Pri­va­cy policy

We are very plea­sed about your inte­rest in our com­pa­ny. Data pro­tec­tion is of a par­ti­cu­lar­ly high prio­ri­ty for the manage­ment of Strand­Fa­brik GmbH. The use of the Inter­net pages of the Strand­Fa­brik GmbH is pos­si­ble wit­hout any indi­ca­ti­on of per­so­nal data. Howe­ver, if a data sub­ject wants to use spe­cial ser­vices pro­vi­ded by our enter­pri­se via our web­site, pro­ces­sing of per­so­nal data could beco­me neces­sa­ry. If pro­ces­sing of per­so­nal data is neces­sa­ry and the­re is no legal basis for such pro­ces­sing, we will gene­ral­ly obtain the con­sent of the data subject.

 

The pro­ces­sing of per­so­nal data, such as the name, address, e‑mail address, or tele­pho­ne num­ber of a data sub­ject shall always be in line with the coun­try-spe­ci­fic data pro­tec­tion regu­la­ti­ons appli­ca­ble to the Strand­Fa­brik GmbH. By means of this data pro­tec­tion decla­ra­ti­on, our enter­pri­se would like to inform the public about the type, scope and pur­po­se of the per­so­nal data we coll­ect, use and pro­cess. Fur­ther­mo­re, data sub­jects are infor­med of their rights by means of this data pro­tec­tion declaration.

 

As the con­trol­ler, the Strand­Fa­brik GmbH has imple­men­ted num­e­rous tech­ni­cal and orga­niza­tio­nal mea­su­res to ensu­re the most com­ple­te pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Howe­ver, Inter­net-based data trans­mis­si­ons can always be sub­ject to secu­ri­ty vul­nerabi­li­ties, so that abso­lu­te pro­tec­tion can­not be gua­ran­teed. For this reason, every data sub­ject is free to trans­mit per­so­nal data to us by alter­na­ti­ve means, for exam­p­le by telephone.

 

1. defi­ni­ti­ons

 

The data pro­tec­tion decla­ra­ti­on of Strand­Fa­brik GmbH is based on the terms used by the Euro­pean Direc­ti­ve and Ordi­nan­ce when issuing the Data Pro­tec­tion Regu­la­ti­on (DS-GVO). Our data pro­tec­tion decla­ra­ti­on should be easy to read and under­stand for the public as well as for our cus­to­mers and busi­ness part­ners. To ensu­re this, we would like to explain the terms used in advance.

 

We use the fol­lo­wing terms, among others, in this Pri­va­cy Policy:

 

(a) per­so­nal data

 

Per­so­nal data means any infor­ma­ti­on rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (her­ein­af­ter “data sub­ject”). An iden­ti­fia­ble natu­ral per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­ti­cu­lar by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­ti­on num­ber, loca­ti­on data, an online iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­ti­ty of that natu­ral person.

 

(b) the per­son concerned

 

Data sub­ject means any iden­ti­fied or iden­ti­fia­ble natu­ral per­son who­se per­so­nal data are pro­ces­sed by the controller.

 

1. c) Pro­ces­sing

 

Pro­ces­sing is any ope­ra­ti­on or set of ope­ra­ti­ons which is per­for­med upon per­so­nal data, whe­ther or not by auto­ma­tic means, such as coll­ec­tion, recor­ding, orga­ni­sa­ti­on, fil­ing, sto­rage, adapt­a­ti­on or altera­ti­on, retrie­val, con­sul­ta­ti­on, use, dis­clo­sure by trans­mis­si­on, dis­se­mi­na­ti­on or other­wi­se making available, ali­gnment or com­bi­na­ti­on, rest­ric­tion, era­su­re or destruction.

 

(d) rest­ric­tion of processing

 

Rest­ric­tion of pro­ces­sing is the mar­king of stored per­so­nal data with the aim of limi­ting their future processing.

 

(e) Pro­fil­ing

 

Pro­fil­ing is any form of auto­ma­ted pro­ces­sing of per­so­nal data which con­sists in using such per­so­nal data to eva­lua­te cer­tain per­so­nal aspects rela­ting to a natu­ral per­son, in par­ti­cu­lar to ana­ly­se or pre­dict aspects rela­ting to that natu­ral person’s per­for­mance at work, eco­no­mic situa­ti­on, health, per­so­nal pre­fe­ren­ces, inte­rests, relia­bi­li­ty, beha­viour, loca­ti­on or chan­ge of location.

 

1. f) Pseud­ony­mi­sa­ti­on

 

Pseud­ony­mi­sa­ti­on is the pro­ces­sing of per­so­nal data in such a way that the per­so­nal data can no lon­ger be attri­bu­ted to a spe­ci­fic data sub­ject wit­hout the use of addi­tio­nal infor­ma­ti­on, pro­vi­ded that such addi­tio­nal infor­ma­ti­on is kept sepa­ra­te­ly and is sub­ject to tech­ni­cal and orga­ni­sa­tio­nal mea­su­res which ensu­re that the per­so­nal data are not attri­bu­ted to an iden­ti­fied or iden­ti­fia­ble natu­ral person.

 

(g) con­trol­ler or per­son respon­si­ble for processing

 

The con­trol­ler or per­son respon­si­ble for pro­ces­sing is the natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which alo­ne or joint­ly with others deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data. Whe­re the pur­po­ses and means of such pro­ces­sing are deter­mi­ned by Uni­on or Mem­ber Sta­te law, the con­trol­ler or the spe­ci­fic cri­te­ria for its desi­gna­ti­on may be pro­vi­ded for under Uni­on or Mem­ber Sta­te law.

 

(h) pro­ces­sors

 

Pro­ces­sor means a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which pro­ces­ses per­so­nal data on behalf of the controller.

 

(i) Reci­pi­ent

 

A reci­pi­ent is a natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body to whom per­so­nal data are dis­c­lo­sed, whe­ther or not a third par­ty. Howe­ver, public aut­ho­ri­ties that may recei­ve per­so­nal data in the con­text of a spe­ci­fic inves­ti­ga­ti­on task under Uni­on or Mem­ber Sta­te law shall not be con­side­red as recipients.

 

1. j) Third

 

Third par­ty means any natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body other than the data sub­ject, the con­trol­ler, the pro­ces­sor and the per­sons who, under the direct aut­ho­ri­ty of the con­trol­ler or the pro­ces­sor, are aut­ho­ri­sed to pro­cess the per­so­nal data.

 

1. k) Con­sent

 

Con­sent shall mean any free­ly given spe­ci­fic and infor­med indi­ca­ti­on of the wis­hes of the data sub­ject, in the form of a decla­ra­ti­on or other unam­bi­guous affir­ma­ti­ve act, by which the data sub­ject signi­fies his agree­ment to the pro­ces­sing of per­so­nal data rela­ting to him.

 

2. name and address of the controller

 

The respon­si­ble par­ty within the mea­ning of the Gene­ral Data Pro­tec­tion Regu­la­ti­on, other data pro­tec­tion laws appli­ca­ble in the Mem­ber Sta­tes of the Euro­pean Uni­on and other pro­vi­si­ons of a data pro­tec­tion natu­re is:

 

Strand­Fa­brik GmbH

 

Falcken­stei­ner Street 2

 

24159 Kiel

 

Ger­ma­ny

 

Pho­ne: +4916095459567

 

Email: ahoi@strandfabrik.sh

 

Web­site: www.strandfabrik.sh

 

3. coo­kies

 

The Strand­Fa­brik GmbH web­site uses coo­kies. Coo­kies are text files that are stored on a com­pu­ter sys­tem via an Inter­net browser.

 

Many web­sites and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a string of cha­rac­ters by which Inter­net pages and ser­vers can be assi­gned to the spe­ci­fic Inter­net brow­ser in which the coo­kie was stored. This enables the visi­ted Inter­net pages and ser­vers to distin­gu­ish the indi­vi­du­al brow­ser of the per­son con­cer­ned from other Inter­net brow­sers that con­tain other coo­kies. A spe­ci­fic inter­net brow­ser can be reco­g­nis­ed and iden­ti­fied via the uni­que coo­kie ID.

 

Through the use of coo­kies, the Strand­Fa­brik GmbH can pro­vi­de the users of this web­site with more user-fri­end­ly ser­vices that would not be pos­si­ble wit­hout the coo­kie setting.

 

By means of a coo­kie, the infor­ma­ti­on and offers on our web­site can be opti­mi­zed in the sen­se of the user. Coo­kies allow us, as alre­a­dy men­tio­ned, to reco­gni­ze the users of our web­site. The pur­po­se of this reco­gni­ti­on is to make it easier for users to use our web­site. For exam­p­le, the user of a web­site that uses coo­kies does not have to re-enter his or her access data each time he or she visits the web­site, becau­se this is done by the web­site and the coo­kie stored on the user’s com­pu­ter sys­tem. Ano­ther exam­p­le is the coo­kie of a shop­ping cart in an online store. The online shop remem­bers the items that a cus­to­mer has pla­ced in the vir­tu­al shop­ping cart via a cookie.

 

The data sub­ject can pre­vent the set­ting of coo­kies by our web­site at any time by means of an appro­pria­te set­ting of the Inter­net brow­ser used and thus per­ma­nent­ly object to the set­ting of coo­kies. Fur­ther­mo­re, coo­kies that have alre­a­dy been set can be dele­ted at any time via an Inter­net brow­ser or other soft­ware pro­grams. This is pos­si­ble in all com­mon Inter­net brow­sers. If the data sub­ject deac­ti­va­tes the set­ting of coo­kies in the Inter­net brow­ser used, not all func­tions of our web­site may be ful­ly usable.

 

4. coll­ec­tion of gene­ral data and information

 

The web­site of the Strand­Fa­brik GmbH coll­ects a series of gene­ral data and infor­ma­ti­on every time a data sub­ject or auto­ma­ted sys­tem calls up the web­site. This gene­ral data and infor­ma­ti­on is stored in the log files of the ser­ver. The fol­lo­wing data may be coll­ec­ted: (1) the brow­ser types and ver­si­ons used, (2) the ope­ra­ting sys­tem used by the acces­sing sys­tem, (3) the web­site from which an acces­sing sys­tem acces­ses our web­site (so-cal­led refer­rer), (4) the sub-web­sites that are acces­sed via an acces­sing sys­tem on our web­site, (5) the date and time of access to the web­site, (6) an Inter­net pro­to­col address (IP address), (7) the Inter­net ser­vice pro­vi­der of the acces­sing sys­tem and (8) other simi­lar data and infor­ma­ti­on that ser­ve to avert dan­ger in the event of attacks on our infor­ma­ti­on tech­no­lo­gy systems.

 

When using the­se gene­ral data and infor­ma­ti­on, the Strand­Fa­brik GmbH does not draw any con­clu­si­ons about the data sub­ject. Rather, this infor­ma­ti­on is nee­ded (1) to deli­ver the con­tents of our web­site cor­rect­ly, (2) to opti­mi­ze the con­tents of our web­site and the adver­ti­sing for the­se, (3) to ensu­re the long-term func­tion­a­li­ty of our infor­ma­ti­on tech­no­lo­gy sys­tems and the tech­no­lo­gy of our web­site, and (4) to pro­vi­de law enforce­ment aut­ho­ri­ties with the infor­ma­ti­on neces­sa­ry for pro­se­cu­ti­on in the event of a cyber attack. The­r­e­fo­re, the Strand­Fa­brik GmbH ana­ly­zes anony­mously coll­ec­ted data and infor­ma­ti­on on one hand, and on the other hand, with the aim of incre­asing the data pro­tec­tion and data secu­ri­ty of our enter­pri­se, and ulti­m­ate­ly ensu­ring an opti­mal level of pro­tec­tion for the per­so­nal data we pro­cess. The anony­mous data of the ser­ver log files are stored sepa­ra­te­ly from any per­so­nal data pro­vi­ded by a data subject.

 

5. cont­act pos­si­bi­li­ty via the website

 

The web­site of the Strand­Fa­brik GmbH con­ta­ins legal requi­re­ments which enable a quick elec­tro­nic cont­act to our enter­pri­se, as well as direct com­mu­ni­ca­ti­on with us, which also includes a gene­ral address of the so-cal­led elec­tro­nic mail (e‑mail address). If a data sub­ject cont­acts the con­trol­ler by e‑mail or by using a cont­act form, the per­so­nal data trans­mit­ted by the data sub­ject will be stored auto­ma­ti­cal­ly. Such per­so­nal data trans­mit­ted on a vol­un­t­a­ry basis by a data sub­ject to the con­trol­ler will be stored for the pur­po­ses of pro­ces­sing or cont­ac­ting the data sub­ject. This per­so­nal data will not be dis­c­lo­sed to third parties.

 

6. rou­ti­ne dele­ti­on and blo­cking of per­so­nal data

 

The con­trol­ler shall pro­cess and store per­so­nal data of the data sub­ject only for the peri­od neces­sa­ry to achie­ve the pur­po­se of sto­rage or whe­re pro­vi­ded for by the Euro­pean Direc­ti­ve and Regu­la­ti­on or other legis­la­tor in laws or regu­la­ti­ons to which the con­trol­ler is subject.

 

If the pur­po­se of sto­rage no lon­ger appli­es or if a sto­rage peri­od pre­scri­bed by the Euro­pean Direc­ti­ve and Ordi­nan­ce or ano­ther com­pe­tent legis­la­tor expi­res, the per­so­nal data will be rou­ti­ne­ly blo­cked or dele­ted in accordance with the sta­tu­to­ry provisions.

 

7. rights of the data subject
8. a) Right to confirmation

 

Every data sub­ject has the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, to obtain con­fir­ma­ti­on from the con­trol­ler as to whe­ther per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to exer­cise this right, he or she may, at any time, cont­act any employee of the controller.

 

1. b) Right of access

 

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on, to obtain at any time from the con­trol­ler, free of char­ge, infor­ma­ti­on about the per­so­nal data stored con­cer­ning him or her, and a copy of that infor­ma­ti­on. Fur­ther­mo­re, the Euro­pean Direc­ti­ve and Regu­la­ti­on has gran­ted the data sub­ject access to the fol­lo­wing information:

 

the pro­ces­sing purposes

the cate­go­ries of per­so­nal data processed

the reci­pi­ents or cate­go­ries of reci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar in the case of reci­pi­ents in third count­ries or inter­na­tio­nal organisations

if pos­si­ble, the plan­ned dura­ti­on for which the per­so­nal data will be stored or, if this is not pos­si­ble, the cri­te­ria for deter­mi­ning this duration

the exis­tence of the right to obtain the rec­ti­fi­ca­ti­on or era­su­re of per­so­nal data con­cer­ning him or her, or the rest­ric­tion of pro­ces­sing by the con­trol­ler, or the right to object to such processing

the exis­tence of a right of appeal to a super­vi­so­ry authority

if the per­so­nal data are not coll­ec­ted from the data sub­ject: All available infor­ma­ti­on on the ori­gin of the data

the exis­tence of auto­ma­ted decis­i­on-making, inclu­ding pro­fil­ing, pur­su­ant to Artic­le 22(1) and (4) of the GDPR and, at least in the­se cases, meaningful infor­ma­ti­on about the logic invol­ved and the scope and inten­ded effects of such pro­ces­sing for the data subject

 

The data sub­ject shall also have the right to obtain infor­ma­ti­on as to whe­ther per­so­nal data have been trans­fer­red to a third coun­try or to an inter­na­tio­nal orga­ni­sa­ti­on. If this is the case, the data sub­ject shall also have the right to obtain infor­ma­ti­on on the appro­pria­te safe­guards in rela­ti­on to the transfer.

 

If a data sub­ject wis­hes to exer­cise this right of access, he or she may, at any time, cont­act any employee of the controller.

 

1. c) Right of rectification

 

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on, to obtain the rec­ti­fi­ca­ti­on wit­hout delay of inac­cu­ra­te per­so­nal data con­cer­ning him or her. Fur­ther­mo­re, the data sub­ject has the right to request the com­ple­ti­on of incom­ple­te per­so­nal data, inclu­ding by means of a sup­ple­men­ta­ry decla­ra­ti­on, taking into account the pur­po­ses of the processing.

 

If a data sub­ject wis­hes to exer­cise this right to rec­ti­fy, he or she may, at any time, cont­act any employee of the controller.

 

1. d) Right to era­su­re (right to be forgotten)

 

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, to obtain from the con­trol­ler the era­su­re wit­hout delay of per­so­nal data con­cer­ning him or her, whe­re one of the fol­lo­wing reasons appli­es and inso­far as the pro­ces­sing is not necessary:

 

The per­so­nal data were coll­ec­ted or other­wi­se pro­ces­sed for pur­po­ses for which they are no lon­ger necessary.

The data sub­ject revo­kes the con­sent on which the pro­ces­sing was based pur­su­ant to Artic­le 6(1)(a) of the GDPR or Artic­le 9(2)(a) of the GDPR and the­re is no other legal basis for the processing.

The data sub­ject objects to the pro­ces­sing pur­su­ant to Artic­le 21(1) of the GDPR and the­re are no over­ri­ding legi­ti­ma­te grounds for the pro­ces­sing, or the data sub­ject objects to the pro­ces­sing pur­su­ant to Artic­le 21(2) of the GDPR.

The per­so­nal data have been pro­ces­sed unlawfully.

The dele­ti­on of the per­so­nal data is neces­sa­ry for com­pli­ance with a legal obli­ga­ti­on under Uni­on or Mem­ber Sta­te law to which the con­trol­ler is subject.

The per­so­nal data was coll­ec­ted in rela­ti­on to infor­ma­ti­on socie­ty ser­vices offe­red pur­su­ant to Artic­le 8(1) DS-GVO.

 

If one of the afo­re­men­tio­ned reasons appli­es, and a data sub­ject wis­hes to arran­ge for the dele­ti­on of per­so­nal data stored by the Strand­Fa­brik GmbH, he or she may, at any time, cont­act any employee of the con­trol­ler. The employee of the Strand­Fa­brik GmbH will arran­ge for the dele­ti­on request to be com­pli­ed with immediately.

 

If the per­so­nal data has been made public by the Strand­Fa­brik GmbH and our com­pa­ny as the respon­si­ble par­ty is obli­ged to dele­te the per­so­nal data pur­su­ant to Art. 17 para. 1 DS-GVO to era­se per­so­nal data, the Strand­Fa­brik GmbH shall, taking into account the available tech­no­lo­gy and the cost of imple­men­ta­ti­on, imple­ment reasonable mea­su­res, inclu­ding tech­ni­cal mea­su­res, to inform other data con­trol­lers which pro­cess the published per­so­nal data, that the data sub­ject has reques­ted from tho­se other data con­trol­lers to era­se all links to or copies or repli­ca­ti­ons of the per­so­nal data, unless the pro­ces­sing is neces­sa­ry. The employee of the Strand­Fa­brik GmbH will arran­ge the neces­sa­ry in indi­vi­du­al cases.

 

(e) the right to rest­rict processing

 

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on, to obtain from the con­trol­ler the rest­ric­tion of pro­ces­sing whe­re one of the fol­lo­wing con­di­ti­ons is met:

 

The accu­ra­cy of the per­so­nal data is con­tes­ted by the data sub­ject for a peri­od enab­ling the con­trol­ler to veri­fy the accu­ra­cy of the per­so­nal data.

The pro­ces­sing is unlawful, the data sub­ject objects to the era­su­re of the per­so­nal data and requests ins­tead the rest­ric­tion of the use of the per­so­nal data.

The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of pro­ces­sing, but the data sub­ject needs it for the estab­lish­ment, exer­cise or defence of legal claims.

The data sub­ject has objec­ted to the pro­ces­sing pur­su­ant to Artic­le 21(1) of the GDPR and it is not yet clear whe­ther the legi­ti­ma­te grounds of the con­trol­ler over­ri­de tho­se of the data subject.

 

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to request the rest­ric­tion of per­so­nal data stored by the Strand­Fa­brik GmbH, he or she may, at any time, cont­act any employee of the con­trol­ler. The employee of the Strand­Fa­brik GmbH will arran­ge the rest­ric­tion of the processing.

 

(f) the right to data portability

 

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on, to recei­ve the per­so­nal data con­cer­ning him or her, which have been pro­vi­ded by the data sub­ject to a con­trol­ler, in a struc­tu­red, com­mon­ly used and machi­ne-rea­da­ble for­mat. He or she also has the right to trans­mit this data to ano­ther con­trol­ler wit­hout hin­drance from the con­trol­ler to whom the per­so­nal data have been pro­vi­ded, pro­vi­ded that the pro­ces­sing is based on con­sent pur­su­ant to Artic­le 6(1)(a) of the GDPR or Artic­le 9(2)(a) of the GDPR or on a con­tract pur­su­ant to Artic­le 6(1)(b) of the GDPR and the pro­ces­sing is car­ri­ed out by auto­ma­ted means, unless the pro­ces­sing is neces­sa­ry for the per­for­mance of a task car­ri­ed out in the public inte­rest or in the exer­cise of offi­ci­al aut­ho­ri­ty ves­ted in the controller.

 

Fur­ther­mo­re, when exer­cis­ing his or her right to data por­ta­bi­li­ty pur­su­ant to Artic­le 20(1) of the GDPR, the data sub­ject shall have the right to obtain that the per­so­nal data be trans­fer­red direct­ly from one con­trol­ler to ano­ther con­trol­ler, whe­re tech­ni­cal­ly fea­si­ble and pro­vi­ded that this does not adver­se­ly affect the rights and free­doms of other individuals.

 

In order to assert the right to data por­ta­bi­li­ty, the data sub­ject may at any time cont­act any employee of the Strand­Fa­brik GmbH.

 

(g) Right to object

 

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on to object at any time, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to the pro­ces­sing of per­so­nal data con­cer­ning him or her which is car­ri­ed out on the basis of Artic­le 6(1)(e) or (f) of the GDPR. This also appli­es to pro­fil­ing based on the­se provisions.

 

The Strand­Fa­brik GmbH shall no lon­ger pro­cess the per­so­nal data in the event of the objec­tion, unless we can demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or for the asser­ti­on, exer­cise or defence of legal claims.

 

If the Strand­Fa­brik GmbH pro­ces­ses per­so­nal data for the pur­po­se of direct mar­ke­ting, the data sub­ject shall have the right to object at any time to pro­ces­sing of per­so­nal data pro­ces­sed for such mar­ke­ting. This also appli­es to the pro­fil­ing, inso­far as it is rela­ted to such direct mar­ke­ting. If the data sub­ject objects to the Strand­Fa­brik GmbH to the pro­ces­sing for direct mar­ke­ting pur­po­ses, the Strand­Fa­brik GmbH will no lon­ger pro­cess the per­so­nal data for the­se purposes.

 

In addi­ti­on, the data sub­ject has the right, on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on, to object to pro­ces­sing of per­so­nal data con­cer­ning him or her which is car­ri­ed out by the Strand­Fa­brik GmbH for sci­en­ti­fic or his­to­ri­cal rese­arch pur­po­ses, or for sta­tis­ti­cal pur­po­ses pur­su­ant to Artic­le 89(1) of the Data Pro­tec­tion Regu­la­ti­on (DS-GVO), unless such pro­ces­sing is neces­sa­ry for the per­for­mance of a task car­ri­ed out in the public interest.

 

In order to exer­cise the right to object, the data sub­ject may direct­ly cont­act any employee of the Strand­Fa­brik GmbH or ano­ther employee. The data sub­ject is also free to exer­cise his/her right to object by means of auto­ma­ted pro­ce­du­res using tech­ni­cal spe­ci­fi­ca­ti­ons in con­nec­tion with the use of infor­ma­ti­on socie­ty ser­vices, not­wi­th­stan­ding Direc­ti­ve 2002/58/EC.

 

(h) auto­ma­ted decis­i­ons in indi­vi­du­al cases, inclu­ding profiling

 

Any per­son con­cer­ned by the pro­ces­sing of per­so­nal data has the right, gran­ted by the Euro­pean Direc­ti­ve and the Regu­la­ti­on, not to be sub­ject to a decis­i­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­fil­ing, which pro­du­ces legal effects con­cer­ning him or her or simi­lar­ly signi­fi­cant­ly affects him or her, unless the decis­i­on (1) is neces­sa­ry for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the con­trol­ler, or (2) is per­mit­ted by Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject and that law con­ta­ins sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­ma­te inte­rests, or (3) is based on the data subject’s expli­cit consent.

 

If the decis­i­on (1) is neces­sa­ry for ente­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and the data con­trol­ler, or (2) it is made with the data subject’s expli­cit con­sent, the Strand­Fa­brik GmbH shall imple­ment sui­ta­ble mea­su­res to safe­guard the data subject’s rights and free­doms and legi­ti­ma­te inte­rests, which include at least the right to obtain the data subject’s invol­vement on the part of the con­trol­ler, to express his or her point of view and con­test the decision.

 

If the data sub­ject wis­hes to exer­cise the rights con­cer­ning auto­ma­ted decis­i­ons, he or she may, at any time, cont­act any employee of the controller.

 

1. i) Right to revo­ke a data pro­tec­tion consent

 

Any per­son affec­ted by the pro­ces­sing of per­so­nal data has the right gran­ted by the Euro­pean Direc­ti­ve and Regu­la­ti­on to with­draw con­sent to the pro­ces­sing of per­so­nal data at any time.

 

If the data sub­ject wis­hes to exer­cise the right to with­draw the con­sent, he or she may, at any time, cont­act any employee of the controller.

 

8. pri­va­cy poli­cy on the use and appli­ca­ti­on of Facebook

 

The con­trol­ler has inte­gra­ted com­pon­ents of the com­pa­ny Face­book on this web­site. Face­book is a social network.

 

A social net­work is a social mee­ting place ope­ra­ted on the Inter­net, an online com­mu­ni­ty that usual­ly allows users to com­mu­ni­ca­te and inter­act with each other in vir­tu­al space. A social net­work can ser­ve as a plat­form for sha­ring opi­ni­ons and expe­ri­en­ces, or allows the Inter­net com­mu­ni­ty to pro­vi­de per­so­nal or busi­ness-rela­ted infor­ma­ti­on. Face­book allows social net­work users to crea­te pri­va­te pro­files, upload pho­tos and net­work via fri­end requests, among other things.

 

Facebook’s ope­ra­ting com­pa­ny is Face­book, Inc., 1 Hacker Way, Men­lo Park, CA 94025, USA. If a data sub­ject lives out­side the USA or Cana­da, the data con­trol­ler is Face­book Ire­land Ltd, 4 Grand Canal Squa­re, Grand Canal Har­bour, Dub­lin 2, Ireland.

 

By each call of one of the indi­vi­du­al pages of this web­site, which is ope­ra­ted by the con­trol­ler and on which a Face­book com­po­nent (Face­book plug-in) has been inte­gra­ted, the inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly cau­sed by the respec­ti­ve Face­book com­po­nent to down­load a repre­sen­ta­ti­on of the cor­re­spon­ding Face­book com­po­nent from Face­book. A com­ple­te over­view of all Face­book plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this tech­ni­cal pro­ce­du­re, Face­book recei­ves know­ledge of which spe­ci­fic sub-page of our web­site is visi­ted by the data subject.

 

If the data sub­ject is log­ged into Face­book at the same time, Face­book reco­g­ni­s­es which spe­ci­fic sub-page of our web­site the data sub­ject is visi­ting each time the data sub­ject calls up our web­site and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Face­book com­po­nent and assi­gned by Face­book to the respec­ti­ve Face­book account of the data sub­ject. If the data sub­ject acti­va­tes one of the Face­book but­tons inte­gra­ted on our web­site, for exam­p­le the “Like” but­ton, or if the data sub­ject makes a com­ment, Face­book assigns this infor­ma­ti­on to the per­so­nal Face­book user account of the data sub­ject and stores this per­so­nal data.

 

Face­book always recei­ves infor­ma­ti­on via the Face­book com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is log­ged into Face­book at the same time as cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Face­book com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Face­book, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Face­book account befo­re acces­sing our website.

 

The data poli­cy published by Face­book, which can be acces­sed at https://de-de.facebook.com/about/privacy/, pro­vi­des infor­ma­ti­on about the coll­ec­tion, pro­ces­sing and use of per­so­nal data by Face­book. It also explains which set­ting opti­ons Face­book offers to pro­tect the pri­va­cy of the data sub­ject. In addi­ti­on, various appli­ca­ti­ons are available that make it pos­si­ble to sup­press data trans­mis­si­on to Face­book. Such appli­ca­ti­ons can be used by the data sub­ject to sup­press data trans­mis­si­on to Facebook.

 

9. pri­va­cy poli­cy on the use and appli­ca­ti­on of Instagram

 

The con­trol­ler has inte­gra­ted com­pon­ents of the Insta­gram ser­vice on this web­site. Insta­gram is a ser­vice that qua­li­fies as an audio­vi­su­al plat­form and allows users to share pho­tos and vide­os and also to redis­tri­bu­te such data on other social networks.

 

The com­pa­ny ope­ra­ting the Insta­gram ser­vices is Face­book Ire­land Ltd, 4 Grand Canal Squa­re, Grand Canal Har­bour, Dub­lin 2 Ireland.

 

By each call of one of the indi­vi­du­al pages of this web­site, which is ope­ra­ted by the con­trol­ler and on which an Insta­gram com­po­nent (Ins­ta but­ton) has been inte­gra­ted, the inter­net brow­ser on the infor­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is auto­ma­ti­cal­ly cau­sed by the respec­ti­ve Insta­gram com­po­nent to down­load a repre­sen­ta­ti­on of the cor­re­spon­ding com­po­nent from Insta­gram. As part of this tech­ni­cal pro­cess, Insta­gram recei­ves know­ledge of which spe­ci­fic sub­page of our web­site is visi­ted by the data subject.

 

If the data sub­ject is log­ged into Insta­gram at the same time, Insta­gram reco­g­ni­s­es which spe­ci­fic sub-page the data sub­ject is visi­ting each time the data sub­ject calls up our web­site and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Insta­gram com­po­nent and assi­gned by Insta­gram to the respec­ti­ve Insta­gram account of the data sub­ject. If the data sub­ject acti­va­tes one of the Insta­gram but­tons inte­gra­ted on our web­site, the data and infor­ma­ti­on thus trans­mit­ted will be assi­gned to the per­so­nal Insta­gram user account of the data sub­ject and stored and pro­ces­sed by Instagram.

 

Insta­gram always recei­ves infor­ma­ti­on via the Insta­gram com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is simul­ta­neous­ly log­ged into Insta­gram at the time of cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Insta­gram com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Insta­gram, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Insta­gram account befo­re acces­sing our website.

 

More infor­ma­ti­on and Instagram’s appli­ca­ble pri­va­cy poli­cy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

10. pri­va­cy poli­cy on the use and appli­ca­ti­on of LinkedIn

 

The con­trol­ler has inte­gra­ted com­pon­ents of the Lin­ke­dIn Cor­po­ra­ti­on on this web­site. Lin­ke­dIn is an Inter­net-based social net­work that allows users to con­nect with exis­ting busi­ness cont­acts and to make new busi­ness cont­acts. Over 400 mil­li­on regis­tered indi­vi­du­als use Lin­ke­dIn in more than 200 count­ries. This makes Lin­ke­dIn curr­ent­ly the lar­gest plat­form for busi­ness cont­acts and one of the most visi­ted web­sites in the world.

 

The ope­ra­ting com­pa­ny of Lin­ke­dIn is Lin­ke­dIn Cor­po­ra­ti­on, 2029 Stier­lin Court Moun­tain View, CA 94043, USA. For data pro­tec­tion issues out­side the USA, Lin­ke­dIn Ire­land, Pri­va­cy Poli­cy Issues, Wil­ton Pla­za, Wil­ton Place, Dub­lin 2, Ire­land, is responsible.

 

With each indi­vi­du­al call-up of our web­site that is equip­ped with a Lin­ke­dIn com­po­nent (Lin­ke­dIn plug-in), this com­po­nent cau­ses the brow­ser used by the per­son con­cer­ned to down­load a cor­re­spon­ding repre­sen­ta­ti­on of the com­po­nent from Lin­ke­dIn. Fur­ther infor­ma­ti­on on Lin­ke­dIn plug-ins can be found at https://developer.linkedin.com/plugins. Within the scope of this tech­ni­cal pro­ce­du­re, Lin­ke­dIn recei­ves know­ledge of which spe­ci­fic sub-page of our web­site is visi­ted by the data subject.

 

If the data sub­ject is log­ged in to Lin­ke­dIn at the same time, Lin­ke­dIn reco­g­ni­s­es which spe­ci­fic sub-page of our web­site the data sub­ject is visi­ting with each call-up to our web­site by the data sub­ject and for the enti­re dura­ti­on of the respec­ti­ve stay on our web­site. This infor­ma­ti­on is coll­ec­ted by the Lin­ke­dIn com­po­nent and assi­gned by Lin­ke­dIn to the respec­ti­ve Lin­ke­dIn account of the data sub­ject. If the data sub­ject acti­va­tes a Lin­ke­dIn but­ton inte­gra­ted on our web­site, Lin­ke­dIn assigns this infor­ma­ti­on to the per­so­nal Lin­ke­dIn user account of the data sub­ject and stores this per­so­nal data.

 

Lin­ke­dIn always recei­ves infor­ma­ti­on via the Lin­ke­dIn com­po­nent that the data sub­ject has visi­ted our web­site if the data sub­ject is log­ged into Lin­ke­dIn at the same time as cal­ling up our web­site; this takes place regard­less of whe­ther the data sub­ject clicks on the Lin­ke­dIn com­po­nent or not. If the data sub­ject does not want this infor­ma­ti­on to be trans­mit­ted to Lin­ke­dIn, he or she can pre­vent the trans­mis­si­on by log­ging out of his or her Lin­ke­dIn account befo­re acces­sing our website.

 

Lin­ke­dIn offers the abili­ty to unsub­scri­be from email mes­sa­ges, SMS mes­sa­ges, and tar­ge­ted ads, as well as mana­ge ad set­tings at https://www.linkedin.com/psettings/guest-controls. Lin­ke­dIn also uses part­ners such as Quant­cast, Goog­le Ana­ly­tics, Blue­Kai, Dou­ble­Click, Niel­sen, Comscore, Elo­qua and Lota­me, which may set coo­kies. Such coo­kies can be refu­sed at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s appli­ca­ble pri­va­cy poli­cy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s coo­kie poli­cy is available at https://www.linkedin.com/legal/cookie-policy.

 

11. legal basis of the processing

 

Artic­le 6 I lit. a DS-GVO ser­ves as the legal basis for our com­pa­ny for pro­ces­sing ope­ra­ti­ons in which we obtain con­sent for a spe­ci­fic pro­ces­sing pur­po­se. If the pro­ces­sing of per­so­nal data is neces­sa­ry for the per­for­mance of a con­tract to which the data sub­ject is a par­ty, as is the case, for exam­p­le, with pro­ces­sing ope­ra­ti­ons that are neces­sa­ry for the deli­very of goods or the pro­vi­si­on of ano­ther ser­vice or con­side­ra­ti­on, the pro­ces­sing is based on Artic­le 6 I lit. b of the GDPR. The same appli­es to such pro­ces­sing ope­ra­ti­ons that are neces­sa­ry for the imple­men­ta­ti­on of pre-con­trac­tu­al mea­su­res, for exam­p­le in cases of inqui­ries about our pro­ducts or ser­vices. If our com­pa­ny is sub­ject to a legal obli­ga­ti­on by which a pro­ces­sing of per­so­nal data beco­mes neces­sa­ry, such as for the ful­fill­ment of tax obli­ga­ti­ons, the pro­ces­sing is based on Art. 6 I lit. c DS-GVO. In rare cases, the pro­ces­sing of per­so­nal data might beco­me neces­sa­ry in order to pro­tect the vital inte­rests of the data sub­ject or ano­ther natu­ral per­son. This would be the case, for exam­p­le, if a visi­tor were to be inju­red on our pre­mi­ses and as a result his or her name, age, health insu­rance details or other vital infor­ma­ti­on had to be pas­sed on to a doc­tor, hos­pi­tal or other third par­ty. Then the pro­ces­sing would be based on Art. 6 I lit. d DS-GVO.

Ulti­m­ate­ly, pro­ces­sing ope­ra­ti­ons could be based on Art. 6 I lit. f DS-GVO. Pro­ces­sing ope­ra­ti­ons which are not cover­ed by any of the afo­re­men­tio­ned legal bases are based on this legal basis if the pro­ces­sing is neces­sa­ry to pro­tect a legi­ti­ma­te inte­rest of our com­pa­ny or a third par­ty, pro­vi­ded that the inte­rests, fun­da­men­tal rights and free­doms of the data sub­ject are not over­ridden. Such pro­ces­sing ope­ra­ti­ons are per­mit­ted to us in par­ti­cu­lar becau­se they were spe­ci­fi­cal­ly men­tio­ned by the Euro­pean legis­la­tor. In this respect, it took the view that a legi­ti­ma­te inte­rest could be assu­med if the data sub­ject is a cus­to­mer of the con­trol­ler (reci­tal 47 sen­tence 2 DS-GVO).

 

12. legi­ti­ma­te inte­rests in the pro­ces­sing pur­sued by the con­trol­ler or a third party

 

If the pro­ces­sing of per­so­nal data is based on Artic­le 6 I lit. f DS-GVO, our legi­ti­ma­te inte­rest is the per­for­mance of our busi­ness acti­vi­ties for the bene­fit of the well-being of all our employees and our shareholders.

 

13. the peri­od for which the per­so­nal data are stored

 

The cri­ter­ion for the dura­ti­on of the sto­rage of per­so­nal data is the respec­ti­ve sta­tu­to­ry reten­ti­on peri­od. After expiry of the peri­od, the cor­re­spon­ding data is rou­ti­ne­ly dele­ted, pro­vi­ded that it is no lon­ger requi­red for the ful­film­ent of the con­tract or the initia­ti­on of the contract.

 

14. legal or con­trac­tu­al requi­re­ments to pro­vi­de the per­so­nal data; neces­si­ty for the con­clu­si­on of the con­tract; obli­ga­ti­on of the data sub­ject to pro­vi­de the per­so­nal data; pos­si­ble con­se­quen­ces of not pro­vi­ding the per­so­nal data

 

We would like to inform you that the pro­vi­si­on of per­so­nal data is part­ly requi­red by law (e.g. tax regu­la­ti­ons) or may also result from con­trac­tu­al regu­la­ti­ons (e.g. infor­ma­ti­on on the con­trac­tu­al partner).

Some­ti­mes, in order to con­clude a con­tract, it may be neces­sa­ry for a data sub­ject to pro­vi­de us with per­so­nal data that must sub­se­quent­ly be pro­ces­sed by us. For exam­p­le, the data sub­ject is obli­ged to pro­vi­de us with per­so­nal data if our com­pa­ny con­cludes a con­tract with him or her. Fail­ure to pro­vi­de the per­so­nal data would mean that the con­tract with the data sub­ject could not be concluded.

Befo­re the data sub­ject pro­vi­des per­so­nal data, the data sub­ject must cont­act one of our employees. Our employee will inform the data sub­ject on a case-by-case basis whe­ther the pro­vi­si­on of the per­so­nal data is requi­red by law or con­tract or is neces­sa­ry for the con­clu­si­on of the con­tract, whe­ther the­re is an obli­ga­ti­on to pro­vi­de the per­so­nal data and what the con­se­quen­ces of not pro­vi­ding the per­so­nal data would be.

 

15. exis­tence of auto­ma­ted decis­i­on making

 

As a respon­si­ble com­pa­ny, we do not use auto­ma­tic decis­i­on-making or profiling.

 

Deve­lo­ped by the Legal­Tech spe­cia­lists at Wil­ling & Able, who also deve­lo­ped the sys­tem for DS-GVO pro­ce­du­re direc­to­ries. The texts of the data pro­tec­tion decla­ra­ti­on gene­ra­tor were crea­ted and published by Prof. Dr. h.c.. Hei­ko Jon­ny Manie­ro and lawy­er Chris­ti­an Solmecke.