Data protection declaration in accordance with the GDPR
I. Name and address of the data controller
Adolf Lupp GmbH + Co KG
Tel.: +49 60 43 – 807 0
The company is responsible in accordance with the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and address of the data protection officer
The data protection officer of the data controller is:
Adolf Lupp GmbH + Co KG
Tel.: +49 60 43 – 807 0
III. General information about data processing
1. Processing scope of personal data
We only collect and use personal data of users of our homepage to the extent necessary to provide a functional website, our content and services.
In principle, our users’ personal data is only collected and used with their consent. An exception to this principle applies in cases where processing of data is permitted by law or where prior consent cannot be obtained for whatever reason.
2. Legal basis for the processing of personal data
The legal basis for the processing of personal data is primarily determined from:
- Article 6, paragraph 1, lit. a of the GDPR for obtaining the consent of an affected person.
- Article 6, paragraph 1, lit. b of the GDPR in the case of processing for the fulfilment of a contract to which the affected person is a party. This includes processing procedures that are required to implement pre-contractual measures.
- Article 6, paragraph 1, lit. c of the GDPR in the case of processing that is essential to fulfil a legal obligation.
- Article 6, paragraph 1, lit. d of the GDPR if the processing of personal data is absolutely essential for the vital interests of the affected person or another natural person.
- Article 6, paragraph 1, lit. e of the GDPR if the processing is necessary to safeguard legitimate interests of our company or a third party and the interests, fundamental rights and freedoms of the affected person do not outweigh the aforementioned interests.
3. Data deletion and storage duration
Users’ personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may take place if this has been intended by the European or national legislator in EU regulations, laws or other regulations that are applicable to the data controller. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Using our website, general information
1. Description and scope of data processing
Every time a user visits our website, our system automatically collects data and information from the user’s computer system. The following information is collected:
- Information about the browser type and version used
- Operating system of the user
- Internet service provider of the user
- IP address of the user
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites accessed by the user’s system via our website
The log files contain IP addresses or other data enabling allocation to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user navigates contains personal data.
The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website. In addition, the data is used by us to optimize the website and ensure the security of our information technology systems. Data stored in this context are not evaluated for marketing purposes.
The legal basis for the temporary storage of data is Article 6, paragraph 1, lit. f of the GDPR.
The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user does not have an option to object.
3. Duration of storage
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended.
Data stored in log files are deleted no later than after seven days. Storage beyond this period is possible, in which case users’ IP addresses are deleted or alienated, making it impossible to assign them to the accessing client.
The following data is stored and sent:
- Cookie preferences (Borlabs)
The legal basis for the processing of personal data using cookies is Article 6, paragraph 1, lit. f of the GDPR. The purpose of using the technically essential cookies is to simplify the use of our website.
We do not use the user data collected by technically essential cookies to create user profiles.
VI. Your rights/rights of the affected person
Under the EU General Data Protection Ordinance, you have the following rights as an affected person:
1. Right to information
You have the right to receive information from us to know whether we have processed your personal data and further information according to the legal requirements of article 13, 14 of the GDPR.
You can assert your right to information at firstname.lastname@example.org.
2. Right to correction
If the personal data we process is incorrect or incomplete, you have the right to correct and/or complete it. The correction shall be made immediately.
3. Right to restriction
You may exercise the right to restrict the processing of your personal data according to the legal requirements (article 18 of the GDPR).
4. Right to deletion
If the reasons given in article 17 of the GDPR are applicable, you can request to have your personal data deleted immediately.
We would like to point out that the right to deletion does not exist if the processing is necessary for one of the exemptions mentioned in article 17, paragraph 3 of the GDPR.
5. Right to information
If you have exercised your right to correction, deletion or restriction of processing, we will be obliged to inform all recipients, to whom your personal data has been disclosed, about this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed of these recipients.
6. Right to data transferability
According to the GDPR, you also have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format or to require their transfer to another responsible person.
7. Right to revoke the declaration of consent as per the data protection law
You have the right to revoke your declaration of consent as per the data protection law at any time. We would like to point out that the revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until its revocation.
8. Right to objection
Furthermore, for reasons arising from your particular situation, you always have the right to object to the processing of your personal data concerning you, which is carried out on the basis of Article 6, paragraph 1, lit. e or f of the GDPR.
9. Automated decision in individual cases including profiling
Under the EU General Data Protection Ordinance, you still have the right not to be subject to a decision that is exclusively based on automated processing – including profiling – and that has a legal effect on you or significantly affects you in a similar manner.
10. Right to lodge a complaint with a supervisory authority
Finally, if you consider that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the member state where you are staying, working or the location of alleged violation.
VII. Contact us electronically
A contact form is available on our home page to contact us electronically. The data entered in the form will be transmitted to and stored by us. This data includes:
- First name
- Last name
- E-Mail address
- Telephone number
At the time of sending the message, the following data is stored in addition:
- The user’s IP address
- Date and time of registration.
You can also contact us by sending an email to the email address provided. In this case, the personal data of the user transmitted together with this email will be stored. Your data are not transferred to third parties in this context, but only used for the purpose of communicating with you.
The legal basis for processing and handling of the contact request is Art. 6 para. 1 sent. 1 lit. b GDPR if consent has been given by the user, additional Art. 6 ( ) lit. f GDPR.
Should further personal data be processed during sending, this will only serve to prevent misuse of our contact form and ensure the security of our information technology systems.
Your data is deleted as soon as it is no longer required to achieve the purpose for which they were collected. For the personal data from the contact form and those sent by e-mail, this is the case once the respective communication with the user has ended. A conversation is considered to have ended when it is obvious from the circumstances that the matter in question has been conclusively clarified.
Any additional personal data collected during the sending process will be deleted no later than after a period of seven days.
If the operation is based on the legal basis of Art. 6 (1) sent. 1 lit. f (legitimate interest), you may also object to the storage of your personal data at any time. Please note, however, that the communication cannot be continued in this case. Please contact our data protection officer to withdraw your consent to the processing and storage of your personal data. All personal data stored in the context of contacting us will be deleted in this case.
VIII. Social Media
1. Social media presence
We maintain fan pages on various social networks and platforms with the aim of reaching customers, interested parties and users who are active on these platforms and informing them about our services and establishing a communication with them. This could result in your personal data being processed outside the European Union. This means that you could be exposed to risks, for example with regard to enforcing your rights under European or German law. Some US providers of social networks and platforms have signed up to the EU-US Privacy Shield and have thus committed to complying with EU data protection standards.
User data is generally processed for market research and advertising purposes. For example, user profiles can be created from the usage behavior data and identified interests. These user profiles can, among others, be used for personalized advertising activities on or off these platforms. For this purpose, for example, cookies tracking user behavior and interests are stored on the users’ computers. Furthermore, user profiles can be used to store user data irrespective of the terminal device used.
Our legitimate interests in processing the personal data of users in accordance with Art. 6 (1) sentence 1 lit. f GDPR lies in establishing effective communication and information. If users are asked to consent to the processing of their data by a provider, the legal basis for such processing is Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR.
By clicking on the respective links, you can obtain further information from the relevant providers about the processing of your personal data and your options to object. Your data subject rights, i.e. requests for information and other rights, can also be asserted against the providers if they process your personal data.
We will be happy to answer your questions in this regard and assist you if you need help.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
2. Sharing of social media content
Our website uses so-called sharing box links. They make it possible to directly share website content on one of the social media channels linked by us (Facebook, Twitter, LinkedIn, Pinterest).
To this end, the content link is copied after accessing the sharing box link and the page of the linked social media service is opened. If you are not already logged in, you will be asked to log in to the service before you can share anything. As soon as the respective social media page is opened, the social media channel’s share function will open, enabling you to edit the copied content link and immediately share it. Only if you click on the sharing box link is data transferred to the respective social media service.
At the time a link is called up, we only process the following data:
- Information about the browser type and version used,
- Operating system of the user,
- IP address of the user,
- Date and time of access.
The legal basis for the data processing is our legitimate interest in improving the user experience according to Art. 6 Art. 6 (1) sentence 1 lit. f GDPR. More information about the social media services linked with sharing box links is provided here:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
3. Integration of YouTube videos
We have integrated YouTube videos in our online services. They are saved on http://www.youtube.com and can be played directly from our website. They are embedded in ‘enhanced privacy mode’, which means that no user data is transferred to YouTube if you do not play the videos. Only when videos are played will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.
When you visit the website, YouTube is informed that you have visited the corresponding subpage of our website. This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in with Google, your data is directly associated with your account. If you do not wish to be assigned with your profile at YouTube, you must log out before you activate the button. YouTube stores your data collected as user profiles and uses them for the purposes of advertising, market research and/or the tailored design of their website. An analysis of this kind is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have a right to lodge an objection to the creation of these user profiles, but you must contact YouTube in order to exercise this right.
4. Integration of Google Maps
On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned in section IV of this declaration are transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, and you must contact Google to exercise this right.
IX. Integration of Google Fonts
X. Use of Google’s ReCaptcha service
Our website also uses Google’s reCaptcha service to determine whether a person or a computer makes an entry in our contact form.
Google uses the following data to verify whether you are a human being or a computer: IP address of terminal device used, website visited with us on which the reCaptcha is integrated, date and duration of visit, recognition data of the browser type and operating system used, Google account if logged in with Google, mouse movements on the reCaptcha fields and tasks asking you to identify certain images.
The legal basis for the above-mentioned data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interests in processing these data lies in ensuring the security of our website and protecting it from automated entries (attacks).
Further information about the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.google.com/policies/privacy.