Date protection declaration

Data protection declaration

We are extremely pleased to discover your interest in our company. Data protection is valued highly by the management of ELEKTRA Handelsgesellschaft m. b. H.. In principle, it is possible to use the Internet pages of ELEKTRA Handelsgesellschaft m. b. H. without specifying any personal data. Insofar as an affected person wishes to take advantage of special services of the company via our Internet presence, processing of personal data may however be necessary. If the processing of personal data is necessary and if there is no legal basis for the processing of such, then we will generally obtain the consent of the affected person.

The processing of personal data, for example, the name, address, email address or telephone number of an affected person, is always carried out in accordance with the General Data Protection Regulation and in conjunction with the country-specific data protection regulations applicable to ELEKTRA Handelsgesellschaft m. b. H. With this data protection declaration, the company wishes to inform the public of the type, scope and purpose of the personal data collected, used and processed by us. Further, affected persons are informed, by way of this data protection declaration, of their rights in this regard.

As the entity responsible for processing, ELEKTRA Handelsgesellschaft m. b. H. has implemented numerous technical and organisational measures, in order to ensure the most comprehensive protection possible for personal data processed via this Internet presence. However, Internet-based data transfer methods still may harbour security vulnerabilities which means that absolute protection cannot be guaranteed. For this reason, any affected person may choose to communicate personal data using alternative methods, for example, by phone.

1. Definition of terms

The data protection declaration of ELEKTRA Handelsgesellschaft m. b. H. is based on the terms used by the European guideline and directive creators in the creation of the General Data Protection Regulation (GDPR). Our data protection declaration is designed to be easy for the public to read and understand, as well as for our customers and business partners. In order to ensure this, we would like to clarify the terms used in advance.

We use, among others, the following terms in this data protection declaration:

  • a) personal data

    Personal data covers all information pertaining to an identified or identifiable natural person (subsequently referred to as an “affected person”). Identifiable refers to a natural person that can be identified, whether directly or indirectly, in particular, by way of association to an identifier such as name, identifying number, to location data, to an online ID or to one or more specific characteristics, the embodiment of physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.

  • b) affected person

    An affected person is every identified or identifiable natural person whose personal data is being processed by the entity responsible for processing.

  • c) processing

    Processing refers to every executed procedure, or sequence of procedures, whether with or without the aid of automated processes, carried out in conjunction with personal data, such as the collection, recording, organisation, filing, saving, adaptation, modification or change, reading, querying, usage, disclosure by communication, distribution or another form of provision, comparison or linking, restriction, deletion or destruction.

  • d) restriction of processing

    Restriction of processing refers to the highlighting of saved personal data with the aim of restricting its future processing.

  • e) profiling

    Profiling is every type of automated processing of personal data which is designed to use this personal data in order to evaluate certain personal aspects relating to a natural person, especially in order to predict or analyse aspects with regard to job performance, economic position, health, personal preferences, interests, reliability, conduct, location or change of location of this natural person.

  • f) pseudonymisation

    Pseudonymisation is the processing of personal data in such a way that, without the use of additional information, the personal data can no longer be assigned to a specific affected person, as long as such additional information is stored separately and subject to both technical and organisational methods designed to ensure that the personal data cannot be assigned to an identified or identifiable natural person.

  • g) responsible entity or entitiy responsible for processing

    Responsible entity or entity responsible for processing refers to the natural or legal person, authority, establishment or other position that, either alone or in conjunction with others, decides on the purposes and means of processing of personal data. If the purposes and means of this processing are prescribed by Union law or the laws of member states, the responsible entity or the determined criteria in accordance with their nomination, can be prescribed in accordance with Union law or the laws of member states.

  • h) order processor

    An order processor is a natural or legal person, authority, entity or other position that processes personal data on behalf of the responsible entity.

  • i) recipient

    A recipient is a natural or legal person, authority, entity or other position to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data within the framework of a specific investigation order in accordance with Union law or the laws of member states, do not however count as recipients.

  • j) third party

    A third party is a natural or legal person, authority, entity or other position other than the affected person, the responsible entity, the order processor and the persons authorised, under the immediate responsibility of the responsible entities or the order processor, to process personal data.

  • k) consent

    Consent is the permission given voluntarily by the affected person, in a specific case, in an informed way and with the unmistakable statement of will in the form of a declaration or other clear confirming action, in which the affected person consents to personal data pertaining to their person being processed.

2. Name and address of the entity responsible for processing

The entity responsible for processing in the sense of the General Data Protection Regulation (GDPR), other applicable data protection laws in the member states of the European Union and other regulations with legal data-protection nature is:

ELEKTRA Handelsgesellschaft m. b. H.

Einsteinstraße 15

89407 Dillingen

Germany

Tel.: +49 (0)9071/704-0

Email: datenschutzbeauftragter@elektra-dillingen.de

Website: www.elektra-dillingen.de

3. Name and address of the data protection officer

The data protection officer for the entity responsible for processing is:

Thomas Hoch

MMC

Adalbert-Stifter Straße 52

89415 Lauingen

Germany

Tel.: +49 (0)1525/3144668

Email: info@anwendeberater.de

Website: www.anwendeberater.de

Any affected person may directly contact our data protection officer at any time with all questions and comments regarding data protection.

The relevant overseeing authority is:

Bayerisches Landesamt für Datenschutzaufsicht

Promenade 27

91522 Ansbach

Tel.: +49 (0)981 – 531300

E-Mail: poststelle@lda.bayern.de

4. Recording of general data and information

The Internet presence of ELEKTRA Handelsgesellschaft m. b. H. records a series of general data and information every time the Internet presence is called by an affected person or automated system. This general data and information is saved in the logfiles of the server. The following information may be logged (1) the browser type used and the version, (2) the operating system used by the accessing system, (3) the Internet page from which an accessing system accesses our Internet presence (so-called referrers), (4) the sub-pages which are accessed by a system accessing our Internet presence, (5) the data and time of the access to the Internet presence, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information, that can be used to avert risks in the event of attacks on our information technology systems.

The use of this general data and information does not enable ELEKTRA Handelsgesellschaft m. b. H. to draw any conclusions about the affected person. This information is instead used to (1) correctly deliver the contents of our Internet presence, (2) to optimise the content of our Internet presence and the advertising for such, (3) to ensure the permanent functionality of our information technology system and the technology of our Internet presence, as well as to (4) provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack. This anonymously collected data and information is thus statistically evaluated by ELEKTRA Handelsgesellschaft m. b. H. on the one hand, but also collected with the aim of increasing data protection and data security within the company, in order to ensure the optimum level of protection for the personal data processed by us. The anonymous data of the server logfiles is saved separate to all personal data specified by an affected person.

5. Contact option provided by the internet presence

The Internet presence of the ELEKTRA Handelsgesellschaft m. b. H. contains, due to legal regulations, specifications which enable quick electronic contact to be established with the company, as well as immediate communication with us. This also includes a general address for so-called electronic post (email address). Insofar as an affected person contacts the entity responsible for processing via email or a contact form, the communicated personal data of the affected person will be saved automatically. Such personal data, provided voluntarily by an affected person to the entity responsible for processing, will be saved for the purpose of processing or to enable us to contact the affected person. This personal data will not be passed to any third party.

6. Routine deletion and blocking of personal data

The entity responsible for the processing processes and saves personal data of the affected person only for the time period necessary in order to achieve the purpose of the saving, or insofar as such is permitted by the European guideline and directive creators or other lawmakers in laws and directives to which the entity responsible for processing is subject.

If the purpose of saving is voided or the storage duration prescribed by European guideline and directive creators or other lawmakers expires, the personal data will be routinely blocked or deleted in accordance with the legal regulations.

7. Rights of the affected person

  • a) right to confirmation

    Every affected person has been granted the right, by the European guideline and directive creators, to request confirmation from the entity responsible for processing detailing whether the entity processes data pertaining to the affected person. If an affected person wishes to avail themselves of this confirmation right, they may contact an employee of the responsible entity at any time.

  • b) right to information

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, to receive free information from the responsible entity regarding the data saved pertaining to their person, and to receive a copy of this information. Further, the European guideline and directive creators has granted the affected person the right to information regarding the following information:

    • The processing purpose
    • The categories of personal data that are processed
    • The recipients or categories of recipients to which personal data is disclosed or will be disclosed, especially with regard to recipients in third-party companies or at international organisations
    • If possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
    • The existence of a right to correction or deletion of their personal data or a restriction on the processing of such by the responsible entity or a right to object to such processing
    • The existence of a right to complain to an overseeing authority
    • When the personal data may not be collected from the affected person: All available information about the origin of the data
    • The existence of an automated decision-making process including profiling in accordance with Article 22 Paragraphs 1 and 4 of the GDPR and — at least in these cases — telling information about the involved logic as well as the extent and intended effects of such a processing for the affected person

    Further, the affected person has a right to information regarding whether personal data has been sent to a third-party country or an international organisation. If this is the case, the affected person also has the right to obtain information about suitable guarantees in conjunction with the transfer.

    If an affected person wishes to avail themselves of this information right, they may contact an employee of the responsible entity at any time.

  • c) right of correction

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, to demand immediate correction of incorrect personal data pertaining to their person. Further, the affected person also has the right, taking into consideration the purpose of the processing, to demand the completion of incomplete personal data — also by way of an additional explanation.

    If an affected person wishes to avail themselves of this correction right, they may contact an employee of the responsible entity at any time.

  • d) right to deletion (right to be forgotten)

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, to demand that the responsible entity immediately deletes the information pertaining to them, insofar as one of the following reasons applies, and the processing is not necessary:

    • The personal data has been collected for such purposes, or processed in other ways, for which they are no longer necessary.
    • The affected person withdraws their consent to the processing in accordance with Article 6 Paragraph 1 Section a of the GDPR or Article 9 Paragraph 2 Section a of the GDPR, and there is no other legal basis for the processing.
    • The affected person objects to the processing in accordance with Article 21 Paragraph 1 of the GDPR, and there are no prior-ranking, justified reasons for the processing, or the affected person objects to the processing in accordance with Article 21 Paragraph 2 of the GDPR.
    • The personal data has been processed wrongfully.
    • The deletion of personal data is required in order to meet a legal obligation in accordance with Union law or the laws of member states that the responsible entity is subject to.
    • The personal data has been collected in reference to offered services of the information society in accordance with Article 8 Paragraph 1 of the GDPR

    Insofar as one of the above-named reasons is valid, and an affected person wishes to request the deletion of personal data saved by ELEKTRA Handelsgesellschaft m. b. H. they may contact an employee of the responsible entity at any time. The employee of ELEKTRA Handelsgesellschaft m. b. H. will arrange for the deletion request to be fulfilled without delay.

    . If the personal data has been made public by ELEKTRA Handelsgesellschaft m. b. H. and if our company is, as a responsible entity, in accordance with Article 17 Paragraph 1 of the GDPR obliged to delete the personal data, then ELEKTRA Handelsgesellschaft m. b. H. will, taking into account the available technology and implementation costs, take appropriate measures, including technical measures, to inform other entities responsible for data processing that process the published personal data that the affected person also requests that these other entities delete all links pertaining to this personal data or copies or replications of this personal data, insofar as the processing is not required. The employee of ELEKTRA Handelsgesellschaft m. b. H. will implement the necessary measures on a case-by-case basis.

  • e) right to restriction of processing

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, to demand the restriction of processing if one of the following prerequisites applies:

    • The correctness of the personal data is contested by the affected person, specifically, for a duration which enables the responsible entity to check the correctness of the personal data.
    • The processing is wrongful, the affected person rejects the deletion of personal data and instead demands the restriction of the use of the personal data.
    • The responsible entity no longer requires the personal data for the purposes of the processing, however the affected person requires it for the enforcement, execution or defence of legal claims.
    • The affected person has objected to the processing in accordance with Article 21 Paragraph 1 of the GDPR and it is not yet clear whether the justifiable reasons of the responsible entity outweigh those of the affected person.

    Insofar as one of the above-named prerequisites is valid and an affected person wishes to demand the restriction of personal data saved by ELEKTRA Handelsgesellschaft m. b. H. then they may contact an employee of the responsible entity at any time. The employee of ELEKTRA Handelsgesellschaft m. b. H. will implement the restriction of processing.

  • f) right to data transferability

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, to receive the personal data pertaining to them, and which the affected person has supplied to a responsible entity, in a structured, accessible and machine-readable format. They also have the right to have this data transferred by another responsible entity, without hindrance from the responsible entity that provided the personal data, insofar as the processing is carried out in accordance with Article 6 Paragraph 1 Section a of the GDPR or Article 9 Paragraph 2 Section a of the GDPR, or a contract based on Article 6 Paragraph 1 Section b of the GDPR and the processing is carried out by automated procedure, insofar as the processing is not required for a task which has been conferred to the responsible entity that is in the interest of the public, or is carried out in the execution of public authority.

    Further, the affected person, in the execution of their right to data transfer in accordance with Article 20 Paragraph 1 of the GDPR, has the right to ensure that the personal data is transferred directly from a responsible entity to another responsible entity, insofar as this is technically possible and insofar as the rights and liberties of other persons are not influenced as a result.

    In order to enforce the right to a data transfer, the affected person, may at any time, contact an employee of the ELEKTRA Handelsgesellschaft m. b. H.

  • g) right to object

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, for reasons resulting from their specific situation, to object at any time to the processing of personal data pertaining to them, on the basis of Article 6 Paragraph 1 Sections e or f of the GDPR. This also applies to profiling on the basis of these terms.

    ELEKTRA Handelsgesellschaft m. b. H. will not process personal data in the event of an objection, unless we can prove compelling reasons for the processing that outweigh the interests, rights and liberties of the affected person, or the processing acts to enforce, execution or defend legal claims.

    If ELEKTRA Handelsgesellschaft m. b. H. processes data in order to carry out direct advertising, the affected person has the right to object, at any time, to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is not linked to such direct advertising. If the affected person objects to ELEKTRA Handelsgesellschaft m. b. H. regarding the processing for direct advertising, the ELEKTRA Handelsgesellschaft m. b. H. will no longer process such personal data for these purposes.

    Further, the affected person has the right, for reasons arising from their specific situation, to object to the processing of their personal data by the ELEKTRA Handelsgesellschaft m. b. H. for scientific or historical research purposes or for statistical reasons, carried out in accordance with Article 89 Paragraph 1 of the GDPR, unless such processing is necessary for the fulfilment of a task which is in the interests of the public.

    In order to execute the right to objection, the affected person, may at any time, contact any employee of the ELEKTRA Handelsgesellschaft m. b. H or another employee. The affected person is also free to, in conjunction with the use of services of the information society, regardless of Directive 2002/58/EU, object to automated procedures to which technical specifications are applied.

  • h) automated decision-making in individual instances, including profiling

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, not to be subjected to a decision made solely on the basis of automated processing — including profiling — which has legal effects against them or affects them considerably in a similar way, insofar as the decision (1) is not required for the conclusion or fulfilment of a contract between the affected person and the responsible entity, or (2) is permitted on the basis of legal directives of the Union or member states, to which the responsible entity is subject, and these legal directives contain appropriate measures to ensure the maintenance of the rights and liberties and the justified interests of the affected person or (3) are carried out with the express permission of the affected person.

    If the decision is required (1) for the conclusion or fulfilment of a contract between the affected person and the responsible entity or (2) if it is carried out with the expression permission of the affected person, ELEKTRA Handelsgesellschaft m. b. H. takes appropriate measures to protect the rights and liberties, as well as the justified interests of the affected person, whereby at least the right is included which enables a person to effect intervention on the part of the responsible entity, to enable the representation of their own point of view and to challenge the decision.

    If an affected person wishes to avail themselves of the right, with regard to automated decisions, they may contact an employee of the responsible entity at any time.

  • i) right to withdraw data protection related permission

    Every affected person affected by the processing of personal data has been granted the right, by the European guideline and directive creators, to withdraw their permission to process personal data at any time.

    If an affected person wishes to avail themselves of this right to withdrawal, they may contact an employee of the responsible entity at any time.

8. Legal basis of processing

For our company Article 6 I lit. a of the GDPR acts as the legal basis for processing procedures for which we obtain permission for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract, where the contractual party of which is the affected person, for example, as is the case for processing procedures for which a delivery of goods or the provision of another service or return service, the processing is thus based on Article 6 I lit. b of the GDPR. The same applies to such processing procedures that require pre-contractual measures for their execution, for example, in the event of enquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example, to meet tax obligations, the processing is based on Article 6 I lit. c of the GDPR. In rare instances, the processing of personal data may be required in order to protect vital interests of the affected person or another natural person. This would be, for example, the case if a visitor to our company is injured during their visit, and as a result, their name, age, health insurance data or other vital information must be passed to a doctor, hospital or other third-party. The processing in this case would be based on Article 6 I lit. d of the GDPR. The processing procedures may also be based on Article 6 I lit. f of the GDPR. Processing procedures based on these legal principles, that are not covered by any of the above-named legal precedents, if the processing is required in order to maintain a justified interest of our company or a third-party, insofar as the interests, basic rights and liberties of the affected person do not outweigh. Such processing procedures are permitted especially because they have been specifically mentioned by the European lawmakers. They consider that a justified interest can be assumed when the person is a customer of the responsible entity (reason for consideration 47 Sentence 2 of the GDPR).

9. Justified interest in processing carried out by the responsible entity or a third party

If the processing of personal data is based on Article 6 I lit. f of the GDPR, our justified interest is the execution of our business to the benefit of the welfare of all our employees and shareholders.

10. The length of time for which personal data is stored

The criteria for the duration of the storage of personal data is the relevant applicable legal storage time. After the deadline has expired, the corresponding data will be deleted automatically, if it is no longer required to meet or prepare a contract.

11. Legal or contractual regulation regarding the provision of personal data; necessity for the conclusion of contracts, obligation of the affected person to provide personal data; potential consequences of non-provision

We inform you that the provision of personal data may, in part, be legally required (e.g. tax regulations) or may result from contractual regulations (e.g. specifications regarding contractual partners). In addition, the provision of personal data by an affected person, that will then be processed by us, may be required in order to conclude a contract. The affected person is, for example, obliged to provide us with personal data if our company is to conclude a contract with them. Not providing the personal data required may render it impossible to conclude a contract with the affected person. Prior to provision of personal data by the affected person, the affected person must speak to one of our employees. Our employee will clarify, individually for the affected person, whether the provision of personal data is legally or contractually prescribed or required in order to conclude the contract, whether there is an obligation to provide personal data, and detail the consequences of not providing personal data.

12. Existence of automated decision-making processes

As a company aware of our responsibilities, we do not use automated decision-making or profiling.

This data protection declaration was created by the data protection generator of the DGD, Deutsche Gesellschaft für Datenschutz GmbH, active as external data protection representative in Munich, in cooperation with the Cologne-based IT and data protection lawyer, Christian Solmecke.