Franz Drexel GmbH | Terms of Use

Website Privacy Policy / Data Protection Notes

Protection of your personal data has the utmost priority and is considered in all our business processes. If and as far as you provide any personal data to us, these will be processed according to the provisions of the EU General Data Protection Regulation (GDPR), which enters into effect on 25 May 2018, and the statutory data protection provi-sions of the Federal Data Protection Act (BDSG).

The following data protection notes provide a detailed overview of processing of your personal data, especially when using our websites and newsletter. Personal data shall mean all information that refers to identified or identi-fiable natural persons. In these data protection notes, we inform you comprehensively about the type, scale and purpose of collection of personal data and about how these data are handled. Beyond this, you will learn which rights you are due regarding processing of your personal data.

1. Contact details of the controller and the data protection officer

1.1. Name and address of the controller

The controllers within the meaning of the EU General Data Protection Regulation (GDPR) and other na-tional data-protection laws of the Member States and any other provisions under data protection law shall be:

Franz Drexel GmbH

Am Lerchenberg 8

D-86504 Merching

Controller:

Rupert Drexel (CEO)

Phone: +49 (0) 8233 7444 0

E-Mail: webmaster@franzdrexel.de

1.2. Name and address of the data protection officer

Franz Drexel GmbH hasn´t got a data protection officer.

2. General principles for processing activities of Franz Drexel GmbH

2.1. Principles concerning the scale of processing of personal data

Franz Drexel GmbH shares the philosophy underlying the GDPR and the Federal Data Protection Act (BDSG) that all use, especially the collection and processing of personal data ("Data"), must be limited as far as possible. Therefore, Franz Drexel GmbH shall only process any personal data as far as this is re-quired for clearly defined purposes that are to be presented clearly below (principles of data avoidance and data economy). Processing activities shall only be legitimate as far these are based on any sufficient legal basis or your consent (principle of lawfulness).

This means that we only process your personal data if this is necessary to provide a functioning website and services. The processing of personal data takes place regularly only after your consent. An exception applies in those cases in which prior consent cannot be obtained for real reasons and the use of the data is permitted by legal regulations.

As far as nothing different results from the following, the terms "process" and "processing" shall specifi-cally also include the collection of personal data (on this, see sect. 4 no. 2 GDPR).

2.2. General information on the legal basis relating to processing of personal data

Processing of personal data shall generally be forbidden and is only legitimate in exceptions. The legitima-cy of processing activities must only result from processing of the data being based on a suitable legal ba-sis. The following are the final options for this:

• As far as the Franz Drexel GmbH has collected the consent of the data subject (you) for pro-cessing activities of personal data, sect. 6 para. 1 p. 1 lit. a GDPR is serves as the legal basis.

• For legal processing of personal data that is required to perform a contract of which the data subject is a party, sect. 6 para. 1 s. 1 lit. b GDPR serves as the legal basis. This also applies to pro-cessing activities that are required to perform pre-contractual measures.

• As far as processing of personal data is required to perform a legal obligation that the Franz Drexel GmbH is subject to, sect. 6 para. 1 s. 1 lit. c GDPR serves as the legal basis.

• If any vital interests of the data subject or any other natural person require processing of per-sonal data, sect. 6 para. 1 S. 1 lit. d GDPR serves as the legal basis.

• As far as processing is required for performance of a task that is in the public interest or in exer-cise of official authority assigned to the Franz Drexel GmbH, sect. 6 para. 1 s. 1 lit. e GDPR serves as be the legal basis of processing.

• If processing is required to maintain a legitimate interest of Franz Drexel GmbH or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the former interest, sect. 6 para. 1 s. 1 lit. f GDPR serves as the legal basis for pro-cessing.

2.3. Objection to and withdrawal of processing of your personal data

If you have consented to the processing of your data, you can withdraw this consent at any time. Such withdrawal shall affect the legitimacy of processing of personal data only starting at the time after which the withdrawal was declared towards Franz Drexel GmbH.

As far as the Franz Drexel GmbH bases processing of the personal data on consideration of interests, you may object to processing. This is the case if processing in particular is not required for complying with a contract with you, which is presented by the Franz Drexel GmbH in the following description of the func-tions. When exercising such an objection, please present the reasons why Franz Drexel GmbH should not process your personal data as performed by Franz Drexel GmbH. In case of justified objection, Franz Drexel GmbH will review the situation and shall either cease processing activities or adjust it, or explain the mandatory grounds to be protected to you based on which Franz Drexel GmbH to process the data. Of course, you may object to processing of your personal data for advertisements and data analysis at any time.

2.4. Data erasure and duration of storage

Your personal data will be deleted or blocked by Franz Drexel GmbH as soon as the purpose of storage is no longer applicable; in this context, blocking shall mean any removal of the reference of the data to your person. Storage may further take place when this is stipulated by the European or national legislator in regulations, laws or other rules that Franz Drexel GmbH is subject to. Blocking or erasure of the data shall also take pace if a storage period required by the standards named expires, except if further storage of the data is required for conclusion of a contract or performance of a contract.

2.5. Information about statutory or contractual requirements concerning the provision of personal data; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such

We would like to clarify to you that the provision of personal data is in part statutorily prescribed (e.g., tax regulations) or can also arise from contractual provisions (e.g., specifications as to contracting part-ner).

On occasion, for entering into a contract it can be necessary that you make available to us personal data which subsequently must be processed by us.

You can contact us prior to providing any personal data. We will clarify to you for the individual case whether the provision of personal data is statutorily or contractually required or necessary for entering into the contract, whether any obligation exists to provide the personal data, and which consequences would arise from failure to provide such data.

3. Information about the processing of your personal data when you visit our websites

3.1. Description and scale of processing activities

With each retrieval of our website, your internet browser transmits a series of technically necessary data to our webserver. These data are stored in the log files of the webserver. The following data are recorded:

• browser types and versions used

• the operating system used by the accessing system

• the website from which access is made to our internet site, and the sub-sites over which an ac-cessing system is effected on our internet site (referrer)

• date and time of the accessing

• name of the requested data file

• size of the data file transferred

• the IP address from which the request was effected

These data are stored separately from the personal data. In no event are they associated with your per-sonal data. By extension, this precludes the possibility of making inferences to a particular person.

3.2. Purpose of processing activities

In using the webserver log data, we do not draw any inferences about the data subject. Rather, the web-server log data are used to correctly deliver the contents of our internet site, to guarantee the sustained functionality of our information technology systems and of the technology of our internet site, as well as to furnish law enforcement authorities the information necessary for a criminal-law prosecution in the event of a cyberattack.

The anonymously collected data and information are evaluated by us, statistically, on the one hand, and moreover, with the objective of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

3.3. Encryption and other security measures

Within the website, we use the widespread SSL procedure (secure socket layer) in conjunction with the respectively highest stage of encryption that is supported by your web browser. As a rule, this involves a 256-bit encryption. In the event that your browser does not support 256-bit encryption, we then resort to a 128-bit v3 technology. You can determine whether or not an individual page of our internet pres-ence is transferred encrypted in the closed depiction of the key or lock symbol in the bottom status bar of your browser.

Apart from that, we make use of suitable technical and organizational security measures in order to pro-tect your data against accidental or intentional manipulation, whole or partial loss or destruction, or against unauthorized access by third parties. Our security measures are continuously improved in keep-ing with technological development.

3.4. Legal basis of processing activities

The data processing of the webserver logs is effected on the basis of the statutory provisions of sect. 6 para. 1 s. 1 lit. a GDPR (safeguarding legitimate interests of the controller; our legitimate interest follows from the purposes listed above for data collection). Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

3.5. Storage period

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

3.6. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on your part.

4. Information about purposes and legal basis of processing of your personal data within ways of contacting you

4.1. Description and scale of processing activities

Franz Drexel GmbH sends out d invitations to events for your information concerning current events and developments, as well as to maintain our contact with you. In addition to this, your data will be processed for measures for maintenance of the relationship with you, e.g. to send out Christmas cards, in exceptions. For this, the following personal data will be processed:

• e-mail addresses

• form of address, first names, last names

• areas of interest and research focus

• employer / research institution

The processing of your further data serves the personalization of contacts as well as the specialization of offers and information. We process your e-mail address for the purpose of sending in particular for your information about current developments at Franz Drexel GmbH current publications, current and planned events and to maintain our relationship with you.

Your further data will be processed for the purpose of personalizing contact with you and informing you about special events and publications that correspond to your field of interest.

4.2. Legal basis of processing activities

If we use your data, as far as possible, we will always obtain your express consent (sect. 6 para. 1 s. 1 lit. a GDPR).

4.3. Storage period

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This may be the case in particular if you withdraw your consent to receiving any infor-mation and there is no other legal basis for further processing of your e-mail address or other data by us. You can revoke your consent at any time. You can declare your revocation by clicking on the link provid-ed in every e-mail, by e-mail to info@franzdrexel.de or by sending a message to the contact data spec-ified in section 1.1.

5. Contact

5.1. Description and scale of processing activities

You can contact us by e-mail if you have any questions about our offers, events or our research work. In this case we collect and process your e-mail address and the content of your message. We will also regu-larly process your name and other data, which may result from your signature or other information you provide to us in your inquiry.

5.2. Purpose of processing activities

We process your e-mail address and other personal data exclusively to answer your inquiry.

5.3. Legal basis of processing activities

The legal basis for the processing of your data is your express consent (sect. 6 para. 1 s. 1 lit. a GDPR). In addition, the legal basis for processing your data is the protection of our legitimate interests resulting from the purposes of data processing described above; in this respect, we assume that your positions protected by fundamental rights do not outweigh our interests in data processing (sect. 6 para. 1 s. 1 lit. f GDPR).

5.4. Storage period

We retain your provided personal information as long as it is necessary, in usual until your concern has been answered to your satisfaction. Afterwards, it will be deleted if there is no other legal basis for fur-ther processing of your e-mail address or other data by us.

6. Cookies & links to social networks / google maps

6.1. Cookies

6.1.1. Description and scale of processing activities

Our websites use cookies to configure the operation of our websites in a simpler, more customer-friendly manner. Cookies are small text data files that the internet browser stores on the user’s computer. If the user subsequently retrieves the corresponding website again, cookies make it possible to recognize the computer once more. As a consequence of this recognition, for instance, data entered one time already stand at the ready when an order form is filled out more than once. Our website uses various types of cookies, the scope and functioning of which are explained below:

• Transient Cookies:

Some elements of our website require that your browser can be identified even after a page change. This requires the use of so-called transient cookies (session cookies). These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This allows your com-puter to be recognized when you return to our website. We use cookies to make our website more user-friendly, because some elements of our website require that the calling browser can be identified again after a page change. Session cookies are deleted when you log out or close your browser.

• Persistent Cookies:

In addition, so-called persistent cookies are used. These cookies enable an analysis of the surfing behav-iour, in particular the following data can be transmitted: entered search terms, frequency of page views, use of website functions. You can configure the use of these cookies in your browser settings according to your wishes. Here, for example, the acceptance of third party cookies or all cookies can be rejected. The data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer pos-sible to assign the data. The data will not be stored together with any other of your personal data. When you visit our website, an information banner informs you about the use of cookies for analytical purpos-es and refers you to this data protection declaration. In this context, there is also a note on how the stor-age of cookies can be prevented in the browser settings. We would like to point out that you may not be able to use all functions of this website if you object to the use of persistent cookies.

6.1.2. Purpose of processing activities

The purposes of data processing differ depending on the cookies used:

• Transient Cookies:

The purpose of using technically necessary transient cookies is to enable and simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For this it is neces-sary that your browser is recognized even after a page change. This applies, for example, to the adoption of language settings or the memorization of search terms. The user data collected by technically neces-sary cookies are not used to create user profiles.

• Persistent Cookies:

The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.

6.1.3. Legal basis of processing activities

The legal basis for the temporary storage of data is sect. 6 para. 1 s. lit. f GDRP. Our legitimate interest fol-lows from the purposes listed above for data collection. Under no circumstances do we use the data col-lected for the purpose of drawing conclusions about you personally. The legal basis for the processing of personal data using cookies for analytical purposes is sect. 6 para. 1 s. lit. a GDRP.

6.1.4. Storage period; Possibility of objection and elimination

Ordinarily, cookies are used which, after the end of the browser, are automatically erased from the user’s hard drive (so-called session cookies). Other cookies can remain on the user’s computer and have the ef-fect that the user is recognized subsequently upon the next visit (so-called persistent cookies). The persis-tent cookies are automatically erased after the expiration of the prescribed time period, which can be dif-ferent for each cookie. You can erase the persistent cookies at any time in the security settings of your browser.

In addition, at any time you can change the storage of cookies in the browser settings of your computer. To do so, the function “do not accept cookies” must be activated. E.g. in Google Chrome, you can activate the function “do not accept any cookies” here: chrome://settings/content/cookies. However, this can possibly result in your no longer being able to use a website to its fullest extent.

6.2. Links to social networks

6.2.1. Description and scale of processing activities

We link to the following social networks:

• Youtube, Vimeo

You can identify the provider of the network by its initial letter or the logo. We only link to the websites of the social networks. When you visit our site, no personal data is initially passed on to the providers of the social network. If you want to use one of the networks, click on the respective logo to establish a direct connection to the server of the respective network. Thus, we only give you the opportunity to communi-cate directly with the provider of the social network via the button. Only if you click on the marked field and thereby activate it, the provider receives the information that you have accessed the corresponding website of our online offer. In this case, parts of the information collected when you visit our website (see Section 4.1) will be transmitted to the extent necessary. We recommend to you to delete all cookies be-fore clicking on the provider button via the security settings of your browser.

The data is transferred regardless of whether you have an account with the social network provider and/or you are logged in there. If you are logged in, your data collected by us will be directly assigned to your existing account. We recommend that you log out regularly after using a social network, especially before activating the button.

If you click on the link, it is possible that data may reach providers in countries outside the EU which do not guarantee an "adequate level of protection" for the processing of personal data in accordance with EU standards. Please bear this in mind before clicking on a link to initiate the transfer of your data.

6.2.2. Purpose of processing activities

The purpose of data transmission is to simplify the use of websites for users. Through the links we offer you the simple possibility to interact with social networks and other users, so that we can improve our of-fer and make it more interesting for you as a user.

6.2.3. Legal basis of processing activities

If you follow the link, the legal basis for processing the data is sect. 6 para. 1 s. 1 lit. a GDRP and the pro-tection of our legitimate interests according to sect. 6 para. 1 s. 1 lit. f GDRP; our legitimate interests re-sult from the purposes described for data processing.

6.2.4. Storage period; Possibility of objection and elimination

In addition, at any time you can change the storage of cookies in the browser settings of your computer. To do so, the function “do not accept cookies” must be activated. E.g. in Google Chrome, you can activate the function “do not accept any cookies” here: chrome://settings/content/cookies. However, this can possibly result in you no longer being able to use our website to its full extent.

6.2.5. Addresses of the respective social network providers and URL with their data protection information:

youtube

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for further information click: https://policies.google.com/privacy?hl=de&gl=de. YouTube has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

6.3. Google Maps

On this website we use a link to Google Maps. This allows you to use the map function of Google Maps easily.

If you follow the link to Google Maps, parts of the data referred to in Section 4.1 of this declaration may be transmitted. This happens whether you're logged in to a Google Account or you don't have a user ac-count. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the link.

6.3.1. Legal basis of processing activities

6.3.2. Addresses of the respective social network providers and URL with their data protection information:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for further information click: https://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

7. Passing on your data to third parties

Unless expressly stated otherwise above, we do not share personal information with companies, organiza-tions or individuals outside our organization except in one of the following circumstances:

7.1. With your consent

We pass on personal data to companies, organizations or persons outside our company if we have re-ceived your consent; this relates in particular to the circumstances described above when using our online offers.

7.2. Processing your data by other parties

We make personal data available to our business partners, other trustworthy companies or persons who process the data on our behalf. This is done on the basis of our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures.

7.3. For legal reasons

We will disclose personal data to companies, organizations or individuals if we can reasonably believe in good faith that access to, use, retention or disclosure of such data is necessary to comply with applicable laws, regulations or legal proceedings, or to comply with an enforceable government order.

8. Forwarding of data to a third country or international organisation

Unless expressly stated in this privacy statement, your personal data will not be transferred to third coun-tries or international organizations.

9. Automated individual decision-making, including profiling

Automated decision-making in an individual case, including profiling, does not take place.

10. Your rights

If any personal data of you are processed, you are a data subject within the meaning of GDPR and you have the following rights towards the controller; the controllers can be found in item 1.1..

10.1. Information rights

You have the right to be informed about the data stored by the controller, in particular the purposes for which they are processed and the time for which the data are stored (sect. 15 GDPR).

10.2. Right to rectification

You have a right to rectification and/or completion towards the controller, provided that the personal data processed concerning you are inaccurate or incomplete. The controller shall rectify them without undue delay.

10.3. Right to restriction of processing

You have the right to demand restriction of processing of your data. This right shall in particular apply for the duration of the review if you have disputed accuracy of the data concerning you, and for the case that you desire restricted processing instead of erasure if you have a right to erasure. Furthermore, pro-cessing shall be restricted if the data are no longer required for the purpose pursued by us, but you need the data to assert, exercise or defend legal claims, as well as if the successful exercise of an objection be-tween the controller and you is disputed (sect. 18 GDPR).

10.4. Right to erasure

You have the right to demand erasure of the personal data concerning you from the controller. These conditions stipulate that you may demand erasure of your data if the controller, e.g., no longer needs the personal data for the purposes for which they were collected or otherwise processed, the controller ille-gally processes the data or you have rightfully objected or you have withdrawn your consent or if there is any legal erasure obligation (sect. 17 GDPR).

10.5. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format (sect. 20 GDPR) if these have not been deleted al-ready.

10.6. Right to object

You have the right to object to processing of personal data concerning you that are processed based on sect. 5 para. 1 s. 1 lit. e or lit. f GDPR for reasons that result from your special situation at any time (sect. 21 GDPR). The controller will cease processing of the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you object, e.g., to use of your data for purposes of marketing, the controller shall not process your data anymore for such purposes.

10.7. Right to revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its with-drawal.

10.8. Right to not be subject to automated decision-making in an individual case including profiling

You have the right not to be subject to a decision based solely on automated processing, including profil-ing, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the controller,

(2) is authorised by provisions of Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legiti-mate interests or

(3) is made with your express consent.

However, such decisions shall not be based on special categories of personal data referred to in sect. 9 para. 1 GDPR, unless sect. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. Regarding the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10.9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.