A. Privacy policy in accordance with the GDPR
I. Introduction
Thank you very much for useing our App and for your interest in our company as well as our products and services. Protecting your personal data upon collection, processing and use on occasion of your visit to our App is an important concern for us.
This privacy policy provides information about which data we collect during your visit to this App and how we use said data. Some of that data that we store on our server is data that you are providing to us voluntarily by filling out forms, while other data is stored automatically in the context of registration and system usage.
We do not collect any data that allows for determining the identity of the individual visitor unless you yourself transmit your personal data in the context of the registration for a closed user group. Furthermore, we do not use any technological aids geared toward the identification of visitors.
II. Name and address of the Controller
The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other provisions under data protection law is:
Dr. Hahn GmbH & Co. KG
Trompeterallee 162-170
D-41189 Mönchengladbach
Germany
Tel.: +49 (0) 2166-954-3
E-mail: vertrieb@dr-hahn.de
Website: www.dr-hahn.eu
III. Name and address of the Data Protection Officer
The Data Protection Officer of the Controller can be reached at:
Tel.: +49 241 47433-21
E-mail: dr-hahn@unser-datenschutz.de
IV. General information regarding data processing
a. Scope of the processing of personal data
On principle, we collect and use the personal data of our users only to the extent that this is necessary for providing a functional App as well as our contents and services. The collection and utilisation of the personal data of our users is carried out regularly only after having received the user’s consent. An exception applies in such cases in which a prior obtaining of consent is not possible for factual reasons and where the processing of the data is permitted by statutory regulations.
b. Legal basis for the processing of personal data
To the extent that we obtain a declaration of consent of the data subject for the processing operations of personal data, Art. 6 Par. 1 Lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data.
In case of the processing of personal data that is required for the fulfilment of a contract to which the data subject is a contractual party, Art. 6 Par. 1 Lit. b GDPR serves as legal basis. This shall also apply to processing operations that are necessary for the carrying out of pre-contractual measures.
To the extent that a processing of personal data is required for the fulfilment of a contractual obligation that our company is subject to, Art. 6 Par. 1 Lit. c GDPR serves as legal basis.
In case vital interests of the data subject or of another natural person make a processing of personal data necessary, Art. 6 Par. 1 Lit. d GDPR serves as legal basis.
If the processing is necessary for maintaining a legitimate interest of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 Par. 1 Lit. f GDPR serves as legal basis for the processing.
c. Data erasure and duration of storage
The personal data of the data subject will be erased or restricted as soon as the purpose of storage no longer exists. A storage can, furthermore, be performed if this is provided for by the European or national legislatures in rules, laws, or other regulations under European Union law applicable to the Controller. A restriction or erasure of the data is also performed if a storage period prescribed by the specified standards expires unless a necessity exists for further storage of the data for conclusion or fulfilment of a contract.
V. Provision of the App and creation of log files
a. Scope of the processing of personal data
Each time the App is called up, our system automatically collects data and information from the computer system calling it up. During this process, the following data are collected:
The data is also stored in the log files of our system. This does not apply to the IP addresses of the user or other data that allows for an attribution of the data to a user. A storage of this data together with other personal data of the user does not take place.
b. Legal basis for the data processing
Legal basis for the temporary storage of the data is Art. 6 Par. 1 Lit. f GDPR.
c. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to make possible a delivery of the App to the user’s computer. To effect this, the user’s IP address must remain stored for the duration of the session. This also constitutes our legitimate interest in accordance with Art. 6 Par. 1 Lit. f GDPR.
d. Duration of storage
The data will be erased as soon as they are no longer necessary for achieving the purpose for which they were collected. In case of collection of the data for provision of the App, this is the case once the respective session has ended.
e. Option to object and remove
The collection of the data for the provision of the App and the storage of the data in log files is mandatorily required for the operation of the App. Therefore, no option to object exists for the user.
VI. Rights of the data subject
If personal data concerning you is being processed, you are the data subject within the meaning of the GDPR and the following rights are available to you against the Controller:
a. Right of Access
You may demand from the Controller a confirmation regarding whether personal data concerning you are being processed by us.
If such a processing is the case, you shall have the right to demand access to the following information from the Controller:
You shall have the right to demand information whether the personal data that related are transferred to a third country or to an international organisation. In connection with this, you may demand to be informed about the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.
b. Right to rectification
You have a right to rectification and/or completion against the Controller insofar as the personal data processed concerning you are incorrect or incomplete. The Controller must perform the rectification without undue delay.
c. Right to restriction of processing
Subject to the following prerequisites, you may demand restriction of the processing of personal data concerning you:
Where the processing of the personal data concerning you has been restricted, such data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If the restriction of the processing was restricted pursuant to the above prerequisites, you will be informed by the Controller before the restriction is lifted.
d. Right to Erasure
i. Obligation to erase
You shall have the right to demand from the controller to erase the personal data concerning you without undue delay, and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:
ii. Information to third parties
Where the Controller has made the personal data concerning you public and is obliged, pursuant to Art. 17 Par. 1 GDPR, to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
iii. Exceptions
The right to erasure shall not apply to the extent that processing is necessary
e. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing against the Controller, the Controller shall be obliged to communicate to each recipient to whom the respective personal data concerning you was disclosed any rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves disproportionate effort.
You shall have the right against the Controller to be informed about those recipients.
f. Right to data portability
You shall have the right to receive the personal data concerning you, which you provided to the Controller, in a structured, commonly used and machine-readable format. In addition, you shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
In exercising your right to data portability you shall, furthermore, have the right to have the respective personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to a processing of personal data that is needed for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
g. Right to object
You shall have the right, at any time, to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 Par. 1 Lit. e or f GDPR; this shall also apply to a profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.
Where you object to the processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services – and Directive 2002/58/EC notwithstanding – you may exercise your right to object by automated means using technical specifications.
h. Right to withdraw the declaration of consent under data protection law
You shall have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of the declaration of consent will not affect the legality of the processing performed based on the declaration of consent up until the withdrawal.
i. Automated individual decision-making
You shall have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or that similarly affects you significantly. This shall not apply if the decision
However, these decisions shall not be based on special categories of personal data referred to in Art. 9 Par. 1 GDPR unless Art. 9 Par. 2 Lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With respect to the cases referred to in (1) and (3), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests which include, at least, the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.
j. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider the processing of personal data relating to you to be infringing on the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
VII. Data security
All data transmitted are transmitted via the commonly used and secure SSL (Secure Socket Layer) standard. SSL is a secure and tried and tested standard. Among other things, you can identify a secure SSL connection by the attached https:// in your browser’s address bar or by the lock symbol in the bottom area of your browser. In addition, we are utilising suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorised access by third parties. Our security measures are continuously being improved corresponding to the technological development.
VIII. Topicality and changes to this privacy policy
This privacy policy is currently valid and has the version as of 20.07.2018. Due to the further development of the App or due to changed statutory requirements and/or those of the authorities, it may become necessary to change this privacy policy.