Data Protection Policy

Data protection declaration according to GDPR

 

I.   Name and address of the controller

The controller within the meaning of the European General Data Processing Regulation and other national data protection laws of the Member States and miscellaneous provisions of data protection law is:

Orm Bergold Chemie GmbH & Co. KG
Daimlerstr.2-4
44805 Bochum
Deutschland

Telefon: 0234/87908-0
E-Mail: OBC@safetykleen.eu
Website: www.safetykleen.eu/de/orm-bergold

II.   Name and address of the data protection coordinator

The controller’s data protection coordinator is:

TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy
Langemarckstraße 20
45141 Essen

Telefon: 0201 / 8999-899
Telefax: 0201 / 8999-666
E-Mail: privacyguard@tuvit.de

III.  General points of data processing

1. 1. Scope of the processing of personal data

As a matter of principle, we only record and process our users’ personal data to the extent that this is necessary for provision of a functional website and our contents and services. Recording and use of our users’ personal data is regularly only done following consent by the user. An exception exists in cases in which prior obtaining of consent is not possible for factual reasons and processing of the data has been allowed by statutory directives.

2. Legal foundation of the processing of personal data

To the extent that we obtain consent from the data subject for processing procedures of personal data, Art. 6 subparagraph 1 lit. a European General Data Protection Regulation (GDPR) serves as the legal foundation for the processing of personal data.
To the extent that processing of personal data is necessary to fulfil a legal obligation to which our enterprise is subject, Art. 6 subparagraph 1 lit. c GDPR serves as the legal foundation.
To the extent that processing of personal data is necessary for fulfilment of a legal obligation to which our enterprise is subject, Art. 6 subsection 1 lit. c GDPR serves as the legal foundation.
If processing is necessary to attend to a legitimate interest of our enterprise or of a third party and if the data subject’s interests, underlying rights and underlying freedoms do not prevail over the former interest, Art. 6 subsection 1 lit. f GDPR serves as the legal foundation for the processing of personal data.

3. Data erasure and duration of storage

The data subject’s personal data are erased or blocked as soon as the purpose of the storage no longer exists. Storage can be possible in excess of this if this has been provided for by European or national legislations in regulations, acts or other directives of Union law to which the controller is subject. Blockage or erasure of the data is also done if the storage period prescribed by the aforementioned norms expires, unless the necessity for further storage of the data for the conclusion or the performance of a contract exists.

IV. Provision of the website and production of log files

1. Description and scope of the data processing

Each time our internet site is accessed, our system automatically stores data and information from the computer system of the accessing computer.

The following data are recorded in this context:

  • Information about the browser type, language and the version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Access status/HTTP status code
  • Quantity of data transmitted in each case
  • Date and time of the access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (specific site)
  • Websites from which the user’s system accesses our internet site
  • Websites access by the user’s system via our website

The data are also stored in our system’s log files. Storage of these data together with the user’s other personal data does not take place.

2. Legal foundation for the data processing

The legal foundation for the temporary storage of the data and the log files is Art. 6 subparagraph 1 lit. f GDPR.

3. Purpose of the data processing

Temporary storage of the IP address by the system is necessary in order to enable supply of the website to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place in order to ensure the website’s functionality. In addition, the data help us to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this connection.

These purposes also entail our legitimate interest in the data processing according to Art. 6 subparagraph 1 lit. f GDPR.

4. Duration of the storage

The data are erased as soon as they are no longer necessary for achievement of the purpose of their recording. In the event of recording of the data for provision of the website, this is the case when the session in question has ended.
In the event of storage of the data in log files, this is the case after seven days at the latest. Storage exceeding this is possible. In this case, the users’ IP addresses are erased or alienated with the result that assignment of the accessing client is no longer possible

5. Possibility of objection and removal

Recording of the data for provision of the website and the storage of the data in log files are absolutely necessary for the provision of the internet site. Consequently, there is no possibility of an objection on the part of the user.

V. Use of Cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic sequence of characters making unambiguous identification of the browser possible when the website is accessed again.

We use cookies in order to make our website more user-friendly. Some elements of our internet site make it necessary that the accessing browser can also be identified after a change of the site.
The following data are stored and transmitted in the cookies in this context:

  • Language settings
  • Log-In-Informationen

We additionally use cookies on our website making an analysis of the user’s surfing behaviour possible.
In this way, the following data can be transmitted:

  • Search terms entered
  • Frequency of accesses to the site
  • Use of website functions

The users’ data recorded in this way are pseudonymised by technical measures. For this reason, allocation of the data to the user accessing the site is no longer possible. The data are not stored together with the users’ other personal data.

When our website is accessed, the users are informed about the use of cookies for analysis purposes and reference is made to this data protection declaration by an info banner. In this context, there is also reference to the way in which the storage of cookies can be prevented in the browser settings.

2. Legal foundation for the data processing

The legal foundation for the processing of personal data with use of cookies is Art. 6 subparagraph 1 lit. f GDPR.

3. Purpose of the data processing

The purpose of the use of technically necessary cookies is making the use of websites easier for the users. Some functions of our internet site cannot be offered without the use of cookies. For them, it is necessary for the browser to be recognised again even after a change of site.

We need cookies for the following applications:

  • Taking over language settings
  • Remembering search terms

User data recorded by technically necessary cookies are not used for the production of user profiles.

Google Analytics:

As part of the web presence of Safetykleen Europe, this website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files which are stored on your computer and enable an analysis of the use of the website by you. The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there as a rule. As a result of the activation of IP anonymisation on this website, your IP address is however curtailed beforehand within member states of the European Union or in other contracting states of the European Economic Area Treaty. Only in exceptional cases is the entire IP address transmitted to a Google server in the USA and curtailed there. By our order, Google will use this information in order to evaluate your use of the website, to put together reports about the website activities and in order to render further services connected with the use of the website for us. The IP address transmitted by your browser within the framework of Google Analytics is not put together with other data from Google.

You can prevent storage of the cookies by a matching setting of your browser software; however, we point out that you will possibly not be able to make complete use of all the functions of this website in this case. In addition, you can also prevent the recording of the data generated by the cookie and relative to your use of the website (incl. your IP address) by Google and the processing of these data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Safetykleen Europe uses Google Analytics to be able to analyse use of our website and to improve it regularly. With the statistics obtained, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data are transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework . The legal foundation for the storage of the cookies is the consent granted (Art. 6 subsection 1 sentence 1 lit. a GDPR). Further evaluation of the data recorded by means of Google Analytics is done for a period of two years on the basis of Art. 6 subsection 1 sentence 1 lit. f GDPR.

You can find more information on this at http://tools.google.com/dlpage/gaoptout?hl=de  and general information on Google Analytics and data protection at https://www.google.de/intl/de/policies/privacy/

You yourself can control whether cookies are even stored by not accepting any cookies or only accepting them following a request or you can stipulate that cookies are deleted after each closing of the browser. Please remember that the usability of certain services or of the portal may be limited and that certain services or parts of the portal only function correctly in connection with the setting of cookies.

These purposes also entail our legitimate interest in the processing of the data according to Art. 6 subsection 1 lit. f GDPR.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted to our site by it. For this reason, you as the user also have complete control over the use of cookies. By a change of the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies which have already been stored can be deleted again at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all the functions of the website can be used completely any more.  

5. Involvement of external service providers
Google-Maps:

On this website, we use the offer of Google Maps, a further offer of the firm of Google, Inc. This has the purpose of showing you interactive maps on the website and enabling easy finding of the locations stated by us on the website and comfortable use of the map function.

This application is accessed directly from servers of the firm of Google, with the result that the enterprise receives the IP address assigned to you. Through your visit to the website, Google is given the information that you have accessed the matching sub-page of our website. Whether and to what scope and for what period the IP address is stored and used internally by Google is unknown to us. The legal foundation for the inclusion of this service is Art. 6 subsection 1 sentence 1 lit. f GDPR..

If you have registered with a Google service, Google can allocate the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that Google stores your IP address and uses it for profile formation. Google stores the data collected about you as use profiles and uses them for purposes of advertising, market research and/or design of its website matching requirements. Such an evaluation is in particular done (also for users who are not logged in) to show advertising matching requirements and to inform other users of the social network of your activities on our website. You have a right of objection to the formation of these user profiles with Google.

We point out that data processing by Google can also take place outside the EU/EEA. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework . You can find further information on data protection at Google under http://www.google.de/intl/de/policies/privacy/

6. Incorporation of social networks

Our website uses buttons for each of the social networks

  • Google Plus (Google+), Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA      
  • LinkedIn Ireland, Attn: Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Irland

The buttons have been marked with the logo of the social network in question. However, this is not a question of the customary social plug-ins, but of buttons with deposited links. The buttons have to be activated separately by you by a click (clicked). As long as these buttons are not clicked, no data are transmitted to the social networks. Only when you click on the buttons and thus declare your consent for communication with the social network’s servers do the buttons become active and the connection is brought about.

After clicking, the button is equivalent to a so-called share plug-in. The social network is provided with information about the site visited, which you can share with your contacts in the social network. If you wish to “share” the information, you must have logged in. If you have not logged in, you land on the start page of the social network which you have clicked and you are no longer on the pages of tuev-nord.de. If you have logged in, the information that you would like to recommend the article in question is transmitted.

Activating the button means that the social networks then receive the information, amongst other things, that and when you access the page of our internet appearance in question, in addition, e.g., your IP address, information on the browser used and on the language settings. If you click the button, your click is transmitted to the social network and used according to its data use guidelines. The purpose and scope of the data collection and the further processing and use of the data by the social network in question and your rights and possibilities of settings in this regard for the protection of your private sphere can be seen from the information:

7. Hyperlinks to other providers' websites

We have set links to other providers' websites on our website. We are not responsible for the data processing on these websites. You can see how the providers in question handle data protection from their data protection provisions.

VI. Contact form and e-mail contact

1. Description and scope of the data processing

Our internet site contains a contact form which can be used for contacts. If a user makes use of this possibility, the data entered in the input mask are transmitted to us and stored. These data are:

  • Company name
  • First name and surname
  • E-mail address
  • Field of work
  • Postcode, town
  • Telephone
  • Subject complex and message
  • Code for possible approval of a contact

At the time of dispatch of the message, the following data are also stored:

  • Company name
  • First name and surname
  • E-mail address
  • Field of work
  • Postcode, town
  • Telephone
  • Subject complex and message
  • Code for possible approval of a contact
  • The user's IP address
  • Language setting
  • Date and time of the registration
  • Code for possible approval of a contact

Your consent for the processing of the data is obtained and reference is made to this data protection declaration within the framework of the dispatch procedure. As an alternative, contact via the e-mail address provided is possible. In such a case, the user’s personal data transmitted with the e-mail are stored. In this context, there is no forwarding of the data to third parties. The data are exclusively used for the processing of the conversation.

2. Legal foundation for the data processing

If the user’s consent exists, the legal foundation for the processing of the data is Art. 6 subparagraph 1 lit. a GDPR.

The legal foundation for the processing of the data transmitted in the course of the dispatch of an e-mail is Art. 6 subparagraph 1 lit. f GDPR. If the e-mail contact aims for the conclusion of a contract, the additional legal foundation for the processing is Art. 6 subparagraph 1 lit. b GDPR.

3. Purpose of data processing

Processing of the personal data from the input mask merely helps us to process the contact. In the event of a contact by e-mail, this also entails the necessary legitimate interest in the processing of the data.
The other personal data processed during the dispatch procedure serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of the storage

The data are erased as soon as they are no longer necessary for achievement of the purpose of their recording. This is the case for the personal data from the input mask of the contact form and for those transmitted by e-mail when the conversation in question with the user has ended. The conversation has ended when the circumstances give rise to the conclusion that the facts of the matter in question have been finally clarified.

The personal data additionally recorded during the dispatch procedure are deleted after a period of seven days at the latest.

5. Possibility of objection and removal

The user has the possibility of withdrawing his consent for the processing of the personal data at any time. If the user gets in touch with us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

For this, please send an e-mail with the details of your inquiry to the mail address: GDPR_OBC@safetykleen.eu

All personal data stored in the course of the contact are erased in this case.

VII. The data subject’s rights

If personal data of yours are processed, you are the data subject within the meaning of the GDPR and the following rights accrue to you vis-à-vis the controller:

1. Right to information

You can demand a confirmation from the controller about whether personal data concerning you are processed by us.

If such a processing exists, you can demand information about the following facts from the controller:

  • the purposes for which the personal data are processed;  
  • the categories of personal data which are processed;
  • the recipients and the categories of recipients to whom the personal data concerning you are disclosed or will be disclosed in future;
  • the planned duration of storage of the personal data concerning you or, if no specific information is possible on this, criteria for the stipulation of the duration of storage;
  • the existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of the processing by the controller or the right of objection to this processing;
  • the existence of a right of complaint to a supervisory authority;
  • all available information about the origin of the data if the personal data are not recorded from the data subject;
  • the existence of an automated decision-making including profiling according to Art. 22 subparagraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the implications and the intended effects of such a processing for the data subject.

You have the right to demand information about whether the personal data concerning you are transmitted to a third country or to an international organisation. In this context, you can demand to be informed about the suitable guarantees according to Art. 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right vis-à-vis the controller to rectification and/or completion to the extent that the processed personal data concerning you are incorrect or incomplete. The controller must make the rectification without undue delay.

3. Right to restriction of the processing

You can demand restriction of the processing of the personal data concerning you under the following preconditions:

  • if you dispute the correctness of the personal data concerning you for a term making it possible for the controller to verify the correctness of the personal data;
  • processing is unlawful and you reject erasure of the personal data and instead demand restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of the processing, but you need them to establish, to exercise or to defend legal claims, or
  • if you have made an objection to the processing according to Art. 21 subparagraph 1 GDPR and it is not yet clear whether the controller’s legitimate reasons prevail over your reasons.

If the processing of the personal data concerning you has been restricted, these data - apart from their storage - may only be processed with your consent to establish, exercise or defend legal claims or to protect the rights of another legal or natural entity or for reasons of an important public interest of the Union or of a Member State.

If the restriction of the processing has been limited according to the aforementioned preconditions, you will be informed by the controller before the restriction is rescinded.

4. Right to erasure

a) Erasure duty

You can demand that the controller erases the personal data concerning you without undue delay and the controller is obliged to erase these data without delay to the extent that one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they have been recorded or processed in any other way.
  • You withdraw your consent on which the processing was based according to Art. 6 subparagraph 1 lit. a or Art. 9 subparagraph 2 lit. a GDPR and there is no other legal foundation for the processing.
  • You make an objection to the processing according to Art. 21 subparagraph 1 GDPR and there are no prevailing legitimate reasons for the processing, or you make an objection to the processing according to Art. 21 subparagraph 2 GDPR.
  • The personal data concerning you have been processed unlawfully.
  • Erasure of the personal data concerning you is necessary for fulfilment of a legal obligation according to Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you have been recorded with a view to services offered by the information society according to Art. 8 subparagraph 1 GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public or if he is obliged to erase them according to Art. 17 subparagraph 1 GDPR, he shall take suitable measures, also of a technical nature, taking the available technology and the costs of implementation into due account, in order to inform the persons responsible for data processing who are processing the personal data about the fact that you as the data subject have demanded erasure of all the links to these personal data or of copies or replications of these personal data from them.

c) Exceptions

The right to erasure shall not exist to the extent that processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfil a legal obligation which requires processing according to the law of the Union or of the Member States to which the controller is subject or for attending to a task which is in the public interest or is done in exercising public authority which has been assigned to the controller;
  • for reasons of the public interest in the area of public health according to Art. 9 subparagraph 2 lit. h and i and also Art. 9 subparagraph 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 subparagraph 1 GDPR, to the extent that the right stated under Section a) prospectively makes implementation of the purposes of this processing impossible or severely impairs it, or
  • to establish, to exercise or to defend legal claims.
5. Right to information

If you have claimed the right to rectification, erasure or restriction of processing from the controller, the latter is obliged to inform this rectification or erasure of the data or restriction of the processing to all the recipients to whom the personal data concerning you have been disclosed, unless this proves to be impossible or is connected with disproportionately great efforts. The right to be informed about these recipients accrues to you vis-à-vis the controller.

6. Right to data portability

You have the right to receive the personal data concerning you which you have provided to the controller in a structured, customary and machine-readable format. In addition, you have the right to transmit these data to another controller without impediment by the controller to whom the personal data have already been transmitted, provided

  • processing is based on a consent pursuant to Art. 6 subparagraph 1 lit. a GDPR or Art. 9 subparagraph 2 lit. a GDPR or on a contract pursuant to Art. 6 subparagraph 1 lit. b GDPR and
  • the processing is done by means of automated procedures. 

When exercising this right, you further have the right to have the personal data concerning you transmitted directly from one controller to another controller to the extent that this is technically feasible. Freedoms and rights of other persons may not be impaired by this. The right to data portability does not apply to a processing of personal data which is necessary in order to attend to a task which is in the public interest or is done when exercising public authority which has been assigned to the controller.

7. Right of objection

You have the right to make an objection to the processing of the personal data concerning you which is done on the basis of Art. 6 subparagraph 1 lit. e or f GDPR at any time for reasons which result from your particular situation; this also applies to a profiling based on these provisions.
The controller no longer processes the personal data concerning you unless he can prove cogent reasons for the processing worthy of protection which prevail over your interests, rights and freedoms, or the processing serves establishment, exercising or defending of legal claims.
If the personal data concerning you are processed for purposes of direct advertising, you have the right to make an objection to the processing of the personal data concerning you for the purpose of such advertising at any time; this also applies to the profiling to the extent that it is connected with such direct advertising.
If you object to the processing for the purpose of direct advertising, the personal data concerning you shall no longer be processed for these purposes.
Notwithstanding Regulation 2002/58/EC, you have the possibility of exercising your right of objection in connection with the use of information society services by means of automated methods in which technical specifications are used.

8. Right to withdrawal of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The lawfulness of the processing done on the basis of the consent until the withdrawal is not affected by the withdrawal of the consent.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based on exclusively automated processing - including profiling - which develops a legal effect against you or considerably impairs you in a similar way. This does not apply if the decision

  • is necessary for the conclusion or the performance of a contract between yourself and the controller,
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or
  • is made with your explicit consent. 

However, these decisions may not be based on certain categories of personal data according to Art. 9 subparagraph 1 GDPR, to the extent that Art. 9 subparagraph 2 lit. a or g does not apply and suitable measures for the protection of the rights and freedoms and your legitimate interests have been taken.
With a view to the cases stated in (1) and (3), the controller takes suitable measures in order to attend to the rights and freedoms and also your legitimate interests, which includes at least the right to achieve intervention by a person on the part of the controller, to portrayal of your own point of view and to contestation of the decision.

10. Right to complain to a supervisory authority

Notwithstanding any other administrative law or judicial remedy, you also have the right to a complaint to a supervisory authority, in particular in the Member State of your place of residence, your workplace or the place of the assumed breach, if you are of the opinion that the processing of the personal data concerning you breaches the GDPR.

The supervisory authority to which the complaint has been sent notifies the complainant about the status and the outcome of the complaint, including the possibility of an effective judicial remedy according to Art. 78 GDPR.


Orm Bergold InfoPoint

Link: Imprint

Link: Privacy

A fast Feedback needed? T: +49 234 / 879080

just simple by Phone, Request Form or Mail