DeutschPrivacy Policy
Data protection information for the company OhmEx Industrielle Elektrowärme GmbH’s web portals, status: 05.07.2018
General Information
The contents of the company OhmEx Industrielle Elektrowärme GmbH (hereinafter “OhmEx”)‘s website serve solely for providing information without any additional functions. Nevertheless, personal data is collected during your visit to our website. Protecting your personal data is very important to OhmEx. It is important to us to inform you about what personal data is collected, how it is used and what options are available to you. This data protection information gives an overview of the points that apply when processing your data in this web portal and in OhmEx’s business operations. The information on processing your data is based on the principle of Article 13 of the General Data Protection Regulation (GDPR). References to legal regulations refer to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in the version valid from 25.05.2018.
I. Name and address of the Controller
The data controller within the meaning of the GDPR and other national data protection laws of member states as well as other data protection regulations is
OhmEx Industrielle Elektrowärme GmbH
Industriering 7
63868 Großwallstadt
Phone: 0049 6022 261200
Fax: 0049 6022 261202
Email: info@ohmex.de
Website: www.ohmex.de
II. General information on data processing
Scope of processing of personal data
Our website is purely an information platform without additional services such as for example an online store, a payments system, tracking options, profile analyses and the like. We only process users‘ personal data if this is absolutely necessary to provide a functional website as well as our contents and services. Processing our users‘ personal data is usually only carried out after users have consented. An exception applies in those cases where prior consent cannot be obtained for actual reasons and processing data is permitted by law.
When you visit our website, we process the data your browser transmits to us so that we can display the website you have requested. We also have a legitimate interest in processing this information to ensure the stability and security of the site. To this end we process the following data: Your IP address (anonymised), date and time of the request, difference of your time zone to GMT, the specific page visited, your HTTP status code, the volume of data transferred, the referrer, type of browser, operating system and its interface, version of browser software,
(legal basis: Art. 6 (1) lit. b GDPR, Art. 6 (1) lit. f GDPR). In some cases, we also use cookies to do this.
The above paragraph applies to so-called access logs. These are stored for a period of 6 weeks.
Furthermore, so-called error logs (incorrect accesses to the website) are created. These are stored for 5 days and include: date and time of the request, the domain requested, client IP address, error code, error message.
Legal basis for processing personal data
Insofar as we obtain consent from the data subject to process personal data, Art. 6 Section 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing personal data required to execute a contract, to which the data subject is party, Art. 6 Section 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 Section 1 lit. c GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the mentioned interest first, Art. 6 Section 1 lit. f GDPR serves as the legal basis for processing data.
Data erasure and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislation in EU regulations, laws or other provisions which the person responsible is subject to. The data will also be blocked or deleted if a storage period specified by the aforementioned standards expires, unless there is a need to continue storing the data to conclude or fulfil a contract.
External service providers
Our website is hosted exclusively by employees of the company OhmEx GmbH. We have commissioned professional contract processors with the care and maintenance of our IT systems. Contract processors are such companies that we commission to process data within the legally specified context, Article 28 GDPR (service providers, vicarious agents). OhmEx GmbH also remains responsible for protecting your data even in this case. We have concluded order processing contracts with our service providers to ensure data processing complies with the statutory and data protection regulations. The principles of data minimization and data economy are followed throughout, access rights are minimized to the absolutely necessary number.
Processing Locations
Your data will be processed on servers in Germany and in other European countries. If, in exceptional cases, your data is also processed (e.g. by third-tier remote accesses) in countries outside the European Union (i.e. and therefore in so-called third countries), this will take place to the extent that you have expressly consented to this or this is necessary for our service provision to you, or this is provided for in law (Art. 49 GDPR). In addition, your data will only be processed in third countries if certain measures have been taken to ensure that an appropriate level of data protection exists (e.g. adequacy decision of the EU Commission or so-called appropriate safeguards, Art. 44ff. GDPR).
III. Provision of the website and creating log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system used for access.
The following data is collected and stored:
- Information about the type of browser and the version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address (anonymized)
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites accessed by the user’s system via our website
2. Legal basis for data processing
The legal basis for temporary storage of data and log files is Art. 6 Section 1 lit. f GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is required to make delivery of the website to the user’s computer possible. To do this, the user‘s IP address must remain stored for the duration of the session. The data is stored in log files to ensure the website’s functionality. In addition, the data serves for optimizing our website and to ensure the security of our information technology systems. No evaluation of data for marketing purposes takes place in this context.
Our legitimate interest in processing data pursuant to Article 6 Section 1 lit. f GDPR is also based on these purposes.
4. Storage Period
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of collecting data for provision of the website, when the respective session has ended. If data is stored in log files, this is the case after 6 weeks at the latest. Further storage is possible. In this case, users’ IP addresses are deleted or alienated, so that assigning client dial-ups is no longer possible.
Collecting data for providing the website and storing data in log files is absolutely necessary for operating the website. Consequently, there is no possibility for the user to object.
IV. Use of cookies
1. Description and the Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of symbols that enables unique identification of the browser when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the browser dialling up can be identified even after a change of page or site. The following data is stored and transmitted in cookies: Attribute: product Value
Cookies cannot be used to start programs or to transmit viruses to a computer. Based on the information contained in cookies, we can make navigation easier for you and can make it possible for our web pages to be displayed correctly.
Under no circumstances will data we collect be passed on to third parties or linked to personal data without your consent.
Of course, you can also view our website without cookies. Internet browsers are usually set up to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use your internet browser’s help functions in order to find out how to change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.
-
Legal basis for Processing Data
The legal basis for processing personal data using cookies is Art. 6 Section 1 lit. f GDPR
-
Purpose for Processing Data
The purpose for using cookies which are required for technical purposes is to simplify the use of websites for users. Some functions of our website cannot be provided without using cookies. To do this, it is necessary for the browser to be recognized again even after a page change. Our legitimate interest in processing personal data in accordance with Art. 6 Section 1 lit. f GDPR also lies within these purpose. We need cookies for the following applications: The purpose of the cookie used is to have already filled in the product name for the inquiring party
when they are downloading the contact form.
-
Period of storage, Opportunity to Object and Resolution
Cookies are stored on the user’s computer and transmitted to our website. Therefore, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be carried out automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
V. SSL encoding
We use state-of-the-art encryption methods (e.g. SSL) via HTTPS to protect the security of your data during transmission.
VI. Contact form and contact by e-mail
Description and scope of Processing Data
There is a contact form on our website which can be used to contact us by electronic means. If a user avails themselves of this possibility, the data entered into the input screen will be transmitted to us and stored.
Your consent for processing the data is obtained within the scope of the transmission process and reference is made to this data protection declaration.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.
Data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.
Legal basis for Processing Data
The legal basis for processing data is Art. 6 Section 1 lit. a GDPR, if the user has given his consent.
The legal basis for the processing data transmitted in the course of sending an e-mail is Art. 6 Section 1 lit. f GDPR. If the e-mail is aimed at concluding a contract, then the additional legal basis for processing is Art. 6 Section 1 lit. b GDPR.
Purpose for Processing Data
Processing personal data from the input screen serves merely for us to process the contact made. In the event of contact by e-mail, this also constitutes the requisite legitimate interest in processing the data.
Other personal data processed during the transmission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Length of storage
Data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data from the input screen of the contact form and those sent in by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances, that the facts in question have been clarified conclusively.
Additional personal data collected during the transmission process will be deleted at the latest after a period of seven days.
Opportunity to Object and Resolution
The user has the opportunity to revoke his consent to personal data being processed at any time. If the user contacts us by e-mail, he can object to our storing storage his personal data at any time. In such cases, the conversation may not be continued.
In this case all personal data stored in the course of contacting us will be deleted.
VII. Integrating third-party services and contents
It may transpire that third party contents, such as YouTube videos, maps from Google Maps, RSS feeds or graphics from other websites are integrated within this online offering. This always presupposes that providers of these contents (hereinafter referred to as “third party providers”) are aware of the user’s IP address. Because without the IP address, they could not send the contents to the respective user‘s browser. The IP address is therefore required to display these contents. We make every effort to use only those contents whose respective providers only use the IP address for delivering contents. However, we have no influence over whether the third party providers store the IP address, e.g. for statistical purposes. As far as we are aware of this, we will inform users of this.
VIII. Rights of the data subject
If your personal data are processed you are the data subject within the meaning of the GDPR and you have the following rights towards the controller:
Right to information
You can ask the controller for confirmation of whether personal data concerning you are being processed by us.
If such processing has taken place, you can request the following information from the controller:
(1) the purposes for which personal data are being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom personal data concerning you have been sent or are still being disclosed;
(4) the planned duration for storing personal data concerning you or, if specific information on this is not available, criteria for determining the storage period;
(5) the existence of a right to correction or deletion of personal data concerning you, a right to limit processing by the controller or a right to object to such processing;
(6) the existence of the right of appeal to a supervisory authority;
(7) any information available on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision making, including profiling in accordance with Art. 22 Section 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You are entitled to request information on whether personal data concerning you have been transferred to a third country or to an international organisation. In this context, you may ask to be informed of the appropriate guarantees pursuant to Article 46 GDPR in connection with the transmission.
Right to Corrections
If personal data processed concerning you are incorrect or incomplete, you have a right to correction and/or completion with regard to the controller. The controller must make the correction without delay.
Right to Limit Processing
Under the following circumstances you may request that processing personal data concerning you be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period that enables the controller to verify the correctness of personal data;
(2) processing the data is unlawful and you refuse the deletion of personal data and instead request that the use of personal data is restricted;
(3) the controller no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have filed an objection to processing pursuant to Art. 21 Section1 GDPR, and no determination has taken place yet of whether the controller’s justified reasons outweigh your reasons.
If processing personal data concerning you has been restricted, such data may only be processed – apart from storage – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
Duty of Erasure
You may request the controller erases personal data relating to you without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:
(1) Personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which processing was based pursuant to Article 6 Section 1 lit. a or Article 9 Section2 lit. a GDPR, and there is no other legal basis for processing.
(3) You raise an objection against processing pursuant to Art. 21 Section1 GDPR and there are no overriding legitimate reasons for processing the data, or you file an objection against processing pursuant to Art. 21 Section 2 GDPR.
(4) Personal data concerning you were processed unlawfully.
(5) The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States the controller is subject to.
(6) Personal data concerning you have been collected in relation to information society services provided in accordance with Art. 8 Section 1 GDPR.
Exceptions
The right to cancellation does not exist to the extent that processing is required
(1) to exercise freedom of expression and information;
(2) for fulfilling a legal obligation which requires processing according to the law of the Union or of the Member States to which the controller is subject, or to perform a task in the public interest or to exercise official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 Section 2 lit. h and i and Art. 9 Section 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Section 1 GDPR, to the extent that the law referred to in section a) will probably make to make it impossible to achieve the goals of this processing or will seriously impair them, or
(5) to assert, exercise or defend legal claims.
Right to instruction
If you have exercised your right for the controller to correct, delete or restrict processing, then he is obliged to inform all recipients to whom personal data concerning you were disclosed of this correction or deletion of data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You are entitled to be informed of such recipients by the controller.
Right to data transferability
You have the right to receive personal data concerning you that you provided to the controller in a structured, up-to-date and machine-readable format. In addition, you have the right to pass this data on to another supervisory person without obstruction by the controller to whom the personal data was provided, provided that
(1) processing is based on consent pursuant to Art. 6 Section 1 lit. a GDPR or Art. 9 Section 2 lit. a GDPR or on a contract pursuant to Art. 6 Section 1 lit. b GDPR and
(2) processing is carried out using automated methods.
In exercising this right, you also are justified to request that personal data concerning you be transferred directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other persons may not be affected by this.
The right to transferability shall not apply to processing of personal data required for realising a task in the public interest or in the exercise of official authority conferred on the controller.
Right of Appeal
You have the right to object at any time, for reasons arising from your particular situation, to processing of personal data concerning you under Article 6(1)(e) or (f) of GDPR; this also applies to profiling based on these provisions.
The controller will no longer process personal data concerning you, unless he can prove compelling reasons worthy of protection for processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data concerning you are processed for direct marketing purposes, you are entitled to object to processing of personal data concerning you for the purpose of such advertising at any time; this also applies to profiling, to the extent that it is associated with this type of direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you will no longer be processed for these purposes.
You have the opportunity to exercise your right to object in connection with the use of information society services by means of automated processes – notwithstanding Directive 2002/58/EC.
Right to revoke the legal data protection declaration of consent
You have the right to revoke your legal data protection declaration of consent at any time. The withdrawal notice must be addressed to:
OhmEx Industrielle Elektrowärme GmbH
Industriering 7
63868 Großwallstadt
Fax: +49 6022 261202
Email: info@ohmex.de
In the event of withdrawal, the company OhmEx will not process the personal data to which the consent applied any further, unless the company OhmEx GmbH is legally obliged to do so. If OhmEx GmbH is legally obliged to store your personal data, further processing of your personal data will be limited accordingly, and the data will only be stored for the statutory archiving period specified. However, the revocation has no effect on past processing of personal data by OhmEx GmbH up until the time of the cancellation.
IX. Use of Google Maps
This website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects, processes and uses data on the use of map functions by visitors. Please refer to Google’s privacy policy at https://policies.google.com/privacy for more information on Google’s processing of data. You can also change your personal data protection settings there in the Data Protection Center.
You can find detailed instructions on how to manage your own data in conjunction with Google products here https://support.google.com/accounts/answer/3024190..
X. Right to complain to a supervisory authority
You are entitled to complain to a supervisory authority Without prejudice to any other administrative or judicial remedy, in particular in the Member State where you reside, work or suspect infringement, if you believe that processing of personal data concerning you contravenes GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of judicial remedy according to Article 78 GDPR.
You can contact your local supervisory authority with a complaint at any time. Your competent supervisory authority depends on your state of residence, your work or the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
XI. Changes to our data protection regulations
We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply for your next visit.
Status of data protection information: 25.05.2018