Privacy Policy

Thank you for your interest in our online presence. The protection and security of your personal data is a high priority for us. Personal data includes all types of data that can be used to identify you as an individual.

We point out that data transmission via internet (for example, when communicating by e-mail) may involve gaps in security and that complete protection of data against access by third parties is therefore impossible. It is therefore advisable to use the postal service when sending very sensitive data or information.

In the following section, we will inform you transparently and in understandable language about data collection and its scope, what your data is used for and what rights you have. If you have any questions about data protection, please contact us. The contact details can be found under point 1 of this data privacy statement.

Data privacy statement

Content

1. Responsible in accordance with the data protection law

Ueli Emmerich
Hoehenstrasse 4
69239 Neckarsteinach
(Germany)

Phone: +49 62 29 93 35 31
E-Mail: kontakt@ueli-emmerich.de

2. Collection of general information

Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer in so-called server log files. This data is technically necessary in order to display our website to you. It is not merged with data from other sources. This information (server log files) includes:

Browser type and version,
Operating system used,
Website from which you visit us (referrer URL),
Website that you visit (URLs accessed),
Date and time of your access,
Your internet protocol (IP) address,
Access status / HTTP status code,
amount of data transferred,
Internet service provider of the accessing computer.

The legal basis for data processing is Art. 6 para. 1 lit. f of the GDPR, which allows us to process data in the case of a legitimate interest. In this case, our legitimate interest is the reliable and error-free functioning of our website. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

3. Web hosting

For the hosting of our website and the presentation of the page content, we use a provider that provides its services itself or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.

4. Cookies

Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer.

Some elements of our website require that the accessing browser can be identified even after a page change. For example, to save login information. The cookies we use are technically necessary cookies that are automatically deleted after the browser is closed. Some cookies remain stored on your device and allow you to be recognised the next time you visit the site. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which allows us to process data in the case of a legitimate interest. In this case, our legitimate interest is to offer you a technically error-free and functionally optimised website.

You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. You can also generally exclude the acceptance of cookies or only accept them in certain cases. You can also set your browser to delete cookies once you close the browser window. Each browser differs in the way it manages cookie settings. These are described in the help menu of each browser, which explains how you can change your cookie settings.

Please note that if you do not accept cookies, our website will only function to a limited degree.

4.1 Technically necessary cookies that are set by our website

The PHPSESSIDD and MOZILOID cookies are so-called session cookies. These cookies contain a unique ID as anonymous user information, which is used to assign the user to the page accessed in order to ensure the basic functionality of this website. Session cookies are usually deleted when the browser is closed.

The mozilo cookie is set by the cookie banner and stores the visitor's decision on whether to set cookies. This cookie is usually deleted when the browser is closed.

5. Data security

In order to protect the security of your data during transmission, we use state-of-the-art encryption methods via an SSL or TLS connection.

Encryption means that your sensitive personal data cannot be intercepted and viewed by unauthorised third parties. You can recognise an encrypted connection by the fact that the address line of the browser begins with ‘https://’ and by the lock symbol in the browser line.

6. Contact form and use of our e-mail address

If you send us an e-mail or a message via the contact form, we store your data until we have finished processing your message. The mandatory information in the contact form can be recognised by the correspondingly marked input fields. The data will only be used to process your request and will be deleted once processing has been completed. The legal basis for data processing is Art. 6 para. 1 lit. f of the GDPR, which allows us to process the data in the case of a legitimate interest. In this case, our legitimate interest is responding to your message or processing your request.

7. Deletion or blocking of the data

We adhere to the principles of data avoidance and data minimisation. We therefore only store your personal data for as long as is necessary to fulfil the purposes stated here or for as long as is required by the storage and retention periods stipulated by the legislator under commercial and tax law.

Once the respective purpose no longer applies or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions, provided that it is no longer required for contract fulfilment or contract initiation.

8. Web analysis

We do not use any web analysis tools.

9. Social media plugins

No social media plugins are used on our websites.

10. Your rights towards the data controller

Listed below are the rights you have towards the data controller under the General Data Protection Regulation. The controller is named under point 1 of this privacy policy. If we process your personal data, you are a ‘data subject’ within the meaning of the General Data Protection Regulation.
If you want to exercise your rights as a data subject, you can contact the controller named under point 1 at any time.

10.1 Right to information

Any person affected by the processing of personal data has the right to receive information free of charge at any time from the controller about the personal data stored about them and a copy of this information. You are also entitled to the following information:

• the purposes of the processing,
• the categories of personal data being processed,
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning,
• the data subject or to object to such processing,
• the existence of a right to lodge a complaint with a supervisory authority (the competent authority is the data protection officer of the federal state in which we are based; addresses and links can be found here),
• if the personal data is not collected from the data subject: All available information about the origin of the data,
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

10.2 Right to rectification

Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

10.3 Right to erasure (right to be forgotten)

Every data subject has the right to immediately obtain from the controller the erasure of personal data concerning him or her in the case one of the following reasons applies and if the processing is not necessary:

• The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
• The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
• The personal data have been processed unlawfully.
• The personal data must be erased in order to meet a legal obligation from the EU law or a member state law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data stored by us, they can contact the controller named under point 1 at any time. The request for erasure will be complied with immediately.

10.3.1 Information to third parties

If the controller has made public the personal data concerning you and if he or she is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, then he or she shall take reasonable steps (also those of technical nature) in consideration of available technology and the cost of implementation, in order to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. The controller named under point 1 will take the necessary steps in individual cases.

10.3.2 Exceptions

The right to erasure does not exist if the processing is necessary

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by EU or EU member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defence of legal claims.

10.4 Right to restriction of processing

Any person affected by the processing of personal data has the right to request the controller to restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she can at any time contact the controller named under point 1. He will arrange for the restriction of processing.

10.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

10.6 Right to data portability

Any person affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

10.7 Right to object

Any person affected by the processing of personal data has the right to object, for causes arising from their particular situation, at any time to the processing of personal data concerning them on the basis of Art. 6 para. 1 lit. e or f GDPR, with effect for the future. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject or the processing serves the assertion, exercise or defence of legal claims.

If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

The data subject is free to exercise his or her right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

10.8 Automated decisions in individual cases, including profiling

Any person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10.9 Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

11. Existence of automated decision-making including profiling

As a responsible company, we do not use automated decision-making or profiling.

12. Necessity for the provision of personal data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for you to provide us with personal data in order to conclude a contract, which must subsequently be processed by us.
For example, you are obliged to provide us with personal data if we conclude a contract with you. Failure to provide the personal data would mean that the contract with you could not be concluded. The controller can inform you on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be. For this purpose, please contact the controller named under point 1.

13. Legal basis of the processing

Art. 6 para. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard our legitimate interests or those of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).