Important News
We are pleased to present you the newly designed website.
read more

GDPR

(General Data Protection Regulation)

Data protection changes as of the 25th of Mai 2018

 

1 Name and address of the responsible party

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is the: 

Paul Wegener GmbH
Marienstraße 24
06493 Ballenstedt
Deutschland
Phone.: 039483–96-300 
E-Mail: info_at_paul-wegener.de
Website: www.paul-wegener.de

2 Name and address of the data protection officer

The data protection officer of the resposible party is:

Dennis Stepputat
Ritteröder Straße 7
06333 Hettstedt
Deutschland
Phone: (0049) 3476200181
E-Mail: d.stepputat_at_ciskom.de
Website: www.cisKom.de

3 General information on data processing

3.1 Scope of Personal Data Processing

As a matter of principle, we will only process your personal data to the extent necessary to provide a functional website and for our content and services. The processing of personal data of our users is carried out on a regular basis only with the consent of the user. Cases in which obtaining prior consent is impossible for practical reasons and in which the processing of such data is permitted by law are an exception to this. 

3.2 Legal basis for processing of personal data 

To the extent that we obtain the data subject's consent to process the personal data, our legal basis for processing personal data is provided in Article 6 paragraph 1 of the General Data Protection Regulation (GDPR). 


The processing of personal data necessary for the performance of a contract to which the data subject is party shall be carried out in accordance with Article 6 paragraph 1 b of the GDPR as the legal basis. This also applies to processing operations necessary to carry out pre-contractual operations.


Article 6, paragraph 1 of the GDPR serves as the legal basis of the processing of personal data insofar as the data controller is required to fulfill a legal obligation. 


In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6, paragraph 1 of the GDPR serves as the legal basis.


If processing is necessary in order to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Article 6, paragraph 1 of the GDPR serves as the legal basis for processing. 

3.3 Data deletion and storage duration

The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage ceases.  Storage may also be carried out where provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.The data shall be blocked or deleted even if a storage period prescribed by the said standards expires, unless there is a need for further storage of the data for the conclusion of a contract or for fulfilment of a contract.

4 Provision of the website and creating log files

4.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data are collected:
a. Information about the browser type and version used
b. The user's operating system
c. The user’s Internet service provider 
d. The user’s IP address
e. Date and time of access
f. Websites from which the user’s system enters our website 
g. Websites accessed by the user’s system via our website 
The data are also stored in the logfiles of our system. These data are not stored together with other personal data of the user.

4.2 Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Article 6, paragraph 1 of the GDPR. 

4.3 Purpose of data processing

Temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. 

Storage in logfiles is done to ensure the functionality of the website. In addition, the data are used to optimize the website and to ensure the security of our information technology systems. In this context, no evaluation of the data for marketing purposes takes place. 

For these purposes, we also have a legitimate interest in data processing according to Article 6 paragraph 1 of the GDPR.

4.4 Storage duration

The data shall be deleted as soon as they are no longer necessary to achieve the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the respective session is finished.

In case of storing data in logfiles, this is the case after seven days at the latest. Extended storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that assignment of the calling client is no longer possible.

4.5 Option for objection and removal

The collection of data for the provision of the website and the storage of data in logfiles is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user

5 Use of cookies

5.1 Description and scope of data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or the Internet browser on the computer system of the user. If a user calls a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string that allows the browser to be clearly identified when it is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. 
The following data are stored and transmitted in the cookies:
a. Language settings
b. Items in a shopping basket
c. Log-in information
We also use cookies on our website to analyse the surfing behaviour of users.

In this way, the following data can be transmitted:
a. Search terms entered
b. Frequency of page views
c. Use of website functions
The data of the users thus collected shall be pseudonymised by technical arrangements. It is therefore no longer possible to assign the data to the calling user. The data are not stored together with other personal data of the users. When calling up our website, users are informed about the use of cookies for analysis purposes by means of an information banner and are referred to this privacy statement. In this context, it is also indicated how the storage of cookies in the browser settings can be prevented.

5.2 Legal basis for data processing

The legal basis for processing personal data using cookies is Article 6, paragraph 1 of the GDPR. The legal basis for processing personal data using technically necessary cookies is Article 6, paragraph 1 of the GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is of a kind where the user has given his consent - Article 6, paragraph 1 of the GDPR.

5.3 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be provided without the use of cookies. For this it is necessary that the browser is recognized even after a page change. 

We need cookies for the following applications:
a. Shopping basket
b. Adoption of language settings
c. Remembering search terms
The user data collected through technically necessary cookies are not used for creating user profiles. The analysis cookies are used to improve the quality of our website and its contents. Through the analysis cookies we learn how the website is used and thus can continuously optimize our offer. For these purposes, our legitimate interest also lies in the processing of personal data subject to Article 6, paragraph 1 of the GDPR.

5.4 Duration of storage, option of objection and disposal

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full. The transmission of Flash cookies cannot be prevented by the browser settings, but by changing the settings of the Flash Player.

6 Newsletter

6.1 Description and scope of data processing

On our website you can subscribe to a free newsletter. When registering for the newsletter, the data from the input mask are transmitted to us. 

In addition, the following data shall be collected at the time of notification: 
a. IP address of the accessing computer
b. Date and time of registration
To process the data, your consent will be obtained during registration process and referred to this privacy statement. If you purchase goods or services on our website and deposit your e-mail address, this can subsequently be used by us for sending a newsletter. In such a case, only direct advertising for own similar goods or services will be sent via the newsletter. In connection with data processing for sending newsletters, the data are not passed on to third parties. The data will only be used for sending the newsletter. 

6.2 Legal basis for data processing

The legal basis for data processing after registration for the newsletter by the user is Article 6, paragraph 1 of the GDPR if the user has given his consent. 

The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 section 3 of the Unfair Competition Act.

6.3 Purpose of data processing

The purpose of collecting the user's e-mail address is to deliver the newsletter. The purpose of collecting other personal data in the context of the registration process is to prevent misuse of the services or the e-mail address used.

6.4 Storage duration

The data shall be deleted as soon as they are no longer necessary to achieve the purpose of their collection. The e-mail address of the user is thus stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will normally be deleted after a period of seven days.

6.5 Option of objection and disposal

The subscription to the newsletter can be cancelled at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter. This also makes it possible to revoke the consent of the storage of the personal data collected during registration process.

7 Registration

7.1 Description and scope of data processing

On our website, we offer users the opportunity to register with personal data. The data are entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data are collected during the registration process: 

The following data shall also be stored at the time of registration: 
a. The user's IP address
b. date and time of registration
As part of the registration process, the user’s consent to the processing of this data is obtained.

7.2 Legal basis for data processing

The legal basis for data processing is Article 6, paragraph 1 of the GDPR if the user has given his consent. If registration is intended to fulfil a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Article 6, paragraph 1 of the GDPR.

7.3 Purpose of data processing

Registration of the user is required for the provision of certain content and services on our website. Registration of the user is necessary for fulfilling a contract with the user or for carrying out pre-contractual measures. 

7.4 Storage duration

The data shall be deleted as soon as they are no longer necessary to achieve the purpose of their collection. This is the case for the data collected during the registration process when the registration on our website is cancelled or modified. This is the case for the performance of a contract or for the implementation of pre-contractual measures during the registration process when the data are no longer necessary for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store the contractual partner’s personal data to fulfil contractual or legal obligations.

7.5 Option of objection and disposal

As a user you have the option to cancel the registration at any time. You can change the data stored about you at any time. If the data are necessary for the performance of a contract or for carrying out pre-contractual measures, premature deletion of the data is possible only insofar as contractual or legal obligations prevent deletion.

8 Contact form and e-mail contact

8.1 Description and scope of data processing

On our website there is a contact form which can be used for making contact electronically. If a user makes use of this option, the data entered in the input mask shall be transmitted to us and stored. These data are:
The following data shall also be stored at the time of sending the message: 
a. The user's IP address
b. Date and time of registration
To process the data, your consent will be obtained during the sending process and referred to this privacy statement. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail are stored. In this context, the data will not be passed on to third parties. The data is used exclusively for the processing the conversation.

8.2 Legal basis for data processing

The legal basis for data processing is Article 6, paragraph 1 of the GDPR if the user has given his consent. The legal basis for processing the data transmitted in the course of an e-mail is Article 6, paragraph 1 of the GDPR. If the purpose of e-mail contact is to conclude a contract, the additional legal basis for processing is Article 6, paragraph 1 of the GDPR.

8.3 Purpose of data processing

The processing of the personal data from the input mask serves only for the purpose of processing the contact. In the event of contact by e-mail, the necessary legitimate interest in the data processing shall also prevail. The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

8.4 Storage duration

The data shall be deleted as soon as they are no longer necessary to achieve the purpose of their collection. For the personal data from the input mask of the contact form and those which have been sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be concluded from the circumstances that the situation in question is finally resolved. The additional personal data collected during the dispatch process shall be deleted at the latest after a period of seven days.

8.5 Option of objection and disposal

The user can revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case. 

9 Web analysis by Matomo (in former times PIWIK)

9.1 Scope of Personal Data Processing

On our website we use the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the users' computer (see description on cookies above). If individual pages of our website are accessed, the following data will be stored: 
a. Two bytes of the IP address of the user's calling system
b. The accessed website
c. The website from which the user has accessed the website (referrer)
d. The sub-pages accessed from the accessed website 
e. The length of time spent on the website
f. The frequency of the website call 
The software exclusively runs on the servers of our website. The personal data of the users are only stored there. A data transfer to third parties does not take place. The software is set in such a way that IP addresses are not completely stored, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

9.2 Legal basis for processing personal data

The legal basis for processing users' personal data is Article 6, paragraph 1 of the GDPR.

9.3 Purpose of data processing

The processing of the users' personal data enables us to analyse the surfing behaviour of our users. We are able to compile information about the use of the individual components of our website by evaluating the data collected. This helps us to improve our website and its user-friendliness constantly. For these purposes, we also have a legitimate interest in processing the data referred to in Article 6, paragraph 1 of the GDPR. The anonymisation of the IP address shall take sufficient account of the interest of users in the protection of their personal data.

9.4 Storage duration

The data will be deleted as soon as they are no longer needed for our recording purposes. In our case, this is the case after 60 days. 

9.5 Option of objection and disposal

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.

10 Rights of the data subject

The following list includes all rights of the parties concerned under the GDPR. Rights that have no relevance for your website need not to be mentioned. In this respect, the list may be reduced. If your personal data are processed, you are a person concerned according to the GDPR and you have the following rights in relation to the controller. 

10.1 Right to be informed

You may request confirmation from the controller whether personal data concerning you will be processed by us. If such processing is carried out, you can request details of the following information from the controller.

a. the purposes for which the personal data are processed,

b. the categories of personal data that are processed, 

c. the recipients or the categories of recipients to whom the personal data concerning you have been disclosed or are yet to be disclosed,

d. the intended storage duration of the personal data relating to you or, if specific information is not available, criteria for determining the storage period,

e. the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller or a right of objection to such processing,

f. the existence of a right of appeal with a supervisory authority,

g. all available information on the origin of the data if personal data are not collected from the data subject,

h. the existence of automated decision-making including profiling in accordance with Article 22, paragraph 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing on the data subject. You have the right to request information as to whether the personal data relating to you are transferred to a third country or to an international organisation. In this context, you may request the appropriate guarantees in accordance with Article 46 GDPR in connection with transmission. 

This right of access may be limited in so far as it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

10.2 Right to rectification

If personal data processed concerning you are incorrect or incomplete, you have a right to correction and/or completion with regard to the controller. The controller shall make the correction without delay. Your right to rectification may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and that the limitation is necessary for the fulfilment of the research or statistical purposes.

10.3 Right to restriction of processing

Subject to the following conditions, you may request that processing of your personal data shall be restricted:

a. if you deny the correctness of the personal data relating to you for a period that allows the controller to verify the correctness of the personal data,

b. the processing is unlawful and you refuse to delete the personal data and request the restriction of the use of personal data instead, 

c. the controller no longer needs the personal data for the purpose of processing, but you need them to assert, exercise or defend legal claims; or

d. if you object to processing in accordance with Article 21, paragraph 1 GDPR and it is not yet known whether the justified reasons of the person responsible outweigh those of you.

If the processing of the personal data relating to you has been restricted, these data - apart from their storage - may only be used with your consent or for enforcement, the exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. 

If the restriction on processing has been restricted according to the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

Your right to restrict processing may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and to restrict the performance of the research or statistical purposes is necessary.

10.4 Right to deletion

a. Deletion duty

You can require from the person responsible that the personal dates concerning you are immediately deleted, and the person responsible is obliged to delete immediately these data, provided that one of the following reasons applies: 

a. The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.

b. You revoke your consent, to which the processing according to Article 6, paragraph 2 of the GDPR is supported and there is no other legal basis for processing.

c. According to Article 21, paragraph 1 of the GDPR, you lodge objection to processing and there are no overriding legitimate grounds for processing, or according to Article 21, paragraph 2 of the GDPR, you lodge objection to processing.

d. The personal data relating to you have been unlawfully processed.

e. The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.

f. The personal data relating to you has been collected in relation to the information society services provided in accordance with Article 8, paragraph 1 of the GDPR.

g. Information to third parties

If the controller has made the personal data relating to you public, it is in accordance with Article 17 pargraph 1 of the GDPR, taking into account the available technology and the costs of implementation, shall take appropriate measures, including technical measures, to ensure that data controllers who process the personal data are informed, that you, as a data subject, have requested from them the deletion of all links to such personal data or copies or replications of such personal data.

c. Exceptions

The right of deletion does not exist where processing is necessary.

a. on the exercise of freedom of expression and information,

b. to fulfil a legal obligation requiring processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or which takes place in the exercise of official authority, which has been assigned to the controller,

c. for reasons of public interest in the area of public health in accordance with Article 9, paragraph 2 (h) and (i) and Article 9, paragraph 3 of the GDPR. 

d. for archival, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Article 89, paragraph 1 of the GDPR where the law referred to in section a) is likely to render impossible or seriously impede the achievement of the objectives of such processing, or

e. for the enforcement, exercise or defence of legal claims. 

10.5 Right to be informed

If you assert the right to rectification, deletion or limitation of processing against the controller, the controller shall be obliged to inform all recipients to whom the personal data concerning you have been disclosed, to notify this rectification or deletion of data or limitation of processing, unless this proves to be impossible or entails a disproportionate burden. You shall have the right to be informed about these recipients.

10.6 Right to data transferability

You have the right to obtain the personal data, you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transmit these data to another controller without hindrance by the controller to whom the personal data have been provided, provided that:

a. processing on consent in accordance with Article 6 paragraph 1 paragraph a of the GDPR or Article 9 paragraph 2 paragraph a of the GDPR or on a contract in accordance with Article 6 paragraph 1 paragraph b of the GDP, and

b. the processing is carried out by automated means.

In the exercise of this right, you also have the right to obtain that the personal data concerning you are directly transferred by one controller to another controller, insofar as this is technically feasible. This shall not prejudice the freedoms and rights of other persons. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.

10.7 Right of objection

You have the right, for reasons arising from their particular situation, to object at any time to the processing of the personal data concerning you, which is based on Article 6, paragraph 1, paragraph e or f of the GDPR, this also applies to profiling based on these provisions. The controller no longer processes the personal data relating to you, unless he can prove compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercising or defending legal claims. If the personal data relating to you are processed in order to conduct direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling, in so far as it is related to such direct mail. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You may exercise your right of appeal in connection with the use of information society services - notwithstanding the Directive 2002/58/EC - by means of automated procedures using technical specifications. You also have the right, for reasons arising from your particular situation, in the processing of personal data concerning you, which are used for scientific or historical research purposes or for statistical purposes pursuant to Article 89, paragraph 1 of the GDPR is intended, to contradict it. Your right of appeal may be limited in so far as it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

10.8 Right of withdrawal of the data protection consent declaration

You have the right to withdraw your privacy consent statement at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

10.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effects against you or which similarly significantly affects you. This shall not apply if a decision:

a. is necessary for the conclusion or performance of a contract between you and the controller

b. is permitted by Union or Member State legislation to which the controller is subject, and that legislation includes appropriate measures to safeguard your rights and freedoms and your legitimate interests or

c. is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 paragraph 1 GDPR, unless Article 9 paragraph 2 letter a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. In respect of the cases referred to in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to seek the intervention of a person by the controller; upon presentation of its own position and upon challenge of the decision.

10.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of presumed infringement; if you believe that the processing of personal data concerning you is contrary to the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Privacy Policy according to GDPR: d.stepputat(at)ciskom.de