Privacy and Data Protection
DATA PROTECTION STATEMENT
1. Name and address of the controller:
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the Data Protection Officer:
Katadyn Deutschland GmbH
Telefon: +49 61 05 45 67 89
Telefax: +49 61 05 4 58 77
2. Name and address of the Data Protection Officer:
The external data protection officer of the controller is:
Prof. Sven Kolja Braune, his deputy is Mr. Jens Engelhardt,
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
Telefon: +49 6151-52010-0
Telefax: +49 6151-52010-99
Any data subject may contact us directly or our data protection officer with any questions or suggestions regarding data protection.
3.1 Personal Data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
3.2 Data subject
The data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
3.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
3.7 Controller or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data under a particular investigation mandate under Union law or the law of the Member States shall not be considered as recipients.
3.10 Third party
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent means any freely given, informed and unambiguous expression of the will of the data subject in the particular case, in the form of a statement or other unambiguous confirmatory act by which the data subject indicates his or her consent to the processing of his or her personal data.
4. General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of erasure
4.1 General information on the legal basis
Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
4.2 General information on data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
4.3 General information on processing on our website
Data protection, data security and secrecy protection have high priority for Katadyn Deutschland GmbH (hereinafter also referred to as Katadyn). The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of the services of our company via our website, this requires the disclosure of your personal data. In general, we use the data communicated by you and collected by the website and the data stored during use exclusively for our own purposes, namely for the implementation and provision of our website and for the initiation, implementation and processing of the services offered via the website (contract performance) and do not pass these on to outside third parties, unless there is an officially ordered obligation to do so. In all other cases, we will obtain your separate consent.
Your personal data will be processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Katadyn. By means of this data protection note, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we will inform you of your rights by means of this data protection notice.
Katadyn has implemented technical and organizational measures to ensure adequate protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed.
5. Collection of general data and information
The Katadyn website collects a series of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website can be recorded, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
When using this general data and information, Katadyn does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information they need to prosecute a cyber attack. This anonymous data and information is therefore evaluated by Katadyn both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
Objection / possibility of disposal
Art. 6 Abs. 1 lit. f GDPR
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended.
If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
No, as absolutely necessary for operation of the website.
6. Registration in our dealer area
You have the option of registering in our dealer area (http://katadyngroup-sales.com/) by entering your personal data. You can access our dealer area by clicking on the appropriate link on our website. Which personal data is transferred to the controller is determined by the respective input mask used for registration. The personal data you enter will be collected and stored exclusively for internal use by the controller and for our own purposes. We can arrange for the data to be passed on to one or more contract processors, for example a payment service provider and parcel service provider, who will also use the personal data exclusively for the purpose of fulfilling their contract with us.
When you register on our website, we also store the IP address assigned by your Internet Service Provider (ISP), as well as the date and time of your registration. The storage of this data enables us, if necessary, to clarify criminal offences and copyright infringements. In this respect, the storage of this data is necessary for our security and is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. These data will not be passed on to third parties unless there is a legal obligation to do so or the data is used for criminal or legal prosecution.
In all other respects, the personal data you voluntarily provide us with during your registration serve to offer you content or services which, due to the nature of the matter, can only be offered to registered users.
Objection / possibility of disposal
Art. 6 Abs. 1 lit. b GDPR
A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
This is the case during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data are no longer required for the implementation of the contract. Even after the contract has been concluded, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time.
If the data are necessary for the fulfillment of a contract or for the execution of pre-contractual measures, an early erasure of the data is only possible, as far as contractual or legal obligations do not contradict an erasure.
7. Product registration
At https://www.katadyn.com/de/de/service/product-registration you can register your Katadyn product. When you select the desired language for product registration, you will be redirected to a URL from our service provider Ascent360 (https://r.ascentcrm.com/default.asp?survey=238&survey_version=164). Ascent360 is an independent market and opinion research company that evaluates your data and information on our behalf. This evaluation enables us to develop further products that meet your needs. In addition, all completed registrations automatically take part in the monthly draw for a Katadyn product.
The personal data and information to be entered for the product registration are derived in each case from the input masks. Your personal data and information will be processed exclusively for the above-mentioned purposes and will not be passed on to third parties. We have concluded an order processing contract with our service provider Ascent360 in which he undertakes to comply with the data protection regulations applicable to him.
8. E-mail contact, fax and telephone contact
Contact information is available on our website. It is possible to contact us via the e-mail address, fax or telephone number provided. If you contact us via one of these options, your personal data transmitted to us will be automatically stored (e-mail, fax) or collected by us and stored manually.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation or the processing of your request.
Objection / possibility of disposal
The legal basis for the processing of the data in the case of enquiries via e-mail, fax and telephone is generally Art. 6 Para. 1 lit. b. GDPR
(Performance of contract; Pre-contractual measures);
Art. 6 para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering questions on data protection) and
otherwise Art. 6 para. 1 lit. f GDPR
The processing of personal data from e-mail, telefax and telephone serves us solely to process the establishment of contact. This is also the necessary legitimate interest in the processing of the data.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
The above does not apply if the correspondence is subject to a retention obligation under commercial law.
The user has the possibility to object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
We use a newsletter on our website. The newsletter is sent by double opt-in based on your registration on the website. When you register for the newsletter, the following data from the input mask will be transmitted to us:
- First Name
- Your E-Mail address*
* mandatory information
In addition, the following data is collected during registration:
- IP address of the calling computer
- Date and time of registration
Objection / possibility of disposal
The legal basis for the processing of data by the user after registration for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The collection of the user's e-mail address serves to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored as long as the newsletter subscription is active.
The other personal data collected during the registration process will generally be deleted after a period of seven days.
The subscription of the newsletter can be cancelled by the affected user at any time. For this purpose, each newsletter contains a corresponding deactivation link.
The cancellation of the subscription also constitutes a revocation of the consent to the storage of the personal data collected during the registration process.
10. Data protection for applications and in the application process
We collect and process personal data of applicants for the purpose of processing the application process. The processing can also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. If we conclude an employment contract with you as an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision has been announced, provided that there are no other legitimate interests of the data controller that oppose deletion. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz - AGG).
Objection / possibility of disposal
The legal basis for the processing of the data in the case of enquiries via the contact form and/or e-mail is usually Art. 6 Para. 1 lit. b. GDPR
(Fulfilment of employment contract; Pre-employment contract measures);
Art. 6 para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering questions on the application procedure) and
otherwise Art. 6 para. 1 lit. f GDPR
(legitimate interest) and
Special statutory authorisation norms, such as collective agreements, works agreements, income tax laws, etc. It will also refer to the Processing Directory Personnel/HR.
If we conclude an employment contract with you as an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
If the controller does not conclude a contract of employment with the candidate, the application file shall be automatically deleted six months after notification of the refusal decision, unless erasure conflicts with any other legitimate interests of the controller.
Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz - AGG).
Only general possibilities of objection and removal.
11.1 Description and scope of data processing
The following data is stored and transmitted in the cookies:
- Language settings
- Articles in a shopping cart
- log-in information
In this way, the following data can be transmitted:
- Entered search terms
- Frequency of page views
- Use of website functions
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data are not stored together with other personal data of the user.
The following links will tell you how to deactivate cookies in the most important browsers:
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
- Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Objection / possibility of disposal
Art. 6 para. 1 lit. f GDPR (legitimate interest) for technically mandatory cookies
By the way: Art. 6 para. 1 lit. a GDPR
The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used and enable us to continually optimise our services.
Our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR also lies in these purposes.
You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.
The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the settings of the Flash Player.
On this website we have integrated the component Google Analytics (with anonymization function). Google Analytics is a web analysis service. Web analysis is the gathering, collecting and evaluating of data about the behavior of visitors to websites. A web analysis service collects data on, among other things, from which website a data subject came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of Internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data controller uses the addition "_gat._anonymizeIp" for the web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the Internet connection of the data subject if the website is accessed from a member state of the European Union or another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. When the cookie is set, Google is able to analyse the use of our website. Each time you access one of the individual pages of this website, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements.
The cookie is used to store personal information such as the access time, the location from which the access originated and the frequency of visits to our website by the data subject. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
This website uses Hotjar, an analysis software of Hotjar Ltd. ("Hotjar") (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). With Hotjar it is possible to measure and evaluate the usage behaviour (clicks, mouse movements, scroll heights, etc.) on our website. The information generated by the "tracking code" and cookies about your visit to our website is transmitted to and stored on the Hotjar servers in Ireland.
The following information can be recorded by your device and browser:
- The IP address of your device (collected and stored in an anonymous format)
- Your e-mail address including your first and last name, if you have provided it to us via our website.
- Screen size of your device
- Device type and browser information
- Geographical position (country only)
- The preferred language to display our website
- log data
The following data is automatically generated by our servers when Hotjar is used:
- Related domain
- Visited pages
- Geographical position (country only)
- The preferred language to display our website
- the date and time the website was accessed
Hotjar will use this information for the purpose of evaluating your use of our website, compiling usage reports and evaluating other services relating to website usage and internet usage of the website.
Hotjar also uses third-party services such as Google Analytics and Optimizely to provide services. These third party companies may store information that your browser sends when you visit the website, such as cookies or IP requests. For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy statements.
The cookies that Hotjar uses have a different "lifespan". Some remain valid for up to 365 days, some only remain valid during the current visit.
You can prevent Hotjar from collecting this data by clicking on the following link and following the instructions: https://www.hotjar.com/opt-out.
13. Use and application of advertising and other tools
We have integrated components from YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a YouTube component (YouTube video) has been integrated into one of the individual pages of this website, which is operated by the data controller, the YouTube component automatically prompts the Internet browser on the data subject's information technology system to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/intl/en-GB/about/ as part of this technical process, YouTube and Google obtain information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information through the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time as accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google in this way, they may prevent it from being transmitted by logging out of their YouTube account before visiting our website.
On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and allows you to conveniently use the map function.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, only the technically necessary data will be transmitted. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Objection / possibility of disposal
The legal basis for the processing of the data is the legitimate interest on our part pursuant to Art. 6 Para. 1 lit. f GDPR.
Our legitimate interest results from the improvement and optimisation of our offer as well as the provision of a function which facilitates the location of places and our business.
The purpose of the storage is to improve our offer, to visually and functionally optimise the website and to provide a function that makes it easier to find places and our business.
The data will be deleted as soon as our legitimate interest no longer exists or we are obliged by law or legal orders to delete the data.
As a user you have the possibility at any time to object to the processing of your data according to section 14.7.
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personally identifiable information. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.
For more information about Google Tag Manager, visit https://www.google.com/intl/de/tagmanager/
We use HubSpot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.
These include, among other things:
- Content Management (Website)
- E-mail marketing (newsletters and automated mailings, e.g. to provide downloads)
- Social Media Publishing & Reporting
- Reporting (e.g. traffic sources, access, etc. ...)
- Contact management (e.g. user segmentation & CRM)
- Landing Pages and Contact Forms
Our registration service allows visitors on our website to learn more about our company, download content and provide their contact information and other demographic information.
This information and the contents of our website are stored on the servers of our software partner HubSpot. They can be used by us to contact visitors of our website and to determine which services of our company are of interest to them.
HubSpot is a software company based in the USA with a subsidiary in Ireland.
Adress and contact:
2nd Floor 30 North Wall Quay
Dublin 1, Ireland,
Phone: +353 1 5187500.
HubSpot is certified under the terms of the "EU - U.S. Privacy Shield Framework" and is subject to the TRUSTe 's Privacy Seal and the "U.S. - Swiss Safe Harbor" Framework.
Further information from HubSpot regarding the EU data protection regulations can be found at https://legal.hubspot.com/data-privacy.
You can call up further information on the cookies used by HubSpot at https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.
On our website, we use "Facebook Connect", a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as "Facebook"). Facebook Connect facilitates registration for services on the Internet. Instead of using a registration form on our website, you can enter your Facebook login information and then use our service. By using "Facebook Connect", your web browser automatically establishes a direct connection with the Facebook server. You will be redirected to the Facebook page to log in. There you can log in with your user data. This links your Facebook user account to our service. We have no influence on the extent and further use of data collected by Facebook through the use of Facebook Connect. To the best of our knowledge, Facebook receives information that you have accessed the relevant part of our website or clicked on an advertisement from us. If you have a Facebook user account and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, Facebook may learn and store your IP address and other identifiers.
We use Facebook Connect to facilitate and shorten the registration and login process for you. This is also our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 Para. 1 S. 1 lit. f) GDPR. You can prevent the processing of the above information by Facebook by using our registration mask and not using Facebook Connect.
Facebook has also signed and certified a privacy shield agreement between the European Union and the United States. As a result, Facebook is committed to complying with the standards and regulations of European data protection law. For more information, please refer to the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. Third Party Information: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For more information about the third party's privacy practices, please visit the following Facebook Web site: https://www.facebook.com/about/privacy.
13.6 Facebook Custom Audiences and Facebook Pixel
- HTTP header information (including IP address, Web browser information, page location, document, Web page URL and Web browser user agent, and date and time of use);
- Pixel-specific information; this includes the pixel ID and Facebook cookie information, including your Facebook ID (used to associate events with a specific Facebook advertising account and associate them with a Facebook user);
- Additional information about the visit as well as standard and custom data events.
We use the following custom data events:
- Searched and viewed content at product level;
- Product has been placed in shopping cart;
- Initiation of a checkout in the ordering process;
- Completion of the ordering process. Facebook uses the hashed user-specific Facebook ID (contained in the Facebook cookie) to automatically check whether the data transmitted by the Facebook pixel can be assigned to a Facebook user. If no Facebook cookie is stored in your browser, it will not be assigned to one of the "Custom Audience" user groups.
If the Facebook ID contained in the Facebook cookie can be assigned to a Facebook user, Facebook assigns this user to a "custom audience" on the basis of the rules defined by us, provided that the relevant criteria are met. We use the information obtained in this way to play ads on Facebook ("Facebook Ads"). However, advertisements are only displayed from a "Custom Audience" size of 20 or more - so no conclusions can be drawn about the characteristics of the individual users from the ad placement. The assignment to a "Custom Audience" takes place for a maximum of 180 days. This period begins again each time you visit our website again and there is a compliance with the same "Custom Audience" rules. Facebook may associate your visit to our website and related activities with your Facebook user account. This is not possible for us. We only receive statistical information from Facebook about the use of our website through Audience Insights.
Facebook shares your information with Facebook Inc., Facebook 1 Hacker Way Menlo Park, CA 94025, USA, and uses your information to improve the quality of its advertising, including improving Facebook's optimization algorithm for displaying Facebook ads and news feed ranking.
Right of objection: You may object to the use of Facebook Custom Audiences at any time. A so-called opt-out cookie is then set, which prevents the transmission of data about the Facebook pixel. This opt-out cookie has a basically unlimited duration of effect. Please note, however, that the opt-out function is device- or browser-related and only applies to the currently used device or browser. If you use several devices or browsers, you must opt out on each individual device and in each browser used. If you delete all cookies in your browser, an objection may also no longer be taken into account and must be raised again by you.
You can make settings about what types of advertisements you see within Facebook on the following Facebook web page: https://www.facebook.com/settings?tab=ads. Please note that this setting will be deleted if you delete your cookies. In addition, you can deactivate cookies, which are used for range measurement and advertising purposes, via the following websites:
Please note that this setting will also be deleted if you delete your cookies.
Facebook has also signed and certified a privacy shield agreement between the European Union and the United States. As a result, Facebook undertakes to comply with the standards and regulations of European data protection law. For more information, please refer to the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Third Party Information: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For more information about the third party's privacy practices, please visit the following Facebook Web site: https://www.facebook.com/about/privacy. For information about Facebook pixels, please visit the following Facebook website: https://www.facebook.com/business/help/651294705016616.
13.7 Information about data processing on our Facebook fan page
- General Information
We, Katadyn, operate our own Facebook fan page at https://de-de.facebook.com/katadynoutdoors/]. As the operator of this Facebook page, we are jointly responsible with the provider of the social network Facebook (Facebook Ireland Ltd.) for the purposes of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both persons responsible.
We have concluded an agreement with Facebook on the Page Controller Addendum. With this agreement, Facebook recognizes the joint responsibility with regard to so-called Insights data and assumes essential data protection obligations for the information of data subjects, for data security or for reporting data protection violations. In addition, the agreement stipulates that Facebook is the primary point of contact for the exercise of data subjects' rights (Art. 15 - 22 GDPR). As a provider of the social network, Facebook alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. Should our support nevertheless be necessary, we can be contacted at any time.
- Use of Insights and Cookies
- Comments and news; participation in lotteries
On our Facebook fan page you also have the opportunity to comment on our contributions, rate them and get in touch with us via private messages or take part in lotteries.
Objection / possibility of disposal
We operate this Facebook Page to present, interact and communicate with Facebook users, other interested persons and our customers who visit our Facebook Page. The processing of users' personal data takes place on the basis of our legitimate interests in an optimised company and product presentation (Art. 6 Para. 1 lit. f GDPR) as well as when participating in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 Para. 1 lit. b GDPR.
The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Facebook generates on the basis of visits to our Facebook fan page. The purpose of this is to control the marketing of our activities. For example, it allows us to learn about the profiles of visitors who value our Facebook page or use applications on the page to provide them with more relevant content and develop features that may be of greater interest to them.
To better understand how our Facebook Page can help us better achieve our business goals, we also use the information we collect to create and share demographic and geographic reports. We may use this information to target interest-based advertisements without immediately knowing the visitor's identity. If visitors use Facebook on more than one device, the collection and analysis may also be cross-device if they are registered visitors logged into their own profile.
The generated visitor statistics are transmitted to us exclusively in anonymous form. We do not have access to the underlying data.
Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products. In this context, we may receive further information, e.g. from user comments, private messages or because you follow us or share our content. Processing is carried out exclusively for the purpose of communication and interaction with you.
Your data will be deleted if it is not used for the purpose for which it was collected, provided there is no obligation to retain it.
Facebook users can influence the extent to which their user behavior is captured when they visit our Facebook page under Advertising Preference Settings. Other options include the Facebook Settings or the Right of Objection form.
- Disclosure of data
It cannot be ruled out that some of the information collected may also be processed outside the European Union by Facebook Inc. based in the USA. Facebook Inc. is certified under the US-EU data protection agreement >>Privacy Shield<< and thus undertakes to comply with European data protection regulations.
We ourselves do not pass on any personal data that we receive via our Facebook page.
- Information on contact possibilities and other rights as a data subject
14. Use of various social media plug-ins
This website uses social plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins can be recognized by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: http://developers.facebook.com/plugins.
When a user accesses a website of this offer that contains such a plugin, their browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website by it. The provider therefore has no influence on the extent of the data that Facebook collects with the help of this plugin and therefore informs the users according to its level of knowledge (https://www.facebook.com/help/186325668085084):
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plug-ins, for example by clicking the Like button or commenting, the corresponding information is transferred directly from your browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his IP address and save it. According to Facebook, only an anonymous IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect the privacy of the users can be found here in Facebook's data protection information: http://www.facebook.com/policy.php.
If a user is a Facebook member and does not want Facebook to collect information about him or her through this service and link it to his or her Facebook member data, he or she must log out of Facebook before visiting the website.
On our pages, functions of the Twitter service are integrated. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's data protection declaration at http://twitter.com/privacy.
You can change your data protection settings on Twitter in the account settings at: http://twitter.com/account/settings.
This website uses social plugins ("Plugins") from Instagram, which is operated by Instagram LLC.,1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. This integration tells Instagram that your browser has visited the appropriate page on our site, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there.
If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the Instagram plugins from loading completely by using add-ons for your browser, e.g. the script blocker "NoScript" (http://noscript.net/).
Our website has integrated the "Share-Button" from XING. Therefore, when you access our website via your browser, a connection is established to the servers of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. This enables the share functions (e.g. the display of the counter value). A storage of personal data from you about the call of our websites is not made thereby. In particular, XING does not store any IP addresses. Likewise, your usage behavior will not be evaluated. You can access the latest information on data protection with regard to the "Share Button" as well as other relevant information at https://www.xing.com/app/share?op=data_protection.
Our websites use a plug-in of the social network LinkedIn. LinkedIn is a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"). You can recognize the LinkedIn plug-in by its logo or by the "Recommend" button. Please note that when you visit our websites, the plug-in establishes a connection between your Internet browser and the LinkedIn server. LinkedIn is thus informed that our website has been visited with your IP address. If you click on the "Recommend" button of LinkedIn and are logged in to your account at LinkedIn at the same time, you have the possibility to link content from our website to your profile page at LinkedIn-Profil. In doing so, you enable LinkedIn to assign your visit to our websites to you or your user account. You should be aware that we do not obtain any knowledge of the content of the data transmitted and its use by LinkedIn.
You can find out more about the collection of the data and your legal options and setting options at LinkedIn. These will be made available to you at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.
Our websites contain the Google+1 button. Google+ is a social network. This is provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. With Google+1 you have the possibility to publish personalized content on the Internet. However, Google will store information about the content you clicked on with +1. Google will also store information about your visit to the website you viewed. Your +1 clicks can and will generally be used in your +1 profile and in other Google services, such as Google's search engine results, or elsewhere on Internet pages or ads.
Google stores information about your activities at Google+. In order to use the +1 button, you must create a public profile and profile name on Google. Google+ and all Google services will use your profile name. Your identity behind the profile may be disclosed to users who know your email address or have other information that can be used to identify you.
14.7 Further Social-Media PlugIns
Sofern wir weitere Social-Media-PlugIns verwenden, finden Sie weitergehende Informationen zum Datenschutz in den jeweiligen Datenschutzhinweisen dieser Anbieter. Sollten Sie diese nicht finden, wenden Sie sich bitte vertrauensvoll an uns unter email@example.com
15. Your rights
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights towards the data controller:
15.1 Right of access
You can obtain confirmation from the data controller as to whether or not personal data concerning you will be processed by us.
In the event of such processing, you may request the following information from the data controller:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
15.2 Right to rectification
You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.
15.3 Right to restriction of processing
Under the following conditions, you may request that the processing of your personal data be restricted:
- if you dispute the accuracy of the personal data concerning you for a period which enables the person responsible to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
- if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
15.4 Right to erasure
15.4.1 Obligation to erase personal data
You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
- The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data have been processed unlawfully.
- The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data relating to you have been collected in relation to information society services offered pursuant to Article 8(1) GDPR.
15.4.2 Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the data controllers who process the personal data that you as the data subject have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not apply if the processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Furthermore, the right to erasure does not apply if the personal data must be stored by the controller due to legal storage obligations and periods. In such a case, the personal data will be blocked instead of deleted.
15.5 Notification obligation
If you have exercised your right to rectify, erase or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or limitation, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of such recipients by the data controller.
15.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable and interoperable format. In addition, you have the right to communicate this data to another controller without being hindered by the controller to whom the personal data was provided, provided that
- the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
15.7 Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC.
15.8 Right to revoke the data protection declaration of consent
You have the right to revoke your declaration of consent under data protection law at any time and without stating reasons. In the event of revocation, we will immediately delete your personal data and no longer process it. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke your consent.
15.9 Automated individual decision-making, including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the controller,
- is authorised by legislation of the Union or of the Member States to which the controller is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
- with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right of the controller to obtain the intervention of a person, to present his or her point of view and to contest the decision.
15.10 Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Status: December 09. 2019
Data Controller: Katadyn Deutschland GmbH