no longer be correlated with a client accessing the site.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is necessary for the website’s operation. Consequently, there is no possibility of objection on the part of the user.
IV. USE OF COOKIES
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.
Through a cookie, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is taken over by the website and the cookie stored on the user's computer system.
The person in question can prevent the placing of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the placing of cookies. Furthermore, cookies that have already been placed can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the placing of cookies in the Internet browser used, not all the functions of our Internet site can be fully usable.
The user data collected in this way is pseudo anonymized by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of users.
When accessing our website the users are informed via an information banner about the use of cookies for analytical purposes, and users are referred to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.
When accessing our website, the user is informed about the use of cookies for analytical purposes, and his or her consent to the processing of personal data used in this respect is obtained. In this context, reference is also made to this data protection statement.
b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. (f) of the GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes, upon receipt of the user's respective consent, is Art. 6 para. 1 lit. (a) of the GDPR.
c) The purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its content. Through analysis cookies, we learn how the website is used and, therefore, we are able to continually optimize our delivery of information.
Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. (f) of the GDPR also corresponds to these purposes.
d) Duration of storage, possibility of objection and removal
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user, also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all features of the website in full.
V. NEWSLETTER
1. You can subscribe to a free newsletter on our website. When registering for the newsletter, we receive data from the input form that is filled in when you subscribe to the newsletter.
In addition, the following data is collected on registration:
(1) First name and surname
(2) Company name
(3) E-mail address
(4) IP address of the accessing computer
(5) Date and time of registration
(6) You country or language preferences
In the course of the registration process, your consent for the processing of data is obtained and reference is made to this data protection statement.
No data is passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for the dispatch of newsletters.
2. Legal grounds for data processing
The legal basis for the processing of data after registration for the newsletter by the user, upon receipt of permission from the user, is Art. 6 para. 1 lit. (a) of the GDPR.
3. The goal of data processing
The collection of the user's E-mail address is intended for dispatch of the newsletter.
The collection of other personal data, as part of the registration process, serves to prevent misuse of the services or the e-mail address used.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for attaining the purpose for which it was collected, and where there is no other legal ground for the processing. The user's e-mail address will, therefore, be stored for as long as the subscription to the newsletter is active.
5. Possibility of objection and removal
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a respective link (‘unsubscribe’) in every newsletter.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, please send us an e-mail to v.gоlovaschuk@vents.kiev.ua.
This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.
VI. REGISTRATION
1. Description and scope of data processing
On our website, we offer the users the opportunity to register by providing personal data. In the process, the data is entered into an input form that is transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process:
At the time of registration, the following data is also stored:
(1) The user's IP address
(2) Date and time of registration
(3) Name
(4) Company
(5) Country
(6) E-mail address
In the course of the registration process, the user's consent to the processing of this data is obtained.
2. Legal basis for data processing
The legal basis for the processing of data, upon existence of the user's consent, is Art. 6 para. 1 lit. (a) of the GDPR.
3. Purpose of data processing
A registration of the user is necessary for the provision of certain content and services on our website.
For instance, if the user needs support in project planning.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for attaining the purpose for which it was collected, and where there is no other legal ground for the processing.
This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.
5. Possibility of objection and removal
As a user, you have the possibility to cancel your registration at any time. You can change the data stored about yourself at any time. For this purpose, write a form-free mail about this to v.gоlovaschuk@vents.kiev.ua with your details for deleting your account.
VII. CONTACT FORM AND E-MAIL CONTACT
1. Description and scope of data processing
There is a contact form on our website which can be used for the establishment of an electronic contact. If a user takes advantage of this possibility, the data entered in the input form will be transmitted to us and stored. This data is:
(1) The user's IP address
(2) Date and time of registration
(3) Name
(4) Company
(5) Country
(6) E-mail address
At the time the message is sent, the following data is also stored:
(1) The user's IP address
(2) Date and time of registration
(3) Name
(4) Company
Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection statement.
Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.
In this regard, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal grounds for data processing
The legal basis for the processing of data, upon receipt of the user's consent, is Art. 6 para. 1 lit. (a) of the GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. (f) of the GDPR. If the aim of the e-mail communication is the conclusion of a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. (b) of the GDPR.
3. Goal of data processing
The processing of personal data from the input form is performed by us only for the treatment of the establishment of contact. In the event of a contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for attaining the purpose for which it was collected, and where there is no other legal ground for the processing. For the personal data from the input form, which is part of the feedback form, and that data sent by e-mail, this moment arrives case when the respective conversation with the user is completed. The conversation is terminated once it can be seen from the circumstances that the facts in question have finally been clarified.
The additional personal data collected during the process of dispatch of data will be deleted no later than within a period of seven days.
5. Possibility of objection and removal
The user has the possibility, at any time, to revoke his/her consent to the processing of personal data. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued.
You can change the data stored about yourself at any time. For this purpose, write a form-free mail about this to v.gоlovaschuk@vents.kiev.ua with your details for the deletion of your account.
In this case all personal data stored during the establishment of a contact will be deleted, where there is no other legal ground for the processing.
VIII. GOOGLE ANALYTICS
This website uses Google Analytics (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) technology (www.google.de/analytics) to collect and store data for marketing and optimization purposes. This data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies enable the recognition of the Internet browser. The data collected with Google Analytics technologies will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the explicit consent of the person in question. We would like to point out that on this website, the code <"gat._anonymizeIp();"> has been added to Google Analytics to ensure anonymous collection of IP addresses (so-called IP masking). If the anonymization is active, Google shortens IP addresses within Member States of the European Union, or in other signatory states to the Agreement on the European Economic Area, which means that no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Users can prevent the storage of cookies by setting their browser software accordingly. In addition, users can prevent the collection by Google of data generated by cookies and relating to use of online offers as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout. This software runs exclusively on the servers of our website. The personal data of users is only stored there. The data will not be passed on to third parties.
Further information with respect to the handling of user data at Google Analytics can be found in Google's data protection statement: https://support.google.com/analytics/answer/6004245?hl=en .
IX. GOOGLE MAPS
Our website uses the map service Google Maps from Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) via an API. In this context, it is necessary to store your IP address. The information thus obtained is usually transferred to a Google server in the USA and stored there. We have no control over transmission of this data. Due to our justified interest in the attractive presentation of our online offers and in the ease with which the locations we have indicated on the website can be found, the choice of legal basis is consistent with Art. 6 para. 1 lit. (f) of the GDPR. Further information can be found in Google's data protection statement: https://www.google.de/intl/en/policies/privacy/.
X. GOOGLE RECAPTCHA
To protect the input forms on our site, we use the "reCAPTCHA" service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA . By using this service, it is possible to distinguish whether the corresponding input is of human origin or done through an unauthorized way, that of an automated machine processing system. The IP address transmitted within the scope of "reCAPTCHA" and any other data collected by Google are transmitted to Google and are subject to Google's terms of use: https://www.google.com/intl/de/policies/privacy/. By using reCAPTCHA you agree to this.
XI. YOUTUBE VIDEO PLUGIN
This website includes content of third-party providers. This content is provided by Google Inc. ("Provider"). YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For videos from YouTube included on our website, the advanced privacy setting is enabled. This means that no information from website visitors is collected and stored on YouTube unless they play the video. The purpose and scope of data collection and the further processing and use of data by providers as well as your rights in this area and your setting options to protect your privacy can be found in Google's Privacy Policy: http://www.google.com/intl/en/+/policy/+1button.html.
XII. LINKS TO OTHER WEBSITES
The website of PrJSC Ventilation Systems contains links to other websites. PrJSC Ventilation Systems is not responsible for the data protection policies or content of these other websites.
XIII. RIGHTS OF SUBJECTS OF PERSONAL DATA
If your personal data is processed, you become the subject of personal data in the meaning provided by the GDPR, and you have the following rights vis-à-vis the Personal Data Controller:
(1) the categories of personal data that are processed;
(2) the recipients or categories of recipients who were, or will still be, disclosed personal data relating to you;
1. Right to information
You can require the Personal Data Controller to confirm whether your personal data are/will be processed by us, and which data are/will be processed.
For this purpose, the user can send a form-free e-mail to v.gоlovaschuk@vents.kiev.ua.
If such processing has taken place, you can request the following information from the Personal Data Controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients, or categories of recipients, to which the personal data regarding you have been disclosed or will disclosed in future;
(4) the planned storage period of the personal data regarding you or, if specific information in this respect cannot be obtained, the criteria for determining the storage period;
(5) the existence of the right to have your personal data regarding yourself corrected or deleted, the right to limit processing by the responsible person, or the right to object to such processing;
(6) the existence of the right of appeal to a supervisory authority;
(7) all types of information available on the origin of the data if the personal data is not being collected from the subject of personal data in question;
(8) the existence of an automated decision-making process, including profiling in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases – convincing information about the logic involved, as well as the significance and the scope and intended consequences of such processing for the subject of personal data.
You have the right to request information as to whether the personal data relating to you is being transmitted to a third country or to an international organization. In such case, you may also request to be informed of the appropriate guarantees pursuant to Art. 46 of the GDPR, in connection with the transmission of data.
2. Right to rectification
You have the right to request from the Personal Data Controller the making of corrections and/or additions if the personal data processed about you is incorrect or incomplete. The Personal Data Controller must make the corrections immediately.
3. Right to limitation of processing
Under the following conditions, you may request that the processing of personal data relating to you be restricted:
(1) if you dispute the accuracy of the personal data regarding you for a period that enables the Personal Data Controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the Personal Data Controller no longer needs the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 of the GDPR, and it has not yet been established whether the reasonable considerations of the Personal Data Controller have priority over your considerations.
If the processing of personal data regarding you has been restricted, such data may only be processed - apart from its storage - only with your consent, or for the purpose of asserting, exercising or defending rights, or protecting the rights of another individual or legal entity, or on grounds of important public interest of the European Union or any Member State. If the processing has been limited according to the above-mentioned requirements, you will be notified by the Personal Data Controller before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You may request the Personal Data Controller to immediately delete the personal data relating to you, and the Personal Data Controller is obliged to immediately delete this data if one of the following reasons applies:
(1) The personal data regarding you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. (a) or Art. 9 para. 2 lit. (a) of the GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 of the GDPR, and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 (f) of the GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfill a legal obligation in accordance with EU law, or the law of the Member States to which the Personal Data Controller is subject.
(6) Your personal data has been collected in relation to the services offered by the information society pursuant to Art. 8 para. 1 of the GDPR.
b) Information given to third parties
If the Personal Data Controller has made your personal data public and is obliged to delete it pursuant to Art. 17 para. 1 of the GDPR, it shall take the appropriate measures, including technical measures, taking into account the available technology and the costs of doing so, to inform the data controllers which process personal data that you as the person in question have requested the deletion of all links to this personal data or of copies or replications of this personal data.
c) Exceptions
The right to deletion does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information
(2) to fulfill a legal obligation required for processing under the law of the Union or of the Member States to which the Personal Data Controller is subject, or for the performance of a task in the public interest or in the exercise of official authority vested in the Personal Data Controller;
(3) for reasons of public interest in the sphere of public health pursuant to Art. 9 para. 2 lit. (h) and (i) and Art. 9 para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 (1) of the GDPR, to the extent that the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
(5) for establishing, exercising or defending legal claims.
5. Right to information
If you have exercised your right, vis-à-vis the Personal Data Controller, to have the data corrected, deleted or its processing restricted, the latter is obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of data or restriction on processing, unless this proves impossible or involves a disproportionate sum in costs. You have the right to require the Personal Data Controller to provide you with information about such recipients.
6. Right to data portability
You have the right to receive your personal data that you have provided to the Personal Data Controller, in a structured, commonly used and machine-readable format. In addition, you have the right to pass this data on to another Personal Data Controller without obstruction from the Personal Data Controller to which the personal data was provided, as long as
(1) processing is based on the consent pursuant to Art. 6 para. 1 lit. (a) of the GDPR or Art. 9 para. 2 lit. (a) of the GDPR, or on a contract pursuant to Art. 6 para. 1 lit. (b) of the GDPR, and
(2) processing is carried out using automated methods.
Within the framework of exercising this right, you also have the right to request that your personal data be transferred directly from one Personal Data Controller to another personal data controller, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest, or in the exercise of official authority vested in the Personal Data Controller.
7. Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data under Article 6(1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The Personal Data Controller halts the processing of your personal data, unless he can prove compelling and legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, if it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You have the opportunity to exercise your right of objection in the context of the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
8. Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the time of the revocation.
The legality of data processing prior to your revocation remains unchanged.
9. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that produces legal effect upon you or significantly impairs you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the Personal Data Controller,
(2) is allowed by the law of the Union or of the Member States to which the Personal Data Controller is subject, and that law contains the appropriate measures to safeguard your rights, freedoms and legitimate interests, or
(3) takes place with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 lit. (a) or (g) of the GDPR applies and the appropriate measures have been taken to protect rights, freedoms and your legitimate interests.
In the cases referred to in (1) and (3), the Personal Data Controller shall take adequate measures to safeguard rights, freedoms and your legitimate interests, including at least the right to obtain the intervention of the Personal Data Controller, to express one’s own point of view and to challenge decisions.
10. Right of appeal to a supervisory body
Without prejudice to any other administrative or judicial remedy, you have the right to file an appeal to a supervisory authority, in particular in the Member State where you reside, work, or in the place of the suspected infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been lodged will inform the complainant of the status and results of consideration of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.
The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information
Address:
Königstrasse 10a 70173 Stuttgart
Postal address:
P.O. Box 10 29 32 70025 Stuttgart, GERMANY
Phone: 0711/615541-0 Fax: 0711/615541-15. E-mail: poststelle@lfdi.bwl.de
XIV. ADDITION:
1. Credit assessments
We have a justified interest in performing the credit assessments set forth in this section for the purpose to protect ourselves from bad debts or investments. We might commission companies performing mathematical and statistical analysis to assess the risk of payment default and deliver, within the scope of what is allowed under law, information on the probability of payment defaults. For the assessment, address data may be used, but not exclusively.
In case the result of a credit assessment does not satisfy our requirements, we reserve the right to ask for an assured payment method (e.g. credit card) or to refuse to enter into a contract.
A credit assessment is based on automated decision-making. If you disagree with the result, you may submit your point of view in writing to be reviewed by a case handler. In addition, you are entitled to find out about the essential reasons supporting the decision of the respective service provider.
We have commissioned the following service providers with credit assessments:
2. Reference to cooperation with IHD
In the event of a credit risk we transfer your data (name, address, e-mail address, company details and, if applicable, contract and receivables data), to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, and, if applicable, to other cooperating credit inquiry agencies for the purpose of credit assessment and for checking the deliverability of the specified address for correspondence as well as for the purpose of debt collection processing. The legal grounds for such transfer are Art. 6 I b of the GDPR and Art. 6 I (f) of the GDPR. Transfer of data on the basis of Art. 6 I (f) of the GDPR can only take place if this is necessary to safeguard the legitimate interests of our company and does not outweigh the interests or fundamental rights and freedoms of the subject (person) of personal data in question who is requiring the protection of his/her personal data.
3. Transfer to recipients outside the EEA
We might transfer personal data to recipients located outside the EEA into so-called third Countries.
In such cases, prior to the transfer we ensure that either the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country or due to the agreement based on so-called EU model clauses with the recipient) or that you have consented to the transfer.
You are entitled to receive an overview of third country recipients and a copy of the specifically agreed-to provisions securing an appropriate level of data protection. For this purpose, please use the statements made in the Contact section.
Effective Date: 2018/07/11