Data protection declaration for the internet offering and other information in respect of the obligation to provide Information in accordance with Art. 13 GDPR for the collection of personal data from the data subject
This data protection declaration (Version: DSGVO 1.0 dated 18.03.2019) was produced by: Deutsche Datenschutzkanzlei Datenschutz-Office München – www.deutsche-datenschutzkanzlei.de
Data protection
We, the Blaser GmbH, are responsible for this online offering and, as the provider of a teleservice, must inform you at the beginning of your visit to our online offering, about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible way, and in clear and simple language. The contents of the information must be accessible to you at all times. We are therefore obliged to inform you about which personal data will be collected or used. Any information relating to an identified or identifiable natural person, is described as personal data.
We place great value on the security of your data and compliance with the data protection regulations. The collection, processing and use of personal data is subject to the regulations of the European and national laws currently in force
We would like to show you in the following data protection declaration, how we handle your personal data and how you can make contact with us:
Blaser GmbH
Ziegelstadel 1
D-88316 Isny
Companies’ register-Nr.: HRB 620325
Managing director: Christian Socher
Telephone: +49 7562 702-0
E-Mail: info@blaser.de
Data Protection Officer for Blaser GmbH
If you have questions, please contact our Data Protection Officer:
DSB Münster GmbH
Hr. Heiner Niehüser
Martin-Luther-King-Weg 42-44
48155 Münster
E-Mail: datenschutz@dsb-ms.de
URL: www.dsb-ms.de
A. General
For the sake of easier reading, no gender-specific distinction is made in our data protection declaration. The terms used apply, in the context of equal treatment, to both genders.
The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be taken from Article 4 of the EU-General Data Protection Regulation (GDPR).
The users’ personal data processed in the context of this online offering, includes inventory data (e.g. clients’ names and addresses), contract data (e.g. services used, name of person responsible, payment information), usage data (e.g. which of the websites of our online offering you visited, interest in our products) and content data (e.g. input in the contact form).
‘User’ includes all categories of persons affected by the data processing. These include, for example, our business partners, customers, interested parties and other visitors to our online offering.
B. Specific
Data protection declaration.
We guarantee that we only collect, process, store and use your incoming data in connection with the processing of your request, as well as for internal purposes and providing the services that you have requested or to provide content.
Basis of data processing
We process the user’s personal data only in compliance with the relevant data protection regulations. The user’s data are only processed if it is permitted by the existence of the following statutory grounds:
- in order to deliver our contractual performance (e.g. Processing orders) and online services
- your consent is given
- on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation and security of our online offering in the sense of Art. 6 para. 1 lit. f. GDPR, in particular, range measurement, production of profiles for advertising and marketing purposes, as well as the collection of access data and print-subscription registration)
We would like to show you where the main legal grounds are regulated in the GDPR:
Consent
Art. 6 para. 1 lit. a. and Art. 7 GDPR
Processing to deliver our contractual performance and carry out contractual measures
Art. 6 para. 1 lit. b. GDPR
Processing to protect our legitimate interests
Art. 6 para. 1 lit. f. GDPR
Data transfer to third parties
Data is only passed to third parties within the framework of the legal provisions. We only pass user’s data to third parties when this is necessary, for example for contractual purposes or based on our legitimate interest in the economic and the effective operation of our business.
In the event that we use subcontractors to provide our services, we make suitable legal arrangements as well as appropriate technical and organizational measures, to provide protection for personal data in accordance with the relevant legal provisions
We would like to advise you that a transfer of data occurs, due to the usage of Google Analytics in our online offering,
Data transfers to third countries or an international organization
Transfer of data to third parties
We only forward data to third parties in line with statutory requirements. We only then forward user data to third parties if these are required, for instance, for contractual purposes, or on the basis of the legitimate interest of our commercial and effective business operations.
Passing on personal data for order processing
Any personal data that we collect within the scope of the order processing shall be passed on to the transport company engaged for the delivery, provided that this is necessary to deliver the goods. The company Blaser GmbH works together with various transportation companies (e.g. DHL, DPD, etc.)
In accordance with GDPR Article 6 (1) (b) we shall only pass on the name of the recipient and the delivery address to the shipping provider for the purpose of the delivery. This information shall only be passed on if it is required for the delivery of merchandise.
If we instruct sub-contractors to provide our services, we take the appropriate legal precautions along with adequate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
We would like to point out that data is transferred when using our online offer due to the use of Google Analytics
Data transmission to a third country or an international organization
A third country is deemed to be one in which the GDPR is not a directly applicable law. In principal, this includes all countries outside the EU or the European Economic Area.
Data will be transmitted a third-party country or an international organization. In the process, care will be taken to ensure that suitable/appropriate guarantees exist there and that enforceable rights and effective remedies are available to you.
You can obtain a copy of the requisite guarantees at the following links:
Privacy Shield: https://www.privacyshield.gov/list
Standard contractual clauses: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
Length of storage of your personal data
We adhere to the principles of data economy and data minimisation. This means the data made available to us is only retained for as long as it is needed to fulfil the previously named purposes or as laid down by the manifold storage periods provided for by the legislator. When the relevant purpose no longer exists, respectively after expiry of the appropriate period, your data will be routinely blocked, respectively erased, in accordance with the statutory provisions
We have developed a company-internal concept to guarantee this procedure.
Making contact
If you make contact with us by email, telephone, fax, contact form, subscription-registration form etc., you consent to electronic communication. Personal data will be collected in the context of contacting us. Which data is collected if you use a contact form, can be seen from the respective contact form. Your data are transmitted with SSL encryption. The information which you give will be stored exclusively for the purpose of processing your inquiry and for possible follow-up questions.
We would like to tell you the legal grounds:
Processing to deliver our contractual performance and carry out contractual measures
Art. 6 para. 1 lit. b. GDPR
Processing to protect our legitimate interests
Art. 6 para. 1 lit. f. GDPR
For this, we have concluded a data processing contract with the provider, in which the provider has committed to only process user data in accordance with our instructions and in compliance with the EU level of data protection.
We would like to advise you that emails can be read or changed, unnoticed and without authorization, during transmission. We would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if certain characteristics are present, so that they are wrongly identified as spam.
What rights do you have?
a) Right to information
You have the right to obtain information about your stored data free of charge. Upon request, we will tell you what personal data about you we have stored, in writing, in accordance with current law. This also includes the origin and recipient of your data as well as the purpose of the data processing.
b) Right to rectification
You have the right to have your data which is stored by us, corrected, if it is incorrect. You can demand a limitation to the processing of your personal data, e.g. if the accuracy of your personal data is contested.
c) Right to blocking
Furthermore, you can have your data blocked. So that a blocking of your data can be taken into account at any time, the data must be held in a lock file for control purposes.
d) Right to erasure
You can also demand the erasure of your personal data, so long as no legal storage obligation exists. If such an obligation exists, we will block your data on request. If the relevant statutory requirements are met, we will also erase your personal data without a request from yourself.
e) Right to data transferability
You are entitled to demand that the personal data transferred to us is made available in a format which enables it to be transferred to another location.
f) Right to complain to a supervisory authority
You have the option of approaching a data protection supervisory authority with a complaint.
State representative for data protection and freedom of information Baden-Württemberg.
Postal address: P.O.Box 10 29 32, 70025 Stuttgart, Germany
Home address: Königstraße 10a, 70173 Stuttgart, Germany
Telephone +49 711 615541–0
Telefax: +49 711 615541–15
poststelle@lfdi.bwl.de
https://www.baden-wuerttemberg.datenschutz.de
You can open the complaint form via the following link: https://www.baden-wuerttemberg.datenschutz.de/online-beschwerde
g) Right to object
You have the option to object at any time to the use of your data for internal purposes with future effect. For this, it is sufficient to send an appropriate email to datenschutz@blaser.de. However, such an objection does not affect the legality of processing procedures which we have already carried out. This does not affect data processing in respect of other legal bases, for example, such as contract initiation (see above)
Protection of your personal data
We take state of the art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and therefore, to protect the data which we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this.
Thereby your personal data is protected in the context of the following points (extract):
a) Ensuring the confidentiality of your personal data
To ensure the confidentiality of the personal data which we store, we have taken various measures to control access.
b) Ensure the integrity of your personal data
To ensure the integrity of the personal data which we store, we have taken various measures to control transfer and input.
c) Ensure availability of your personal data
To ensure the availability of the personal data which we store, we have taken various measures to control orders and availability.
The security measures employed are continually improved in accordance with technical development. Despite these precautions, we are unable to guarantee the security of your data transfers to our online offering because of the insecure nature of the internet. For this reason, all data transfers from you to our online offering are made at your own risk.
Protection of minors
Persons who are under 16, are not allowed to provide us with their personal information without the express consent of the person having parental responsibility. These data will be processed in accordance with our data protection declaration.
Server log files
The provider of these pages automatically collects and stores information in so-called server log files, which are automatically transferred to us ny your browser. These are:
Browser type and browser version
Operating system used
Referrer’s URL
Time of server request
These data are combined with other data sources.
The basis for this data processing is Art. 6 para. 1 lit. f. GDPR, which allows data processing for the protection of our legitimate interests.
Cookies
We use cookies. Cookies are small text files which are stored locally in the internet browser’s cache. Cookies enable internet browser recognition. The files are used to help the browser navigate through the internet offering and use all its functions to their full extent.
Our internet offering uses: Browser cookies
Control of cookies by the user
Browser cookies: All browsers can be set so that cookies are only accepted upon request. Also, per set-up, cookies can only be accepted for sites which are currently being visited. All browsers offer functions which make the selective deletion of cookies possible. The acceptance of cookies can also be deactivated generally, however in that case, limitations in the online offering’s user friendliness must be accepted.
Flash cookies: Flash cookies are (locally) stored Flash Player settings. However, these are not browser cookies which are managed through the relevant browser settings but are managed separately through the Flash Player settings manager. External link: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html
Cookiebot
Use of first party cookies (Google Analytics Cookie)
Google Analytics Cookies record:
- Unique user– Google Analytics Cookies collect and group your data. All activities during a visit are collected. A distinction between users and unique users is made by using Google Analytics Cookies.
- User’s activities– Google Analytics Cookies also store data about the beginning and end times of your visit to the online offering and how many pages you have looked at. The user session is ended by closing the browser or after long user inactivity (Standard 30 minutes), and the cookies records that the visit has ended. The date and time of the first visit is also recorded. The total number of visits per unique user is also recorded. External link: https://marketingplatform.google.com/about/analytics/terms/us/
You can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address), by Google and the processing of the data by Google, by downloading and installing the following browser plugin:
External link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information can be found under the point “Web analysis service Google Analytics / Universal Analytics”.
Use of third-party cookies
Third party providers use (further) cookies over the import of editorial texts or advertising (third-party cookies) in our online offering. Third party providers are also subject to strict data protection requirements on the application of personal data.
Lifespan of the cookies employed
Cookies are managed by our internet offer’s website. This internet offering uses:
Transient cookies/Session cookies (single use)
Life spam: Until the online offer is closed
Persistent Cookies (permanent browser recognition)
Lifespan: 10 years
Deactivate or remove cookies (Opt-Out)
Every browser offers the option of limiting or deleting cookies. Further information about this can be obtained from the following websites:
– Internet Explorer:
https://support.microsoft.com/en-us/hub/4338813/windows-help
– Firefox:
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
– Google Chrome:
https://support.google.com/chrome/answer/95647?hl=en
– Safari:
https://support.apple.com/en-us/HT201265
Web analysis service Google Analytics / Universal Analytics
We use Google Analytics, a web analysis service from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses “Cookies”, text files that are stored on your computer and allow the use of the online offering to be analyzed. The information produced by the cookie about the use of the online offering, is normally transmitted to a server belonging to Google and stored there.
In the event that the IP anonymization is activated in our online offering, your IP address will be shortened inside the European Union member states or in other contracting states to the Agreement on the European Economic Area.
Google will use this information on our behalf to evaluate the use of the online offering and compile reports about the online offering’s activities and in order to provide us with other services connected to the use of the online offering and the internet use. The processing is based our legitimate interest, in accordance with Art. 6 para. 1 lit. f GDPR. The IP addresses transmitted by your browser in the context of Google Analytics, are not combined with other data by Google.
In addition, our website uses Google Analytics for a cross-device analysis of user streams, which is done through a user ID. On their first visit to a site, a user is given an unambiguous, permanent and anonymized ID, which is used cross-device. This allows interaction data from various devices to be associated with a single user. The user ID contains no personal data and also does not transmit personal data to Google.
The collection and storage of data through the user ID can be vetoed at any time with future effect. For this you must deactivate Google Analytics on all the systems you use, for example, also on other browsers or your mobile device.
You can prevent the storage of cookies by an appropriate setting in your browser software. However, we point out that in this case, it is possible that not all the functions of the online offering can be used to the full extent.
We point out that this online offering uses Google Analytics with the “_anonymizeIp()” extension and IP addresses are therefore only further processed in a shortened form to exclude a direct personal reference.
Furthermore, we use Google Analytics reports for the collection of demographic characteristics and interests.
The data sent by us and linked to cookies, user recognition (e.g. User-ID) or advertising ID, is automatically erased after 14 months. Data which has reached the end of its retention period, is automatically erased once a month. More detailed information about conditions of use and data protection, can be found under https://marketingplatform.google.com/about/analytics/terms/us/ or under https://policies.google.com/?hl=en
In addition, you can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address) by Google, and the processing of the data by Google, by downloading and installing the following browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plugin or in browsers on mobile devices, the following link can be used to set an opt-out cookie which will prevent the collection by Google Analytics inside this online offering in future (this opt-out cookie only works in this browser and only for this domain, delete the cookies in this browser and click the link again):
Click here to opt/-out of Google Analytics
Use of Google Tag Manager
We use Google Tag Manager. With this service, website tags can be managed over an interface. Google Tag Manager only implements tags. It does not set cookies and no personal data is collected. Google Tag Manager triggers other tags which may collect data. Google Tag Manager does not access this data. If a deactivation is carried out at domain or cookie level, then it continues to exist for all tracking tags, to the extent that they are implemented with Google Tag Manager. More information on Google Tag Manager can be found under the following link: https://www.google.com/analytics/tag-manager/use-policy/
You have the option to prevent the sending of all Google Tag Manager tags. For this, you must click on the following opt out link to set the Google Tag Manager deactivation cookie in your browser.
Click here to be excluded from data collection by Google Tag Manager:
Google Analytics und Google Tag Manager deaktivieren
Google AdWords – Conversion-Tracking
We use the online advertising program, “Google AdWords” and conversion tracking in the context of Google AdWords. The cookie for conversion tracking is set when you click on an advertisement placed by Google. These cookies lose their validity after 30 days and do not allow personal identification. If you visit pages of this inline offering and the cookie has not yet expired, Google and we can recognize that you have clicked on the advertisement and been transferred to this page. Every Google AdWords user receives a different cookie. Therefore, cookies cannot be traced over AdWords user’s websites.
The information obtained from the conversion is used to produce conversion statistics for those AdWords users who have opted for conversion tracking. We find out the total number of users who have clicked on our advertisement and been transferred to a page with a conversion tracking tag. However, we do not receive any information through which you can be personally identified. If you do not want to take part in tracking, you can refuse this service by deactivating the Google conversion tracking cookie through the internet browser’s user settings. Thereafter, you will not be included in the conversion tracking statistics.
Further information about Google’s data protection policies: https://policies.google.com/privacy?gl=us&hl=en
Newsletter
If you register for our newsletter, we will send you regular information about our offers. Personal data will be collected for this.
The only obligatory information for sending the newsletter, is your email address. The provision of any other information is voluntary and will be used to address you personally. We will use these data for our own advertising purposes in the form of your email newsletter, if you have expressly consented in the following way:
“Yes, I would like to subscribe to the newsletter! I accept the data protection declaration”
We use the so-called double opt-in process for sending the newsletter. This means that we will only send you an email newsletter when you have expressly confirmed that you consent to the newsletter being sent. Therefore, we send you a confirmation email in which you are asked to confirm that you consent that you want to receive the newsletter in future, by clicking on a link.
By activating the confirmation link, you give your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you subscribe to the newsletter, we save your IP address, entered by your service provider, and the date and time of registration, in order to be able to trace a possible abuse of your email address at a later time.
You can unsubscribe from the newsletter at any time over the link provided for this purpose in the newsletter or by sending an appropriate message to us, email: datenschutz@blaser.de. After a successful cancelation, your email address will immediately be removed from our email circulation list and added to a block file to guarantee the revocation
Use of Facebook-Connect (Single Sign On process)If you have a Facebook profile, you can create a customer account on our online offering or register by using the “Facebook Connect” social plugin, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”), as part of the so-called single sign on technology. The “Facebook Connect” social plugins on these internet pages can be recognized by a blue button with the Facebook logo and the words “Connect with Facebook”, “Log in with Facebook” or “Sign in with Facebook”.
When you call up a page from this internet presence which contains such a plugin, your browser makes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the relevant website page, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.
By using these “Facebook Connect” buttons on our website, you have the opportunity to log into this website, or register, by using your Facebook user data. If you use the “Facebook Connect” buttons, we receive the general and publicly accessible data from your profile from Facebook, depending on your chosen Facebook data protection settings. This information includes the user ID, name, profile picture, age and sex. Please be aware that following changes to Facebook’s data protection and usage conditions, this can also include your profile pictures, your friends’ user IDs and your friends list, if these are marked as “public” in your Facebook privacy settings.
We will store and process the data transmitted by Facebook to produce a user account with the necessary data (Title, first name, surname, address information, country, email address, date of birth) if you have authorized this on Facebook. Vice versa, data can also be transmitted by us to your Facebook profile. This could be information about surfing or shopping behavior. If you use the “Facebook Connect” buttons, you will also be advised, when you activate the button, of the exchange of your data by Facebook. In addition, you will be given the opportunity to expressly consent to accessing your Facebook user data, as well as to consenting to the publication of information and activities in your Facebook profile.
This consent can be withdrawn at any time by a message to the contact given below. The purpose and extent of the data collection and the subsequent processing and use of your data by Facebook and your rights in this respect and configuration options for protecting your private sphere, can be found in Facebook’s data protection guidelines: http://www.facebook.com/policy.php
If you do not want Facebook to connect the data collected through the internet presence directly with your Facebook profile, you must log out of Facebook before visiting our online offering. You can completely prevent the loading of Facebook plugins, with add-ons for your browser, e.g. with the “Facebook Blocker” (http://webgraph.com/resources/facebookblocker/).
Use of YouTube
Functions of the YouTube service are integrated into our online offering for displaying and replaying videos. YouTube belongs to Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”)
Hereby, the extended data protection mode is used which, according to the service provider, only starts to store user information after the video replay has been begun.
If the replay of embedded YouTube videos is started, YouTube uses cookies to collect information about user behavior. According to notes from YouTube, this serves to, among other things, collect video statistics, improve user friendliness, and prevent misuse.
If you are logged into Google when you click on a video, your data is directly associated with your account. If you do not want the association with your YouTube profile, you must log our before activating the button. Google stores your data as a user profile (even for users who are not logged in) and evaluates it. Such an evaluation takes place in particular in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google’s legitimate interest in the insertion of personalized advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of this user profile, whereby, to exercise the right, you must contact YouTube.
Independently from the replay of embedded videos, a connection to the Google network “DoubleClick” is made each time our online offering is accessed, which can lead to further data processing procedures, without any influence from us.
Further details about the use of cookies by YouTube can be found in YouTube’s data protection declaration under: http://www.youtube.com/t/privacy_at_youtube
Amendments to our data protection policy
We reserve the right to adapt our data protection declaration on occasions, so that it always meets the current legal requirements or to implement changes in our services into the data protection declaration. This could apply e.g. to the introduction of new services. The new data protection declaration would then apply to your return visit.
Brand protection
Each firm or trade mark named here is the property of the respective firm. The naming of brands and names is purely for informative purposes.
C. Specific provisions for Russia
The following applies to users who are residents of the Russian Federation:
The services of our online offer listed above, are not intended for citizens of the Russian Federation who are resident in Russia.
If you are a Russian citizen resident in Russia, you are expressly informed that all personal data that you make available to us over our internet offering, is exclusively at your own risk and on your own responsibility. You further agree that you will not hold us responsible for a possible breach of Russian Federation law.