The Responsible Party as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other regulations concerning data protection is:
Dipl.-Inf. Georg Schulze-Dürr
3R solutions GmbH
Kleistraße 39
59073 Hamm
Germany
Phone:
The Data Security Officer of the Responsible Party is:
Jörg Schröder
3R solutions GmbH
Kleistraße 39
59073 Hamm
Germany
Phone:
2. Legal Basis for the Processing of Personal Data
To the extent that we request permission for the processing of personal data from the affected person, Art. 6 Par. 1 lit. a of the EU-General Data Protection Regulation (GDPR) serves as legal basis. For the processing of personal data that are required for the fulfillment of a contract with the affected person as one party of the contract, Art. 6 Par. 1 lit. b GDPR serves as legal basis. This also applies to processing actions that are required for the execution or implementation of pre-contractual procedures. To the extent that the processing of personal data is required for the fulfillment of a legal obligation our company is subject to, Art. 6 Par. 1 lit. c GDPR serves as legal basis. In case that vitally imporant interests of the affected person or any other natural person require the processing of personal data Art. 6 Paragraph. 1 lit. d GDPR serves as legal basis. If the processing required in order to protect legitimate interests of our company or a third party, and these interests are not overridden by the interests, basic rights and basic freedoms of the affected party, then Art. 6 Paragraph. 1 lit. f GDPR serves as legal basis for the processing.
3. Data Erasure and Retention Period
Personal data of the affected person are erased or blocked as soon as the purpose of retention is no longer applicable They may be retained beyond this time if such a retention has been designed by the European or national legislator as part of EU law, regulations or other statutes that the Responsible Party is subject to. Erasure or blocking of data also occurs if a retention period stipulated by these standards expires, unless further retention of the data is required for the signing or fulfillment of a contract.
IV. Provision of a Website and Creation of Logfiles
1. Description and Extent of the Data Processing
Every time our internet site is accessed, the system automatically records data and information concerning the computer of system accessing the site. The following data are collected:
- (1) Information concerning the type and version of the used browser
- (2) The user’s operating system
- (3) The user’s Internet Service Provider
- (4) The user’s anonymized IP-address
- (5) Date and time of the access
- (6) Websites which led the user’s system to our internet site
- (7) Websites which are accessed by the user’s system from our website
These data are also saved in our system’s logfiles. This does not include the user’s IP-address nor any other data which would allow attribution of the data to a user. There is no retention of these data, nor of any other personal data of the user
2. Legal Basis for the Data Processing
The legal basis for the temporary retention of these data is Art. 6 Paragraph. 1 lit. f GDPR.
3. Purpose of the Data Processing
The temporary retention of the IP-address is required, in order to allow delivery of the website to the user’s computer. For this the IP-address of the user has to be retained for the duration of the session. This purpose constitutes our legitimate interest in processing these data, according to Art. 6 Paragraph. 1 lit. f GDPR.
4. Retention Duration
The data are erased as soon as they are no longer required for to achieve the purpose of their collection. In case of data collection for the provision of the website, this is the case as soon as the session is concluded.
5. Right of Objection
The collection of data for the provision of the website and the retention of data in logfiles is essential and mandatory for the operation of the internet site. Therefore the user does not have any option to object against this data collection.
V. Usage of Cookies
1. Description and Extent of the Data Processing
Our website uses Cookies. Cookies are text files, which are saved in or by the internet browser on user’s computer system. If a user accesses a website, a Cookie can be saved in his operating system. This Cookie contains a distinctive string of characters, which allows a positive identification of the browser when accessing the website again. We use Cookies in order to make our website more user-friendly. Some elements of our internet site also require that Browser attempting access can also be identified after changing the page. To this purpose the Cookies record and transmit the following data:
- (1) Language Settings
- (2) Articles in a Shopping Cart
- (3) Log-In-Information
2. Legal Basis for the Data Processing
The legal basis for the processing of personal data by using Cookies is Art. 6 Paragraph. 1 lit. f GDPR.
3. Purpose of the Data Processing
The purpose in the use of technically required Cookies is to simplify the usage of websites for the user. Some functionalities of our internet site could not be offered without the use of Cookies. For these it is mandatory that the browser can be recognized even after changing the page.
We require Cookies for the following applications:
- (1) Transfer of language settings
- (2) Retention of search items
The user data collected by technically required Cookies are not used for the creation of user profiles. These purposes also constitute our legitimate interest in processing personal data, according to Art. 6 Paragraph. 1 lit. f GDPR.
4. Retention Duration, Right of Objection
Cookies are saved on the user’s computer and are transmitted to our website by this computer. Thus the user has full control concerning the use of Cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmittal of Cookies. Cookies that are already saved on your computer can be deleted at any time, a process that can also be automated. If Cookies are deactivated for our website it may not be possible any more to use all functionalities of the website to their full extent.
VI. Newsletter
1. Description and Extent of the Data Processing
Our website offers the option to subscrube to a free newsletter. When subscribing to the newsletter, the data entered into the registration form are transmitted to us. The following data are collected when subscribing:
- (1) IP-address of the accessing computer
- (2) Date and time of the registration
During the registration process you are informed about this data privacy statement, and are asked for your agreement for the processing of your data. In connection to the data collection for the sending of newsletters no data will be transmitted or relayed to third parties. The data are exclusively used for the distribution of the newsletter.
2. Legal Basis for the Data Processing
The legal basis for the processing of data after registration for the newsletter and agreement of the user is Art. 6 Paragraph. 1 lit. a GDPR.
3. Purpose of the Data Processing
The collection of the user’s e-mail address is required for distribution of the newsletter. The collection of other personal data during the registration process serves to prevent misuse of either the services or of the registered e-mail address.
4. Retention Duration
The data are erased as soon as they are no longer required to fulfill the purpose of their collection. The user’s e-mail address will therefore be retained for the duration of the active subscription. Any other personal data collected during the registration process are generally erased after a period of seven days.
5. Right of Objection
The user can cancel their subscription to the newsletter at any time. For this purpose every newsletter will include an „Unsubscribe“ link. This also allows a retraction of the permission for the retention of the personal data collected during the registration process.
VII. Contact Form and E-Mail Contact
1. Description and Extent of the Data Processing
Our internet site includes a contact form, which can be used to electronically establish contact to our company. If a user exercises this option, the data entered into the contact form will be retained and transmitted to us. These data are:
- (1) E-Mail
- (2) Name
- (3) Message in text format
Upon transmitting the message to us, the following additional data are retained:
- (4) Date and time of the transmission
During the sending process you are informed about this data privacy statement, and are asked for your agreement for the processing of your data. Alternatively it is possible to establish contact using the provided e-mail address. In this case the user’s personal data transmitted with the e-mail will be retained. There is no transfer or relay of these data to third parties. The data are exclusively used for the processing of the established conversation.
2. Legal Basis for the Data Processing
The legal basis for the processing of the data with permission of the user is Art. 6 Paragraph. 1 lit. a GDPR. Legal basis for the processing of data which are transmitted as part of sending an e-mail is Art. 6 Paragraph. 1 lit. f GDPR. If the goal of the e-mail contact is the signing of a contract, then Art. 6 Paragraph. 1 lit. b GDPR serves as an additional legal basis for the processing of data.
3. Purpose of the Data Processing
The processing of personal data from the entry mask are solely used for the processing of the contact. In case of contact established by e-mail this also constitutes the required legitimate interest in processing the data. The additional personal data processed during the sending process serve to prevent a misuse of the contact form, and to ensure the safety of our IT systems.
4. Retention Duration
The data are erased as soon as they are no longer required for the fulfillment of the purpose of their collection. For the personal data entered into the input mask of the contact form, as well as those transmitted by e-mail, this is the case when the conversation with the user is terminated. The conversation is terminated when the circumstances make it clear that the relevant and pertinent issues have been resolved conclusively. The additional personal data collected during the transmission process are erased after a period of no more than seven days.
5. Right of Objection
The user can rescind their agreement for the processing of their personal data at any time. If the user establishes contact via e-mail, they can object to the retention of their personal data at any time. In such a case the conversation can not be continued. The recision of the agreement and the objection to the retention can be sent informally to
datenschutz [at] 3-r [dot] de. In this case all personal data which had been collected as part of establishing contact are erased.
VIII. Rights of the Affected Person
If your personal data are processed, you are an Affected Person in the sense of the GDPR and are entitled to the following rights regarding the Responsible Party:
>
1. Right to Information
You can request the Responsible Party to confirm whether we are processing your personal data. Liegt eine If there is such processing, you can request the disclosure of the following information by the Responsible Party:
- (1) the purpose for which the personal data are processed;
- (2) the receivers and parties to whom personal data affecting you have been or will be disclosed;
- (3) the proposed duration of the retention of your personal data, or in case precise information are not available, the criteria determining the retention duration;
- (4) the existance of a right to have your personal data corrected or erased, a right to limit the processing by the Responsible Party, or a right to object against this processing;
- (5) the existance of a right to complain to a supervising authority;
- (6) you have the right to demand disclosure whether your personal data have been transmitted or relayed to a third party country or an international organisation. In this case you can demand to be informed about the appropriate safeguards according to Art. 46 GDPR in connection to this transmission.
2. Right to Correction
You have the right to have the Responsible Party correct or complete any of your personal data that are incorrect or incomplete. The Responsible Party is obliged to correct or complete the data immediately.
3. Right to Limitation of Processing
You can request a limitation of the processing of your personal data under the following circumstances:
- (1) if you dispute the correctness of your personal data for a period of time that allows the Responsible Party to check and confirm the correctness of the personal data;
- (2) the processing is illegitimate and you decline the erasure of your personal data, and instead request a limitation of the use of your personal data;
- (3) the Responsible Party no longer requires the personal data for the purpose of processing, but you require them for the assertion, execution or defense of legal claims, or
- (4) if you objected against the processing according to Art. 21 Paragraph. 1 GDPR, and it has not yet been confirmed whether the legitimate reasons of the Responsible Party override your reasons.
If the processing of your personal data has been limited, these data may, except for their retention, only be processed with your permission, or for the assertion, execution or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or one of its member states. If the limitation was restricted according to the conditions listed above, the Responsible Party will notify you before the limitation is removed.
4. Right to Erasure
a) Obligation to Erase
You can request the Responsible Party to immediately erase all your personal data, and the Responsible Party is obliged to immediately comply and erase the data, as long as one of the following reasons applies:
- (1) Your personal data are no longer required for the purpose for which they were collected or processed in any other way.
- (2) You rescind your permission, which was the basis of the processing according to Art. 6 Paragraph. 1 lit. a or Art. 9 Paragraph. 2 lit. a GDPR, and there is no other legal basis for the processing.
- (3) You object against processing according to Art. 21 Paragraph. 1 GDPR, and there are no overriding reasons for the processing, or you object to processing according to Art. 21 Paragraph. 2 GDPR.
- (4) Your personal data have been processed illegitimately.
- (5) The deletion of your personal data is required for compliance with a legal obligation the Responsible Party is subject to under the laws of the European Union or a member state .
- (6) Your personal data have been collected in connection with offered services of the information society according to Art. 8 Paragraph. 1 GDPR.
b) Information to Third Parties
If the Responsible Party has disclosed your personal data publically, and is obliged to their erasure according to Art. 17 Paragraph. 1 GDPR, the Responsible Party will take appropriate measures (including technical measures) within the available technology and considering the cost of implementation, in order to inform others who are responsible for the processing of personal data, that you as Affected Person have requested them to erase all links to your personal data, as well as of copies and replications of this personal data.
c) Exceptions
The Right to Erasure does not apply in case the processing is required
- (1) for the execution of the right to free speech and information;
- (2) for compliance with a legal obligation which requires processing according to the laws of the European Union or the member country that the Responsible Party is subject to, or for the execution of a task or duty which is in the public interest or results in the execution of public authority, which has been assigned to the Responsible Party;
- (3) for reasons of public interest in the area of public health according to Art. 9 Paragraph. 2 lit. h and i as well as Art. 9 Paragraph. 3 GDPR;
- (4) for purposes of archiving in the public interest, purposes of scientific or historic research, or for statistical purposes according to Art. 89 Paragraph. 1 GDPR, as far as the right stated in section a) would presumably make the realization of the goals of this processing impossible or significantly impede such realiziation, or
- (5) for the assertion, execution or defense of legal claims.
5. Right to Notification
If you have asserted your Right to Correction, Erasure, or Limitation of Processing against the Responsible Party, the Responsible Party is obliged to notify all recipients to whom your personal data had been disclosed, of this correction or erasure of the data, or the limitation of the processing, unless this is impossible or requires disproportionate effort. You have the right to be informed about these recipients by the Responsible Party.
6. Right to Data Portability
You have the right to receive the personal data you have made available to the Responsible Party in a structured, common and machine-readable format. In additional you have the right to relay or transmit these data to another Responsible Party without interference or impediment by the Responsible Party the data had been made available to, as long as
- (1) the processing is based on consent according to Art. 6 Paragraph. 1 lit. a GDPR, or Art. 9 Paragraph. 2 lit. a GDPR, or a contract according to Art. 6 Paragraph. 1 lit. b GDPR and
- (2) the processing utilizes automated systems.
When exercising this right you furthermore have the right to effect the direct transmission of your personal data from one Responsible Party to the other Responsible Party, to the extent that this is technically feasible. Freedoms and Rights of other persons may not be affected or compromised by this. The Right to Data Portability does not apply for processing personal data that is required for the execution of a task or duty which is in the public interest or results in the execution of public authority, which has been assigned to the Responsible Party.
7. Right to Object
You have the right to object to the processing of your personal data based on Art. 6 Paragraph 1 lit. e or f GDPR, for reasons arising from your specific situation; this also applies to profiling based on these regulations. The Responsible Party will no longer process your personal data, unless evidence of reasons for processing can be provided, which are worthy of protection and override your interests, rights and freedoms, or the processing serves the assertion, execution or defense of legal claims. If your personal data are processed for the purposes of direct mail or targeted advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling associated with such direct mailings and targeted advertising. If you object to the processing of your data for the purpose of direct mail or targeted advertising, then any of your personal data will no longer be processed for these purposes. In connection with use of services of the information society you have the option to exercise your Right to Object using automated processes using technical specifications – Guideline 2002/58/EG notwithstanding.
8. Right to Rescind Consent
You have the right to rescind your consent to the processing of your personal data at any time. Rescinding consent does not affect the legitimacy of any processing based on your consent prior to its recission..
9. Right to Complain to the Supervising Authority
Regardless of other administrative or legal remedies, you have the right to complain to a supervising authority, especially in the member state of your residence, your work place, or the place of the alleged violation, if you believe that the processing of your personal data is in violation to the GDPR. The supervising authority the complaint is submitted to will notify the complainant of the status and the result of the complaint, including the option of seeking legal redress according to Art. 78 GDPR.