ATA PROTECTION NOTES OF POOLGROUP GMBH ACCORDING TO EU-GENERAL DATA PROTECTION REGULATION (GDPR)
(DATE OF MAY 2018)
1. Data protection at a glance
1.1 General references
As provider of this website we are bound by law to inform you about the purpose, extent and method of the collection and use of your personal data. For further questions you can contact us at any time. Personal data are all information you can be identified with personally.
1.2 Who is responsible for the collection of data on this website?
The data processing at this website will be executed by the operator of this website. He is the “person in charge” according article 4 clause 7 EU-General Data Protection Regulation (GDPR). You can take his contact details from the imprint of this website. The correspondent link you can find here: https://www.pool.de/en/legal-notice/
1.3 How do we collect your personal data?
On the one hand your personal data can be collected when you submit these to us directly, for instance through a contact form or by email or other communication (e.g. name and surname, address, telephone number, mobile phone, fax machine number and email-address).
Other data will be automatically collected by visiting our website from our IT-systems. This data is mostly technical data (e.g. web browser, operation system or time of the page view). The data is automatically collected by visiting our website.
1.4 What do we use your data for?
By contacting us, your user references will be stored for processing the inquiry as well for contacting you in case of further questions. A part of the data will be collected, to guarantee an optimized presentation of our website. Other data can be used for analysing the user behaviour on our website.
We process the personal data mentioned before in accordance with the terms of the EU-General Date Protection Regulation (GDPR) and the Federal Data Protection Act.
1.5 Which rights do you have regarding your data?
You have the following rights about your personal data towards us:
We inform you, that there will be restrictions concerning the right to information and to the right of deletion according to §§ 34 and 35 BDSG(FDPA) (Federal Data Protection Act)
To this as well as for further questions concerning to the topic data protection you can contact us anytime under the indicated address on the imprint. Furthermore, you have a right to appeal to the competent supervisory authority (see below paragraph 4.3).
2. General references to Data Protection
The operators of this website take the protection of your personal data very seriously. We indicate that the transferability of data in the world wide web (e.g. in communication by email) can have security flaws. A complete protection of your data for access by third parties is not possible.
We treat your personal data confidentially and according to the data protection provisions of this Data Privacy Statement.
When visiting our website, your web-surf behaviour can be evaluated statistically.
This happens particularly with cookies and so-called analyzers. The analysis of your web-surf behaviour normally will be executed anonymously; the web-surf behaviour cannot be traced back to you individually. You can disagree to this analysis by non-usage of certain tools. Details and possibilities of an agreement or disagreement you can take from our Data Privacy Statement.
3. Information according to article 13, clause 1 GDPR
Transparency is a main unit for the protection of personal data. This transparency refers also to systematic Data processing as well as in case of a potential Data Protection violation. In the case of a data protection breakdown, the people concerned as well as the competent supervisory authority has to be informed or can inquire information.
3.1 Reference to responsible position:
The responsible position for the data processing on this website is:
CarlCordier & JürgenSchürmann
Register court: District Court Steinfurt, Company registration number: HRB 4513
The responsible position is an individual or juristic person, who decides solely or together with others about the purposes and instruments of the processing of personal data (e.g. names, e-mail-addresses, etc.)
3.2 Reference to the Data security officer of the POOLgroup GmbH
Our public appointed Data protection officer is:
3.3 Purposes, for what the personal data will be processed.
3.3.1 Contracts (article 6 phrase.1 letter b GDPR)
We only collect, use and process personal data, insofar they are necessary for justification, regarding content or change of the legal relationship (stock data). This happens based on article. 6 clause. 1 letter. b) GDPR, that allows the processing of data to fulfil a contract or precontractual measures.
We only collect, process and use personal data for the claim of our websites (user-related data) as far as it will be necessary, to enable or to invoice the user which may claim an offered service by us.
The collected customer data will be deleted after the close of the order or end of the business relations. Legal Limits for the storage remain unaffected.
We only transfer personal data to third parties if this is necessary within the scope of an agreement. A proceeding transfer of your data will not be affected respectively will be affected only if you agree expressively to the transfer. A transfer of your data to third parties without your explicit agreement, e.g. for advertising purposes, will not take place.
3.3.2 Legitimate interests (article 6 clause 1 letter f GDPR)
If necessary, we will process furthermore your personal data of the real fulfilment of the contract for the ensuring of legitimate interests from us to third parties (e.g. enforcement of judicial claims, market- and opinion research as soon as you did not disagree to the use of your data; risk management in the company, guarantee of the IT-Security and the IT operation).
3.3.3 Legal guidelines, public Interest (article 6 clause 1 letter c and e GDPR
Moreover, purposes of processing are also the fulfilment for fiscal control, a reporting obligation as well as the evaluation and controlling of operational risks – since we as a company, subject to legal requirements (e.g. Tax laws).
3.4 Recipient of the personal data
Recipients are employees, superiors and contractual partners of the POOLgroup GmbH. Other recipients are public and non-public locations, that can request the data due to a legal or contractual obligation.
To countries outside of the EU respective of the EEA-countries (so-called third countries), personal data only will be transferred, as soon as this is necessary for the fulfilment of contractual and legal obligations or within the scope of an order data processing. If service providers will be deployed in a Third Country, they are obliged additionally to written instructions by the agreement of the EU standard contractual clauses to comply to the data protection level within Europe.
3.5 Legal basis of the collection of data, -storage- and processing
As soon as we request an agreement of the involved persons for the processing, article 6 clause 1 letter a EU General Data Protection Regulation (GDPR) serves as legal basis.
Incidentally we refer to the indications in Paragraph 3.3.
4. Information according article 13 clause 2 GDPR
4.1 Duration of the storage
If there is no agreement on a fixed duration storage when collecting personal data (e.g. due to a consent), we process and store personal data of the involved persons so long as this will be necessary for achievement of the purpose of storage. A storage beyond this period will be made as soon as legal storage periods exist, therefore by the European or national legislator in union law regulations laws or other rules, to whom the person in charge is intended for the processing subjects.
4.2 Rights of the involved persons
Within the scope of the valid legal conditions you have all rights mentioned above in paragraph 1.5. Due to the content of these rights we particularly indicate to article 15 to 18as well as article 20 to 21of the General Data Protection Regulation [Regulation (EU) 2016/679 of the European Parliament and the Council of 27. April 2016 for the protection of individuals when processing personal related, for free movement of data and for annulation of the guideline 95/46/EG]. You can find the text of the regulation under the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=OJ:L:2016:119:FULL&from=DE
4.3 Right of Complaint
In case of data protection violation the involved person can address a complaint to the Competent Supervisory Authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
Telefon: 02 11/384 24-0
Telefax: 02 11/384 24-10
4.4 Contradiction or Disclaimer against the processing of your data
4.4.1 Cancellation of the consent
Many data processing processes are only possible with your explicit consent. You can disclaim against an already granted consent art any time. Therefore, you can send us an informal e-mail to email@example.com. The legality remains unaffected of the disclaimer until cancellation of the executed data processing.
4.4.2 Consideration of interests
As soon as we can bear the processing of your personal data on the consideration of interests, you can disagree to the processing. This is the case particularly if the processing will not be necessary for fulfilling a contract with you, which will be described by us each at the following description of the functions. In the exercise of a disagreement we ask you to state the reasons, why we should not process your personal data. In case of a justified disagreement we examine the situation and will either stop the processing of data respectively, adjust it or demonstrate to you our mandatory reasons worthy of protection and why we would continue the processing. The objection can be addressed to our Data Protection Officer (see above paragraph 3.3).
4.4.3 Automated Methods (Profiling)
If your related personal data will be processed for direct marketing, you are free to enter an objection against the processing of your related personal data anytime. This also applies to the profiling, as soon as it is in connection with such a publication. If you disagree to this processing for purpose of publication thus these personal data won’t be processed for these purposes. You have the possibility in connection with the use of services of the information society to exercise your right of objection by automated methods, where technical specifications will be used. The objection can be addressed to our Data Protection Officer (see above paragraph 3.3).
This website uses a secure-socket layer, for security reasons as well as for protection of the transfer trusted contents, for instance orders or inquiries which you will send to us as operator of the website. You will recognize an encrypted link that the address line of the browser switches by “http://” to “https://” and the key-symbol on your Browser. If the secure-socket layer will be activated the data transferred to us exclude third parties.
6. Objection of the operator of this website against unsolicited commercial emails
We hereby explicitly prohibit the use of the contact data for sending unsolicited advertisement and information material. The operator of thus website reserves explicitly the right to legal measures in case of unsolicited sending of advertisement information by spam.
7. Collection of Data on our website
The website partially uses so-called cookies. Cookies do not cause any harm on your computer and do not contain any virus. Cookies serve, to make our services more comfortable, more effective and more protective for the user. Cookies are small text files which will be put on your computer and your browser will save them. Most of the used cookies used by us are so-called “Session-Cookies “. They will be deleted automatically after your visit. Other cookies will remain saved on your end device until you delete them. These cookies enable us to recognize your browser at the next visit.
You can adjust your browser that you will be informed about the setting of cookies and only allow cookies in single case, to eliminate the acceptance of cookies generally for certain cases as well as to activate the automated deletion of cookies when exit the browser. Deactivation of the cookies limits the functionality of the website.
Cookies, which are determined for the implementation of the electronic communication procedure or are necessary for the provision of certain functions (requested by you) will be saved based on article 6, clause 1 letter f GDPR. The operator of the website has a legitimate interest on the storage of the cookies for technical completed and optimized provision of his services. As soon as other cookies will be saved (e.g. cookies for analysis of your web-surf behaviour), they will be treated separately in this Data Privacy Statement.
The operator of the website automatically collects and saves information on so-called server log-files which will be transferred automatically to us by your browser. These are:
A consolidation of this data with other data sources will not be made.
Basis for the data processing is article. 6 clause 1 letter b GDPR, which will create the processing of data to fulfil a contract or precontractual measures.
7.3 Contact form
If you send us inquiries by contact form, your information from the inquiry form will be saved including the indicated contact data for handling the inquiry and in the case of further questions. We will not transfer these data without your agreement.
The processing of the indicated data filled in the contact form will be executed based upon your explicit agreement (article 6 paragraph 1 letter a GDPR), which we will query due to an OptIn agreement. You can disagree to this agreement at any time. A formless information by email to our Data Protection Officer will solve this (see address above 3.2). The legality remains unaffected of the disagreement until cancellation of the executed data processing.
The indicated data filled in the contact form by you remain with us until you ask us to delete this, your accordance for storage is disclaimed or the purpose for data storage does not apply anymore (e.g. after final processing of your request). Mandatory legal conditions remain unaffected -particularly storage periods.
This website uses functions of the web analysis service: Google Analytic. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called “Cookies”. These are text files, which will be saved on your computer and enables an analysis for using the website by you. The information generated by the cookie about the use of this website will normally be transferred to a server of Google in the United States of America and will be saved there. The storage of Google-Analytics Cookies will be executed based on (article 6, clause 1, Letter f GDPR) The operator of the website will have a justified interest in the analysis of “web-surf behaviour”- your behaviour, to optimize his offer as well as his advertising. Google transfers the data to third parties only within the scope of legal provisions or of an order data processing. Google won’t combine the gathered data with other data gathered by Google.
Google Analytics will be used with the enhancement “anonymizeIp()” . Thereby your IP address will be reduced by Google within member states of the EU or in other EU respectively EWR contract states bevor the transfer in the United States of America. Only in exceptionally cases the complete IP address will be transferred to a server of Google in the United States of America and will be reduced there.
Google Inc. will use this information on our account to evaluate the use of the website, to assort reports about the activities on the website and to render further services connected with the use of websites as well as use of the web.
You can prevent the gathering of your data anytime by Google Analytics by clicking on an prepared Opt-Out Link. Therefore, an Opt-Out-Cookie will be put which prevents the gathering of your data in future visits of this website.
Link: Forbid Google Analytics to follow me!
Moreover, the gathering (gathered by the cookie and on your use of the website related data) at Google as well as the processing of these data by Google Inc. can be prevented, by downloading the available Browser -plug In and installing it below the following link: http://tools.google.com/dlpage/gaoptout?hl=de
You will find more information to handle with user data at Google Analytics in the Data Privacy Statement of Google: https://support.google.com/analytics/answer/6004245?hl=de
Our website uses direct link connections of the social networks:
facebook.com Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
LinkedIn.com LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Instagram.com Instagram LLC represented by Mr. Kevin Systrom and Mr. Mike Krieger,1601 Willow Rd Menlo Park CA 94025 USA
xing.com XING AG, Gänsemarkt 43, 20354 Hamburg, Deutschland, “Xing”
The direct links are marked with the respective logo of the social network. Usually these direct links establish at once a direct connection to the server of the social networks, as soon as you click the respective logo. By the activation of the direct link by the user, our website and the social networks receive the information, that you called up the correspondent page of our website.
If you are registered at the correspondent social network, the social network can allocate the visit to your profile account. If you interact with the direct links the correspondent information will be transferred directly by your browser to the social network and will be saved there.
For purpose and amount of the collection of data and the further processing and use of the by the social network as well as your referring rights and settings for protection of your privacy you can take from the references of data protection of the social networks.
References for Data protection Facebook
References for Data protection linkedin
References for Data protection Instagram
References for Data protection Xing
10. Google AdWords and Google Conversion-Tracking
This website uses Google AdWords. AdWords is an advertising online program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Within the scope of Google AdWords, we use the so-called Conversion-Tracking. If you click on a placed advertisement of Google a cookie will be set for the Conversion-Tracking. Cookies are small text files which the Internet browser will drop on the computer of the user. These cookies will lose theirvalidity after 30 days and will not serve as the personal identification of the user. When the user visits certain pages of this website and the cookie has not expired yet Google and we cannot recognize that the user has clicked on this advertisement and has been forwarded to this page. Each Google AdWords-customer receives another Cookie. The cookies cannot be traced back to the websites of AdWords-customers. The collected information with the aid of the Conversion-Cookies serve for the collection of statistics for AdWords-customers, who have decided for the Conversion Tracking.
The customers learn about the total amount of the user, who have clicked on your advertisement and have been forwarded to a tracking conversion tracking-tag. However, you won’t receive any information with them user can be identified personally. If you do not wish to take part in tracking, you can appeal to this use by easily deactivating the cookie of the Google Conversion-tracking via your Internet-Browser which you can find on usage settings. Thus, you won’t be included in the statistics of conversion tracking.
The storage of “conversion cookies” will be made based on article 6 clause 1 letter f DSGVO. The operator of the website has a justified right on the analysis of the “surf in the web” behaviour to optimize his offer for advertising as well as his advertising.
You will find more information on Google AdWords and Google Conversion-Tracking on the conditions of Data Protection of Google:
You can adjust your browser in such a way that you will be informed about the setting of cookies and to allow cookies only in single case to exclude the acceptance of cookies for certain cases or generally as well as activating the automatically deletion of cookies by termination the Browser. By deactivation of cookies the functionality of the website can be limited.
Deactivation: Blocking of cookies of the domain “googleadservices.com”
11. Electronic Mailing (E-Mail)
If you send an email to us it will be saved by us until the completion of your request respectively until the expiry of certain legal retention obligation. We take care of the storage of your data safe from unauthorized use of third parties. Please note however that unencrypted emails, which will be sent via web, are not protected sufficiently from unauthorized knowledge by third parties.
Information, that you will send to us by electronic mail (email) in an unencrypted manner can possibly be read on the transmission by third parties. Normally we also cannot check your identity and do not know which address hides behind the email. A legally admissible communication by simple email thus cannot be guaranteed. We set filters against unsolicited advertising– as many providers of email – („SPAM-filter “), which also file normal emails wrongly as unsolicited advertising and delete them. Emails who contain harmful programs („viruses “) will be deleted automatically by us in any case.
If you wish to send us trusted information we recommend encrypting them and signing them to prevent an unsolicited knowledge and falsification on transmission or to send us the information by conventional post mail.
PGP-encrypted emails for us you can send to the following email address: firstname.lastname@example.org
You can import the required PGP-communication code (Public Key) with correspondent software and then use it. Information about the available downloadable for free encryption software “GpG4Win”, which have been developed by the „Bundesamt für Sicherheit in der Informationstechnik“ you will receive on the website below:
Please let us also know if and under which email-address we can send to you encrypted emails for answering your request. If this is not possible, you need to agree on an unencrypted answer by email to your mail. If you have no possibility to receive encrypted emails we kindly ask you to give us your postal address to answer your trusted information.
12. Final clause
To keep up with the steady development of the website, the POOLgroup GmbH can adjust anytime these references for data protection in consideration with the latest provisions for data protection rights.
IN MAY 2018