Data Privacy Statement

In this data privacy statement, we explain to you the type, extent and purpose of the processing of personal data (hereinafter: ‘data’) within our online offer and the associated websites, functions and contents, as well as external online presences, such as our social media profile (hereinafter jointly: online offer). With respect to the terms used, such a «processing» or «controller», we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

W.F.Gözze Frottierweberei GmbH
Laerstraße 56-58
48565 Steinfurt, Germany

Telephone +49 (0)2552 9383 0
Fax +49 (0)2552-9383-33
e-mail: info@goezze.de

Link to Legal Notice: https://www.goezze.com/impressum/
Data Protection Officer: Helmut Bosse

Types of data processed:

— user data (e.g. name, address);
— contact data (e.g. e-mail, telephone numbers);
— content data (e.g. text input, photographs, videos);
— usage data (e.g. websites visited, interest in contents, times of access);
— meta and communication data (e.g. terminal information, IP addresses).

Categories of data subjects

Visitors to and users of the online offer (hereinafter we refer to the persons concerned jointly as ‘users’).

Purpose of processing

— provision of the online offer, its functions and contents;
— responding to contact enquiries and communication with users;
— security measures;
— measurement of range/marketing.

Definition of terms used

‘Personal data’ are any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means. The term has a wide application and encompasses practically every treatment of data.

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Applicable legal principles

In accordance with Article 13 GDPR we inform you of the legal principles for our data processing. If the legal base is not specified in the data privacy statement, the following applies. The legal base for obtaining consent is Article 6 (1) point (a) and Article 7 GDPR, the legal base for processing to comply with our services and to undertake measures under the contract and for responding to enquiries is Article 6 (1) point (b) GDPR, the legal base for processing to comply with our legal obligations is Article 6 (1) point (c) GDPR, and the base for processing for the safeguarding of our legitimate interests is Article 6 (1) point (f) GDPR. For the case where the essential interests of the data subject or another natural person make necessary the processing of personal data, Article 6 (1) point (d) GDPR serves as the legal base.

Security measures

In accordance with Article 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures particularly include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, and the associated access, entry and transfer related to the data and ensuring their availability and separation. Furthermore, we have introduced procedures to ensure the recognition of the rights of data subjects, the erasure of data and reaction to situations, where the data are at risk. Furthermore, in the development, and selection of hardware, software and procedures we take into account the protection of personal data, in accordance with the principle of data protection by design and by default (Article 25 GDPR).

Cooperation with processors and third parties

If in the course of our processing we disclose data to other persons and companies (processors or third parties), provide data to the latter or otherwise grant them access to the data, we do so only on a statutory basis (e.g. if it is necessary to transfer data to third parties, such as payment service providers, pursuant to Article 6 (1) point (b) GDPR), if you have given your consent, a legal obligation requires this or on the basis of our legitimate interests (e.g. for the use of authorised agents, web hosts, etc.).

If we commission a third party to process data on the basis of what is known as an order processing contract, this is drawn up on the basis of Article 28 GDPR.

Transfer to third countries

We process data in a third country i.e. outside the European Union (EU) or the European Economic Area (EEA) or have recourse to the services of third parties or disclose or transfer data to third parties only if our (pre-)contractual duties can be complied with on the basis of your consent, by virtue of a legal obligation or on the basis of our legitimate interest. Subject to legal or contractual authorisation we process the data or have the data processed in a third country only if the particular provisions of Articles 44 et seq. GDPR are satisfied. This means that the data are processed on the basis of specific guarantees, such as the officially recognised accreditation of a level of data security equivalent to that in the EU (e.g. for the USA by means of the Privacy Shield) or compliance with officially recognised contractual obligations (known as standard contract clauses).

Rights of the data subjects

You have the right to request confirmation as to whether data concerning you is being processed and the right to access these data as well as to further information and to receive copies of the data in accordance with Article 15 GDPR.

In accordance with Article 16 GDPR you have the right to request the completion of data concerning you or rectification of incorrect data concerning you.

In accordance with Article 17 GDPR you have the right to request that data concerning you is erased without undue delay or alternatively, in accordance with Article 18 GDPR you have the right to request that the processing of the data be restricted.

You have the right to request that you receive the data concerning you, which you have provided to us, in accordance with Article 20 GDPR and to demand that this data be transferred to other controllers.

Furthermore, you have the right pursuant to Article 77 GDPR to lodge a complaint with the competent supervisory authority.

Right of revocation

Pursuant to Article 7 (3) GDPR you have the right to withdraw consents, which you have granted, with effect for the future.

Right to object

You may object at any time to the future processing of data concerning you in accordance with Article 21 GDPR. In particular, you may object to processing for the purposes of direct advertising.

Cookies and the right to object to direct advertising

Cookies are small files, which are stored on the user’s computer. A variety of information can be stored in a cookie. A cookie serves primarily to store information on a user (or the terminal on which the cookie is stored) during or subsequent to the user’s visit to an online offer. Temporary cookies, also known as session cookies or transient cookies, are cookies, which are deleted when a user leaves an online offer and closes his browser. Cookies of this kind may store the content of a shopping cart in an online shop or a log-in status. Permanent or persistent cookies are those, which remain after the browser has been closed. In this way the log-in status, for example, may be stored when the user accesses this website several days later. Cookies of this kind may also store the interests of the users, which are used for range measurement or for marketing purposes. Third-party cookies are cookies, which are offered by service providers, other than the controller, who operated the online offer (otherwise if the cookies are only those of the controller, they are referred to as first-party cookies).

We may use temporary and permanent cookies and explain this in our data privacy statement.

If you, the user, do not want cookies to be stored on your computer, please deactivate the appropriate option in the system settings for your browser. Cookies, which have been stored, may be deleted within the browser system settings. The exclusion of cookies may result in impairment of functions in this online offer.

You can lodge a general objection to the use of cookies employed for the purposes of online marketing through a variety of services, in particular in the case of tracking, via the US American site, http://www.aboutads.info/choices/ or the EU site, http://www.youronlinechoices.com/. Furthermore, the cookies stored can be blocked by de-activating them within your browser settings. Please note that this may result in your being unable to use all the functions of this online offer.

Erasure of data

The data processed by us are erased or their processing is restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated by us in this data privacy statement, the data stored by us are erased as soon as they are no longer required for their specific purpose and provided that erasure does not conflict with any legal duties to retain. If the data are not erased, because they are required for other purposes admissible in law, their processing is restricted. This means that the data are blocked and not processed for other purposes. This applies, for example, to data, which must be retained for reasons of commercial or tax law.

In accordance with statutory regulations in Germany data are retained in particular for 10 years in accordance with Sections 147 (1) German Tax Code, 257 (1) points 1 and 4 and (4) German Commercial Code (books, records, management reports, accounting vouchers, account books, documents relevant for taxation purposes, etc.) and 6 years pursuant to Section 257 (1) points 2 and 3 and (4) German Commercial Code (business correspondence).

In accordance with statutory regulations in Austria data are retained in particular for 7 years pursuant to Section 132 (1) Austrian Federal Taxation Regulations (accounts documents, receipts/invoices, accounts, vouchers, business documents, itemisation of income and expenditure, etc.), for 22 years in relation to real property and 10 years for documents related to electrical services, telecommunication, radio and television services, which have been provided to a non-entrepreneur in EU member states and which have been obtained from the Mini One Stop Shop.

Transaction-related processing

In addition we process
— contractual data (e.g. object of the contract, term, category of customer),
— payment data (e.g. bank account details, payment history),
of our customers, potential customers and business partners for the purpose of providing contractual obligations, services and customer care, marketing, advertising and market research.

Data privacy notices in job application procedures

We process data in applications only for the purpose and to the extent of the application procedure in compliance with the provisions of the law. Job application data are processed to comply with our (pre-)contractual obligations within the application procedure within the meaning of Article 6 (1) point (b) GDPR and Article 6 (1) point (f) GDPR provided that we are required to process the data, for example as part of a legal procedure. (In Germany Section 26 German Federal Data Protection Act also applies.)

The application procedure requires that applicants submit their application data to us. If we have provided an online form, the application data required are identified; otherwise they arise from the job description and basically include details on identity, postal and contact addresses and the documents related to the application, such as letter of application, CV and references. We are happy to receive additional information from applicants.

By sending the application to us the applicants are giving their consent to the processing of their data for the purposes of the application procedure in accordance with the type and scope of data processing set out as agreed in this data privacy statement.

If within the context of the application procedure particular categories of personal data within the meaning of Article 9 (1) GDPR are transferred, these data are also processed in accordance with Article 9 (2) point (b) GDPR (e.g. data on health, such as status as a severely disabled person, or ethnic origin). If within the context of the application procedure particular categories of personal data within the meaning of Article 9 (1) GDPR are requested from applicants, these data are also processed in accordance with Article 9 (2) point (a) GDPR (e.g. data on health, if these are required for the exercise of an occupation).

If an online form has been provided on our website, applicants may use this to send us their applications. The data shall be transferred to us encrypted in accordance with the state of the art.
In addition, applicants may send their applications by e-mail. However, in this case please bear in mind that as a matter of principle e-mails are not sent in encrypted format and the applicant is himself responsible for encryption. We can therefore accept no liability for the transmission route of the application between the originator and receipt on our server and therefore recommend that you use the online form or send your application by post. Instead of applying via the online form and e-mail the applicants may additionally send their application by post to us.

In the case of successful application we may further process the data provided by the applicant for the purposes of the employment relationship. Otherwise, if the application is not successful, the applicant’s data are erased. The applicant’s data are also erased, if an application is returned; the applicants are entitled to the return of their application at any time.

The data are erased subject to a legitimate objection by the applicant, at the end of a period of six months, in order that we are able to respond to any follow-up questions on the application and can satisfy our obligations to provide evidence under the German General Act on Equal Treatment. Invoices for any refund of travel costs are archived in accordance with the provisions of taxation law.

Contacting us

If you contact us (e.g. by the contact form, e-mail, telephone or via social media) the user’s data are processed in order to deal with the contact enquiry and its transaction pursuant to Article 6 (1) point (b) GDPR. The user’s data may be stored in a customer relationship management system (CRM system) or a comparable enquiry storage system.

We delete the enquires, as soon as they are no longer necessary. We check necessity every two years. In addition, the statutory archiving duties apply.

Hosting and despatch of e-mails

The hosting services used by us serve to provide the following services: infrastructure and platform services, computing capacity, disk space and database services, despatch of e-mails, security services and the technical maintenance service, which we use for the purpose of operating the online offer.

For these purposes we and/or our hosting provider process user data, contact data, content data, contract data, usage data, meta and communication data from customers, potential customers of and visitors to this online offer on the basis of our legitimate interests for an efficient and safe provision of this online offer pursuant to Article 6 (1) point (f) GDPR in conjunction with Article 28 GDPR (conclusion of an order processing contract).

Collection of access data and log files

On the basis of our legitimate interests within the meaning of Article 6 (1) point (f) GDPR we and/or our hosting provider collect data on every access to the server, on which this service is located, (known as server log files). The access data include the name of the website accessed, file, date and time of the access, the volume of data transferred, a report on successful access, browser type and version, the user’s operating system, referrer URL (the page previously visited), IP address and the inquiring provider.

Log file information is stored for reasons of security (e.g. to investigate abuse or fraud) for a maximum period of 7 days and is then erased. Data, which we are required to retain for a longer period for the purposes of providing evidence, are excluded from erasure until the respective incident has been investigated.

Google Analytics

To serve our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer within the meaning of Article 6 (1) point (f) GDPR) we use Google Analytics, a web analysis service from Google LLC (‘Google’). Google uses cookies. The information generated by the cookie about your use of this website is normally transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers the guarantee that it will comply with the European law on data protection (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google shall use this information on our behalf to evaluate the use by the user of our online offer, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and use of the Internet. In the process a pseudonymised usage profile can be generated for the user from the data processed.

We use Google Analytics only with activated IP anonymisation. This means that the user’s IP address is abbreviated by Google within the member states of the European Union or in other states which are contractual parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

The anonymised IP address transmitted from the user’s browser is not mixed with other data by Google. You can prevent cookies from being installed on your computer by adjusting the settings on your browser software; moreover, you can prevent the collection by Google of the data generated by the cookie on your use of the website and the processing of this data by Google, by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google, settings and objection options can be consulted on https://policies.google.com/technologies/ads and in the settings for the display of advertisements screened by Google (https://adssettings.google.com/authenticated).

The user’s personal data will be erased or anonymised after a period of 14 months.

Online presence in social media

We maintain online presence within social networks and platforms, in order to communicate on these with current customers, potential customers and users and to inform them about our services. When you access the respective networks and platforms the Terms and Conditions of Business and the data processing guidelines of the respective operator of the site visited apply.

Unless otherwise stated in our data privacy statement, we process users’ data if the latter communicate with us within the social networks and platforms e.g. when you contribute to our online presence or send us messages.

Google Fonts

We integrate the font types (‘Google fonts’) from the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Produced with Datenschutz-Generator.de by Dr. Thomas Schwenke, Lawyer