A. Privacy Notice according to GDPR

I. Controller name and address

Within the context of the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations the controller is:

Nienstedt GmbH
An der Brinkwiese 11
45721 Haltern am See
Germany
Tel.: +49.2364 9392 0
Fax.: +49.2364 9392 91
E-Mail: sales@nienstedt.de
Website: www.nienstedt.com

II. Name and address of the data protection officer

The data protection officer for the controller is:

Melany Kniesburges
Nienstedt GmbH
An der Brinkwiese 11
45721 Haltern am See
Germany
Tel.: +49.2364 9392 0
Fax.: +49.2364 9392 91
E-Mail: datenschutz@nienstedt.de
Website: www.nienstedt.com

III. General information about data processing

1. Scope of processing personal data

In principle we only process personal data of our users as required to provide a functional website and our contents and services. The personal data about our users is only routinely processed with the user’s consent. This does not apply in cases where we are unable to obtain prior consent for factual reasons and data processing is permitted by law.

2. Legal basis for processing personal data

Where the data subject has given consent to the processing of his or her personal data, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).

Where processing is necessary for the performance of a contract to which the data subject is party the legal basis is Article 6(1)(b) GDPR. This also applies to processing operations required for pre-contractual measures.

If necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR.

Where processing is necessary in order to protect the vital interests of the data subject or of another natural person the legal basis is Article 6(1)(d) GDPR.

If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6 (1)(f) of the GDPR.

3. Erasure of data and storage period

The personal data of the data subject will be erased or blocked once the purpose for storage no longer exists. Further storage may occur where required by European or national legislation under European Union directives, laws or other regulations the controller is subject to. Data will also be blocked or erased following expiry of a retention period required under the above standards unless further storage of the data is required to conclude a contract or fulfilment of a contract.

IV. Provision of website and generating log files

1. Description and scope of data processing

When visiting our website our system automatically collects data and information from the computer system of the computer used to visit the website.

The following data will be collected:

• browser type and version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request
• IP address

The data will also be saved to log files on our system. This data will not be stored together with the user’s other personal data.

2. Legal basis for data processing

The legal basis for temporary storage of this data and the log files is Article 6(1)(f) GDPR.

3. Purpose of data processing

The system temporarily storing the IP address is required to allow the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose.

Data is saved to log files to ensure proper functionality of the website. The data further allows us to optimise the website and to safeguard the security of our information technology systems. Data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected. In the case of collecting data to provide the website, this is the case when the respective session has ended.

In the case of data saved to log files, this is at the latest after seven days. It may be stored longer. In this case the users’ IP addresses is erased or disguised so it can no longer be matched to the calling client.

5. Objection and removal option

The collection of data to provide the website and storing data in log files is absolutely necessary to operate the website. The user therefore cannot object to this.

V. Cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files which are added to the web browser or which the web browser adds to the user’s computer system. When a user visits a website, a cookie may be added to the user’s operating system. This cookie contains a distinctive character string which allows the browser to be identified when returning to the website.

We use cookies to make our website more user-friendly. Some elements of our website require also being able to identify the calling browser after leaving the page.

The following data is saved to cookies and transmitted:

• Session IDs

Our website further uses cookies which allow analysing the browsing behaviour of users.

This allows us to receive the following data:

• Search terms used
• How often pages are viewed
• Use of website functions

Technical measures are taken to pseudonymise the user data collected in the process. The data therefore can no longer be matched with the calling user. The data will not be stored together with the user’s other personal data.

When visiting our website, an info banner alerts the user to the use of cookies for analysis purposes, referencing this privacy policy. In the process the user will also be informed about browser settings to block cookies.

b) Legal basis for data processing

The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.

c) Purpose of data processing

Technically necessary cookies are used to make websites more user-friendly. Some functions on our website can not be offered without cookies. These also require recognising the user after switching pages.

We require cookies for the following:

• Session IDs

The user data collected by technologically essential cookies are not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality and contents of our website. The analysis cookies provide us with information about how the website is used, allowing us to continuously optimise our offers.

These purposes are also the basis for our legitimate interest in processing personal data according to Article 6(1)(f) GDPR.

d) Storage period, objection and removal option

Cookies are saved to the user’s computer and then transmitted to our page. As the user you are therefore also in full control of the use of cookies. You can change the settings of your web browser to block or restrict the use of cookies. Previously added cookies can be deleted at any time. This can also be done automatically. When blocking cookies for our website you may no longer be able to make full use of all functions of the website.

VI. Contact form and e-mail contact

1. Description and scope of data processing

Our website features a contact form which may be used to contact us electronically. When using this form, the data entered by the user in the input mask will be transmitted to us and stored. This data is:

Required fields: First name, Surname, Company, E-mail address, Subject, Message

Optional information: Gender, Title, Job Title, Department, Street/No., Postal code, City, Country, Telephone, Fax

When sending the message the following data will also be stored:

• Date and time

During the send process we will obtain your consent to the data being processed, referencing this privacy policy.

We can further be contacted using the specified e-mail address. In this case the user’s personal data transmitted in the e-mail will be saved.

Data will not be shared with third parties in this context. The data will only be used for the conversation.

2. Legal basis for data processing

The legal basis for processing data with the user’s consent is Article 6(1)(a) GDPR.

The legal basis for processing the data transmitted when sending an e-mail is Article 6(1)(f) GDPR. If the e-mail is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing

The sole purpose of processing personal data from the input screen is to process the enquiry. Contacting us via e-mail also constitutes our necessary legitimate interest in processing data.

Other personal data transmitted during the send process will be processed for the purpose of prevent misuse of the contact form and to safeguard our information technology systems.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected. For personal data from the input mask of the contact form and data transmitted via e-mail this is when the respective conversation with the user has been completed. The conversation is completed when circumstances indicate the respective matter has been conclusively resolved.

The personal data collected during the send process is erased at the latest after seven days.

5. Objection and removal option

The user may at any time withdraw his consent to personal data being processed. If the user contacts us via e-mail, he may at any time object to his personal data being stored. In this case the conversation cannot be continued.

The objection should be submitted to the above contact information under “data protection officer”.

VII. Google Analytics web analysis

In this case all personal data stored in the context of the contact will be erased. Web analysis with Google Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC (“Google”). Use thereof is based on Article 6(1)(f) GDPR. Google Analytics uses so-called “Cookies”, text files stored on your computer which allow analysis of your use of the website. The information about your website use generated by the cookie, such as

• browser type/version,
• operating system used,
• referrer URL (the previous website visited),
• host name of the accessing computer (IP address),
• time of the server request,

are typically transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. On this website have further added the “anonymizeIP” code to Google Analytics. This ensures your IP address will be masked so all information collected is anonymous. Only in exceptional circumstances will the full IP address be transmitted to a Google server in the USA and truncated there.

Google will use this information on behalf of the website operator to analyse your use of the website, generate reports on website activity, and to provide the website provider with additional services related to website use and internet use. You can prevent cookies from being stored by configuring your browser software accordingly; however, please be aware that when doing so you may not be able to make full use of all of the functions on this website.

You can further prevent the data about your use of the website generated by the cookie (including your IP address) from being transmitted to Google and this data being processed by Google by downloading and installing the browser plugin available under the following link.

Alternatively to the browser add-on, particularly with browsers on mobile devices, you can prevent Google Analytics from collecting data by clicking this link. This will add an opt-out cookie which prevents your data from being collected during future visits to this website. The opt-out cookie only applies to this browser and only for our website, and will be saved to your device. After deleting cookies from your browser you will need to add the opt-out cookie again.

More information on data protection in connection with Google Analytics is available from the Google Analytics help page.

VIII. Google Maps

This website uses Google Maps, a service provided by Google LLC. By using this website you also agree to automated data collection, processing and use by Google LLC, its representatives and third parties. For the Google Maps terms of use, please refer to the Google Maps/Google Earth Additional Terms of Service.

IX. SSL/TLS encryption

For security reasons and to ensure secure transfer of confidential information such as purchase orders or enquiries sent to us as the website provider, this website uses SSL or TLS encryption. An encrypted connection can be identified by the address bar of the browser changing from “http://” to “https://” and the padlock icon next to the browser address.

With SSL or TLS encryption enabled, and others cannot eavesdrop on the data you transmit to you.

X. Rights of the data subject

If your personal data is processed, you are the data subject as defined by the GDPR and are entitled to the following rights in your relations with the controller:

1. Right to access

You may request the data controller to confirm whether your personal data is processed by us.

In this case you may request information from the data controller about:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipient or categories of recipients to whom the respective personal data was or will be disclosed;

(4) the intended period for which your personal data will be stored or, if specific information is not available, criteria for determining the storage period;

(5) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from the data subject, any available information as to their source;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to receive information about the transfer of your personal data to a third country or to an international organisation. In this context you may request to be informed of appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain the rectification of inaccurate or incomplete personal data concerning you from the data controller. The controller must carry out the rectification without undue delay.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing under the following circumstances:

(1) if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) if the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or

(4) if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the data controller override those of the data subject.

Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing was obtained processing pursuant to the above requirements, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation to erase

You have the right to obtain from the data controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

(1) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw consent on which the processing is based according to Article 6 (1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) Your personal data have been unlawfully processed.

(5) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Disclosure to third parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;

(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) GDPR as well as Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have exercised your right to rectification, erasure or restriction of processing with the controller, the controller is obliged to notify each recipient to whom your personal data have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort.

You are entitled to request the controller to inform you about those recipients.

6. Right to data portability

You have the right to receive your personal data which you provided the data controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and

(2) the processing is carried out by automated means.

In exercising this right you further have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

This right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1) (e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

When objecting to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and a controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

(3) is based on your explicit consent.

These decisions, however, shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR..