Data protection

Data Protection Declaration

This data protection declaration clarifies the nature, scope and purposes of processing personal data (hereafter simply “data”) through our online services and the associated websites, functions and content, as well as through our online presence, e.g. social media profiles (hereafter referred to collectively as “online services”). Regarding terms used, for example “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Landgeflügel FG Vertriebsgesellschaft mbH

Industriepark 1

D-49733 Haren

Telephone: 0049 5932 9975-0

Fax: 0049 5932 9975-500

Email: info@landgefluegel.de

Data protection officer

Email: datenschutz@rothkoetter.de

Types of processed data:

– Inventory data (e.g. names, addresses).

– Contact data (e.g. email address, telephone numbers).

– Content data (e.g. text inputs, photographs, videos).

– Usage data (e.g. web history, content interest, access times).

– Metadata or communications data (e.g. device information, IP addresses).

Categories of persons concerned

Visitors to and users of our online services (hereafter all persons concerned are collectively known as “users”).

Purpose of processing

– To provide access to online services, their functions and contents.

– To answer contact requests and communications from users.

– Safety measures.

– Audience measurement / Marketing

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is wide-ranging and encompasses almost all data handling.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Article 13 of the GDPR, we must inform you of the legal basis of our data processing. Where the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Article 6 para. 1(a) and Article 7 of the GDPR. The legal basis of processing for the fulfilment of our services and implementation of our contractual activities, as well as responding to enquiries is Article 6 para. 1(b) of the GDPR. The legal basis of processing for the fulfilment of our legal obligations is Article 6 para. 1(c) of the GDPR. The legal basis of processing for safeguarding our legitimate interests is Article 6 para. 1(f) of the GDPR. In cases where processing personal data is necessary due to the vital interest of either the data subject or another natural person, Article 6 para. 1(d) of the GDPR serves as the legal basis.

Safety measures

In accordance with Article 32 of the GDPR, we take suitable technical and organisational measures to ensure the appropriate level of risk protection, with due regard to the current state of technology, implementation costs, the manner, scope, circumstances and purposes of processing, as well as the varying probability of occurrence and severity of the risks to the rights and freedoms of natural persons.

Most importantly, these measures include ensuring the confidentiality, integrity and availability of data through controls over physical access to the data, as well as controls over data accessibility, entry, transfer, guaranteed availability and partitioning. Furthermore we have established procedures which ensure the exercising of the data subject’s rights, the erasure of data and responses to threats to the data. Moreover, we believe our personal data protection is already in progress in accordance with the principle of data protection through technical design and data protection friendly default settings: we use a range of hardware, software and various procedures in compliance with Article 25 of the GDPR.

Collaboration with data processing companies and third parties

If we disclose our data to persons and companies (data processing companies and third parties) in the context of processing, transfer or otherwise grant them access to the data, this takes place only on the basis of legal authorisation (for example if it is necessary to transfer data to a third party such as a payment service provider to fulfil the terms of a contract in accordance with Article 6 para. 1(b) of the GDPR). This authorisation may be on the grounds of the data subject’s consent, a legal obligation or our legitimate interests (such as the use of authorised representatives, web hosting companies etc).

If we engage third parties to process data on the basis of an “order processing contract”, this occurs under Article 28 of the GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the course of claims by third party services or in the context of disclosure (data transfer to a third party), this will only take place in order to fulfil (pre)contractual duties, on the basis of consent, legal obligation or our legitimate interests. Subject to legal or contractual authorisation, we may process data or have data processed in a third country only where the specific conditions of Article 44 of the GDPR are present i.e. processing takes place on the basis of special guaranties such as the official installation of an EU approved level of data protection (e.g. the “Privacy Shield” for transactions with the USA) or the observance of officially recognised contractual obligations (the so-called “standard contractual clauses”).

Rights of data subjects

According to Article 15 of the GDPR, you have the right to obtain confirmation of whether or not your personal data are being processed, access to the data, as well as further information and a copy of the data.

According to Article 16 of the GDPR, you have the right to have your personal data completed and to obtain the rectification of inaccurate personal data.

In accordance with Article 17 of the GDPR, you have the right to obtain the erasure of personal data without undue delay or, alternatively, in accordance with Article 18 of the GDPR, the right to obtain restriction of data processing

According to Article 20 of the GDPR, you have the right to request that we provide the personal data which you supplied or that we transfer them to other controllers.

Moreover, in accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority.

Right of cancellation

In accordance with Article 7 para. 3 of the GDPR, you have the right to withdraw consent with effect for future processing. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please send the withdrawal request to the data controller.

Right to object

According to Article 21 of the GDPR, you can object to future processing of your personal data at any time. In particular, you can object to processing for the purposes of direct marketing. Please send the withdrawal request to the data controller.

Cookies and the right to object to direct marketing

Small files which are stored on the user’s computer are referred to as “cookies”. A lot of different information can be stored in cookies. The primary function of a cookie is to store information about a user (or about the device where the cookie is saved) during, and even after, the user visits a webpage. Cookies are referred to as “session cookies” or “transient cookies”, when they are deleted after a user leaves the webpage and closes the browser. This type of cookie enables the contents of an online shopping basket or a login state to be saved. Cookies are referred to as “permanent” or “persistent” when they remain saved even after the browser has been closed. This means for example that the login state maybe saved when the user revisits the page after several days. Similarly, this type of cookie can record the user’s interests, which are then used for reach measurement or for marketing purposes. Cookies referred to as “third party cookies” are those which are generated by providers other than the data controller of the webpage. (Cookies generated by the data controller are known as “first party cookies”.)

Since we may utilise temporary and permanent cookies, information about them is provided here, within the scope of our data protection declaration.

If the users do not want cookies to be stored on their computers, they are requested to deselect the relevant option in the system preferences of the browser. Saved cookies can be deleted in the system preferences of the internet browser. Deleting cookies may cause restrictions to the functions of the website.

Opposition to employing cookies for online marketing purposes, and especially tracking, is explained by a variety of services, such as the American site http://www.aboutads.info/choices/ and the EU site http://www.youronlinechoices.com/ . Cookies can also be stored by means of deactivation in the browser settings. Please note that this may mean not all functions of the website can be used.

Erasure of data

Data processed by us is deleted or processing is restricted in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in the context of this data protection declaration, we will erase stored data when they are no longer required for their intended purpose and the erasure does not contravene any statutory obligations to preserve business records. If the data are not erased because they are required for other legally permissible purposes, data processing is restricted i.e. the data are no longer freely available and cannot be used for other purposes. For example this applies to data which must be kept for reasons relating to commercial or tax law.

According to statutory requirements in Germany, data may be kept for a specific 10 year period in accordance with § 147 para. 1 of the Fiscal Code of Germany(AO) and § 257 para. 1.1, 1.4 and § 4 para. 4 of the Commercial Code of Germany (HGB), which includes books, records, management reports, accounting documents, trading books, documents relevant for taxation etc. Storage may also occur for a 6 year period in accordance with § 257 para. 1.2, 1.3 and 4 of the HGB, which concerns commercial correspondence.

Data protection policy for application procedures

We process applicant data solely within the scope of the application process, in line with the statutory requirements. As set out in Article 6 para. 1(b) and 1(f) of the GDPR, if data processing is necessary, for example in the context of legal proceedings, applicant data may be processed in order to fulfil our (pre)contractual obligations in the context of the application process, (in Germany § 26 of the Federal Data Protection Act (BDSG) also applies).

The application process requires that the applicants disclose their data to us. If we provide an online form, necessary applicant data are labelled, otherwise they can be found in the job specifications and these basically include information about the person, postal and other contact addresses and application documents like cover letters, CVs and references. Aside from this, applicants can voluntarily disclose additional information to us.

By sending us an application, applicants declare themselves to be in agreement with the processing of their data for the purposes of the application process within the scope of this data protection declaration.

If particular categories of personal data are disclosed voluntarily during the application process, in line with Article 9 para. 1 of the GDPR, further data processing may occur under Article 9 para. 2(b) of the GDPR (for example health information such as severe disability or ethnic background). If particular categories of personal data are disclosed during the application process in line with Article 9 para. 1 of the GDPR when we reach out to applicants, further data processing may occur under Article 9 para. 2(a) of the GDPR (for example health information when this relevant to professional practice).

Where available, the applicant can use an online form to send us their application via our website. The data are transferred to us using state of the art encryption.

Alternatively, applicants can send us their applications via email. Please note, however, that as a rule emails are not sent in encrypted form and so applicants themselves are responsible for ensuring the encryption. Consequently, we can take no responsibility for the transmission path between the sending of the application and its reception on our server, and we therefore highly recommend the use of an online form or postal delivery. It remains possible for the applicant to submit the application to us by post, instead of through the online form or by email.

In the case of a successful application, we may further process the data provided by the applicant for the purposes of employment. If the application is not successful, the applicant’s data will be erased. The applicant retains the right to retract the application, in which case the applicant’s data will also be erased.

Subject to a valid retraction request by the applicant, erasure takes place after a period of six months, so that we can answer any resulting follow-up questions to the application and comply with obligations to provide evidence under the Equal Treatment Act. Invoices for reimbursement of travel expenses are archived in accordance with tax regulations.

Making contact

When making contact with us (e.g. via email, telephone, contact forms or social media), user information is processed in order to handle the contact request in accordance with Article 6, para. 1(b) of the GDPR in the case of contractual or precontractual relationships, and Article 6 para. 1(f) for all other enquiries. User information may be stored in a Customer Relationship Management system (CRM) or similar.

Enquiries are deleted when they are no longer required. The necessity of data storage is reviewed every 6 months. Further to this, statutory archiving obligations apply.

Hosting and email distribution

The hosting services which we use provide the following services: Infrastructure and platform services, computing capacity, memory space and database services, email distribution and security services, as well as technical maintenance services which we utilise for the purposes of operating the website.

Inventory data, contact data, content data, contractual data, usage data, metadata, and communication data from clients, interested parties or visitors to the website are all processed by us and our hosting service provider, on the basis of our legitimate interest to provide a safe and efficient website in accordance with Article 6 para. 1(f) of the GDPR in conjunction with Article 28 of the GDPR (concerning the conclusion of the processing agreement).

´

Collection of access data and log files

We, and our hosting service provider, collect data about every instance of access to the server containing this service (server log files), on the basis of our legitimate interest according to Article 6 para. 1(f) of the GDPR. Included within these access data are the names of requested websites and files, the date and time of the requests, the volume of data transferred, the notification of successful retrieval, the browser type and version, the user’s operating system, the referred URL (the previously visited page), the IP address and the name of the provider which the request.

For security reasons (e.g. for the investigation of abusive or fraudulent practices), log file information is stored for a maximum period of 7 days before being erased. Where retention of data for evidentiary purposes is required, the data are exempt from erasure until the particular incident is resolved.

Integration of services and third party content

On our website we utilise content and service offerings from third party providers on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and cost-effective operation of our website, in line with Article 6 para. 1(f) of the GDPR) in order to integrate their content and services such as videos or typefaces (hereafter referred to together as “content”).

This always presupposes that the third party providers of this content can detect the IP addresses of the users, since the content cannot be sent to the browser without the IP address. The IP address is therefore required in order to display this content. We endeavour only to use content from those providers whose sole reason for using IP addresses is to deliver content. Furthermore, third party providers may use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags allow information to be analysed, such as the visitor traffic to a page of the website. Information regarding pseudonyms may also be stored in cookies on the user’s device and may contain technical information about the browser, the operating system, referring websites, visiting hours as well as further information about the use of our website, and it may also be linked to similar information from other sources.

YouTube

Our website integrates videos from the platform “YouTube”, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection regulation: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.

Google Maps

Our website integrates maps from the service “Google Maps”, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In particular, processed data may include IP addresses and the user’s location data, although these are only collected with the user’s consent (as a rule, this is gained through the choice of settings on their mobile device). Data may be processed in the USA. Data protection regulation: https://www.google.com/policies/privacy/, opt out: https://adssettings.google.com/authenticated.