DATA PROTECTION
INFORMATION
The protection of your personal data is important to us, which is why we would like to provide you with information about contact options and the data we process as simply and accurately as possible. Firstly, you will receive information below on how to contact our data protection officer and the option of encrypted contact. We will then introduce you to the legal and technical terms that will be used in the following. You will then receive an overview of the rights of the data subject. You will then find out the details of the controller. Finally, the technologies and services used as well as our handling and legality are discussed.
1. Contact the data protection
officer
If you have any questions or require information, you can contact us at any time:
E-mail: datenschutz@postpressalliance.com
2. Terms in a legal context
Before we go on to discuss legal issues, we would first like to introduce you to the relevant terms:
2.1. EU GDPR
The term EU GDPR (hereinafter also referred to as “GDPR”) refers to the General Data Protection Regulation. It is a basic regulation of the European Union that regulates how personal data may be processed. For information, the legal text of the GDPR can be viewed via the following link:
https://eur-lex.europa.eu/eli/reg/2016/679/oj
2.2. Person responsible
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.3. Personal data and data subject
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.4. Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.5. Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of restricting its future processing.
2.6. Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.7. Receiver
The “recipient” is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
2.8. Third
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2.9. Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.10. Violation of the protection of personal data
“Personal data breach” means a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful, or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.11. Health data
“health data” means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and from which information about their health status is derived.
2.12. The company
“Company” means a natural or legal person that carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly pursue an economic activity.
2.13. Supervisory authority
The “supervisory authority” shall be an independent public authority established by a Member State in accordance with Article 51.
2.14. Relevant and well-founded objection
Relevant and reasoned objection” means an objection as to whether or not there is an infringement of this Regulation or whether the envisaged action against the controller or processor is in compliance with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data in the Union.
3. Terms in a technical context
Before we go on to discuss technical issues, we would first like to introduce you to the associated terms:
3.1. File system
The “file system” is any structured collection of personal data that is accessible according to specific criteria, regardless of whether this collection is organised centrally, decentrally or according to functional or geographical aspects.
3.2. Cookies
Cookies are text files that are stored on your end device by a website using your browser. These text files can be intended to implement technical matters such as a shopping basket mechanism or to identify your visitor behaviour. For this purpose, the text files can be provided with identification features and additional information.
You have the option of preventing the storage of cookies in the browser of your end device. If cookies are deactivated, there may be technical restrictions when using the website.
3.3. Server logs
Server logs are log files that are created by the web server and document access to a website. A variety of information can be collected in a log entry, such as the access time, the browser type, the IP address of the visitor, etc.
3.4. Referrer
The referrer refers to the website from which you reached the responsible party’s website. In the case of server logs, for example, the referrer can be read.
4. Rights of the data subject
The rights of data subjects arise from the GDPR as well as from the respective national legal provisions on data protection. If you wish to assert your rights, please contact our data protection officer using the option described above. In the following, we would like to draw your attention to your rights arising from the GDPR, in particular Chapter 3:
4.1. Duty to inform
The data subject has the right to obtain information about the data subject’s personal data stored if the data was collected from the data subject or if the data was not collected from the data subject. This is regulated in Chapter 3 Art. 13 and 14 GDPR.
4.2. Right to information
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information in accordance with Art. 15 GDPR.
4.3. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.4. Right to cancellation
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds pursuant to Art. 17 GDPR applies.
4.5. Right to restriction of processing
The data subject has the right to obtain from the controller restriction of processing where one of the conditions set out in Art. 18 GDPR applies.
4.6. Notification obligation
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform the data subject of these recipients if the data subject so requests.
4.7. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
4.8. Right of objection
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
4.9. Complaint to the supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the controller.
5. Details of the person responsible
The website is operated under joint responsibility in accordance with Art. 26 GDPR between the following controllers:
Wohlenberg Bookbinding Systems GmbH
Nikolaus-Kopernikus-Str. 7
D-27283 Verden
PERFECTA Schneidemaschinenwerk GmbH Bautzen
Schäfferstraße 44
D-02625 Bautzen
MBO Postpress Solutions GmbH
Grabenstraße 4-6
D-71570 Oppenweiler
Hohner Maschinenbau GmbH
Gänsäcker 19
D-78532 Tuttlingen
H+H GmbH & Co KG
Dunlopstraße 45 + 47
D-33689 Bielefeld
Baumann Maschinenbau Solms GmbH & CO. KG
Oberbieler Straße 1-3
35606 Solms
Bograma AG
Mettlenstrasse 1
CH-8488 Turbenthal
Further information about the person responsible can be found in the imprint:
[Link wir online gestellt, wenn die Website online ist]
6. Web technologies used
6.1. Encryption of data transmission
We use the SSL procedure (Secure Socket Layer) to encrypt the transmission and enquiry of data to our website. We use a 128-bit key with SHA256 hash for this purpose.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
6.2. Server logs
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
• Anonymised IP address, Date and time of the enquiry, Time zone difference to Greenwich Mean Time (GMT), Content of the request (specific page), Access status/HTTP status code, The amount of data transferred in each case, Website from which the request originates (referrer), Browser, operating system and its interface, Language and version of the browser software.
6.3. Cookies
We do not use cookies for tracking purposes.
7. Duration of storage
Unless specifically stated, we store personal data for as long as is necessary to fulfil the purposes pursued. If the legislator prescribes retention periods, the data will continue to be stored by us for verification purposes, but will not be processed in any other way and will be deleted after the statutory retention period has expired.
8. Disclosure to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
• you have given your express consent in accordance with Art. 6 para. 1 S1. lit a. GDPR have given your express consent to this;
• the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
• in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
