General data protection information Madd Gear LLC
With the following information, we would like to give our customers, suppliers, service providers, those interested in our services and other data subjects an overview of the processing of their personal data by us and their rights under data protection law according to §§ 12, 13, 14 and 21 of the General Data Protection Regulation (GDPR). Which data is collected and processed in detail, i.e. used, depends largely on the desired or agreed services or the business transactions associated with our business activities. Therefore, not all parts of this information will apply to the specific reader concerned.
A Liability and definitions
1 Who is the body responsible for data processing?
Responsible is Madd Gear LLC Max-Born-Str. 2 53773 Hennef
2 Who else can you contact?
You can contact our company data protection officer at Madd Gear LLC - The Data Protection Officer - Max-Born-Str. 2 53773 Hennef
In this text, the following definitions apply: 3.1 "Controller or controller": the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. 3.2 "Data subject" or "data subject": natural persons identified or identifiable by a data processing operation. 3.3 "Processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. 3.4 "Personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 3.5 "Processing": any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; restriction, erasure or destruction. 3.6 "Consent" of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 3.7 "Collection": the acquisition of personal data, either with the cooperation of the data subject or with the assistance of a third party.
B General information about our business activities
4 Which data do we use from which sources?
4.1 We are a medium-sized sports trading company and collect or process personal data that we receive from our customers, suppliers, processors or other data subjects in the context of our business relationship. In this respect, we usually collect data from the respective data subject, i.e. with their cooperation. 4.2 Exceptionally, we may receive or access personal data about you from a third party without your involvement (so-called "third-party collection"). Then, in the event of a legal obligation under Article 14 GDPR, we will send you a separate notification at the times stipulated by law. This concerns the categories of personal data that we have collected about you from the third party and the indication of the source from which this data originates, if applicable whether it comes from publicly available sources. 4.2.1 Such relevant categories of personal data may be: personal details (name, address and other contact details, date and place of birth as well as nationality), identification data (e.g. ID card data) and authentication data (e.g. specimen signature). In addition, this may also include order data (e.g. payment order), data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions), information about your financial situation (e.g. proof of financing and collateral), credit-relevant data (e.g. income and expenses), advertising and sales data and other data comparable to the categories mentioned. 4.2.2 Such relevant publicly accessible sources may be: debtor registers, land registers, commercial and association registers, press, internet, social media.
5 For what purposes do we process your data and on what legal basis?
We process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG-neu), which implements this EU regulation. 5.1 Collection and processing for the fulfilment of contractual obligations (Art. 6 para. 1 b GDPR) 5.1.1 The collection Processing of data takes place for the provision of services within the framework of the execution of our commercial contracts with our customers or for the implementation of pre-contractual measures that take place at the request of data subjects. The purposes of data processing depend primarily on the services or products ordered. Further details on the data processing purposes can be found in the relevant contract documents and our General Terms and Conditions. 5.1.2 The collection of data processing also takes place in the context of all ancillary transactions that enable us to sell our products or are a prerequisite for their provision (e.g. employment, tax, social security, security-related transactions), including the implementation of pre-contractual measures that take place at the request of data subjects. 5.2 Collection and processing in the context of the balancing of interests (Art. 6 para. 1 f GDPR) If necessary, we process your data to safeguard our legitimate interests or those of third parties. Such legitimate interests are, for example: - consultation of and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness or default risks in the event of our unsecured advance payments, - Examination and optimization of procedures for needs analysis for the purpose of direct customer contact, - Advertising insofar as you have not objected to the use of your data, - Assertion of legal claims and defense in legal disputes, - Guarantee of IT security and the IT operation of our data processing systems - tax advice, legal advice, - prevention and investigation of criminal offences, - video surveillance to safeguard domiciliary rights, - measures for building and plant security (e.g. access controls), - measures to ensure domiciliary rights, - measures for business management and further development of services and products. 5.3 Collection and processing to fulfil a legal obligation to which we are subject (Art. 6 para. 1 c GDPR) In addition, as a service provider and employer, we are subject to various legal obligations, i.e. legal requirements (e.g. from technical standards, social security laws, occupational health and safety laws and tax laws). 5.4 Collection and processing based on your consent (Art. 6 para. 1 a GDPR) If you have given us your consent under data protection law to process personal data for specific purposes, the lawfulness of this processing is given on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of consent only takes effect for the future and does not affect the legality of the data processed until the revocation.
6 To which recipients do we pass on your data?
6.1 Within our company, access to the data of the data subject is granted to those persons who need it to fulfil our contractual and legal obligations. Processors, service providers and vicarious agents (subcontractors) used by us may also receive data for these purposes if they comply with our data protection instructions. 6.2 Recipients may also be public bodies in the presence of a legal or official obligation. 6.3 Categories of recipients of personal data outside our company and processors may be, for example: goods producers, logistics companies, customs authorities, social and employment authorities, payment service providers, data destruction services, debt collectors, tax and legal advice service providers, bodies that provide information from in the context of law enforcement activities or for the prosecution of administrative offences within the scope of their legal powers demand us (e.g. police, public prosecutors, courts). 6.4 We use processors in particular for our IT services and for document destruction.
7 Is data transferred to a third country or to an international organisation?
7.1 A transfer of data to bodies in countries outside the European Union or the Agreement on the European Economic Area (so-called "third countries") takes place in the event that we have our products manufactured in third countries or deliver them to third countries. 7.2 A transfer of data to a third country will only take place if an adequacy decision of the European Commission has been made or if we have suitable guarantees including binding corporate data protection regulations. We will then refer to the appropriate or appropriate safeguards and indicate the possibility of obtaining a copy of them or where they are available. 7.3 We are permitted to transfer data to a third country if the statutory exemption conditions exist, in particular if the data subject has given the express consent of the data subject or if the transmission is necessary for the performance of a contract between the data subject and us or for the implementation of pre-contractual measures at the request of the data subject or the transmission for the conclusion or fulfilment of one of us in the interest of the data subject with another a contract concluded by a natural or legal person. 7.4 In the event that we exceptionally transfer personal data to the USA through the use of Google Analytics, Google Maps or YouTube videos on our websites, Google has submitted to the EU-US Privacy Shield. https://www.privacyshield.gov/EU-US-Framework informed about this.
8 How long will your data be stored?
8.1 In the provisions of this data protection information, we have already provided information at various points on the storage period or the criteria for determining this duration. We store the personal data collected by us for as long as it is necessary for our purposes or the data subject has consented to further storage in accordance with the provisions of the General Data Protection Regulation. 8.2 It should be noted that our business relationship in the context of construction services is designed for a longer period of time as a result of the statutory or contractual warranty periods (warranty periods) and for years in the context of maintenance contracts. 8.3 If the data are no longer required for the fulfilment of contractual or legal obligations, they will be deleted regularly, unless their – temporary – further processing is necessary for the following purposes: 8.3.1 Fulfilment of retention obligations under commercial and tax law, which may arise, for example, from: German Commercial Code (HGB), Tax Code (AO). The periods specified there for storage or documentation are usually two to ten years. 8.3.2 Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
9 What are your data protection rights?
9.1 If the legal requirements are met, each person affected by our data processing has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. In the case of the right to information and the right to deletion, the restrictions according to §§ 34 and 35 BDSG-neu apply. 9.2 In addition, there is a right of appeal to a competent data protection supervisory authority 9.3 You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
10 Information about your special right of objection according to Article 21 GDPR
10.1 Right to object on a case-by-case basis You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out by us on the basis of Article 6 (1) (f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 10.2 Right to object to the processing of data for direct marketing purposes In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. 10.3 Recipient of an objection The objection according to section 10.1 and clause 10.2 can be made informally with the subject "objection" stating your name, address and date of birth and should be addressed to: Madd Gear LLC GmbH, Max-Born-Str. 2, 53773 Hennef.
11 Is there an obligation for you to provide data?
As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you.
12 To what extent do we have automated decision-making?
We do not use fully automated decision-making in accordance with Art. 22 GDPR to establish and carry out the business relationship.
C Special information on the use of our websites
13 Does this information also apply to the company website?
This general data protection information also applies to the website of our company, which can be reached under www.maddgear.com. In addition, the following information applies:
13.1 Our website is an information and communication offer via which communication with us can also take place using e-mail addresses and a registration form for new customers (company transactions) as well as a login for registered customers. Below we inform you about data collection and other processing carried out via our website, the purposes and the legal basis. In all other respects, the information A and B above shall apply accordingly. 13.2 Log files when visiting our website 13.2.1 All computers and devices connected to the Internet are assigned an Internet Protocol (IP) address, usually in country-specific blocks. Often it can be used to determine the country, the state and the place where the Internet connection is established. In order to access websites on the Internet, IP addresses must be used. Thus, website owners have access to the IP addresses of the users of their website. 13.2.2 When using our website for information purposes only, i.e. if users do not register or otherwise provide us with information or do not enter into a contract with us, we may collect data relating to a person with the IP address. For technical reasons, users must use an IP address assigned to them by an access service when our websites are accessed. Basically, the IP address is an individual "address" of a terminal device (computer, smartphone, tablet) in a computer network. Exceptionally, an IP address could allow conclusions to be drawn about the person and make him or her identifiable to us. 13.2.3 When our websites are simply accessed by the program used by the visitor (user) to display Internet pages (the so-called "web browser" or just "browser"), which the user has installed on the device used by him, the following information is transmitted to the web server used by us: • the IP address of the requesting device, • Date and time of access to our websites, • Indication of the time difference between the requesting host and the web server, • Content for the request or indication of the retrieved file that was transmitted to the user • the access status (successful transmission, errors, etc.), • the amount of data transferred in bytes, • the website from which the user accessed it, • the browser used by the user, the operating system, the interface, the language of the browser and the version of the browser software. This information is stored by us on our web server in a so-called log file (in a "log file"). This would at least indirectly enable us to establish a personal reference, i.e. by determining the owner or company owner of the IP address via information from the access service providing the IP addresses. However, this is only the case if this access service is legally entitled to provide the information. The aforementioned log files are processed by us for the following purposes: • Ensuring a smooth connection to our website, • Ensuring comfortable use of our website, • Evaluation of the system security and stability of our website. 13.2.4 The legal basis for the collection is Article 6 (1) sentence 1 f GDPR (legitimate interest of the controller). Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about the person of the user; excluded are cases of intentional disruptions to the functionality of our website or cases of misuse of our services. Apart from these exceptions, no personal user profiles are created and the data is generally not passed on to third parties. 13.2.5 In order to protect against attacks and to ensure proper operation, all accesses to our website with the full IP address are temporarily and access-protected on a security system (firewall) automatically analyzed for possible risks. 13.2.6 We will only try to find out who is behind an IP address in the event of unlawful attacks or misuse of our services. Otherwise, this information remains hidden from us and we do not try to obtain the data of the owner of an IP address. 13.2.7 The log files are stored for a maximum of seven days. Excluded from this short storage period are log files about accesses, which are necessary for the further tracking of attacks and disruptions. 13.3 Own cookies 13.3.1 We use our own cookies when you visit our websites. Cookies are small text files that our web server sends to the device of the user of our websites and which are usually stored on the hard disk in the user's device. These are not programs that can penetrate the user's system and cause damage there. Although cookies can identify the user's device, cookies themselves do not store any personal data. Cookies do not cause any damage to the user's device, do not contain viruses, Trojans or other malware. Nevertheless, information is stored in a cookie that arises in connection with the specific terminal device used. 13.3.2 Cookies basically have the purpose of evaluating the content of the cookie when the websites are called up again, i.e. also recognizing the user or his previous acts of use. If the cookie is deleted, for example because the user has deleted it or because it has deleted itself, then such recognition or the comprehension of a usage action is not possible and also no "reading" of the cookie. 13.3.3 So-called http cookies (also "browser cookies") have a name and a corresponding value (content). These cookies are either automatically deleted when the browser is closed (so-called "transient" cookie) or have a programmed expiration date (so-called "persistent cookie"). We regularly use a session cookie, which receives a sequence of numbers as a value, the so-called session ID. A session ID makes it possible to assign several related requests of a user to this, i.e. his current "session", in order to make it easier for him to use the different areas of the websites. Our session cookies therefore support browser navigation. Session cookies are automatically deleted when the browser is closed. When the browser is closed, the session cookie is deleted, with the expiry of the expiry date, the "persistent" cookie is deleted. 13.3.4 No personal identification: We do not use technology with our own cookies that links information to the user's personal data through cookies.Üpft. Thus, neither the identity of the user nor e.g. the e-mail address can be determined. 13.3.5 The legal basis for the collection of cookie data is Article 6 (1) sentence 1 f GDPR (legitimate interest of the controller). Our legitimate interest follows from the purpose of the cookies described above. 13.3.6 The browser used by the user allows the management of cookies and website data by way of self-data protection via the setting "Privacy" or "Privacy & Security" or within the framework of the otherwise named security settings before a website is accessed. The user can thus prevent the setting of cookies and the tracking of user activities (i.e. "surfing behaviour") via website data or via the so-called "tracking" that may be cross-website. In this way, cookies and website data of the accessed website can generally be accepted and retained until they are no longer valid or until they have expired. Cookies and website data may or may not also be accepted by third parties whose codes or scripts are embedded on the website visited. Or cookies and website data can always be rejected. In most cases, web browsers automatically accept cookies by default. The user therefore has it in his hands whether and how he sets this behavior of his browser for his purposes. If cookies and website data are not accepted by browser settings, if activity tracking (website tracking) is issued or if the "Java script" is not allowed, the websites accessed may not function in whole or in part. 13.3.7 Users can also delete cookies in whole or in part in the security settings of their browser at any time, for example after the end of their Internet session. Then, when a session is restarted, no cookies or only those that have not been deleted will remain on the user's device. This means that the user's device cannot be "recognized" when a website is called up again. 13.3.8 We provide information about third-party cookies (third-party cookies) in connection with third-party cookies. These third-party providers can be companies behind displayed advertising or social networks, for example if a Like or Share button is provided on the website. 13.4 Use of our B2B portal, login, new customer registration 13.4.1 In addition to the e-mail addresses provided by our company, our website contains a login area for registered business customers who can place preferential orders via an assigned customer number and password. Prospective entrepreneurs can register as new customers. 13.4.2 Our data processing for the purpose of contacting us electronically takes place on the basis of a voluntarily given consent in accordance with Article 6 (1) sentence 1 a GDPR if you send us an e-mail and on the basis of a contract or pre-contractual measures pursuant to Article 6 (1) sentence 1 b GDPR if you log in with your access data or register as a new customer. 13.4.3 To register as a new customer via the form provided, some form fields must be filled in, other information can be provided voluntarily.
14 Data security
Our website does not have an encrypted means of communication (via "SSL" or "TSL"). Confidential communication should therefore not take place via our website or via unencrypted e-mail communication.
D Further information, amendments
15 Is this General Data Protection Information exhaustive?
For special groups of data subjects or in certain situations of collection of personal data, we will inform you in due course with special data protection information. 16 Changes to this data protection information This data protection information does not require the consent of the data subjects and is subject to regular review with regard to the need for change. The respective previous version will be archived by us in the event of replacement by a new version.