DATA PRIVACY STATEMENT
Responsible for SEVERIN’s internet services: SEVERIN Elektrogeräte GmbH, Röhre 27, 59846 Sundern, (hereinafter called we/our/us).
These privacy statement websites are intended to inform you in detail and comprehensively about how we will protect your privacy and about the way in which personal data is processed within the scope of our websites and/or online services. Personal data will be deleted as quickly as possible and – subject to the following provisions – only used or shared for advertising purposes with your explicit consent.
If you find that the following information is insufficient or incomprehensible, please don’t hesitate to get in touch with our data protection officer via the contact details given in clause II.
II. CONTROLLER / DATA PROTECTION OFFICER / SUPERVISORY AUTHORITY
SEVERIN Elektrogeräte GmbH
Data protection officer
SEVERIN Elektrogeräte GmbH
– Data protection officer –
Competent supervisory authority
State official for data protection and freedom of information NRW
Postal code 20 04 44
Phone: 0211 – 384240
Fax: 0211 – 38 42 410
III. GENERAL PRINCIPLES / INFORMATION
The definitions are governed by Regulation (EU) No 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter called General Data Protection Regulation or “GDPR”). In particular, the definitions of Art. 4 and Article 9 GDPR. For your information we have again summarised the essentially relevant definitions in clause X. below.
2. Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision and supply of our services and for the provision of our web or online services (including mobile apps).
3. Legal bases
Insofar as personal data are processed on the basis of the data subject’s consent, Article 6 (1) (a) GDPR shall be the legal basis for data processing. If personal data are being processed in order to fulfil a contract whose contracting party is the data subject, Article 6 (1) (1) (b) GDPR shall be the legal basis; this also applies to processing data required for the implementation of pre-contractual measures. In case personal data are processed in order to fulfil a legal obligation to which we are subject, Article 6 (1) (1) (c) GDPR shall be the legal basis. In the event that vital interests of the data subject or another natural person require processing of personal data, Article 6 (1) (1) (d) GDPR shall be the legal basis. In the event that data are processed in order to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) (1) (f) GDPR shall be the legal basis for processing the data.
- Processing for the enforcement of claims / fulfilment of legal obligations
We reserve the right to process personal data for the purpose of enforcing claims within the scope of legitimate interests in accordance with Article 6 (1) (1) (f) GDPR; this includes the transfer of data to public authorities and/or courts. Likewise, data may be processed and/or transmitted for the purpose of fulfilling statutory or legal obligations (e.g. information provided by authorities, etc.); the legal basis for this is Article 6 (1) (1) (c) GDPR.
5. Obtaining consent / right of revocationungen / Widerrufsrecht
Consent in accordance with Article 6 (1) (1) (a) GDPR is always optional and usually obtained in writing or electronically. Electronic consent is obtained by setting a checkmark in the relevant field in order to document the declaration of consent. The content of the declaration of consent will be logged electronically.
Right of revocation: Please note that once consent is given, it can be revoked at any time with effect for the future – in whole or in part; the legality of the processing carried out on the basis of the consent shall remain unaffected by this up to the revocation of the same. If applicable, please send your revocation by using the contact information given in clause II (controller or data protection officer).
- Possible recipients of personal data
In order to provide our web and/or online services, we sometimes use third party service providers who act on our behalf and according to our instructions (processors). These service providers may receive personal data or come into contact with personal data during service provision and thus act as third parties or recipients as specified in the GDPR. In this event, we make sure that our service providers offer sufficient guarantees stating that appropriate technical and organisational measures are in place and that data processing is carried out in such a way that it complies with the GDPR requirements and ensures the protection of the rights of the data subject (cf. Article 28 GDPR). If personal data are transferred to third parties and/or recipients outside of an order processing, we ensure that this is done exclusively in accordance with the GDPR requirements and only if a corresponding legal basis has been established (e.g. Article 6 (1) 4 GDPR, also see clause III3).
- Data processing in third countries
In principle, your personal data will be processed within the EU or the European Economic Area (“EEA”). Only in exceptional cases (e.g. in connection with the involvement of service providers for the provision of web analytics services) may information be transmitted to “third countries”. “Third countries” are countries outside of the European Union and/or the Agreement on the European Economic Area, in which an adequate level of data protection in line with EU standards cannot be readily assumed. Provided that the transferred information also includes personal data, we will make sure before such a transfer that an adequate level of data protection is guaranteed in the respective third country, or with the respective recipient in the third country, or that you have given your consent, or that another permissible circumstance exists (e.g. Article 49 GDPR). An adequate level of data protection can be obtained by means of an “adequacy decision” by the European Commission or ensured by using the “EU standard contractual clause”. If recipients are located in the USA, compliance with the principles of the “EU-US Privacy Shield” can also ensure an adequate level of data protection. In the event that data should be transferred to third countries, let us know and we will gladly provide you with further information on compliance with an adequate level of data protection; please contact our data protection officer for this purpose, the contact details can be found at the beginning of this data protection information. You can also find information about the participants of the EU-US Privacy Shield here www.privacyshield.gov/list .
- Data deletion and storage period
Personal data of the data subjects will be deleted as long as these data are no longer required for the respective processing purposes. Instead of deletion, the data might be stored under restriction of processing, if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject, in particular e.g. – for the fulfilment of statutory retention obligations (e.g. the German Fiscal Code (AO) or the German Commercial Code (HGB), currently between 6 to 10 years), and/or – if there are legitimate interests in storing data (e.g. during the course of limitation periods for the purpose of a possible legal defence (Sections 195 et seqq. BGB -German Civil Code- currently between 3 and 30 years). The data will be deleted at the latest when a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion of a contract or for other purposes.
- Data subject rights
The GDPR grants certain rights to the subject of the processing of personal data (known as data subject rights, in particular Article Article 12 to Article 22 GDPR). The individual data subject rights are explained in more detail in clause XI. Should you wish to exercise one or more of these rights, you can contact us at any time. To do so, please use the contact information provided in clause II.
IV. DATA PROCESSING FOR THE PROVISION OF THE WEBSITE / COLLECTION OF LOG FILESS
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data will be collected (hereinafter called “log data”):
– information about the browser type and the version used
– the user’s operating system
– the user’s internet service provider
– the user’s IP address
– access date and time
– websites, from which the user’s system accesses our Internet site
– websites that are called up by the user’s system via our website
With the exception of the IP address, the aforementioned log data do not create a personal reference to the user; a personal reference can only be created via the assignment or by linking the log data to an IP address.
- Purpose and legal basis
The collection and processing of log data, in particular the IP address, is carried out for the purpose of providing the content of our website to the user, i.e. for the purpose of communication between the user and our web or online services. A temporary storage of the IP address is necessary for the duration of the respective communication process. It is required for addressing the communication traffic between the user and our web and/or online services or necessary for the use of our web and/or online services. The legal basis for this data processing – i.e. for the duration of your website visit – is Article 6 (1) (1) (b) GDPR respectively Section 96 TKG (German Telecommunications Act) or Section 15 (1) TMG (German Telemedia Act).
Any processing and storage of the IP address in log files that goes beyond the communication process is carried out for the purpose of ensuring the functionality of our web and online services, for the purpose of optimising these offers and for ensuring the security of our information technology systems. The legal basis for storing the IP address for these purposes beyond the communication process is Article 6 (1) (1) (f) GDPR (safeguarding legitimate interests) respectively Section 109 TKG.
- Data deletion and storage period
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the event of data collection for the provision of the website, it applies when the respective session – the website visit – has ended. Any additional storage of log data, including the IP address, for the purpose of system security takes place for a maximum period of seven days from the end of the page access by the user. Any further processing and/or storage of log data is possible and permissible, provided that the IP addresses of the users are deleted after the expiry of the aforementioned storage period of seven days or are removed in such a way that an assignment of the log data to an IP address is no longer possible, i.e. that the data are anonymous.
- Possibility of objection and removal
The collection of log data for the provision of the website, including its storage in log files within the aforementioned limits, is absolutely necessary for the operation of the website. Users have no option to object. The processing of log data for analysis purposes deviates from this and depends on the web analysis tools used and the type of data analysis (personal / anonymous / pseudonymous) as per Section VII.
We distinguish between (i) technically necessary cookies, (ii) analysis cookies and (iii) third-party cookies:
(i) Technically necessary cookies are used in order to render our web presence more user-friendly. The following data, for example, are stored in technically necessary cookies and transmitted to our systems:
– Language settings
– Information on the user device/PC in use and its settings
– Items in the cart
– Login information
Analysis cookies (also known as session cookies) are used in order to analyse the surfing behaviour of users on our web presence and/or website for the purpose of advertising, market research or designing our offers in a needs-oriented way. The following data are collected via analysis cookies and transmitted to our systems:
– Search terms used
– Frequency of page views
– Use of website functions
The data about users collected in this way are pseudonymised by using technical precautions. It is then no longer possible to associate the data with the calling user.
(iii) Third-party cookies are cookies that are not provided by our web servers, but rather by third-party providers. This includes, for example, the integration of the “Like” button. When this is clicked, Facebook places its “own” cookie in the user’s browser. Third-party cookies can never be searched and/or evaluated by us.
The third-party providers are solely responsible for the use of such cookies; there is no possibility for us to influence their use or processing; you can prevent third-party cookies being set by using the options described in Section VI.3 and Section VII.
- Purpose and legal basis
Analysis cookies are used for the purposes of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offerings (see above). Insofar as the possibility of establishing a personal reference to the user exists, and where the user consents, the legal basis for the processing of personal data using analysis cookies is Art. 6 (1) 1(a) GDPR. If analysis cookies are used to create pseudonymous evaluations, the legal basis is 6 (1) Art. 1(f) GDPR (protection of legitimate interests) or Section 15 3 German Teleservices Act (TMG).
- Data deletion and storage period
Cookies are stored on the respective end device of the user (smart device/PC) and transmitted from there to our websites. A distinction is made between so-called persistent cookies and session cookies. Session cookies are stored for the duration of a browser session and deleted when the browser is closed. Persistent cookies are not deleted when the given browser session is closed, but are stored on the user’s terminal device for a longer period of time.
- Possibility of objection and removal
VI. WEB ANALYSIS
In order to optimise our websites and adapt them to the changing habits and technical requirements of our users, we use tools for so-called web analysis. For example, we measure which elements are visited by users, whether the information they are looking for is easy to find, etc. This information only becomes meaningful and possible to interpret if a larger group of users is examined. For this purpose, the collected data are aggregated, i.e. combined into larger units.
We can adapt the page design or optimise content if, for example, we find that a relevant proportion of visitors are using new technologies, cannot find an existing piece of information or find it difficult to locate.
We carry out the following analyses or use the following web analysis tools on our web presence and website:
- Analysis of log data
Log data is used for analytical purposes on an anonymous basis only; in particular, it is not linked to any personal user data and/or to an IP address or a cookie. Such an analysis of log data is thus not subject to the data protection provisions of the GDPR.
- Google Analytics and Google Tag Manager
To analyse website usage, we use the “Google Analytics” web analysis service provided by Google (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses “cookies”, which allow an analysis of the use of the website by our customers on a pseudonymous and/or anonymous basis.
The information generated by the cookie about your website usage is transferred to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address is truncated by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area prior to the transfer of this information. The full IP address is transferred to a Google server in the USA and truncated there only in exceptional cases. Google uses this information to evaluate the use of the website on our behalf, to compile reports on website activity, and to provide the website operator with further services associated with website and internet use. The IP address information transmitted by your browser for the purposes of Google Analytics is not merged with other Google data.
If you do not wish to be evaluated by Google Analytics, you have the following options:
– You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set to prevent any future collection of your data by Google Analytics when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=de
Note:If you delete your cookies, this will also result in the opt-out cookie being deleted and you may have to reactivate it.
– You can also prevent the collection of data generated by the Google Analytics cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
We use Google Analytics to analyse data from AdWords and the Double-Click-Cookie for statistical purposes. If you do not want this, you can disable it via the Ad Settings Manager (http://www.google.com/settings/ads/onweb/?hl=en).
You can also use the Google Tag Manager: This solution allows you to manage marketing website tags via an interface. The Tool Tag Manager (which implements these tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which collect data in certain scenarios. Google Tag Manager does not access these data. If this function is disable at Domain or Cookie level, it remains in place for all tracking tags implemented with Google Tag Manager. (http://www.google.de/tagmanager/use-policy.html).
- Google AdWords Conversion Tracking
In some areas of our website we use Google AdWords and conversion tracking. Google Conversion Tracking is an analytical service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If this is the case, a conversion tracking cookie is stored on your computer when you click on a Google ad. These cookies have a limited life, do not contain personal data, and therefore cannot be used to identify you. When you visit certain pages of our website and the cookie has not yet expired, both we and Google can detect that you have clicked on the ad and have been redirected to this page. Each Google AdWords customer receives a different cookie. This means that there is no possibility of cookies being tracked via the websites of AdWords customers.
The information that is obtained using conversion cookies is used to generate conversion statistics. These tell us the total number of users that have clicked on our ads and that have been redirected to a page containing a conversion tracking tag. However, we do not receive any information that could be used to personally identify any users. You can prevent cookies from being stored by selecting the relevant technical settings in your browser software, see above section VI.3.
On our website we use plug-ins provided by the AddThis service, which is operated by AddThis, LLC, 1595 Spring Hill Rd, Suite 300, Vienna, VA 22182, USA (“AddThis”). AddThis provides tools to create and design websites (www.addthis.com) that make it easier for website visitors to share a given page with other internet users via email or on social networks. These plug-ins are indicated by the “Facebook”, “Twitter”, “Pinterest”, “E-mail” and “g+” buttons on pages of our website.
We do not process the data in question or pass it on to third parties. By using this AddThis plug-in you are giving your consent to data processing by AddThis. You can object to future data collection and storage by AddThis at any time by setting an opt-out cookie. To do this visit http://www.addthis.com/privacy/opt-out.
VII. NEWSLETTER / ADVERTISING / SOCIAL MEDIA PLUG-INSOCIAL MEDIA PLUGINS
Through our websites and online services we also offer the possibility to register for our newsletter, which also involves the use of advertising tools and social media plug-ins. In detail:
- Newsletter / Advertising and marketing strategy / Customer surveys
We only use your personal data for advertising and/or marketing purposes, to conduct customer satisfaction surveys or to register for our newsletter if you have given your consent or if there is another legal basis which allows advertising and/or marketing without your consent.
If you wish to sign up for our newsletter, we need you to provide a valid email address. To check that you are the owner of the email address provided and that the owner of the email address consents to receive the newsletter and advertising, we send an automated email to the email provided after the first registration step (double opt-in). Only once you have confirmed your registration to the newsletter or consent to receive advertising via a link in the confirmation email do we add your email to our distribution list. Apart from your email and confirmation of registration we do not collect any other data. Your data is processed exclusively for the purpose of sending your requested newsletter.
The legal basis for advertising and/or marketing services based on express consent is Article 6 (1) 1(a) GDPR; for newsletter registration Article 6 (1) 1(b) GDPR; the statements on consent under section III.5 and on your right to withdraw your consent under section III.4 also apply. You can unsubscribe from the newsletter at any time. Email advertising and/or marketing for the purpose of directly advertising similar proprietary products or services is permitted subject Section 7(3) of the German Law on Unfair Competition (UWG); this requires that we (i) obtain your email in connection with the sale of a good or service, (ii) you have not objected to the use of your email for the purposes of direct advertising and (iii) we have clearly and explicitly informed you when collecting and using your email that you can object at any time to the use of your email (see section X.6 on your right of revocation).
- Social Networks / Social Media Plug-ins
We have incorporated various social network buttons (plug-ins) into our website so that you can use the interactive options of the social networks that you use on our website. These plug-ins provide various functions, the object and scope of which are determined by the social network operaters. To improve the protection of your personal data we use a 2-click method. Clicking the button directly next to the respective plug-in activate the plug-in and changes the plug-in button from grey to coloured. You can then click the plug-in button to use the plug-in. Bear in mind that the IP address of your browser session can be linked to your own profile with the respective social network if you are logged in there at that time. Your visit to our website can also be linked to your profile with the social network if this is detected by a cookie stored on our computer from a previous visit to the social network.
Please note that we are not a provider of social networks and have no influence over the data processing of other providers. Further information on handling data can be found at the following links and addresses:
In some areas of our website use plug-ins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook plug-ins are identified by the Facebook logo or the “Like” button on our pages. You can find a summary on Facebook plug-ins at http://developers.facebook.com/docs/plugins/.
If you enable the plug-in, the plug-in establishes a direct link between your browser and the Facebook server. Through this means, Facebook obtains information that you have visited our website with your IP address. If you click the “Like” button whilst logged in to your Facebook account, you can refer to our website content in your Facebook profile.
We sometimes use the provider YouTube to incorporate videos into our web pages. YouTube is operated by YouTube LLC with its head office at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. On some pages we also use a YouTube plug-in. When you visit page containing such a plug-in, a link to YouTube’s server is established automatically and the plug-in is shown. The YouTube server is sent information on which of our web pages you have visited. If you are a YouTube member and were logged in to YouTube when visiting our website, YouTube can attribute this information to your personal user account. When using the plug-in, e.g. by clicking on the Start button for a video, this information is also attributed to your user account. You can prevent such categorisation by logging out of your YouTube user account and other user accounts of YouTube LLC and/or Google Inc. before using our pages; alternatively, you can delete the corresponding cookies from these companies (see Section VI.3). Further information on data processing and notes on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.
So-called social plugins (“plugins”) from Instagram may also be used on our website. These are operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. You can find an overview of the Instagram plugins and what they look like here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the loading of Instagram plugins with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/), see also Section VI.3.
Plugins relating to the social network “Google Plus” are partially integrated into our internet pages. Where this is the case you can use the Google +1 button to publish information around the world. Via the Google +1 button, you and other users receive personalised content from Google and our partners. Google records the fact that you gave +1 for a given piece of content and stores information about the page you were viewing when you clicked +1. Your +1s can be displayed as notices together with your profile name and photo in Google services, such as in search results or in your Google profile, or elsewhere on websites and ads on the internet.
Google records information about your +1 activities in order to improve Google services for you and others. In order to use the Google +1 button, you need a globally visible, public Google profile, which must at least contain the name chosen for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.
VIII. CONTACT FORM AND EMAIL CONTACT
If a contact form is provided on our website for electronic contacts, the following data is transmitted to us via the input mask and stored:
- First name*
- Hours available
- Telephone number
- Message field*
*Compulsory information that is required in order to contact you is marked with an asterisk as a mandatory field (also in the input mask).
The following data is also processed and stored at the time the message is sent:
– The IP address of the user
– Date and time of dispatch
Alternatively, it is possible to contact us via the e-mail address provided on our website. In this case, the user’s personal data which is transmitted along with the e-mail will be stored. Under no circumstances will the data be passed on to third parties, unless we need to use third parties to process the enquiry.
- Purpose and legal basis
The data is processed exclusively for the purpose of processing the enquiry or the user request in question. The other data collected during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Where the data processing is carried out for the purpose of fulfilling a customer order or a customer enquiry, the legal basis for the processing of the data is Art. 6 (1) 1, letter b of the GDPR, regardless of whether contact is made via the contact form or by e-mail. If the user has given his or her consent, Art. 6 (1) 1, letter a of the GDPR is the legal basis for the processing. The legal basis for the collection of additional data during the sending process is Art. 6 (1) 1, letter f of the GDPR: the legitimate interest here lies in preventing abuse and ensuring system security (cf. Section IV.1).
- Data deletion and storage period
The data is generally deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input mask of the contact form and data sent by e-mail, this means when the respective communication with the user has ended and/or the user’s enquiry has been conclusively answered. The communication is ended or a conclusive answer is given when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Where further storage of the data is necessary for the reasons set out in Section III.6, the data will be stored with blocking instead of being deleted.
- Possibility of objection and removal
At all times the user has the ability to terminate their communication with us and/or to withdraw their request and to object to a related use of his data. In such a case, communication cannot be continued. All personal data stored in the course of contacting us will be deleted in this case, subject to further storage of the data for the reasons set out in Section III.8.
In particular, the definitions of Art. 4 and Article 9 GDPR. In the context of this data protection declaration, the following terms defined in Art. 4 of the GDPR may be of particular relevance:
- “personal data” shall mean any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Restriction of processing”
is the marking of stored personal data with the aim of restricting or blocking their future processing;
- “Profiling” is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location;
- “Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person;
- “Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;
- “Data processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “Recipient” means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether they are a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered to be recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing;
- “Third party” means any natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data;
- “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her;
X. DATA SUBJECT RIGHTS
Data subjects are entitled to the following rights in particular under the GDPR, whereby these may be subject to restrictions per Sections 34, 35 BDSG:
- Right of access (Art. 15 GDPR)
You have the right to request information about whether or not we are processing personal data relating to you. If personal data relating to you are processed by our company, you have the right to request information about
– the purposes of the processing;
– the categories of personal data (type of data) that are processed;
– the recipients or categories of recipients to whom your data have been or will be disclosed; this applies in particular if data have been or will be disclosed to recipients in third countries outside the scope of application of the GDPR;
– the planned storage period, if possible; if it is not possible to specify the storage period, at least the criteria for determining the storage period (e.g., statutory retention periods or the like) must be communicated;
– your right to rectification and erasure of the data concerning you, including the right to restriction of processing and/or the possibility to object (in this regard, see the following clauses as well);
– the existence of a right to lodge a complaint with a supervisory authority;
– the origin of the data, if personal data has not been collected directly from you.
You also have the right to be informed of whether your personal data is the subject of automated decision-making in the sense of Art. 22 GDPR and, if so, which decision-making criteria underlie such automated decision-making (logic) and what the effects and scope of the automated decision-making may be for you.
If personal data is transferred to a third country outside the scope of the GDPR, you have the right to be informed whether – and, if so, on the basis of what guarantees – an adequate level of protection in the sense of Art. 44-49 GDPR is ensured by the data recipient in the third country.
You have the right to request a copy of your personal data. We generally provide copies of data in electronic form, unless you have indicated otherwise. The first copy is free of charge; a reasonable fee may be charged for each additional copy. The provision of this data is subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy.
- Right to rectification (Art. 16 GDPR)
You have the right to ask us to correct your data if it is inaccurate, incorrect and/or incomplete; the right to rectification includes the right to have incomplete personal data completed by means of supplementary declarations or communications. Correction and/or completion must be carried out immediately, i.e. without culpable delay.
- Right to erasure (Art. 17 GDPR)
You have the right to request that we delete your personal data, insofar as
– the personal data is no longer necessary for the purposes for which it was collected and processed;
– the data processing is based on consent given by you, and you have revoked such consent, unless there is another legal basis for the data processing;
– you have objected to data processing per Article Art. 21 GDPR, and there are no overriding legitimate grounds for further processing;
– you have objected to data processing for direct marketing purposes per Article Article 21 (2) GDPR;
– your personal data has been processed unlawfully;
– the data in question is that of a child and has been collected in relation to information society services per Article Art. 8 (1) GDPR.
No right to erasure of personal data exists if:
– the right to freedom of expression and information precludes the request for erasure;
– the processing of personal data is necessary (i) for compliance with a legal obligation (e.g. legal retention obligations); (ii) for the performance of tasks carried out in the public interest and interests under Union law and/or Member State law (this also includes public health interests); or (iii) for archiving and/or research purposes;
– the personal data is necessary for the establishment, exercise or defense of legal claims. The erasure must be carried out without delay, i.e. without culpable delay. If we have made personal data public (e.g. on the Internet), we must ensure, as far as is technically possible and reasonable, that third-party data processors are also informed of the request for deletion, including the deletion of links, copies and/or replications.
- Right to restriction of processing (Art. 18 GDPR)
You have the right to have the processing of your personal data restricted in the following cases:
– If you have disputed the accuracy of your personal data, you may request that your data not be used for other purposes for the duration of the review of correctness and be restricted in this regard.
– In the event of unlawful data processing, you may, instead of data erasure per Art. 17 (1)(b), request the restriction of data use per Art. 18 GDPR;
– If you need your personal data for the assertion, exercise or defense of legal claims, but your personal data is otherwise no longer needed, you may request that we restrict processing to the aforementioned purposes of legal prosecution;
– If you have objected to data processing per Art. Article 21 1 GDPR, and it has not yet been determined whether our interests in processing override your interests, you may request that your data not be used for other purposes for the duration of the review and be restricted in this regard.
Personal data whose processing has been restricted at your request may – under reserve of retention – only be processed (i) with your consent, (ii) for the assertion, exercise or defense of legal claims, (iii) to protect the rights of other natural or legal persons, or (iv) for reasons of an important public interest. If a processing restriction is lifted, you will be informed of this in advance.
- Right to data portability (Art. 20 GDPR)
Subject to the following provisions, you have the right to request that data concerning you be handed over in a commonly used electronic, machine-readable data format. Subject to the following provisions, you have the right to request that data concerning you be handed over in a commonly used electronic, machine-readable data format. The right to data transfer only applies to data provided by you and requires that the processing is done on the basis of consent or for the performance of a contract and is carried out with the aid of automated processes. The right to data transfer per Art. 20 GDPR does not affect the right to data erasure per Art. 17 GDPR. The data transfer is subject to the rights and freedoms of other persons whose rights may be affected by the data transfer.
- Right to object (Art. 21 GDPR)
In the case of processing of personal data for the performance of tasks carried out in the public interest (Art. 6 (1) 1(e) GDPR) or for the exercise of legitimate interests (Art. 6 (1) (1)(f) GDPR), you may object to the processing of personal data relating to you at any time with effect for the future. In the event of an objection, we shall refrain from any further processing of your data for the aforementioned purposes, unless:
– there are compelling legitimate grounds for processing which override your interests, rights and freedoms, or
– the processing is necessary for the assertion, exercise or defense of legal claims. You may object to the use of your data for direct marketing purposes at any time with effect for the future; this also applies to profiling insofar as it is related to direct marketing. In the event of an objection, we must refrain from any further processing of your data for the purpose of direct advertising.
- Prohibition of automated decision-making/profiling (Art. 22 GDPR)
Decisions that produce legal effects concerning you or significantly affect you must not be based solely on automated processing of personal data, including profiling. This does not apply insofar as the automated decision-making
– is necessary for the conclusion or performance of a contract with you,
– is permissible on the basis of Union or Member State legislation, provided that such legislation contains adequate measures to safeguard the rights, freedoms and legitimate interests of your person, or
– is carried out with your express consent. Decision-making based solely on automated processing of special categories of personal data is generally not permitted, unless Art. 22 (4) in conjunction with Art. 9 (2)(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights, freedoms and legitimate interests of your person.
Insofar as we use automated decision-making in the sense of Art. 22 GDPR, this is explicitly indicated in the context of our data protection statements.
8. Options for legal protection / right to lodge a complaint with a supervisory authority
In the event of complaints, you may at any time contact the competent supervisory authority of the Union or the Member States. The supervisory authority responsible for our company is the one mentioned in section II.
XI. CHANGES TO THE DATA PROTECTION STATEMENT
We reserve the right to update the data protection statement at irregular intervals and will inform you of any essential changes that affect the use of your personal data. The current version can be found on our web pages under the “Data Protection” link.
1. General information; organizer
Participation in the contest implies acceptance of the following conditions of participation. By participating in the contest, the participant accepts these conditions of participation. The Organizer of the contest is SEVERIN Elektrogeräte GmbH (hereinafter also referred to as the “Organizer”).
- Conditions of participation
All legally competent natural persons with a minimum age of 18 years may participate. Excluded from participation are business customers, who are not permitted to participate for compliance reasons, as well as employees of SEVERIN Elektrogeräte GmbH and their relatives.
In addition, the Organizer reserves the right, at its own discretion, to exclude persons from participation if there are justified reasons, for example:
- in the event of manipulation in connection with access to or performance of the contest,
- in the event of violations of these conditions of participation,
- in the event of unfair practices, or
- in the event that false or misleading information is provided in connection with participation in the contest.
- Participation period, termination
For the start and duration of the contest (participation period), please refer to the information on the respective contest (e.g. on our homepage and/or other social media channels). Users can participate in the contest within the respective specified period.
The Organizer expressly reserves the right to terminate the respective contest without prior notice and without giving reasons. This applies in particular to any reasons that would disrupt or prevent the scheduled course of the contest.
- Contest procedure, prize
The winners will be determined after the closing date by means of a random drawing from among all participants, with no recourse to legal action. If the contest is linked to a task, only those participants who have correctly completed the task will be entered into the drawing.
A change or cash payment of the prize is excluded. The winner will be notified by us via private message. If the winner does not respond to the prize notification within one (1) week, the prize will be forfeited without compensation.
Contests can be organized on different social media platforms and channels. For further information and conditions for the performance of a contest, please refer to the information on the respective event channels (social media, e.g. Facebook, Instagram).
The Organizer is liable for damages caused by the Organizer, its legal representatives, employees or agents with intent or gross negligence.
In the event of a simple or slightly negligent breach of essential contractual obligations (“cardinal obligations”), the liability of the Organizer shall be limited in amount to the damage typically foreseeable at the time of conclusion of the contract. An essential contractual obligation exists for obligations the fulfillment of which is a prerequisite for the proper execution of the contract or on the fulfillment of which the contractual partner has relied or may have relied. Liability for simple or slightly negligent breaches of other obligations is excluded.
Mandatory legal regulations, such as unlimited liability for personal injury and liability under the Product Liability Act (Produkthaftungsgesetz), remain unaffected by the above provisions.
Furthermore, the Organizer is not liable for damages resulting from the negative effects on the availability of the contest website in the event of technical disruptions beyond the Organizer’s control and force majeure events, as well as attacks by third parties against the contest website. However, the Organizer will make every effort to ensure the reliability and functionality of the contest website.
Furthermore, the Organizer does not guarantee that the contest website will function properly on the respective participant’s computer. The Organizer reserves the right to adjust, change or cancel the contest if the need arises.
- Data protection
In order to participate in the contest, it is necessary to provide personal data. Data that is mandatory for participation in the contest is indicated by mandatory fields; participation is not possible without providing the data indicated by mandatory fields.
The participant affirms that the personal data he or she provides, in particular first name, surname and address (email address), as well as any information on age, is true and correct.
The Organizer points out that all personal data of the participant will not be passed on to third parties nor given to third parties for use without a corresponding legal basis (e.g. address data). An exception to this is the transfer to companies that may be commissioned to carry out the contest, which must collect, store and use the data for the purpose of carrying out the contest. The data will be processed exclusively for the purpose of carrying out the contest.
In the event of a win, the winner, by accepting these conditions of participation, agrees to the publication of his or her name and place of residence in the advertising media used by the Organizer. This includes the announcement of the winner on the website of the operator and its social media platforms. Likewise, we may use, and in particular publish, all entries and/or content submitted for commercial purposes (e.g. advertisements). In this respect, the participants grant the Organizer the right to use – i.e. especially to reproduce, publish, edit, etc.– contributions and/or content for advertising purposes, without any restrictions in terms of location or time, free of charge and without a requirement to identify the authors.
The legal basis for the processing of personal data for the purpose of carrying out the contest is Art. 6 (1) 1(b) GDPR. The participants’ data will generally be deleted within [3 / 6 months] after the end of the contest; an exception is the data of winners, which can be processed in accordance with the aforementioned provisions, as well as data that is required in the context of a corresponding use of contributions and/or content by the Organizer.
In addition, the data protection provisions of SEVERIN Elektrogeräte GmbH, which are available on the website under the “Data Protection” link, apply. You can also contact our data protection officer using the contact information provided in section 8 with any questions relating to data protection.
- Severability clause
If individual provisions of these Terms and Conditions of Participation are invalid, or a loophole exists, this shall not affect the validity of the remaining provisions. The invalid or missing provision shall be replaced by a provision that comes closest to the purpose of the contract and the legal provisions.
- Place of jurisdiction / applicable law
In the event of disputes, German law shall apply exclusively. As far as legally permissible, the Organizer’s registered office is agreed as the place of jurisdiction. If the participant does not have a general place of jurisdiction in Germany, or moves his or her residence abroad after participation, the Organizer’s registered office is also agreed as the place of jurisdiction.
If you have any questions regarding the implementation of this contest and/or the processing and use of personal data, please contact the Organizer. Contact details can be found under the “Site Notice” link on the SEVERIN Elektrogeräte GmbH website.
SEVERIN Elektrogeräte GmbH wishes you the best of luck.