Privacy

Privacy policy

This privacy policy clarifies the type, scope and purpose of purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and associated websites, features and content as well as external online presence such as our social media profiles (hereinafter referred to collectively as "online offer"). With regard to the terminology used, such as "processing" or "controller", we refer you to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Conti Sanitärarmaturen GmbH
Hauptstraße 98
35435 Wettenberg
Germany

Email address: info[at]conti.plus
Managing Director: Andreas Kregler
Link to the legal notice: http://conti.plus/de/site/page/type/imprint

Email address of the Data Protection Officer: datenschutz[at]conti.plus

Types of data processed:

  • Inventory data (e.g. names, addresses).
  • Contact data (e.g. emails, phone numbers).
  • Content data (e.g. text input, photographs, videos).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the online offer (hereinafter the persons concerned are referred to collectively as "users").

Purpose of the processing

Operation of the website and provision of the online offer, its features and content.
Responding to enquiries and communication with users.
Security measures
Measuring reach and marketing
Optimisation of business relations and product optimisation

Terminology used

"Personal data" means all the information relating to an identified or identifiable natural person (hereinafter referred to as "person concerned"). A natural person is considered to be identifiable if they can be identified, directly or indirectly, particularly by assigning an identifier such as a name, identification number, location data, online identifier (e.g. cookie) or one or more specific characteristics, which are an expression of the physical, physiological, genetic, psychological, financial, cultural or social identity of this natural person.

"Processing" means any process which is completed, with or without the help of automated procedures, or any such series of processes in connection with personal data. The term is far-reaching and covers virtually every type of data handling.

"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be assigned to the specific person concerned without consulting any additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.

"Profiling" means any type of automated processing of personal data, which involves using this personal data to assess certain personal aspects that relate to a natural person, in particular to analyse or predict aspects relating to the job performance, financial situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of residence of this natural person.

"Controller" means the natural or legal person, authority, institution or other body which, alone or jointly with others, determines how and for what purpose the processing of personal data takes place.

"Data processor" refers to a natural or legal person, authority, institution or other body, which processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Article 13 GDPR, we are able to inform you of the legal basis for our data processing. Unless the legal basis is specified in the privacy policy, the following shall apply: The legal basis for obtaining consent is Article 6(1)(a) and Art. 7 GDPR, the legal basis for processing in order to fulfil our performance and to implement contractual measures as well as the answering of queries is Article 6(1)(b) GDPR, the legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR. In the event that vital interests of the person concerned or another natural person make the processing of personal data necessary, the legal basis will be Article 6(1)(d) GDPR.

In accordance with Article 32 GDPR, taking into account the latest technology, the cost of implementation and the type, scope, circumstances and purpose of data processing, as well as the probability and seriousness of risks occurring for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure an adequate level of protection against the risk.

The measures include, in particular, the safeguarding of confidentiality, integrity and availability of data by controlling physical access to the data, as well as the relevant access, input, disclosure, safeguarding of availability and separation of this data. Furthermore, we have established processes to ensure observation of the rights of the persons concerned, the deletion of data and response to the exposure of data. In addition, we also take into account the protection of personal data as early as the development stage, or selection of hardware, software and procedures, according to the principle of data protection through technical design and through privacy-friendly preselection (Article 25 GDPR).

Cooperation with data processors and third parties

If we disclose data to any other person or business (data processors or third parties) as part of our processing, transmit the data to these parties or otherwise grant them access to the data, this will only be done on the basis of legal authorisation (e.g. when the transmission of data to third parties, such as to payment service providers, is necessary to fulfil the contract in accordance with Article 6(1)(b) GDPR) for which you have given your consent, subject to a legal obligation or on the basis of our legitimate interests (e.g. the use of representatives, web hosters).

If we appoint third parties to process data on the basis of a "data processing contract", this will be done on the basis of Article 28 of the GDPR.

Transmission to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) process or this happens within the framework of the use of services by third parties or data is disclosed or transmitted to third parties, this is done only to fulfil our (pre)contractual obligations, on the basis of your consent, based on a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisation, we process the data or have the data processed in a third country only where the special provisions of Article 44 ff. GDPR exist. In other words, processing is performed on the basis of special guarantees, such as the official recognition of an EU-equivalent level of privacy (e.g. for the USA the "privacy shield") or compliance with officially recognised special contractual obligations (known as "standard contractual clauses").

Rights of the persons concerned

You have the right to request confirmation whether the data concerned is processed and to request information about this data, as well as additional information and a copy of the data in accordance with Article 15 GDPR.

You have the right, in accordance with Article 16 GDPR, to request the completion of data or the amendment of inaccurate data held about yourself.

You have the right, in accordance with Article 17 GDPR, to request that data be deleted immediately or, alternatively, in accordance with Article 18 GDPR, to request that processing of the data be restricted.

You have the right to request that the data you have provided to us is maintained and transmitted to other responsible persons in accordance with Article 20 GDPR.

You also have the right, in accordance with Article 77 GDPR, to file a complaint with the relevant supervisory authority.

Der Hessische Beauftragte für Datenschutz
Postfach 3163
65021 Wiesbaden
poststelle[at]datenschutz.hessen.de

Right of revocation

You have the right to revoke all consent in accordance with Article 7(3) GDPR with respect to future use.

Right of revocation for direct marketing

You can revoke the future processing of your data in accordance with Article 21 GDPR at any time. Revocation can apply in particular to the processing of data for the purpose of direct marketing.

Cookies

"Cookies" are small files that are stored on users' computers. A variety of information can be stored in cookies. The main purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Cookies that are deleted after a user leaves an online offer and closes its browser are known as temporary cookies, "session cookies" or "transient cookies". Such a cookie could be used to store the contents of a shopping basket in an online shop or a login status. "Permanent" or "persistent" cookies remain stored even after the browser is closed. For example, the login status can be stored when the users return after several days. Such a cookie can also be used to store users' interests for measuring reach and marketing purposes. "Third party cookies" are offered by suppliers other than the person responsible for operating the online offer (otherwise, if they are only the operator's cookies, they are known as "first party cookies").

We can use temporary and permanent cookies and clarify this in the context of our privacy policy.

If users do not want cookies to be stored on their computer, they will be asked to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of your browser. The exclusion of cookies may limit the functionality of this online offer.

A general revocation of the use of cookies for the purpose of online marketing can be explained for a variety of services, particularly in the case of tracking, on the US site http://www.aboutads.info/choices/or the EU site http://www.youronlinechoices.com/. Furthermore, cookies can be stored by disabling them in the browser settings. Please note that you may not be able to use all the functions of this online offer.

Deletion of data

The data processed by us will be deleted or the processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the stored data will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any legal obligations to retain data. If the data is not deleted because it is required for other purposes permitted by law, its processing will be restricted. In other words, the data will be locked and will not be used for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.

In accordance with statutory requirements in Germany, the data will be kept for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 No. 1 and 4, para. 4 of the German Commercial Code (books, records, management reports, bookkeeping vouchers, account books, taxation documents, etc.) and 6 years in accordance with § 257 para. 1 No. 2 and 3, para. 4 of the German Commercial Code (commercial letters).

In accordance with statutory requirements in Austria, the data will be kept for 7 years in accordance with § 132 para. 1 of the Austrian Federal Tax Code (bookkeeping records, receipts/invoices, accounts, supporting documents, business papers, statement of income and expenditure, etc.), for 22 years in connection with property and for 10 years for documents relating to services delivered electronically, telecommunications, radio and television services that are provided to consumers in EU Member States and for which the Mini-One-Stop-Shop (MOSS) has been applied.

Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks, as well as for organising our operations, financial accounting and compliance with legal obligations, such as archiving. In this case, we process the same data that we process within the scope of the provision of our contractual services. Processing is based on Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Processing concerns customers, prospects, business partners and website visitors. The purpose and our interest in processing lies in the administration, financial accounting, office organisation, archiving of data, in other words tasks which serve to maintain our business activities, safeguard our activities and provide our services. The deletion of data with regard to contractual services and the contractual communication corresponds to the information specified in these processing activities.

We will disclose or transmit this data to the financial authorities and advisers, such as tax advisers or auditors, as well as other billing centres and payment service providers.

On the basis of our business interests, we will also store information on suppliers, organisers and other business partners with a view to future contact. In principle, we will store this primarily business-related data permanently, but always taking into account any statutory provisions.

Hosting

Our hosting services will be used to provide the following services: Infrastructure and platform services, computing capacity, storage space, database services, security services as well as technical maintenance services, which we use to operate this online offer.

We, or our hosting provider, will process inventory data, contact data, content data, contract data, usage data, metadata and communication data from customers, prospects and visitors to this online offer on the basis of our legitimate interests with respect to the efficient and secure provision of this online offer in accordance with Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (completion of data processing contract).

Collection of access data and log files

We, or our hosting provider, on the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR, will collect data about each access to the server on which this service is located (known as server log files). Access data includes the name of the accessed page, file, date and time of access, volume of data transferred, notification of successful access, web browser and version, user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

For security reasons (e.g. for the investigation of abuse or fraud), log file information will be stored for a maximum period of 7 days and then deleted. Data which needs to be retained for evidential purposes will not be deleted until the relevant investigation has been completed.

Integration of services and content of third parties

As part of our online offer, and on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and financial operation of our online offer in accordance with Article 6(1)(f) GDPR), we will use content or service offers from third party providers in order to integrate their content and services, such as videos or fonts (hereinafter referred to collectively as "Content").

This always assumes that the third party provider of this content knows the IP address of the user, as without the IP address they could not send the content to the browser. The IP address is therefore required in order to display this content. We strive only to use content for which the respective provider uses the IP address only for the purpose of delivering such content. Third party providers can also use "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymised information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as a link to such information from other sources.

Email contact

Whenever you contact us (e.g. via a contact form or email), we process your information in order to deal with your enquiry, and to handle any connection issues that may arise.

If data processing is carried out in order to implement pre-contractual measures resulting from your enquiry, or if you are already our customer, the legal basis for this data processing to ensure completion of the contract is Article 6(1)(1b) GDPR.

We will only process further personal data if you give your consent (Article 6(1)(1a) GDPR) or if we have a legitimate interest in the processing of your data (Article 6(1)(1f) GDPR). For example, a legitimate interest would include the ability to answer your email.

Google Analytics

We use Google Analytics, a web analysis service provided by Google, Inc. ("Google"). Google Analytics uses cookies, text files that are stored on your computer and that enable an analysis of your use of the website. Information generated by cookies on the use of our website by visitors to the site is generally transferred to a Google server in the USA, where it is stored.

This also includes our legitimate interest in accordance with Article 6(1)(1f) GDPR.

Google is subject to and certified to the privacy shield agreement concluded between the European Union and the USA. This is a commitment by Google to maintain the standards and regulations of the European Data Protection Law. More information can be found via the link below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We have enabled IP anonymisation on this website (Anonymise IP). However, within the member states of the European Union or in other countries contracted to the agreement on the European Economic Area, your IP address will be abbreviated by Google prior to transfer. Only in exceptional cases will the full IP address be transferred to a Google server in the USA then it will be abbreviated there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services regarding website activity and internet usage.

The IP address transferred by your browser as part of Google Analytics will not be merged with other Google data. You can change the appropriate settings in your browser software to prevent cookies being stored. However, we must point out that doing so may mean that you can no longer use the full features of the website.

Furthermore, you have the option of preventing the transfer of data relating to your use of the website generated by cookies (incl. your IP address) to Google as well as their processing by Google, by downloading and installing the browser plug-in available via the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plug-in, or within browsers on mobile devices, you can click on the following link to set an opt-out cookie which will prevent the future collection of data by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain. To delete the cookies in your browser, you must click this link again): [Disable Google Analytics]

Terms of use for reCAPTCHA

You acknowledge and are aware of the fact that the functionality of reCAPTCHA API is based on the collection of hardware and software information, e.g. device and application data, and transmission to Google for purposes of analysis. The information gathered when using the service is used in order to improve reCAPTCHA and for general security purposes. It is not used by Google for personalised advertising. Users in the EU: our API clients comply with the EU user consent policy.

Geolocation

In order to localise and display content applicable to a certain country, we use GeoLite2 by Maxmind (www.maxmind.com). You can object to your country being identified by selecting the appropriate objection in the cookie settings. If you object, we cannot guarantee the display of advertisements for products that are available in your country.