Privacy
Data protection declaration according to the GDPR
1. Name and address of the
controller
Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
DAPO Leuchten Ambiente GmbH
Industriestraße 1
76669 Bad Schönborn
2. Address of the data protection officer
The data protection officer can be reached at DAPO at the following contact details:
Mr. Christopher May
c.may@dapo-leuchten.de
3. Use of cookies
The DAPO website uses cookies. Cookies are data stored by the internet browser on the user's computer system. The cookies can be transmitted to a page when it is called up and thus enable the user to be assigned. Cookies help to simplify the use of websites for users.
The following types of cookies, the scope and functionality of which are explained below, are used on DAPO's websites:
- Transient cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.
The following data may be collected:
- Entered search terms
- Frequency of website visits
- Use of website functions
- Log-in information
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
It is possible to object to the setting of cookies at any time by changing the setting in the Internet browser accordingly. Cookies that have been set can be deleted. Please note that if cookies are deactivated, it may not be possible to use all functions of our website to their full extent.
4. Creation of log files
Every time the website is accessed, DAPO collects data and information through an automated system. These are stored in the log files of the server.
The following data may be collected:
- Information about the browser type and version used
- The user's operating system
- The user's Internet service provider
- The user's IP address
- Date and time of access
- The amount of data transferred
- The message whether the access/retrieval was successful
- Websites from which the user's system reaches our website (referrer)
- Websites accessed by the user's system through our website
The processing of the data serves to deliver the content of our website, to ensure the functionality of our information technology systems and to optimise our website. The data of the log files are always stored separately from other personal data of the users.
This data cannot be assigned to specific persons. This data will not be merged with other data sources. The aforementioned data, including the IP address, will be stored for the duration of the communication process in order to enable the use of our websites. In addition, the IP address is stored for a short period of time to ensure IT security, in particular to protect our IT systems from misuse and to defend against attacks. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.
The same applies to the evaluation of this data in anonymized form for statistical purposes and to improve our Internet offer.
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
5. Registration on our website
If the data subject uses the opportunity to register on the website of the controller by providing personal data, the data will be transmitted to the controller in the respective input mask. The data will be stored by the controller for the sole purpose of internal use.
During registration, the user's IP address as well as the date and time of registration are stored. This is to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass it on.
The registration of the data serves to provide content or services.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has consented. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
Registered persons have the option of having the stored data deleted or changed at any time. The data subject receives information about the personal data stored about him/her.
6. Ways to contact
us There is a contact form on the DAPO website that can be used for electronic contact. Alternatively, it is possible to contact us via the e-mail address provided. If the data subject contacts the controller through one of these channels, the personal data provided by the data subject will be automatically stored. The storage is used solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties.
The data requested in the input mask is collected, including the following:
- Last name, first name
- Address
- E-mail address
At the time the message is sent, the following data will also be stored:
- IP address of the user
- Date and time of registration
Your consent will be obtained for the processing of the data as part of the submission process and reference will be made to this privacy policy.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has consented.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
7. E-mail transmission via a secure connection
Every e-mail from DAPO is securely encrypted during transmission via SSL/TLS (SSL/TLS encryption: STARTTLS protocol with PFS support (https://www.lda.bayern.de/media/pm2014_12.pdf). For you as the recipient, this encryption is not visible.
TLS stands for "Transport Layer Security" and is a security protocol for encrypting emails to ensure data privacy and integrity. TLS is the successor to SSL (Secure Sockets Layer).
By default, Gmail delivers messages using TLS. If a secure connection is not available (a secure connection requires the sender and recipient to use TLS), messages are delivered over unsecured connections.
However, you can configure the TLS settings so that emails from and to users of certain domains or with specific email addresses that you specify must always be transmitted over a secure connection.
The prerequisite for encrypted transport is appropriate support for the procedure by the e-mail provider. Most providers such as T-Online, GMail, GMX, Web.de, Yahoo, Hotmail or Arcor (as of April 2016) support TLS encryption. A few do not offer encryption. This means that third parties could read or modify the e-mail on its way through the Internet.
Please make sure that encryption is supported by your email provider. You can find the encryption information in the settings of your email portal.
If SSL encryption is activated, this means that the data you transmit to us cannot be read by third parties.
8. Newsletter
If you subscribe to our company's newsletter, the data will be transmitted to the controller in the respective input mask.
When registering for the newsletter, the user's IP address as well as the date and time of registration are stored. This is to prevent misuse of the services or the email address of the data subject. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass it on.
The data will be used exclusively for sending the newsletter.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, the consent to the storage of personal data can be revoked at any time. For this purpose, there is a corresponding link in every newsletter.
9. Mobile Apps
In addition to our website, DAPO provides you with a mobile app that you can download to your mobile device. In the following, we provide information about the collection of personal data when using our mobile app.When
the mobile app is downloaded, the necessary information is transmitted to the App Store, in particular the user name, e-mail address and customer number of your account, time of download and the individual device identifier. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.
When using the mobile app, we collect the personal data described below in order to enable the convenient use of the functions. Data that is technically necessary for us to offer you the functions of your mobile app and to ensure stability and security is collected by us:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status (http status code)
- Amount
of data transferred in each case- Website from which the request comes
- Browser
operating system and its interface
- Language and version of the browser software.
In addition, we need your device identifier (IMEI), the unique number of the network participant (IMSI), the mobile phone number (MSISDN), the MAC address for Wi-Fi use, the name of your mobile device, your e-mail address.
The legal basis for the processing of data after the user has downloaded the app is Art. 6 (1) (a) GDPR if the user has given his consent.
10. Disclosure of data to service providers
DAPO transmits the data collected, recorded and stored for the purposes of fulfilling the contract and preparing the contract to shipping service providers DHL and DPD within the scope of what is necessary.
11. Other data processing operations (social plugins, etc.)
Processing of http log data: Every time a user accesses DAPO websites and every time a file is retrieved,
data about this process is temporarily stored and processed in a log file. Before it is stored, each data record is anonymized by changing the IP address. It is therefore not possible to assign the collected data to a specific natural person. In detail, the following data is stored about each access/retrieval:
Anonymized IP address
Names of the retrieved files
Date and time of the subscriptionufs
Amount
of data transferred Notification of whether the retrieval was
successful This data is evaluated only for statistical purposes and to improve the offer and then deleted. No other use or transfer to third parties will take place.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has consented. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
Use of Google Analytics:
DAPO uses Google Analytics, a web analysis service provided by Google Inc. ("Google"), on its websites. Google Analytics uses so-called "cookies", which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the websites is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on these websites, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of these websites, Google will use this information to evaluate your use of the websites, to compile reports on website activity and to provide other services related to website activity and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of these websites to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the websites (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
Further information on terms of use and data protection can be found unterwww.google.com or under www.google.com/intl/de/analytics/privacyoverview.html. We would like to point out that Google Analytics has been extended by the code "gat._anonymizeIp();" on these websites in order to ensure anonymised collection of IP addresses (so-called IP masking).
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has consented. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
Use of YouTube plugins:
DAPO uses the provider YouTube for the integration of videos on its websites, among other things. YouTube is operated by YouTube LLC with its principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Some of DAPO's websites use plugins from the provider YouTube. When you access the websites provided with such a plugin – for example, the media library – a connection to the YouTube servers is established and the plugin is displayed. This transmits to the YouTube server which of our websites you have visited. If you are logged in to YouTube as a member, YouTube assigns this information to your personal user account. When using the plugin, e.g. clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of YouTube LLC and Google Inc. before using our website and deleting the corresponding cookies of the companies.
Further information on data processing and information on data protection by YouTube (Google) can be found under www.google.de/intl/de/policies/privacy/.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has consented. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
Facebook plugins (like buttons, etc.):
DAPO uses plugins from the social network Facebook on its websites, the provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize these plugins, for example, by the Facebook logo or the so-called "Like-Buton"; An overview of all plugins can be found under the following link:
https://developers.facebook.com/docs/plugins/
When you visit our websites, a direct connection is established between your browser and the Facebook servers via the plugin(s), whereby Facebook is informed that you have visited our websites with your IP address. If you have a Facebook profile and are logged in to Facebook during your visit, you can link the content of our websites to your Facebook profile, which allows Facebook to assign your visit to our websites to you or your user account. If you want to prevent this linking option, log out of your Facebook account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Facebook.
Further information on the handling of user data by Facebook can be found under the following link:
https://www.facebook.com/policy.php
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has consented. Serves the registrythe performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
LinkedIn:
DAPO uses functions of the LinkedIn network on its websites, provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If a page on our website contains a LinkedIn function (e.g. the "Recommend button"), a connection to the LinkedIn servers is established and LinkedIn is informed that you have visited our website with your IP address. If you have a LinkedIn profile, are logged in to LinkedIn during your visit and click on the "Recommend button", LinkedIn can assign your visit to our websites to you and your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by LinkedIn.
Further information on the handling of user data by LinkedIn can be found under the following link:
https://www.linkedin.com/legal/privacy-policy
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has consented. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
XING:
DAPODA uses the "XING Share Button" on its websites. The provider is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. When you access this website, your browser will establish a short-term connection to XING SE ("XING") servers with which the "XING Share Button" functions (in particular the calculation/display of the meter value) are provided. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the "XING Share Button". The current data protection information on the "XING Share Button" and additional information can be found on this website:
https://www.xing.com/app/share?op=data_protection
legal
basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has consented. If the registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
12. Identification procedure (double opt-in; DOI)
To prove declared consent and to verify identity, we use the so-called double opt-in procedure (DOI). This means that after you have registered for one of our services, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you agree to the storage of your data to enable the individual services.and you agree to be contacted for customer support and communication via those communication channels to which you have given your consent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.
13. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject.
As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data will be routinely deleted.
14. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
14.1. Right
of access You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing has occurred, you may request the Controller to provide the following information:
the purposes for which the personal data is processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
the planned period of storage of personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information about the origin of the data, if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.
14.2. Right to rectification
You have the right to rectification and/or completion vis-à-vis the Controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.
14.3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
if you contest the accuracy of the personal data concerning you for a period of time that allows the Controller to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
if the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
if you have objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
14.4. Right to erasure
14.4.1. You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following grounds applies:
The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
The you personal data in question have been unlawfully processed.
The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
14.4.2. If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have received from them the Removal of all links to, or copies or replications of, such personal information.
14.4.3. The right to erasure does not apply to the extent that the processing is
necessary for the exercise of the right to freedom of expression and information;
to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in para. 1 is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
for the assertion, exercise or defence of legal claims.
14.5 . Right to information
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients vis-à-vis the controller.
14.6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or Art. 9 (2) (a) GDPRr is based on a contract pursuant to Art. 6 (1) (b) GDPR and
the processing is carried out with the help of automated processes.
In exercising this right, you also have the right to obtain that the personal data concerning you is transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
14.7. Right
to object You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct advertising.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object to the use of information society services by means of automated procedures using technical specifications.
14.8. Right to revoke the declaration
of consent under data protection law You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.
14.9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for the conclusion or performance of a contract between you and the controller,
is permissible on the basis of Union or Member State law to which the controller is subject, and this lawregulations contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
is done with your explicit consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in a. and c., the Controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including, at a minimum, the right to obtain the intervention of a person from the Controller, to express one's own point of view and to challenge the decision.
14.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR violates.
The supervisory authority to which the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
15. Legal basis for processing
Insofar as we obtain the consent of the data subject for processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the case of the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the conduct of our business activities.
16. Duration of storage of personal data
Personal data will be stored for the duration of the respective statutory retention period. After the deadline has passed, a routinemoderate deletion of the data, unless there is a necessity for the initiation of a contract or the fulfilment of the contract.
Bad Schönborn, 04.06.2018