Data protection declaration in accordance with the GDPR

I. Name and address of the data controller

Adolf Lupp GmbH + Co KG
Alois-Thums-Straße 1-3
63667 Nidda
Germany
Tel.: +49 60 43 – 807 0
E-Mail: info@lupp.de
Website: www.lupp.de

The company is responsible in accordance with the EU General Data Protection Regulation (GDPR) and other national data protection laws.

II. Name and address of the data protection officer

The data protection officer of the data controller is:

Axel Streichardt
Adolf Lupp GmbH + Co KG
Alois-Thums-Straße 1-3
63667 Nidda
Germany
Tel.: +49 60 43 – 807 0
E-Mail: datenschutz@lupp.de
Website: www.lupp.de

III. General information about data processing

1. Processing scope of personal data

We only collect and use personal data of users of our homepage to the extent necessary to provide a functional website, our content and services.

In principle, our users’ personal data is only collected and used with their consent. An exception to this principle applies in cases where processing of data is permitted by law or where prior consent cannot be obtained for whatever reason.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data is primarily determined from:

  • Article 6, paragraph 1, lit. a of the GDPR for obtaining the consent of an affected person.
  • Article 6, paragraph 1, lit. b of the GDPR in the case of processing for the fulfilment of a contract to which the affected person is a party. This includes processing procedures that are required to implement pre-contractual measures.
  • Article 6, paragraph 1, lit. c of the GDPR in the case of processing that is essential to fulfil a legal obligation.
  • Article 6, paragraph 1, lit. d of the GDPR if the processing of personal data is absolutely essential for the vital interests of the affected person or another natural person.
  • Article 6, paragraph 1, lit. e of the GDPR if the processing is necessary to safeguard legitimate interests of our company or a third party and the interests, fundamental rights and freedoms of the affected person do not outweigh the aforementioned interests.

3. Data deletion and storage duration

Users’ personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may take place if this has been intended by the European or national legislator in EU regulations, laws or other regulations that are applicable to the data controller. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Using our website, general information

1. Description and scope of data processing

Every time a user visits our website, our system automatically collects data and information from the user’s computer system. The following information is collected:

  • Information about the browser type and version used
  • Operating system of the user
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the user’s system reaches our website
  • Websites accessed by the user’s system via our website

The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The legal basis for the temporary storage of data is Article 6, paragraph 1, lit. f of the GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user does not have an option to object.

3. Duration of storage

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended.

V. General information about use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When you visit a website, a cookie may be stored in your operating system. It contains a characteristic character string that allows the browser to be uniquely identified when the website is accessed again.

We use cookies to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after changing a page.

The following data is stored and sent:

  • Language settings
  • Search terms, if any

The legal basis for the processing of personal data using cookies is Article 6, paragraph 1, lit. f of the GDPR. The purpose of using the technically essential cookies is to simplify the use of our website.

Please note that some functions of our website can be offered only using cookies. These are the following applications:

  • Transfer of language settings
  • Remembering search terms

We do not use the user data collected by technically essential cookies to create user profiles.

Cookies are stored on the user’s computer and sent to our site. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. Stored cookies can also be deleted there. Please note that if you deactivate cookies, you may not be able to use all the functions of our website any longer.

VI. Your rights/rights of the affected person

Under the EU General Data Protection Ordinance, you have the following rights as an affected person:

1. Right to information

You have the right to receive information from us to know whether we have processed your personal data.

In addition, you may request the following information:

  • Purpose of data processing;
  • Categories of personal data processed;
  • Recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • Planned storage duration of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;
  • Existence of a right to correction or deletion of your personal data; a right to limitation of processing by the data controller or a right to object to such processing;
  • Existence of a right to lodge a complaint with a supervisory authority;
  • All available information on the origin of the data if the personal data is not collected from the affected person;
  • Existence of automated decision making including profiling in accordance with Article 22, paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the affected person.

Finally, you also have the right to request information as to whether your personal data has been transferred to a third country or to an international organisation. In this case, you can request information on the appropriate guarantees in accordance with Article 46 of the GDPR in connection with the transmission.

You can assert your right to information at datenschutz@lupp.de.

2. Right to correction

If the personal data we process is incorrect or incomplete, you have the right to correct and/or complete it. The correction shall be made immediately.

3. Right to restriction

You may exercise the right to restrict the processing of your personal data in the following cases:

  • The accuracy of the personal data is disputed for a duration which enables the data controller to check the accuracy of the personal data;
  • Processing is unlawful and the deletion of personal data is refused and the restriction of the use of personal data is requested instead;
  • The data controller no longer needs the personal data for the purposes of the processing, but the affected person needs it in order to assert, exercise or defend legal claims, or
  • The affected person has filed an objection to the processing pursuant to Article 21, paragraph 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh the reasons of the affected person.

If the processing of your personal data has been restricted, apart from its storage, such data may only be processed with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a member state.

In case of a restriction of the processing according to the described principles, you will be informed by us before the restriction is lifted.

4. Right to deletion

If the following reasons are applicable, you can request to have your personal data deleted immediately. The data controller is obliged to delete this data immediately. Such reasons are:

  • Your personal data is no longer necessary for the purposes for which it was collected or processed otherwise.
  • Processing is protected by consent pursuant to Article 6, paragraph 1, lit. a or Article 9, paragraph 2, lit. a of the GDPR and you revoke this consent. Another prerequisite is that there is no other legal basis for processing.
  • You object to the processing (Article 21, paragraph 1 of the GDPR) and there are no overriding legitimate reasons for the processing. Another option is that you file an objection against the processing pursuant to Article 21, paragraph 2 of the GDPR.
  • The processing of your personal data is unlawful.
  • The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the member states that govern the data controller.
  • Your personal data has been collected in relation to information society services offered pursuant to Article 8, paragraph 1 of the GDPR.

If we have made your personal data public and we are obliged to delete it pursuant to Article 17, paragraph 1 of the GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processing officers who process the personal data for which you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

We would like to point out that the right to deletion does not exist if the processing is necessary

  • To exercise freedom of expression and information;
  • For the fulfilment of a legal obligation required for processing under the law of the Union or of the member states to which the data controller is subject or for the execution of a task in the public interest or in the exercise of official authority conferred on the data controller;
  • For reasons of public interest in the field of public health pursuant to Article 9, paragraph 2, lit. h and i and Article 9, paragraph 3 of the GDPR;
  • For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, insofar as the law referred to under section a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  • To assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to correction, deletion or restriction of processing, we will be obliged to inform all recipients, to whom your personal data has been disclosed, about this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed of these recipients.

6. Right to data transferability

According to the GDPR, you also have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format. Furthermore, you have the right to send this data to another data controller without obstruction by the data controller to whom the personal data was made available, provided that

  • Processing is based on consent pursuant to Article 6, paragraph 1, lit. a of the GDPR or Article 9, paragraph 2, lit. a of the GDPR or on a contract pursuant to Article 6, paragraph 1, lit. b of the GDPR and
  • Processing is carried out using automated methods.

Finally, in exercising the right of data transferability, you have the right to transfer your personal data directly from one data controller to another data controller, provided that this is technically feasible and does not impair the freedoms and rights of other persons.

The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

7. Right to revoke the declaration of consent as per the data protection law

You have the right to revoke your declaration of consent as per the data protection law at any time. We would like to point out that the revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until its revocation.

8. Right to objection

Furthermore, for reasons arising from your particular situation, you always have the right to object to the processing of your personal data concerning you, which is carried out on the basis of Article 6, paragraph 1, lit. e or f of the GDPR. The right to objection also applies to profiling based on these provisions.

The data controller no longer processes your personal data concerning you, the data controller can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for these purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. In the event of an objection to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may also exercise your right to objection in connection with the use of Information Society services (notwithstanding Directive 2002/58/EC) by means of automated procedures using technical specifications.

9. Automated decision in individual cases including profiling

Under the EU General Data Protection Ordinance, you still have the right not to be subject to a decision that is exclusively based on automated processing – including profiling – and that has a legal effect on you or significantly affects you in a similar manner. However, there is an exception to this principle if the decision

  • is necessary for the conclusion or fulfilment of a contract between you and the data controller,
  • is admissible by law of the Union or of the member states that governs the data controller and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
  • is taken with your explicit consent.

If the data is processed in the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard your rights, freedoms and legitimate interests. This includes at least the right to obtain the intervention of a person by the data controller, to state his/her own point of view and to challenge the decision.

The decision as per (1) – (3) may not be based on special categories of personal data as per Article 9, paragraph 1 of the GDPR, unless Article 9, paragraph 2, lit. a or g is applicable and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

10. Right to lodge a complaint with a supervisory authority

Finally, if you consider that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the member state where you are staying, working or the location of alleged violation.

VII. Contact us electronically

A contact form is available on our home page to contact us electronically. The data entered in the form will be transmitted to and stored by us. This data includes:

  • Name
  • E-Mail address
  • Telephone number, as applicable.

At the time of sending the message, the following data is stored in addition:

  • The user’s IP address
  • Date and time.

You can also contact us by sending an email to the email address provided. In this case, the personal data of the user transmitted together with this email will be stored. Your data are not transferred to third parties in this context, but only used for the purpose of communicating with you.

The legal basis for the processing of this data is Art. 6 para. 1 lit. a GDPR if consent has been given by the user. The legal basis for the processing of data transmitted in the context of sending an email is Art. 6 ( ) lit. f GDPR. If the purpose of the email is to conclude a contract, the additional legal basis for such processing is Art. 6(1) lit. b GDPR.

In this context, the processing of personal data serves solely for the purpose of processing the contact made by you. If we are contacted by email, this also constitutes the basis for the required legitimate interest in the processing of the data. Should further personal data be processed during sending, this will only serve to prevent misuse of our contact form and ensure the security of our information technology systems.

Your data is deleted as soon as it is no longer required to achieve the purpose for which they were collected. For the personal data from the contact form and those sent by e-mail, this is the case once the respective communication with the user has ended. A conversation is considered to have ended when it is obvious from the circumstances that the matter in question has been conclusively clarified. Any additional personal data collected during the sending process will be deleted no later than after a period of seven days.

You may withdraw your consent to the processing of your personal data at any time. When contacting us by email, you may also object to the storage of your personal data at any time. Please note, however, that the communication cannot be continued in this case. Please contact our data protection officer to withdraw your consent to the processing and storage of your personal data. All personal data stored in the context of contacting us will be deleted in this case.

VIII. Social Media

1. Use of social media plug-ins

We are currently using the following social media plug-ins: [Facebook, Twitter, LinkedIn, Google+, Pinterest].

We use the so-called two-click solution for this. This means that when you visit our website, no personal data is initially transmitted to plug-in providers. You can identify the provider of a plug-in by the marking on the box above its initial letter or by its logo. We provide you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, does the plug-in provider receive the information that you have accessed the respective page of our online offer.

In addition, the data mentioned in section IV of this privacy notice will be transmitted. In the case of Facebook and Xing, the providers in Germany informed us that the IP address will be anonymised immediately after data collection. This means that, by activating the plug-in, personal data from you will be transmitted to the respective plug-in provider and stored there (for US providers in the USA). Since plug-in providers mainly use cookies for data collection, we recommend that you delete all cookies via your browser’s security settings before clicking on the grey box.

We do not have any influence on the data collected and the respective data processing operations, nor are we aware of the full extent of data collection, the purposes of their processing and the retention periods. We also do not have any information about the deletion of the data collected by the plug-in provider.

The plug-in provider stores your data as usage profiles and uses them for advertising, market research and/or the customised design of its website. In particular, such data analysis (also for users who are not logged in) is done to provide needs-oriented advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of such usage profiles. To exercise this right, you have to contact the respective plug-in provider. With these plug-ins, you can interact with social networks and other users allowing us to improve our offering and make it more interesting for you as a user. The legal basis for using plug-ins is Art. 6 (1) sentence 1 lit. f of the GDPR.

Data is transmitted regardless of whether you have an account with the plug-in provider and are logged into that account or not. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your current account with the plug-in provider. If you click the activated button and, for example, link to that page, the plug-in provider will also store that information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and extent of data collection and data processing by the plug-in provider, please refer to the privacy policies of these providers as notified below. They also offer additional information about your rights concerning this matter and setting options available to protect your privacy.

The addresses of the respective plug-in providers and URL for their data protection information are as follows:

2. Integration of Google Maps

On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned in section IV of this declaration are transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, and you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also receive further information on your rights and settings to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.