PERSONAL DATA PROTECTION STATEMENT
in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR)
We wish to inform you about how we handle your personal data when you use this website and your rights in this regard. Personal data is any information based on which you can be identified.
We’re committed to providing a clear and simple personal data protection statement, but in case of any questions, don’t hesitate to contact us. Our contact details are provided below in the section ‘Personal Data Controller’. If a definition we provided is unclear, please refer to the official definitions. These are set out in Art. 4 GDPR.
In general, you are under no contractual or statutory obligation to provide any of your personal data for our disposal. Your decision not to provide them has no negative consequences. However, this applies only insofar as no other statement is made in the subsequent processing operations.
PERSONAL DATA CONTROLLER
Feel free to contact us with any questions or requests regarding personal data protection and personal data with reference to yourselves and our enterprise as well as any matters related to the processing of personal data by our company. Similarly, don’t hesitate to contact us whenever you wish to exercise any of your rights under GDPR (e.g. your right to withdraw consent). Please use the contact details below of the data controller, or if applicable, our data protection officer. You can naturally also use the contact details provided in the Imprint (Impressum) section. Please note that we can only answer telephone calls within our business hours.
PERSONAL DATA CONTROLLER
The controller of data, within the meaning of GDPR, processed through this website is:
Cordes Holzbau GmbH & Co. KG
Waffensener Dorfstrasse 20
27356 Rotenburg / Wümme
Telefon: 0 42 68 / 933 0
Fax: 0 42 68 / 933 20
Definition of data controller: data controller means a natural or legal person we nominate who, alone or jointly with others, determines the purposes and means of the processing of personal data;
DATA TRANSMISSION ENCRYPTION
In order to safeguard personal data and other confidential contents (e.g., where applicable, purchase orders, enquiries, etc.), the entire traffic on our website is automatically encrypted using the SSL or TLS protocols to ensure interception-proof data transmission. You can tell this is the case by checking if your browser’s address bar features a green padlock icon and the address starts with the string ‘https://’.
DATA COLLECTED WHEN VISITING OUR WEBSITE
Because of how the Internet works, your browser sends to us some personal data. This also happens whenever you visit a website for reference purposes only (i.e. without even providing any data).
In particular, your IP address is transmitted with each call. Without it, data transmission would be impossible.
To put it in more simple terms, failing to provide an IP address would be like sending a letter without the recipient’s address. We simply wouldn’t know where to send a data package. A data package contains our website’s contents, which you want transferred to you.
Some data may be transmitted to us in an automated manner.
Along with the IP address, these data include the following:
– the precise address of the visited website (deep link);
– the date and time of access;
– the quantity of transmitted data in bytes;
– the source/reference which led you to the website;
– access status (http status);
– the browser you are using;
– your operating system;
– your IP address;
These data are transmitted to us by your browser or your Internet Service Provider. We can’t prevent those data from being transmitted to us from our website. Also, the data are technically necessary for the website to be displayed for you.
We record the data for up to six 6 weeks in the so-called server log files. Such data are processed in accordance with Art. 6(1)(f) GDPR, which provides that processing is lawful if it is necessary for the purposes of pursuing legitimate interests.
Our legitimate interests include security as well as early identification of cyber-attacks and protection against them, which we’re obligated by law to ensure in order to safeguard your personal data. IP addresses and host names are stored in our logs in an anonymised form only, unless there is a specific suspicion of harmful activity by the visitor.
Where harmful activity is suspected (including, without limitation, attempts to interfere with source code, circumvent security systems, perform mass queries, modify the site, gain access to protected areas, attempts at SQL injections, cross-site scripting, session hijacking etc.), the logged data are subsequently checked and, where necessary, used as evidence in the prosecution of any offences and provided to competent German authorities or a law firm seated in Germany. We also reserve a right to technically prevent access to our server where there is a strong suspicion of a cyber-attack (such as a brute force attack). This is done by blocking data traffic from our server to you.
CONTACT FORMS/CONTACTING US
When contacting us (e.g. through our contact form or via e-mail), your personal data will be collected. Which data specifically are collected is evident from the respective form. Such data will be stored and used solely for the purposes of replying to your enquiry or contacting you and any related technical handling operations. In this case, data are processed on the basis of our legitimate interest in replying to your enquiry in accordance with Art. 6(1)(f) GDPR. If you are contacting us with a view to concluding a contract, data are processed also in accordance with Art. 6(1)(b) GDPR. Your data will be erased after your enquiry is answered in full, i.e. when it can be assumed under the circumstances that the matter has been finally resolved, unless this is contrary to any legal obligations concerning data storage.
Some functions of this website are only possible thanks to cookie files. Cookies are small text files which we save on your computer and whose contents we determine. We’re able to read these contents whenever you visit, including in the future, if you use the same device and the same browser as previously. Cookies may be created for an indefinite time or they may expire after a defined period. Furthermore, cookies can also be stored only for the duration of a user session. (A user session ends when you close your browser window or all tabs with our website).
If personal data are processed with the use of individual cookies we created, this is done exclusively in accordance with either Art. 6(1)(b) GDPR for the purposes of performing a contract or in accordance with Art. 6(1)(f) GDPR for the purposes of pursuing our legitimate interests, i.e. ensuring the best possible functionality of the website, a user-friendly and effective design, as well as improvement in website security and fraud prevention.
Cookies can also be saved by third parties whose services and content are integrated with our website. Where this is the case, see the following paragraphs for the contents and scope of collected information.
You can adjust your browser settings to decide whether you want to decide whether or not to accept cookies individually, or disable them partially or even completely. Depending on the type and version of your browser, the configuration of your settings may look differently. For instructions, go to your browser’s help section or follow one of the links below. The list includes instructions for some of the most popular browsers.
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista//Block-or-allow-cookies
We uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Provider of the service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The Google Analytics Service use “cookies”, which are small text files placed on your computer and can use by Google Analytics to read and store data’s in it.
Google will truncate/anonymize the last octet of the IP address through the “anonymize plugin”. Only in a few exceptional cases, the full IP address is sent to and shortened by Google servers in the USA.
Google Analytics cookies are set on the basis of Art. 6 para. 1 lit. f GDPR. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website. This will help us to make our webservice better. Google will not associate your IP address with any other data held by Google.
You can prevent Google’s collection and use of data by simply downloading and installing the browser plug-in which is available under this link: https://tools.google.com/dlpage/gaoptout?hl=en.
If you can’t install the browser plugin, or if your device is not compatible with it, you can click the following link to set a disable cookie for Google Analytics.[Google Analytics deaktivieren]
You can find more information about Google’s privacy information’s here: https://policies.google.com/privacy
Google is subject to the EU-US Privacy Shield:
We have integrated some Videos embedded from the “YouTube” webservice with the “data privacy mode”. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/
YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/
Google is subject to the EU-US Privacy Shield:
On our website use the Google Maps services to display interactive maps, directly integrated into our website. Provider of the service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for the use of Google Maps is Art. 6 (1) sent. 1 lit. f GDPR
Google is subject to the EU-US Privacy Shield:
RIGHTS OF DATA SUBJECTS
As long as the legal requirements are met, you enjoy the following rights under Art. 15 to Art. 20 GDPR:
– right to information under Art. 15 GDPR;
– right to rectification under Art. 16 GDPR;
– right to data erasure under Art. 17 GDPR;
– right to restriction of processing under Art. 18 GDPR;
– right to data portability under Art. 20 GDPR;
In accordance with Art. 77 GDPR you have a right to lodge a complaint with a supervisory authority. In principle, you may contact the supervisory authority of the federal state of our registered office or, if applicable, your permanent or habitual place of residence.
Also, in accordance with Art. 21(1) GRPR, you have a right to object to processing of personal data concerning yourself which is based on Art. 6(1)(f) GDPR and to processing for the purposes of direct advertising.
PERSONAL DATA STORAGE PERIOD
Unless no specific data storage periods are mentioned in this Data Protection Statement, these will be determined based on legal storage periods (such as commercial or tax-law storage periods). Data are routinely erased at the latest upon the expiry of the requisite storage period, as far as they are no longer necessary for the performance or conclusion of a contract or there is no legitimate interest on our part. If you exercise your right to data erasure, your data will be erased promptly unless there are any provisions of law to the contrary (such as the retention period for invoices).
UPDATES OF THIS PERSONAL DATA PROTECTION STATEMENT
This data protection statement may be from time to time amended or updated. This is how we can adjust it to the latest legal requirements and reflect changes in our services. We recommend that the visitors to and users of our website regularly check for our latest data protection terms and conditions. Whenever you visit, the latest version of this document is available. This document was last updated on 24/05/2018.