Privacy Policy

I.                    Privacy Policy
II.       Name and Address of the Legally Obliged
The legally obliged entity in accordance with General Data Protection Regulations and other national data protection laws of EU member states as well as other data protection regulations is:

 

Sand Profile GmbH

Dr: - Patt – Str. 7-11

63811 Stockstadt

Deutschland

Tel.: +49 6027 41600

E-mail: info@sandprofile.com

Website: www.sandprofile.com

III.      Name and Address of the Legally Obliged for Data Protection
The entity legally responsible for data protection is:

 

Datenschutzbeauftragter

Olaf Wagschal

Sand Profile GmbH

Dr: - Patt – Str. 7-11

63811 Stockstadt

Deutschland

Tel.: +49 6027 41600

E-mail: Datenschutz [at] sandprofile [dot] com Note: For security reasons, the e-mail address is dismembered

IV.     General Information Concerning Data Processing
1.       The extent of processing of personal data
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website, our content and services. The collection and use of personal data of our users take place regularly only with the user’s consent. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

 

2.       The legal basis for the processing of personal data
Insofar as we obtain the consent for processing personal data from the party in question, Art. 6 §1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for complying with a contract for the contracting party in question, Art. 6 §1 lit. b DSGVO serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as any processing of personal data is required to fulfill a legal obligation that underlies our company, Art. 6 §1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the party in question or another natural person require the processing of personal data, Art. 6 §1 lit. d DSGVO serves as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the party in question do not prevail over the first interests, Art. 6 §1 lit. f DSGVO serves as the legal basis for this course of action.

3.       Data deletion and storage duration
Personal data of the party in question will be deleted or blocked as soon as the purpose of the storage is no longer needed. In addition, data storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the entity legally responsible for data protection is subject to. Blocking or deletion of data also takes place when a storage period prescribed by the previously mentioned standards expires, unless there is a need for further storage of data for the conclusion of a contract or the fulfillment of the contract.

V.      Provision of the Website and Creation of Log Files
1.       Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is hereby collected:

 

(1)    Information about the type of browser and the version used

(2)    The user’s operating system

(3)    The user’s internet service provider and country of origin

(4)    The user’s IP address

(5)    Date and time of access

(6)    The amount of data transferred

(7)    Websites from which the user's system accesses our website

(8)    Websites accessed by the user's system through our website

The data is also stored in our system’s log files. Storage of this data does not take place jointly with other personal data of the user.

2.       The legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 §1 lit. f DSGVO.

3.       Purpose of data processing
The temporary storage of the user’s IP address by the website’s system is necessary to allow delivery of the website to the user’s computer. To do this, the user's IP address must be kept for the duration of the session.

 

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place.

 

For these purposes, we have legitimate interests in the processing of data in accordance with Art. 6 §1 lit. f DSGVO.

4.       Duration of storage
Data will be deleted as soon as the reason for its collection is no longer given. In the case of any data collected to allow website service, this provision is met when the respective online session is completed.

 

Data for log files are stored for no longer than thirty days. An additional storage time is possible. In this case, the IP addresses of the users are deleted or alienated, so that an identification of the calling client is no longer possible.

5.       The right of rebuttal and removal of data
The collection of data and its storage in log files is essential for providing website service. Consequently, there is no right to refuse a collecting of a user’s data or a way to remove such data.

VI.     Handling of Cookies
a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser is identified even after changing to another page.

The following data is stored and transmitted via cookies:

(1)    Language settings

(2)    The article, article number and amount in the shopping cart

(3)    Log-In Information

b) The legal basis for data processing

The legal basis for processing personal data by using cookies is Article 6 (1) lit. f DSGVO.

c) Purpose of data processing

Cookies are technically necessary. Their purpose is to facilitate the use of websites for users. Some features of our website cannot function without cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

(1)    Shopping cart

(2)    Language settings

(3)    Remembering search terms

User data collected through cookies will not be used to create user profiles.

e) Duration of storage, the right of objection and removal of data

Cookies are stored on the user’s computer and are transmitted from there to our webpage. Therefore, as a user, you have full control over the use of cookies. Changing certain settings in your internet browser allows you to disable or restrict the transmission of cookies. Cookies already saved on your computer can be deleted at any time. This can also be done automatically. If our cookies are disabled, certain website functions might not be fully functional.

VII.        Contact Form and E-mail
1.          Description and scope of data processing
A contact form is made available on our website which can be used to contact us electronically. If a user chooses this option to contact us, all data entered in the input mask will be transmitted to us and stored. The data include:

(1)    User’s title

(2)    Name

(3)    Firm

(4)    E-mail

(5)    Telephone number

(6)    User’s message

 

Our website provides an application form which can be used by applicants to contact us electronically. If an applicant chooses this option to contact us, the data entered in the input mask will be transmitted to us and stored. The data include:

(1)    Applicant’s title

(2)    Surname

(3)    First name

(4)    Street address

(5)    ZIP code

(6)    City

(7)    Land (abbreviated)

(8)    Date of birth

(9)    Telephone number

(10)  E-mail Address

 

Our website provides a contact form for our online shop, which can be used by users to contact us electronically. If a user chooses this option to contact us, the data entered in the input mask will be transmitted to us and stored. The data include:

(1)    Firm

(2)    Street address

(3)    ZIP code

(4)    City

(5)    Land

(6)    VAT number

(7)    Name

(8)    Surname

(9)    E-mail

(10)  Telephone number

When sending a message, the following data is also stored:

(1)      The user’s IP address

(2)      Date and time of input

For the processing of user data, our privacy statement terms are displayed during the sending process in order to obtain your consent.

 

Alternatively, the user may opt to contact us via our e-mail address. In this case, the user's personal data transmitted by the e-mail will be stored.

 

In this context, no personal data will be passed on to third parties. The data is used exclusively for processing the channel of communication.

2.       The legal basis for data processing
By consent of the user, the legal basis for the processing of data is Art. 6 §1 lit. a GDPR.

 

The legal basis for the processing of data transmitted via e-mail is Article 6 (1) lit. f DSGVO. If the e-mail aims to conclude a contract, then additionally, the legal basis for the processing is Art. 6 §1 lit. b DSGVO.

3.       Purpose of data processing
Personal data in the contact form serves only to administer the contact process. A legitimate interest in the processing of data may also be included when contact is via e-mail.

Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4.       Duration of data storage
Data will be deleted as soon as the reason for its collection is no longer given. In the case of any data collected to allow website service, this provision is met when the respective online session is completed. Personal data contained in the contact form and those sent via e-mail are deleted when the respective communication with the user has ended. The communication is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

 

Any additional personal data collected during the sending process will be deleted after a period of no longer than thirty days.

5.       The right of rebuttal and removal of data
The user has the possibility to revoke his consent for the processing of personal data at any time. If the user contacts us by e-mail, he or she may object to the storage of his or her personal data at any time. In such a case, communication cannot continue.

Otherwise, the user may revoke his consent for the processing of personal data at any time via post or telephone. You will find the contact details of the data protection officer in the header of this legal declaration.

In this case, all personal data stored in the course of communication will be deleted.

VIII.   The User’s Legal Rights
If your personal data is processed, you are the party concerned i.S.d. DSGVO and have the following rights with respect to the responsible party:

1.       Disclosure rights
You may ask the responsible party for confirmation if your personal data is being processed by us.

If such processing is being conducted, you can request information from the responsible party about the following information:

(1)           the purposes for which the personal data are being processed;

(2)           the categories of personal data that are being processed;

(3)           the recipients or categories of recipients to whom your personal data have been disclosed or are still being disclosed;

(4)           the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;

(5)           the right to have your personal data amended or deleted, a right to a restriction of processing by the responsible party or a right to object to such processing;

(6)           the right of appeal to a supervisory authority;

(7)           all available information on the source of the data if the personal data are not collected from the party in question;

(8)           the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data is or will be transferred to a third country or to an international organization. In this case, regarding the transfer, you can request the appropriate guarantees in accordance with Art. 46 GDPR.

2.       Right of amendment
You have the right to have the responsible party amend and/or complete your personal data if they are incorrect or incomplete. The responsible party must make the correction without delay.

3.       Right to restriction of processing
You may request a restriction of the processing of your personal data under the following conditions:

(1)           if you contest the accuracy of your personal information for a period of time that enables the responsible party to verify the accuracy of your personal information;

(2)           the processing is unlawful and you refuse to have your personal data deleted and instead request the restriction of use of the such data;

(3)           the responsible party  no longer requires your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4)           if you objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the responsible party prevail over your reasons.

If the processing of your personal data has been restricted, this data may only be used with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or an EU member state.

If in accordance with the reasons mentioned above the processing has been restricted, you will be informed by the responsible party before the restriction is lifted.

4.       Right of deletion
a)       Obligation for deletion
You may request the responsible party to delete your personal information without delay, and the responsible party is required to delete that information immediately if one of the following reasons is valid:

(1)           Your personal data is no longer necessary for the purposes for which they were collected or otherwise processed.

(2)           You revoke your consent to the processing according to Art. 6 §1 lit. a or Art. 9 §2 lit. DSGVO and there exist no other the legal basis for processing.

(3)           You object to the processing in accordance with Art. 21 §1 DSGVO and there are no overriding justifiable reasons for the processing, or you oppose processing in accordance with Art. 21 §2 DSGVO.

(4)           Your personal data has been processed unlawfully.

(5)           The deletion of your personal data is required to fulfill a legal obligation under European Union law or the law of the member states to which the responsible party is subject.

(6)           Your personal data was collected from offers by information services in accordance with Art. 8 (1) GDPR.

b)       Information to third parties
If the responsible party has made your personal data public and is obligated to delete them, in accordance with Article 17 (1) of the GDPR, the responsible party shall take appropriate measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have been identified as being affected, requesting deletion of any links to such personal data or of copies or replications of such personal data.

c)       Exceptions
The right of deletion of personal data does not exist if the processing is necessary

(1)           to exercise the right of freedom of expression and information;

(2)           to fulfill a legal obligation required by laws of the European Union or of its member states to which the responsible party is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the responsible party;

(3)           for reasons of public interest on the grounds of public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

(4)           for archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

(5)           to assert, exercise or defend legal claims.

5.       Information rights
 
If you have exercised your right of amendment, deletion or restriction of processing to the responsible party, he/she is obliged to notify all recipients to whom your personal data have been disclosed to of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to be informed by the responsible party over these recipients.

6.       Right of data transferability
You have the right to receive personally identifiable information you provide to the responsible party in a structured, established and machine-readable format. You also have the right to transfer this data to another responsible person without hindrance by the current responsible party, who is processing your personal data, providing that

(1)           the processing of a consent in accordance with Art. 6 §1 lit. a GDPR or Art. 9 §2 lit. a DSGVO or on a contract in accordance with Art. 6 §  1 lit. b DSGVO is based and

(2)           the processing is done using automated procedures.

In exercising this right, you also have the right to have your personal data be transmitted directly from one responsible party to another responsible party, as far as technically feasible. Freedoms and rights of other persons may not be thus affected.

The right of data transferability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the responsible party.

7.       Right of appeal
You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data, which ensued in accordance with Art. 6 §1 lit. e or f DSGVO; this also applies to profiling based on these provisions.

The responsible party will no longer process your personal data unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Notwithstanding of Directive 2002/58/EC, you have the option, in the context of the use of information services, of exercising your right to object through automated procedures that use technical specifications.

8.       Disclaimer rights to revoke data protection consent declaration
You have the right to revoke your consent to data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9.       Automated decision-making on a case-by-case basis, including profiling
You have the right not to be subjected to an exclusively automated processing--including profiling--that will have legal effect or likewise affect you in a similar manner. This does not apply if the decision

(1)           if it is required for the conclusion or performance of a contract between you and the responsible party,

(2)           is permissible on the basis of legislation of the European Union or its member states to which the responsible party is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3)           with your express consent.

However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g applies and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.

In reference to the cases referred to in (1) and (3), the responsible party shall take reasonable steps to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the responsible party, to express his/her own position and bear on challenge of the decision.

10.     Right to appeal to a regulatory authority
Without prejudice to any other administrative or legal redress, you shall have the right to appeal to a supervisory authority, in particular in the EU member state of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates DSGVO.

The regulatory authority to which the appeal has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.