Privacy & Data Protection Statement
Data Protection Statement of Losberger De Boer Holding GmbH
Thank you for your interest in our website www.losbergerdeboer.com and in our company, products and services. At Losberger De Boer, we understand that your privacy is important to you when you use our websites. So compliance with the statutory regulations on data protection is a given for us. Furthermore, we attach importance to ensuring that you as a customer know which personal data we collect and store and when and how we use it.
We inform you below about the collection of personal data and other processing (e.g. storage, your right of access, rectification and erasure, transfers to other parties) when using our website. Personal data is all data that can be related to you personally, e.g. your name, address, email addresses, user behaviour.
Insofar as we process personal data in the context of use of our website, or if we use contracted providers for individual functions, offers or services on our website that require data processing, or if we wish to use your data for advertising purposes, we inform you in detail below about the processes concerned and, specifically, about which data is processed for that purpose. In doing so, we also state the intended retention period or, in any case, the criteria defined for the retention period, as well as the relevant legal basis for the processing in question.
1: Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States and other data protection provisions is:
Losberger De Boer Holding GmbH
74906 Bad Rappenau
Telephone: +49 (0)7066 980-0
Fax: +49 (0)7066 980-232
2: Contact details of the data protection officer
The controller's data protection officer can be reached at the following address:
Losberger De Boer Holding GmbH
74906 Bad Rappenau
And by email: email@example.com
3: Collection and storage of personal data: type, purpose, legal basis and retention period relating to use of that data
Paragraph 1: Visiting the website
When you only use the website as a source of information, i.e. if you do not register or otherwise transmit information to us, we only collect person-related access data in server log files that your browser sends to our server. The following data is collected via the server log files:
- IP address (anonymised)
- Date and time of the request
- Time zone difference relative to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Data volume transferred in each case
- Website from which the request comes
- Operating system and desktop OS
- Language and version of the browser software
This data is evaluated exclusively to ensure trouble-free operation of the website in terms of stability and security and to improve our offer, and is subsequently deleted. The legal basis for the data processing is Article 6(1)(f) of the GDPR. Our legitimate interest follows from the aforementioned purposes for data collection.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The collection of data for the purpose of providing the website and the storage of the data in log files is essential to proper operation of the website.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When collected for the purpose of providing the website, this is the case when the session in question is ended.
Paragraph 2: Use of further services, functions and offers on our website
In addition to purely informational use of our website, we present various services, offers and functions that you can use if interested, such as our online shop in particular. To do so, you generally have to enter additional items of personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.
(1) Contact via email or the contact form
When you contact us by email or through the contact form on the website, we store the data you voluntarily provide (your email address, first and last name and, if applicable, telephone number, place of residence and postal code) in order to answer your question. You must enter your email address, but all the other information is voluntary. We answer you by email or, if requested, by telephone.
The legal basis for this processing is Article 6(1)(a) and (b) of the GDPR based on your voluntary consent or in order to respond to your request.
We delete the data involved in this connection after handling the request you have made or restrict the processing if statutory retention obligations apply.
Paragraph 3: Transferring data to others
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only transfer your personal data to third parties if:
- You have voluntarily given us your explicit consent to do so within the meaning of Article 6(1)(a) of the GDPR or paragraph 25(1), first sentence of the Telecommunications and Telemedia Data Protection Act (TTDS),
- the transfer of data is necessary pursuant to Article 6(1)(f) of the GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest warranting protection in relation to non-disclosure of your data,
- in the event that a statutory obligation exists for the transfer pursuant to Article 6(1)(c) of the GDPR, and
- this is legally permissible and required pursuant to Article 6(1)(b) of the GDPR in connection with fulfilling the terms and conditions of a contract with you.
These are small text files that are stored on your end-user device. The cookies can be transmitted to a page when it is accessed, thereby enabling identification of the user. Cookies help make using Internet pages more convenient for users.
Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (known as session cookies). Other cookies remain on your end-user device and allow us to recognise your browser on your next visit (known as persistent cookies). You can set your browser to reject cookies in certain cases or in general. You can delete cookies that have already been set. Choosing not to accept cookies may limit the functionality of our website. Third-party cookies are also used on our website (e.g. when using tracking tools to evaluate user behaviour).
We use the following cookies:
- CookiePro (OneTrust): https://www.cookiepro.com/products/cookie-consent/
- The banner displayed at the bottom of the page in your browser gives you access to information about the cookies we use.
- a) Logging your visit and use of essential (functional) cookies
To ensure that our website is presented to you in the most effective manner possible and to guarantee the stability and security of the website, we collect server log files that your browser automatically transmits to us each time you visit our website. For details, refer to paragraph 1.
The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR in order to make a fully functional website available to you.
- b) Web analytics and web tracking
The analytics cookies that we use on our website to improve functionality and the user experience are described below. They collect information about your user behaviour, such as the pages you visit most often and whether you receive error messages from pages.
Analysis cookies are only used if you have consented to activation of these cookies pursuant to Article 6(1)(a) of the GDPR or paragraph 25(1), first sentence of the Telecommunications and Telemedia Data Protection Act by ticking the corresponding checkbox when visiting the website. If a cookie that has been set involves transferring data to the USA, this operation is also carried out on the legal basis of your consent pursuant to Article 49(1)(a) of the GDPR.
Please note that data protection in the USA is not comparable with the arrangements in force in the EU/EEA, meaning that your data may possibly be disclosed to government authorities without you having adequate means of redress. You can revoke your consent at any time via the cookie settings.
The following data is processed by Google Analytics:
- Date and time of access
- Dwell time per visitor and page
- Visitor type and history (for the purpose of distinguishing between new and returning visitors)
- Name and URL of the files and pages accessed
- Website from which access was effected (traffic source)
- Websites that are accessed by the user's system via our website
- The search term (based on search engine input)
- Entry and exit pages
- Frequency of page views
- Click paths
- Browser type, browser version, browser language
- Operating system, screen resolution
- The user's Internet service provider
- Connection speed
- The user's IP address (in anonymised form)
Google uses this information to evaluate the user's use of the website, to compile reports on website activity for the website operators and to provide other services related to website activity and Internet usage. Google may also transfer this information to third parties when required to do so by law, or when third parties process the information on Google's behalf.
You can revoke collection and storage of your data at any time. To do this, you can prevent transfer of the data generated by the cookie and related to your use of the website (including your IP address) to Google, and processing of this data by Google, by downloading and installing the browser plug-in offered via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
In view of the discussion about the use of analysis tools that capture complete IP addresses, we wish to point out that IP addresses are only processed in abbreviated form on this website. Due to the use of Google Analytics with the extension “_anonymizeIp()”, the data collected cannot be related to a person.
Google Analytics is also used to analyse data from AdWords for statistical purposes. Opt-out link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Google Tag Manager
Paragraph 6: Your rights
If your personal data is processed, you can exercise the following rights in respect of your personal data that we collect and store:
- Right of access, Article 15 GDPR:
You may request the controller to confirm whether it processes your personal data.
If processing of your personal data takes place, you may request information from the controller about the following:
- the purposes for which the items of personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed, particularly in the case of recipients in third countries or international organisations; in the latter cases, you may request to be informed about the appropriate guarantees in connection with the data transfer, pursuant to Article 46 of the GDPR;
- the planned retention period for your personal data that is stored or, if concrete information on this is not possible, criteria for determining the retention period for stored data;
- the existence of a right to rectification or erasure of your personal data, a right to restrict processing by the controller or a right to object to that processing;
- the existence of a right to lodge a complaint to a supervisory authority;
- any available information on the origin of the data, if the items of personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, in these cases at least, meaningful information about the logic involved and the scope and the intended effects of these processing operations for the data subject.
- Right to rectification, Article 16 GDPR:
You have a right to rectification and/or completion in respect of the controller, insofar as your items of personal data processed by the controller are inaccurate or incomplete. The controller must implement the rectification without undue delay.
- Right to erasure, Article 17 GDPR:
a) Obligation to erase
You may request the controller to delete your personal data without undue delay, and the controller is obliged to delete that data without undue delay, if any one of the following reasons applies:
- The items of your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
- You object to processing pursuant to Article 21(1) of the GDPR (see below) and there are no overriding legitimate grounds for the processing operation, or you object to processing pursuant to Article 21(2) of the GDPR.
- The items of your personal data have been processed unlawfully.
- The erasure of your personal data is necessary for compliance with a statutory obligation under European Union or Member State law to which the controller is subject.
- The items of your personal data were collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
- b) Information transfer to third parties
If the controller has made your personal data public and is under an obligation pursuant to Article 17(1) of the GDPR to erase that data, it will take reasonable action, also of a technical nature, taking into account the available technology and the cost of implementation, to inform those responsible for processing the personal data that you, as the data subject, have requested the controller to erase all links to, or copies of, or replications of that personal data.
- c) Exceptions
The right to erasure does not apply insofar as the processing is necessary
- to exercise the right to freedom of expression and information;
- for compliance with a statutory obligation which requires processing under European Union or Member State law to which the controller is subject, or for the performance of a task in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
- for the establishment, exercise or defence of legal claims.
- Right to restriction of processing, Article 18 GDPR:
Under the following conditions, you may request restriction of processing in relation to your personal data:
- if you contest the accuracy of your personal data, for a period that allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and you reject erasure of the personal data and instead request restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims, or
- if you have lodged an objection to the processing pursuant to Article 21(1) of the GDPR (see below) and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
In cases where processing of your personal data has been restricted, that data, with the exception of storage, may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
If you have obtained a restriction of processing under the above conditions, the controller will notify you before the restriction is lifted.
- Notification obligation, Article 19 GDPR:
If you have exercised the right to rectification, erasure or restriction of processing in respect of the controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the data controller.
- Right to data portability, Article 20 GDPR:
You have the right to receive the personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller, without obstruction by the controller to whom the personal data was provided, provided that
- the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or is based on a contract pursuant to Article 6(1)(b) of the GDPR and
- the processing is carried out with automated procedures.
In exercising this right, you also have the right to have your personal data transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
Your right to erasure remains unaffected.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Right to object, Article 21 GDPR
Pursuant to Article 21(1), first sentence, of the GDPR, you have a right to object on a case-by-case basis to the processing of your personal data on the basis of Art. 6(1)(e) of the GDPR (data processing in the public interest) or Article 6(1)(f) of the GDPR (data processing for the purposes of safeguarding the legitimate interests of the controller or a third party), and, pursuant to Article 21(2) of the GDPR, you have a right to object to the processing of personal data for advertising purposes.
- Right to revoke the declaration of consent under data protection law:
You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only effective for the future. The lawfulness of the processing carried out on the basis of the consent up to the time of revocation is not affected.
- Automated decision-making in individual cases, including profiling, Article 22 GDPR:
You have the right not to be subject to a decision based solely on automated processing - including profiling - which results in legal effects that concern you, or significantly affects you in a similar manner. This does not apply if the decision
- is necessary for entering into or fulfilling a contract between you and the controller,
- is permitted by legislation of the European Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- is carried out with your express consent.
In cases (1) and (3), the controller shall take reasonable action to safeguard the rights and freedoms of, and the legitimate interests of, you as the data subject, which shall include, as a minimum, the right to obtain intervention by a person on the part of the controller, to present a personal position and to contest the decision.
Furthermore, decisions resulting exclusively from automated processing may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate action has been taken to protect rights and freedoms and your legitimate interests.
- Right to lodge a complaint with a supervisory authority, Article 77 GDPR:
You also have the right to lodge a complaint to a data protection supervisory authority about the processing of your personal data. You may address your complaint to the supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority to which the complaint has been submitted will inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
You can exercise your rights as mentioned above by sending us an informal notification.
Paragraph 7: Data security
We make every effort, with the help of all technological and organisational means available to us, to store your data in a manner that does not allow access by third parties. When communicating by email, we cannot guarantee complete data security, so we recommend that you send confidential information by post.
For reasons of security and to protect the transmission of confidential content, such as the inquiries that you send to us in our role as the website operator, this website uses TLS encryption. You can see when you have an encrypted connection: the URL address changes from “http://” to “https://” and a padlock symbol is displayed in your browser's status bar. When TLS encryption is activated, the data you transmit to us cannot be read by third parties