(Updated March 2021)
1. Data protection at a glance
General information
As the operator of this website, we have a legal requirement to inform you about the type of data we collect and use, as well as the amount of data we collect and why. Please feel free to contact us at any time should you have any further questions. Personal data is any information which can be used to identify you personally.
Who is responsible for the data collected by this website?
The operator of this website processes the data on this website. It is the data controller as per art. 4 para.7 of the EU General Data Protection Regulation (GDPR). Their contact details can be found in the legal notices for this website. The relevant link can be found at: https://www.pool.de/impressum/
How do we collect your personal data?
First of all, your personal data is collected when you provide it to us. This might be, for instance, data you enter into a contact form or send to us by email or other communication (such as first and last name, address, telephone number, mobile number, fax number and email address). Other data is automatically collected by our IT systems when visiting the website, for information purposes only. This is mainly technical data (such as internet browser, operating system or time the page was visited). This data is collected automatically once you enter our website.
How do we use your information?
If you contact us, your user details will be saved to process the request and in the event that any follow-up questions arise. Some data is collected to ensure that the website can be provided without any faults. Other data may be used to analyse your user behaviour. We process the personal data mentioned above in line with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).
What rights do you have with regard to your data?
Under the GDPR, you have the following rights with regard to the processing of your personal data:
Please note that there are restrictions on the right to information and the right to erasure under §§ 34, 35 BDSG. You can contact us at any time at the address given in the legal notices should you have any further questions regarding data protection. You also have the right to make a complaint with the competent regulatory authority (see section 4.3 below).
2. General information about data protection
The operator of this website takes the protection of your personal data very seriously. Please note that transferring data over the internet (such as when communicating by email) may not be fully secure. Data cannot be fully protected from third-party access. We will treat your personal data as confidential and in accordance with statutory data protection regulations and this data protection policy. When you visit our website, your browsing behaviour may be analysed for statistical purposes. This mainly involves the use of cookies and what are known as analysis programs. Your browsing behaviour is normally analysed anonymously; browsing behaviour cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. Details, including how to object, can be found under point 7 of this privacy policy.
3. Information as defined in article 13 para. 1 GDPR
Transparency is a key element in protecting personal data. This transparency applies to routine data processing as well as in the event of a potential data breach. Data subjects, and in certain cases such as a data protection breach, the competent regulatory authority for data protection, must be informed or may request information.
3.1 Note about the data controller
The data controller responsible for processing data on this website is:
POOLgroup GmbH
Südring 26
48282 Emsdetten
Tel.: +49 (0) 2572-920 0
Fax: +49 (0) 2572-920 100
Email: info@pool.de
Directors with authority to represent the company: Carl Cordier & Jürgen Schürmann
Commercial court: Steinfurt district court, registered number HRB 4513. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (such as names, email addresses, etc.).
3.2 Note about the data protection officer for POOLgroup GmbH
The data protection officer appointed for this company is:
Udo Wolters
POOLgroup GmbH
Südring 26
D-48282 Emsdetten
Tel.: +49 (0) 2572-920 0
Email: datenschutz@pool.de
Types of data processed:
Categories of data subjects
People who visit and use our website, as well as other interested parties, customers, suppliers and employees
Definitions used
“Personal data” means any information relating to an identified or identifiable natural person (“data subject” hereinafter); an identifiable natural person is one who may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data with or without the aid of automated procedures. The term is very broad and covers practically any data handling.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
3.3 Purposes for which personal data is processed:
3.3.1 Contracts (article 6 para.1 lit. b GDPR)
We collect, process and use personal data only to the extent necessary to establish, define the contents of or modify the legal relationship (user data). This takes place on the basis of article 6 para. 1 lit. b GDPR, which allows data to be processed for the performance of a contract or to take steps prior to entering into a contract.
We collect, process and use personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to invoice them.
The customer data collected will be deleted once the contract is complete or the business relationship has ended. Statutory retention periods notwithstanding.
We only transfer personal data to third parties where this is necessary for the performance of a contract. The data will not be passed on, or only if you have specifically consented to it being passed on. Your data will not be shared with third parties, such as for advertising purposes, without your specific consent.
3.3.2 Legitimate interests (article 6 para. 1 lit. f GDPR)
Where necessary, we process your personal data beyond the actual performance of the contract for the purpose of safeguarding our own legitimate interests or those of third parties (such as making legal claims; market and opinion research – unless you have objected to your data being used; risk control in business; safeguarding IT security and IT operations).
3.3.3 Legal obligations, public interest (article 6 para.1 lit. c and e GDPR)
Additional processing purposes include meeting tax inspection and reporting requirements as well as the assessment and management of operational risks. This is because we are subject to legal requirements (such as tax laws).
3.4 Recipients of the personal data
The recipients are employees, senior management and contractual partners of POOLgroup GmbH. Other recipients include public and non-public bodies to which the data must be made available due to a legal or contractual requirement.
Personal data is only transferred to countries outside the EU or the EEA (what are known as third countries) to the extent necessary to meet contractual and legal obligations or in the course of order data processing. If service providers in third countries are used, in addition to written instructions they are required to match the data protection level in Europe by agreeing to the EU standard contractual clauses.
3.5 Legal basis for collecting, storing and processing data
Where we obtain the consent of the data subject for the processing of personal data, article 6 paragraph 1 lit.a of the GDPR serves as the legal basis.
In other cases, refer to the information in section 3.3.
4. Information as defined in article 13 para. 2 GDPR)
4.1 Retention times
Where no explicit storage period is specified when collecting personal data (e.g. based on consent), we process and store personal data relating to the data subject only for as long as is necessary to achieve the storage purpose. Data is only stored beyond this time scale where statutory retention periods apply, i.e. where this is required by the European or national legislature in Union regulations, legislation or other requirements with which the data controller must comply.
4.2 Rights of the data subjects
Under the applicable statutory provisions, you have the rights mentioned in section 1.5 above at all times. For details about these rights, please refer in particular to articles 15 to 18 and articles 20 to 21 of the GDPR. The full text of the regulation can be found at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
4.3 Right to complain
In the event of breaches of data protection legislation, the data subject has the right to lodge a complaint with the competent data protection regulatory authority, whose details are as follows:
Federal Office for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
or:
Kavalleriestraße 2-4
40213 Düsseldorf
Tel.: 02 11/384 24-0
Fax: 02 11/384 24-10
Email: poststelle@ldi.nrw.de
Homepage: https://www.ldi.nrw.de
4.4 Objecting to or withdrawing consent for the processing of your data
4.4.1 Withdrawing consent
Many data processing procedures are only possible with your explicit consent. You may withdraw consent you have given previously at any time. Sending a brief message by email to: datenschutz@pool.de is sufficient for this purpose. The legality of data processing that has taken place before this withdrawal is not affected by the withdrawal.
4.4.2 Balancing of interest
Where processing your personal data is based on a weighted balancing of interests, you may object to the processing. This would apply, in particular, if the processing is not necessary for performing a contract with you, which we describe in the following description of the functions. When exercising your right to object, please explain the reasons why we should not process your personal data as we have been doing. Once you explain the reasons for your objection, we will review the situation and either cease or modify processing, or else reply to you giving our legitimate overriding reasons on the basis of which we will continue processing. Your objection should be directed to our data protection officer (see section 3.3 above).
4.4.3 Automated procedures (profiling)
Where personal data relating to you is processed for the purposes of direct marketing, you have the right to object at any time to personal data relating to you being processed for the purpose of such marketing; this similarly applies to profiling where it is associated with such direct marketing. If you object to processing for direct marketing purposes, personal data relating to you will no longer be processed for those purposes. In relation to the use of information society services, you have the option to exercise your right to object by means of automated procedures that use technical specifications. Your objection should be directed to our data protection officer (see section 3.3 above).
5. Encryption
This site uses SSL encryption on security grounds, and to ensure the secure transfer of confidential content, such as orders or enquiries which you send to us as the site operator. You can recognise an encrypted connection by the fact that the address bar in the browser changes from “http://” to “https://” and a padlock symbol appears in the browser bar. If SSL encryption is activated, the data you transfer to us cannot also be read by third parties.
Security measures
We put suitable technical and organisational measures in place to ensure a level of protection appropriate to the risk, in accordance with art. 32 GDPR, taking into account the state of the art, the cost of implementation and the type, scope, circumstances and purposes of processing, as well as the varying probabilities of occurrence and severity of risk to the rights and freedoms of natural persons.
Measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as controlling posting, input, transfer, making available and segregation, as appropriate. We have also set up procedures to ensure the exercise of data subject rights, deletion of data and response to data vulnerability. We do also in fact consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (art. 25 GDPR).
6. Objection by the operator of this website to marketing emails
We hereby object to the contact details published as part of the legal notices being used for sending unsolicited marketing and information material. The operators of this website specifically reserve the right to take legal action should unsolicited marketing information, such as spam emails, be received.
7. Data collection on our website
7.1 Cookies
7.2 Server log files
The website provider automatically collects and stores information in what are known as server log files, which your browser sends to us automatically. These are:
This data will not be merged with other data sources.
The legal basis for data processing is art. 6 para. 1 lit. b GDPR, which allows data to be processed for the performance of a contract or to take steps prior to entering into a contract.
7.3 Contact form
POOLgroup GmbH does not provide a contact form on its website. If you wish to get in contact with us, use the contact details we have provided.
8. Google Analytics
This website uses the functionality of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics used what are known as “cookies”. These are text files saved on your computer which enable your use of the website to be analysed. Information generated by the cookie concerning your use of this website is usually transferred to a Google server in the USA and stored there. Google Analytics cookies are stored on the basis of article 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its website and its marketing. Google only transfers data to third parties as required by legal regulations or as part of order data processing. Google will not combine any data collected with other data collected by Google.
We use the “anonymizeIp ()” extension for Google Analytics. This means your IP address will be shortened by Google within member states of the EU or in other EEA signatory states before being transferred to the USA. The full IP address will only be transferred to Google servers in the USA and shortened there in exceptional circumstances. Google Inc. will use this information on our behalf to analyse use of the website, to compile reports on activities on the website and to provide other services related to the use of the website and the internet.
You may prevent Google Analytics from collecting your data at any time by clicking on an opt-out link provided. This sets an opt-out cookie, which prevents your data from being recorded when you visit this website at a later date.
“Prevent Google Analytics from tracking me”
You may also prevent Google collecting data generated by the cookie relating to your use of the website, and processing that data, by downloading and installing the browser plug-in available under the following link:
You can find more information on how Google Analytics handles user data in Google’s privacy policy:
9. Information about social networks
Our website uses direct links from social networks.
facebook.com Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
LinkedIn.com LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Republic of Ireland
Instagram.com Instagram LLC represented by Kevin Systrom and Mike Krieger, 1601 Willow Rd Menlo Park CA 94025 USA
xing.com XING AG, Gänsemarkt 43, 20354 Hamburg, Germany, “Xing”
Direct links are identified using the respective logo for the social network. Usually, these direct links immediately establish a direct connection to the social network’s servers whenever you click on the respective logo. Whenever a visitor to our website clicks on the direct link, the social networks get the information that you have accessed the corresponding page on our website. If you are logged in to the relevant social network, the social network may record the visit against your account profile. If you interact using the direct links, the corresponding information is transferred directly from your browser to the social network and stored there.
The purpose and scope for collecting the data, and the further processing and use of the data by the social network as well as your related rights and settings to protect your privacy, can be found in the privacy policy for that social networks:
Facebook privacy policy
LinkedIn privacy policy
Instagram privacy policy:
Xing privacy policy
YouTube
Our website uses plugins from the YouTube online video service provided by the operator YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When a website with this plugin installed is visited and loaded into the browser, a data connection with the servers at Youtube.com is established automatically. An identifier in the website code tells YouTube which website you have just loaded, which video you have viewed and how much of the video you viewed, and saves your comments, as well as likes and dislikes. If you are already logged into your YouTube account when loading our website with YouTube code in the background, this information will be recorded against your YouTube profile and can then be viewed in the YouTube history. The data is also used for analysis, statistics and to create video recommendations, amongst other things. If you want to prevent this, please log out of your YouTube profile on YouTube before loading a website with embedded YouTube code. You can find more information here: https://policies.google.com/privacy?hl=en-UK
Vimeo
Our website uses plugins from the Vimeo online video service provided by the operator Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. When a website with this plugin installed is visited and loaded into the browser, a data connection with the servers at Vimeo.com is established automatically. An identifier in the website code tells Vimeo which website you have just loaded, which video you have viewed and how much of the video you viewed, and saves your comments, as well as likes and dislikes. If you are logged in with your Vimeo login when loading our website, this information is recorded against your Vimeo profile and can then be viewed in the Vimeo history. The data is also used for analysis, statistics and to create video recommendations, amongst other things. If you want to prevent this, please log out of your YouTube profile on YouTube before loading a website with embedded YouTube code. You can find more information here: https://vimeo.com/privacy
10. Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is online marketing software from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). We use what is known as conversion tracking as part of Google AdWords. When you click on an ad displayed by Google, this sets a conversion tracking cookie. Cookies are small text files the internet browser stores on the user’s computer. These cookies expire after 30 days and are not used to identify users personally. If the user visits certain pages on this website and the cookie has not yet expired, both we and Google can see that the user clicked on the ad and was redirected to that page. Every Google AdWords customer has a different cookie. The cookies cannot be tracked from Ad Words customers’ websites. Information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking.
Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. They do not however get any information which can be used to identify users personally. If you do not wish to be involved in tracking, you can object to this use simply by deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in conversion tracking statistics.
“Conversion cookies” are stored on the basis of art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its website and its marketing.
You can find more information about Google AdWords and Google Conversion Tracking in Google’s privacy policy:
You can set your browser so that you are notified when cookies are being set, and so only allow cookies in individual cases, prevent cookies in certain cases or in general, and activate automatic cookie deletion when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.
Deactivate: block cookies from the domain “googleadservices.com”
11. Electronic mail (email)
If you send us an email, we will save it until your request has been dealt with or until any statutory retention periods have expired. We ensure that the data is stored securely to prevent unauthorised access by third parties. Please note, however, that unencrypted emails sent over the internet are not adequately protected against unauthorised access by third parties.
Information you send to us in an unencrypted form by electronic mail (email) may potentially be read by third parties when sending. As a rule, we cannot verify your identity and we do not know who might be hiding behind an email address. Legally secure communication is therefore not guaranteed using basic email. Like with many email providers, we use filters to prevent unwanted advertising (“SPAM filters”) which, in rare cases, automatically classify and delete regular emails as unwanted advertising. Emails containing malicious programmes (“viruses”) are automatically deleted by us regardless.
If you wish to send us messages that are confidential in nature, we recommend you encrypt and sign them to prevent unauthorised viewing and tampering when being sent, or send the message to us by conventional mail.
You can send PGP-encrypted emails to us at the following email address: pgp@pool.de
You can import the required PGP communication key (public key) using the appropriate software and then apply it. Details about the encryption software “GpG4Win”, which is available for download free of charge and which was developed on behalf of the German Federal Office for Information Security, are available from their website at:
Please also let us know whether and how we can send you encrypted emails when replying and, if this is not possible, whether you agree to an unencrypted reply to your correspondence by email. If you are unable to accept encrypted email, please provide your postal address so we can reply to your more sensitive messages.
Hosting
We use hosting services to provide the following services: infrastructure and platform services, processing capacity, storage space and database services, sending email, security services and technical maintenance services, which we use for the purpose of operating this online presence. In doing so, we or our hosting provider process user data, contact details, content data, contract data, usage data, metadata and communication data from customers, interested parties and visitors to this online presence on the basis of our legitimate interests so that we can operate this online presence efficiently and securely in accordance with art. 6 para. 1 lit. f GDPR in conjunction with art. 28 GDPR.
Transfers to third countries
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this happens as part of using third-party services or disclosure or transfer of data to third parties, this is only done to meet our (pre-) contractual obligations, on the basis of your consent, on the basis of a legal requirement or on the basis of our legitimate interest. Subject to legal or contractual permissions, we only process the data, or have it processed, in a third country if the particular requirements of art. 44 ff. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognised confirmation of a data protection level corresponding to that in the EU, or by observing officially recognised special contractual obligations such as the EU standard contractual clauses.
Data deletion
Data we process will be deleted or further processing restricted, in accordance with art. 17 and 18 GDPR. Unless specifically stated otherwise in this privacy policy, data stored by us will be deleted once it is no longer required for its intended purpose, and the deletion does not conflict with any statutory retention requirements. If the data is not deleted because it is required for other legally valid purposes, the processing of this data will be restricted. This means the data is blocked and not processed for any other purposes. This applies, for example, to data which needs to be retained for commercial reasons or to comply with tax legislation.
In particular, legal requirements in Germany require storage for 10 years under §§ 147 para. 1 AO (German Taxation Code), 257 para. 1 no. 1 and 4, para. 4 HGB (German Commercial Code; books, records, management reports, accounting records, trading books, documents relevant for taxation, etc.); and 6 years under § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial correspondence).
Administration, financial bookkeeping, office organisation, contact management
We process data in the course of administrative management as well as the organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. This involves processing the same data we process as part of providing our contractual services. The legal basis for data processing is art. 6 para. 1 lit. c GDPR, art. 6 para. 1 lit. f GDPR. Customers, interested parties, business partners and website visitors are affected by this processing. The purpose and our interest in processing lie in administration, financial accounting, office organisation and data archiving, i.e. operations to support our business activities, to meet our obligations and to provide our services. The deletion of data relating to contractual services and contractual communications meets the requirements for these processing activities. As part of this, we disclose or transfer data to the tax authorities, professional advisors, such as tax consultants or auditors, as well as other payments offices and payment service providers. Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g. for the purpose of future contact. We generally store this data, most of which relates to the business, on a permanent basis.
Anti-spam checks
For email and contact forms, our online presence uses the following services:
This use takes place on the basis of our legitimate interest as defined by art. 6 para. 1 lit. f GDPR. Using this service means that posts and messages from real people can be distinguished from spam. To do this, all information is analysed using predetermined spam rules. If a post is identified as spam, it is saved in the spam folder and either deleted immediately or further analysis is carried out and forwarded to the specified recipient following review. The data which is verified includes the name entered, the email address, the IP address, the comments made, the reference, information on the browser used and the computer system and the time of posting. You can completely prevent the transfer of data by not using our system.
12. Final provisions
To keep pace with the continuous development of the internet, POOLgroup GmbH reserves the right to modify this privacy policy at any time, taking into account current data protection regulations.
POOLgroup GmbH, March 2021