in accordance with Art. 4 (7) EU General Data Protection Regulation (GDPR)
CITTI Handelsgesellschaft mbH & Co. KG
CONTACT PERSON FOR DATA PROTECTION
Should you have any questions about the collection, processing or use of your personal data, or for disclosure, correction, blocking or deletion of data, and revocation of consents granted, please contact our data protection officer:
+49 (431) 6893-9463
WHAT HAPPENS TO MY PERSONAL DATA?
Data Protection Principles
Data protection enjoys the highest priority among the companies of the CITTI Group. Our employees are bound to confidentiality and your details are protected by the use of state-of-the-art technologies. We consider compliance with the statutory regulations, particularly the EU General Data Protection Regulation (GDPR), to be a self-evident obligation.
PROCESSING OF PERSONAL DATA
During visits to our website
You can visit our website without disclosing information about your person. Even if your visit takes place e.g. via newsletter links, we store only access data which is not personally identifiable, such as
- - The name of your Internet service provider
- - The Internet site from which you visit us
- - The name of the requested file
- - IP address
- - Date and time of the request
- - Time zone difference from Greenwich Mean Time (GMT)
- - Content of the request (concrete page)
- - Access status/HTTP status code
- - Data volume transmitted in each case
- - Website from which the request comes
- - Browser type, including language and version used
- - Operating system and its user interface
The data are stored in our system logfiles. These data are not stored together with other personal data on the user, nor are the data evaluated for marketing purposes. The legal basis for the collection and storage of the data is Art. 6 (1) lit. f GDPR. The data are technically necessary for us in order to be able to display our website to you and to warrant its stability and security. The data are stored in logfiles to ensure the functionality of the website. In addition, the data help us to optimise the website and to safeguard the security of our IT systems.
This purposes also found our legitimate interest in the processing of the data. The data are deleted as soon as they are no longer required for the achievement of the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated. In the case of the storage of the data in logfiles, this is the case after 1 year at the latest. Storage over and above this period is possible. In this case, however, the IP addresses of the users are deleted or anonymised so that identification of the requesting client is no longer possible.
Collection of the data for provision of the website and storage of the data in logfiles is essential for the operation of the Internet website. The user therefore has no right to oppose such collection and storage. If you are not in agreement with this, we recommend that you leave the Internet website.
On our website, we offer you the possibility of subscribing to our newsletter. In order to ensure that no mistakes were made during the input of the e-mail address, we use the “double opt-in” method: After you have entered your e-mail address in the registration field, we send you a confirmation link. Only when you have clicked on this confirmation link is your e-mail address added to our distribution list. Your electronic contact data are processed at this stage exclusively on the basis of your consent (Article 6 (1) lit. a GDPR). You can revoke your declared consent at any time with effect for the future. Just send us a brief message by e-mail to our Customer Service or click on the “Unsubscribe” button at the end of every newsletter.
Your data are transmitted via the Internet in encrypted form. We take technical and organisational measures to protect our website and other systems against loss, deletion, access, alteration or dissemination of your data by unauthorised persons. You should treat your access information confidentially at all times and close the browser window when you terminate the communication with us, particularly if you use the computer together with other persons.
The provider of this website uses the services of etracker GmbH in Hamburg, Germany (www.etracker.com) to analyse website usage data. Cookies are used here that permit statistical analysis of the use of this website by its visitors and the display of user-specific contents or advertising. Cookies are small text files that are stored by the Internet Browser on the user’s terminal. etracker cookies contain no information that allows a user to be identified.
The data generated with etracker are processed and stored by etracker on behalf of the provider of this website exclusively in Germany and are therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited and certified as to its data security and has been awarded the ePrivacyseal data protection quality mark.
The data are processed on the legal basis of Art. 6 (1) lit f (legitimate interests) of the EU General Data Protection Regulation (GDPR). Our legitimate interest consists in the optimisation of our online offering and our website. As the privacy of our visitors is particularly important to us, the IP address is anonymised by etracker at the earliest possible moment, and login or device identifiers are converted into an unambiguous, but non-personalised code by etracker. etracker does not use the data for any other purpose, nor are the data merged with other data or disclosed to third parties.
You can object to the processing of data in the manner described above, insofar as it relates to your personal data. Your objection has no negative consequences for you.
I object to the processing of my personal data with etracker on this website.
Further information on data protection with etracker can be found here.
GOOGLE ANALYTICS WITH THE EXTENSION ANONYMIZE IP
For the purposes of an appropriate design and ongoing optimisation of our website, we use Google Analytics, a web analysis service of Google Inc. (“Google”) in accordance with Article 6 (1) lit. f GDPR. In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie on your use of this website, such as
- - browser type/version,
- - operating system used,
- - referrer URL (the page previously visited),
- - host name of the accessing computer (IP address),
- - time of the server request
is transmitted to a Google server in the USA and stored there. The information is used to analyse the use of the website, to compile reports on the website activities and to provide other services related to the use of the website and of the Internet for the purposes of market research and the appropriate design of these Internet pages. This information may also be transferred to third parties, if required by law or if these data are processed by third parties on behalf of Google. On no account will your IP address be associated with any other data held by Google. The IP addresses are anonymised so that identification of the IP address is not (“IP masking”).
You can prevent the installation of the cookies by a corresponding setting in the browser software; we should point out, however, that in this case you may not be able to make full use of all the functions of this website. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) and the processing of these data by Google by downloading and installing this browser add-on. Further information on data protection in conjunction with Google Analytics can be found on the website of Google Analytics.
For the exceptional cases in which personal data are transmitted to the USA, Google has subjected itself to the EU-US Privacy Shield. The legal basis for the use of Google Analytics is Art. 6 (1) line 1 lit. f GDPR.
OUR ONLINE PRESENCE IN SOCIAL NETWORKS
CITTI Handelgesellschaft mbH & Co. KG is present online in various social networks and platforms (e.g. Facebook, Instagram, etc.) and uses these to communicate with customers and potential customers active there, and to inform them about various activities and services. When using these networks and platforms, the general terms and conditions and data processing guidelines of the respective provider apply, not ours.
To supply our customers with detailed information, we have videos embedded on our webpage. We use the services of YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you open a page with integrated videos, your IP-address is being sent to YouTube and cookies are being installed on your device by default. To avoid the processing of your personal data by Youtube, we have embedded an extended data protection mode: YouTube still connects to the Google service Double Klick, but, according to Google’s data protectection regulation, personal data is not being processed or evaluated. That ensures no data of customers who visit our page is being stored by YouTube unless a video is played. In that case, your IP-Address is transmitted and YouTube stores the information of which clip you have watched. If you are logged into YouTube while activating that video, this informsation is stored on your user account (to avoid this, simply log out of YouTube before starting a video). .
Information on data processing with regard to our facebook page
On June 5th 2018 the ECJ ruled that facebook and a facebook page operator share responsibility over their data processing, in regards of data protection regulations. On the following day, the 6th of June 2018, the Data Protection Conference (association of German supervisory authorities) issued a so-called resolution in regards to the shared responsibility of data protection. According to that resolution we have to inform you comprehensively about the data processed by facebook itself and by our facebook page, in particular if you do not use facebook in principle. For the time being, no further information than facebook’s guidelines are available to us. You can find their data protection regulations, including information on your rights as user, here.
YOUR RIGHTS IN ACCORDANCE WITH GDPR
Right of access (Art. 15 GDPR)
You have the right at any time to demand information as to whether and what personal data we have saved concerning you.
Right to rectification (Art. 16 GDPR)
You have the right at any time to demand the rectification of your data if they are stored incorrectly by us.
Right to erasure of your data (Art. 17 GDPR)
You have the right at any time to demand the erasure of your personal data stored by us. Please note that this right to the erasure of data does not apply to data subject to a statutory retention period (e.g. invoice data).
Right to restriction of processing (Article 18 GDPR)
You have the right under Art. 18 GDPR to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their erasure and we no longer need the data, but you for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
Right to data portability (Art. 20 GDPR)
You have the right at any time to receive the personal data concerning you collected and processed by us in a structured, commonly used and machine-readable format (csv).
Revocation of consent (Art. 7 (3) GDPR)
Should we ask you for your consent to the use of your personal data, we should point out that you can naturally revoke this consent at any time with effect for the future. In this case, please contact email@example.com. Should you have any further questions on the subject of data protection, please contact our data security officer online or in writing.
Your right to object the processing of personal data
As long as your personal data is being processed on grounds of interest, you have the right to object (GDPR art.21). This would be the case, if the data processed is not essential to fulfill a contract with you. In case of such an objection, we ask you to name the reasons why your personal data should not be processed by us as agreed upon. We will examine the respective circumstances once we receive your objection. The processing of your data will thus either be discontinued or adjusted if we cannot state our urgent legitimate interest in processing them to your complete satisfaction.
Your right to appeal to a supervisory authority
Furthermore, you have the right to complain to the supervisory data protection authorities (GDPR art.77) about our processing of your personal data. Please contact the ULD (address-details below) or the relevant local authorities.
RESPONSIBLE SUPERVISORY AUTHORITY
Independent Centre for Data Protection of Schleswig-Holstein
(Institution under Public Law)