Data Protection Declaration
The protection of your personal data is important to us, which is why we would like to provide you with information about contact options and data subjects as simply and as accurately as possible.
First of all, you will receive information below about the contact options for our data protection officer as well as options for encrypted contact. We then introduce the legal and technical terms that will be used in the further course. You will then receive an overview of the rights of the data subject. Then you will be given the details of the person responsible. Finally, the technologies used, services and our handling are discussed.
1. Contact to the Data Protection Officer
Should you have any questions or require information, you can contact our external data protection officer at any time, the contact details are:
Oliver Offenburger, M.Sc.
Phone: 07721 69724 00
Fax: 07721 69724 01
Our preferred method of contact is by e-mail. However, you are also welcome to contact the data protection officer by post or telephone. Should you wish to encrypt your e-mail to our data protection officer, we recommend that you read the following section.
Notes on requests:
If you send us a request by e-mail during regular business hours, we will confirm receipt of the message on the same day. If you do not receive a confirmation, please contact us by telephone.
If you make a postal request, we will send you confirmation of receipt on the same day as delivery, but no later than one day after delivery. If you do not receive a confirmation, please contact us by telephone.
For a telephone enquiry, please use the telephone number of our data protection partner, eye-i4 GmbH, directly.
1.1 Encryption of e-mails to our Data Protection Officer
We are advocates of encrypted transmission by email. Therefore, to maintain confidentiality and integrity, we offer to encrypt your requests to the Data Protection Officer.
We use PGP for encryption. You can find information about free usage options and the set-up on the website of our data protection partner, see the following link: https://eye-i4.de/blog-kostenlose-pgp-verschluesselung.html
If you wish to have the fingerprint verified, please contact our data protection partner, eye-i4 GmbH, by telephone. If you have any further questions about encryption, you may contact our data protection officer.
2. Terms in the legal context
Before going into legal matters in the further course, we would first like to introduce the associated terms:
2.1 EU GDPR (also called GDPR)
The term EU GDPR (hereinafter also “GDPR”) means the General Data Protection Regulation. This is a basic regulation of the European Union that regulates how personal data may be processed. For information, the legal text of the GDPR can be viewed via the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
2.3 Personal data and data subject
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or linking, restriction, erasure or destruction.
2.5 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their future processing.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
The “recipient” is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
2.8 Third parties
“Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
“Consent” of the data subject meant any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act with which the person concerned indicates his or her agreement to the processing of personal data relating to him or her.
2.10 Personal data breach
“Personal Data Breach” means a breach of security resulting in the destruction, loss or alteration, whether accidental or unlawful, or unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
2.11 Health data
“Health data” means personal data relating to the physical or mental health of a natural person, including the provision of health services, revealing information about that person’s state of health.
“Company” means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations regularly engaged in an economic activity.
2.13 Supervisory authority
“Supervisory authority” means an independent public body established by a Member State in accordance with Article 51.
2.14 Relevant and reasoned objection
The “relevant and reasoned objection” means an objection with regard to whether or not there is a breach of this regulation or whether the intended action against the controller or processor is in compliance with this regulation, clearly indicating the scope of the risks posed by the draft decision in relation
to the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
3. Terms in the technical context
Before going into technical matters in the further course, we would first like to introduce the associated terms:
3.1 File system
“File system” means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally or according to functional or geographical criteria.
Cookies are text files that are stored on your end device by a website through your browser. These text files can be intended to implement technical issues such as a shopping cart mechanism or to infect your visitor behaviour. For this purpose, the text files can be provided with identification features and additional information.
You have the option of preventing the storage of cookies in the browser of your end device. There may be technical restrictions in the use of the website if cookies are deactivated.
3.3 Server logs
Server logs are log files that are created by the web server and document the access to a website. A variety of information can be collected in a log entry, such as the access time, the browser type, the IP address of the visitor, etc.
The referrer refers to the one that was used to reach the responsible party’s page. In the case of server logs, for example, the referrer can be read out.
4. Rights of the data subject
The rights of the data subjects result from the GDPR as well as from the respective national legal provisions on data protection. If you wish to assert your rights, please contact our data protection officer using the method described above. In the following, we would like to inform you of your rights arising from the GDPR, in particular Chapter 3:
4.1 Obligation to inform
The data subject shall have the right to obtain information on the personal data of the data subject which has been filed if the data has been collected from the data subject or if the data has not been collected from the data subject. This is regulated in chapters Art. 13 and 14 of the GDPR.
4.2 Right to information
The data subject shall have the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed and, if so, to obtain access to those personal data and further information in accordance with Art. 15 of the GDPR.
4.3 Right of rectification
The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
4.4 Right to deletion
The data subject shall have the right to obtain from the controller the erasure without delay of personal data concerning him or her and the controller shall be obliged to erase personal data without delay where one of the grounds referred to in Art. 17 of the GDPR applies.
4.5 Right to the restriction of processing
The data subject shall have the right to obtain from the controller the restriction of processing if one of the conditions laid down in Art. 18 of the GDPR applies.
4.6 Notification obligation
The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 of the GDPR, unless this proves impossible or involves a disproportionate effort.
The controller shall inform the data subject of these recipients if the data subject so requests.
4.7 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided.
4.8 Right of objection
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Art. 6 (1) (e) or (f), including profiling based on those provisions. The controller shall no longer process the personal data unless he or she can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
4.9 Complaint to supervisory authority
In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the headquarters of the controller for this.
Our competent supervisory authority is:
State Commissioner for Data Protection and Freedom of Information, Stuttgart
5. Details of the controller
The controller according to Art. 24 GDPR is listed below:
Pfeiffer Marine GmbH
D-78345 Moos am Bodensee
Further information about the controller can be found in the imprint:
6 Web technologies used
6.1 Encryption of data transmission
We use the SSL (Secure Socket Layer) procedure to encrypt the transmission and request of data to our website. For this purpose, we use a 128-bit key with SHA256 hash.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
6.2 Server logs
In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 (1) p. 1 lit. f GDPR):
– Anonymised IP address,
– Date and time of the request,
– Time zone difference from Greenwich Mean Time (GMT),
– Content of the request (concrete page),
– Access status/HTTP status code,
– The amount of data transferred in each case,
– Website from which the request comes (referrer),
– Operating system and its interface,
– Language and version of the browser software.
Cookies are stored on your computer when you use our website. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies,
– Persistent cookies.
6.3.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
7. Disclosure to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
– you have given your express consent in accordance with Art. 6 (1) sentence 1 lit. a. GDPR,
– the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art 6 (1) sentence 1 lit. f. GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that there is a legal obligation for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c. GDPR, as well as
– this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 (1) sentence 1 lit. b. GDPR.