team

Data Protection Declaration Pursuant to GDPR

The protection of your personal data and your privacy as well as the protection of our business customers are of particular importance to Missal Objekt Licht GmbH & Co.KG . For this reason, we are informing you in the following privacy policy about how this protection is guaranteed by our company and what kind of data is collected for which purpose from you.

 

  1. Name and Address of Person Responsible

The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Missal Objekt Licht GmbH & Co.KG

Zum Dümpel 3

59846 Sundern (Sauerland)

 

Telefon:  +49 29 33 97 32 0

Fax: +49 29 33 97 32 32

Email: info@missal-leuchten.de

Website:  www.missal-leuchten.de

 

The data protection officer of the persons responsible can be reached as follows:

 

Mrs Beate Kemper

c/o NH-IT Services GmbH

Lange Str. 19

58636 Iserlohn

Tel.: 02371-77460

 

The company's data protection officer can be reached at the above address of the company and at datenschutz@nh-itservices.

 

  1. General Information on Data Processing

 

    1. Scope of Personal Data Processing

In principle, we process the personal data of our users and business partners only insofar as this is necessary for the provision of a functional website, our content and services and as far as is necessary for business purposes. The personal data of our users and business partners are, as a rule, only processed with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for legal or factual reasons and where the processing of the data is permitted by law or the business purposes and their legal bases specified in this privacy policy. 

2. Legal Basis for the Processing of Personal Data

Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose. 

If the processing of personal data is necessary to fulfil a contract to which the person concerned is a party, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing is based on Art. 6 para. 1 lit. b GDPR. 

The same applies to processing operations that are necessary to carry out pre-contractual measures, for example, in cases of inquiries regarding our products or services. 

If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 para. 11 lit. c GDPR. 

In rare cases, the processing of personal data may be required to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. In this case processing would then be based on Art. 6 para. 1 lit. a GDPR.   

Processing operations could also be based on Art. 6 para. 1 lit. f GDPR. It covers processing operations that are not covered by any of the above legal bases and is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights or fundamental freedoms of the person concerned are overriding. 

We are allowed such processing operations in particular because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed, if the person concerned is a customer of the person responsible (recital 47, sentence 2, GDPR).

    1. Data Deletion and Storage Period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. However, further storage is permitted if this has been foreseen by a European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data is blocked or even deleted if the storage period prescribed by legal requirements expires, unless there is a need for further storage for concluding or fulfilling a contract.

III. Processing Personal Data as Customer

 

  1. Scope of Personal Data Processing

As a customer, we regularly process the following personal data of the natural contact person, exclusively for business purposes:

  • Name
  • First name
  • Company address
  • Invoicing address
  • Delivery address
  • Telephone number
  • Fax number
  • Mobile telephone number (optional)
  • Email address
  • Business bank account (only for refund)

 

  1. Legal Basis for Processing Personal Data

All information is necessary for establishing contact and the orderly processing of offers and orders. The legal basis is Art. 6 para. 1 lit. b GDPR.

  1. Disclosure to Third Parties

Disclosure to third parties only concerns documents, such as invoices and, if applicable, delivery notes, which are transmitted to the tax office by our tax advisor for accounting purposes. Apart from the company name (for individual companies), this does not usually include any personal data. However, it is possible that first and last names of the contact persons or company owners can be included in these documents.

A transfer to third countries does not take place.

  1. Duration of Storage, Objection and Deletion

This master data is stored in our IT systems as long as the business relationship exists and a legal legitimation prescribes this. Customer data will be deleted after the statutory retention period resulting from the respective use of the data. If an affected person concerned requests deletion or blocking, his / her data will be immediately blocked and deleted after expiry of a legal retention period. 

If there are no reasons for retention, the data will be deleted.

 

You can object to the storage of your personal data at any time in writing by fax, email or by post. Your personal data will then be deleted immediately from our systems. In such a case, the conversation cannot continue. 

 

  1. Processing Personal Data as Supplier  

 

  1. Scope of Personal Data Processing

As a supplier, we regularly process the following personal data of the natural contact person, exclusively for business purposes:

 

  • Name
  • First name
  • Company address
  • Invoicing address
  • Delivery address
  • Telephone number
  • Fax number
  • Mobile telephone number (optional)
  • Email address
  • Business bank account

 

  1. Legal Basis for the Processing of Personal Data

 

All information is necessary for establishing contact and the orderly processing of offers and orders. The legal basis is Art. 6 para. 1 lit. b GDPR. 

  1. Disclosure to Third Parties

 

Disclosure to third parties only concerns documents, such as invoices and, if applicable, delivery notes, which are transmitted to the tax office by our tax advisor for accounting purposes. Apart from the company name (for individual companies), this does not usually include any personal data. However, it is possible that first and last names of the contact persons or company owners can be included in these documents.

A transfer to third countries does not take place.

  1. Duration of Storage, Objection and Deletion

This master data is stored in our IT systems as long as the business relationship exists and a legal legitimation prescribes this. Customer data will be deleted after the statutory retention period resulting from the respective use of the data. If an affected person concerned requests deletion or blocking, his / her data will be immediately blocked and deleted after expiry of a legal retention period. 

If there are no reasons for retention, the data will be deleted.

 

You can object to the storage of your personal data at any time in writing by fax, email or by post. Your personal data will then be deleted immediately from our systems. In such a case, the conversation cannot continue. 

  1. Provision of the Website and Creation of Logfiles

 

  1. Description and Scope of Data Processing

Our website collects a range of general data and information each time the website is accessed by a person or an automated system. This general data and information is stored in the log files of the server. 

The following data is collected:

  1. Information about the browser type and version used.
  2. The user's operating system.
  3. The user's internet service provider.
  4. The user's IP address.
  5. Date and time of access.
  6. Websites from which the user's system comes to our website. 
  7. Websites that are accessed by the user's system through our website. 
  8. Other similar data and information used in the case of attacks on our information technology systems. 

 

The data are also stored in the log files of our system. This data is not stored together with other personal data of the user. The IP address of the user is not identifiable and cannot be traced back to the user. 

A temporary storage of this information is thus anonymous, none of the information collected can be used to identify you or your individual behaviour. 

  1. Legal Basis for the Processing of Personal Data

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f GDPR.

  1. Purpose of the Data Processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. 

When this general data and information is used, you or your individual behaviour cannot be identified. This information is needed to:

  • to deliver the contents of our website correctly,
  • to optimise the content and advertising of our website,
  • to ensure the lasting functioning of our information technology systems and the technology of our website,
  • to provide the law enforcement authorities with the information needed to prosecute a cyber-attack. 

This anonymously collected data and information is therefore statistically and further evaluated by us with the aim of increasing the privacy and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.

For these purposes, our legitimate interest in the processing of data is pursuant to Art. 6 para. 1 lit. f GDPR.

  1. Duration of Storage

The data will be deleted as soon as they are no longer required for the purpose of their collection. 

If the data are stored in log files, they are deleted after seven days at the latest. A longer storage period is possible. In this case, the IP addresses of the users are deleted or unidentifiable, so that an allocation of the calling client is no longer possible.

  1. Objection and Deletion

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Thus, there is no right of objection on the part of the user. 

 

  1. Use of Cookies

 

  1. Description and Scope of Data Processing

 

      1. Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. 

 

      1. We also use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.

The following data are stored and transmitted in the cookies:

      • language settings,
      • possibly login information.

 

      1. We also use cookies on our website, which allow an analysis of users' browsing behaviour. However, only on our website. 

 

In this way the following data can be transmitted:

      • search terms entered,
      • frequency of page views,
      • use of website functions.

 

  1. Legal Basis for Processing Personal Data

To VI/ 1.a)

The legal basis for the processing of personal data when using cookies is Art. 6 para. 1 lit. f GDPR.

To VI/ 1.b) and c)

The legal basis for the processing of personal data when using technically necessary cookies is 6 para. 1 lit. f GDPR.

The legal basis for processing personal data when using cookies for the aforementioned analysis purposes is receipt of the consent of the user, pursuant to Art. 6 para. 1 lit. a GDPR.

  1. Purpose of the Data Processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some functions of our website may not be available in the future without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

We need cookies for the following:

  • language settings,
  • login information.

The user data collected through technically necessary cookies will not be used to create user profiles.

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can constantly optimise our offer.

  • search terms entered
  • frequency of page views
  • use of website functions

For these purposes, our legitimate interest in the processing of personal data is pursuant to Art. 6 para. 1 lit. f GDPR. 

  1. Duration of Storage, Objection and Deletion

Cookies are stored on the user's computer and transmit data to our server. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all the functions of the website.

 

  1. Email Contact

 

  1. Description and Scope of Data Processing

The processing of personal data of our users generally takes place only with the consent of the user. In some cases, however, this consent is not obtainable in advance by us. Thus, it is possible to contact us via the email addresses provided by us on the websites. In this case, the user's email and personal data submitted by email will be stored for the duration of the conversation / transaction. 

In this context, the data will not be disclosed to third parties, with the exception that it is necessary for the business transaction, is legally permissible or consent for the disclosure has been expressly granted.   

We would point out, that data transmission over the internet (e.g., when communicating by email) may have security vulnerabilities. A complete data protection against access by third parties is not possible. 

 

  1. Legal Basis for Processing Personal Data

The legal basis for the processing of data transmitted in the course of sending an email is Article 6 (1) lit. f GDPR. If the aim of the email contact is to conclude a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

  1. Purpose of the Data Processing

The processing of personal data from an incoming email is only for the processing of the contact or for the handling of commercial business transactions. In the case of contact by email, our required legitimate interest in the processing is included.

  1. Duration of Storage

The data will be deleted as soon as they are no longer necessary for achieving the purpose. For the personal data sent to us by email, this is when the conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified, the business transaction has ended and / or the statutory retention periods resulting from the circumstances make deletion possible.   

  1. Objection and Deletion

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by email, he may object to the storage of his personal data at any time. 

All personal data stored in the course of the contact will be deleted in this case. In such a case, the conversation cannot be continued.

 

  1. Data Protection with Applications and the Application Process

The person responsible collects and processes the personal data of applicants for the purpose of the application process. The processing can also be done electronically. This is particularly the case if an applicant submits the application documents to the person responsible by electronic means, e.g., by email or via a web form available on the website. 

If the person responsible concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. 

If no contract of employment with the candidate is concluded by person responsible, the application documents will be automatically deleted six months after the rejection decision, provided the deletion does not prejudice any other legitimate interests of the person responsible. Other legitimate interest in this sense, e.g., a burden of proof in a procedure under the German General Equal Treatment Act (AGG).

  1. Use of Google Maps

 

This site uses via an API the mapping service Google Maps. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.   

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transfer. 

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.   

More information on the use of user data can be found in Google's Privacy Policy: https://www.google.com/intl/en/policies/privacy/.

 

  1. Consent, Objection and Deletion

By using our website, you consent to the described storage and use of your data. 

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Thus, no objection is permitted from the user. 

As a customer / supplier, the storage of personal data as described under point III (customer) and IV (supplier) for the duration of the business relationship is subject to the legal basis pursuant to Art. 6 para. 1 lit. b GDPR.

You can object to the storage of your personal data at any time in writing by fax, email or by post. Your personal data will be deleted or blocked immediately from our systems. In such a case, the conversation cannot be continued.

 

  1. Rights Against the Person Responsible

If your personal data is processed, you have, within the meaning of the GDPR, the following rights against the person responsible:

  1. Right to Information

You may ask the person responsible to confirm if personal data concerning you is processed by us. 

If such processing is available, you can request information from the person responsible about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to such processing; 

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data is not collected from the person concerned;

(8) the existence of automated decision-making including profiling pursuant to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the person concerned.

You have the right to request information about whether your personal information will be transmitted to a third country or an international organization. In this context, you can request suitable guarantees pursuant to Art. 46 GDPR in connection with the transfer.

  1. Right to Rectification

You have a right to rectification and / or completion, if the personal data referring to you is incorrect or incomplete. The person responsible must make the correction without delay.

  1. Right to Restrict Processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal information for a period of time that enables the person responsible to verify the accuracy of your personal data;

(2) the processing is unlawful but you refuse deletion of the personal data and instead request the use of the personal data be restricted;

(3) the person responsible no longer requires the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest to the European Union or a Member State.

If processing is restricted in compliance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

  1. Right to Deletion
  1. Obligation to delete

You can demand that the person responsible deletes your personal information without delay, and the person responsible is required to delete that information immediately, if one of the following is true:

(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent was given pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing. 

(3) Pursuant Art. 21 para. 1 GDPR you object to the processing and there are no prior justifiable reasons for the processing, or pursuant to Art. 21 para. 2 GDPR you object to the processing.   

(4) Your personal data have been processed unlawfully. 

(5) The deletion of personal data concerning you is required to fulfil a legal obligation under European Union law or the law of the Member States to which the person responsible is subject. 

(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

  1. Information to third parties

If the person responsible has made your personal data public and if he is responsible for its deletion pursuant to Article 17 (1) GDPR, he shall take appropriate measures, including technical means, to inform the data controllers who process the personal data that you have been identified as being affected; that you as the person affected have, taking into account available technology and implementation costs, demanded the deletion of all links, copies and replications to this personal data. 

  1. Exceptions

There is no right to deletion if processing is required for:

(1) the right to exercise freedom of expression and information;

(2) to fulfil a legal obligation required by the law of the European Union or of the Member States to which the person responsible is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the person responsible;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

(5) to assert, exercise or defend legal claims.

  1. Right to Information

If you have asserted the right of rectification, deletion or restriction of processing to the person responsible, he is obligated to notify all recipients to whom your personal data have been disclosed of this rectification or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed of the recipients by the person responsible.

  1. Right to Data Portability

You have the right to receive the personally identifiable information you provided to the person responsible a structured, conventional machine-readable format. In addition, you have the right to transfer this data to another person without hindrance from the person responsible for providing the personal data, if

(1) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR.;

(2) the processing is done by automated means.

When exercising this right, you also have the right for your personal data to be transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

  1. Right to Object

You have the right to object at any time, for reasons that arise from your particular situation, against the processing of your personal data, which was collected pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. 

The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the possibility, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

  1. Right to Revoke the Data Protection Declaration of Consent

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

  1. Automated Decision on an Individual Basis Including Profiling

As a responsible company we refrain from automatic decision-making or profiling.

  1. Right to Complain to Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR. 

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

 

 

(Please note that this is the translation of our legal German version of the GDPR for your information)