Responsible body for the acquisition, processing and utilization of your personal data, in the sense of the General Data Protection Regulation (Art. 4 para. 7 GDPR) is the Langer EMV-Technik GmbH, Nöthnitzer Hang 31, 01728 Bannewitz, Germany and Gunter Langer Ingenieurbüro, Nöthnitzer Hang 31, 01728 Bannewitz, Germany.
You can request, at any time and free of charge, information about your data stored by us, and can exercise your right to correction, blockage or deletion of your data. To this end you can make use of the following contact options:
Nöthnitzer Hang 31
Fax: +49 (0)351 430 093 22
Gunter Langer Ingenieurbüro
Nöthnitzer Hang 31
Fax: +49 (0)351 430 093 22
Should you object to the acquisition, processing or utilization of your data by Langer EMV-Technik GmbH in keeping with the stipulations of these data-protection provisions, whether entirely or for individual measures, you can send your objection per e-mail, by fax or by letter again using the previously mentioned contact options.
1.1 Data Protection Officer
Our Data Protection Officer can be contacted via the following contact options:
Langer EMV-Technik GmbH
Nöthnitzer Hang 31
Telefon: +49 (0)351-430093-0
Telefax: +49 (0)351 430 093 22
2. Sources and data
We process personal data that we receive from you in the course of our business relationship. We receive the data directly from you, e.g. in the context of inquiries, orders, offers, order confirmations, contracts or through personal contacts with our employees. In addition, to the extent necessary for the provision of our services, we process your personal data which we may obtain from publicly accessible sources (e.g. commercial and association registers, press, Internet).
Specifically, we process the following data:
- Contact master data (e.g. name, adress, contact details)
- Order data (e.g. in the context of order processes)
- Documentation data (e.g. call notes)
- Data on the initiation and implementation of our business relationships
- Correspondence (e.g. letters)
3. Purpose of the processing of your data
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In the following we will inform you on which legal basis we process your data.
3.1 For the fulfilment of contractual obligations (Art. 6 para. 1 p. 1 lit. b GDPR)
The processing of data takes place for the fulfilment of a contract with you or for the execution of pre-contractual measures, which take place on the basis of an inquiry. The purposes of data processing depend in detail on the specific business relationship.
3.2 In the context of balancing interests (Art. 6 para. 1 p. 1 lit. f GDPR)
If necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. This is done for the following purposes, among others:
- General business management
- Testing, optimization and further development of products and services
- Assertion of legal claims and defence in legal disputes
- Ensuring the IT security and IT operation of the Langer EMV-Technik GmbH
- Prevention and investigation of criminal offences
- Transfer of data within the Langer EMV-Technik GmbH, insofar as this is necessary fort he processing of the respective business relationship
Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, procurement, avoidance of legal risks). As far as the specific purpose permits, we process your data pseudonymized or anonymized.
3.3 On the basis of your consent (Art. 6 para. 1 p. 1 lit. a GDPR)
If you have given us your consent to process personal data for specific purposes, the respective consent is the legal basis for the processing stated there.
This applies in particular to
- Transmission of data within the Langer EMV-Technik GmbH
- Transmission of data to third parties
You can revoke your consent at any time. This also applies to the revocation of declarations of consent that you have given us before the validity of the GDPR, i.e. before 25 May 2018. The revocation of consent is only valid for future processing.
3.4 Due to legal requirements (Art. 6 para. 1 p. 1 lit. c GDPR)
We are subject to various legal obligations. The purposes of the processing include, inter alia
- Enforcement of our general terms and conditions
- Administration of our business
- Processing fort he fulfilment of legal storage or documentation obligations
4. Passing on of data
Your data will be passed on within the Langer EMV-Technik GmbH if this is necessary to fulfill our contractual and legal obligations or if the internal organization requires the passing on (e.g. central financial accounting, purchasing, development, production and logistics). Within the Langer EMV-Technik GmbH, appropriate and legal requirements for the protection of your personal data have been established.
Your personal data will not be passed on to third parties (outside the Langer EMV-Technik GmbH) unless you have given us your prior consent or a legal basis exists. A legal obligation comes into consideration in particular with the following recipient:
- Public authorities, regulating authorities and bodies, e.g. tax revenue authorities
- Jurisdiction/law enforcement agency, e.g. police, public prosecutors, courts
- Counsel and notaries, e.g. in insolvency proceedings
- Certified Public Accountant
In addition, we transfer data to service partners, such as logistics service providers or forwarding agencies, insofar as the transfer is necessary for their order. They receive the data required for delivery for their own use. We limit ourselves to the transmission of the data necessary for delivery.
5. Transfer of data to a third country or an international organisation
We only transfer your data to countries outside the European Economic Area (third countries) if
- it is necessary for the manufacture of our products and for the execution of our orders,
- it is required by law, or
- You have given us your consent.
If we transfer your data to a third country or an international organisation, this is always done in accordance with the requirements of the GDPR. In addition, in accordance with the principle of data minimization, we only transmit data that is limited to the minimum necessary.
In some cases, we use service providers whose headquarters, parent company or sub-service provider are located in a third country. Your data will only be transferred if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR), appropriate guarantees are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective remedies are available to you as a party concerned. We have concluded a contract with the service provider to ensure compliance with the basic European general data protection regulation and its requirements.
6. Storage period of data
If necessary, we process your personal data for the duration of the business relationship, this includes the initiation and processing of this as well as the storage due to legal retention periods.
If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted. Unless there are legal obligations of the responsible person against a deletion. This can be the case for the following purposes, among others:
- Fulfilment of commercial and tax storage obligations in accordance with e.g. the German Commercial Code (HGB), Fiscal Code (AO), Money Laundering Act (AMLA). The periods for storage and documentation specified there range from two to ten years.
- Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
7. Obligation to provide data
As part of our business relationship, you must provide the personal data required for the establishment and execution of the respective business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will generally not be able to enter into the business relationship with you and to fulfil the resulting obligations.
8. Automated decision making
In principle, we do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.
9. Data protection rights
In accordance with Art. 15 GDPR you can require information about your personal data processed by us. If your details are not or no longer accurate, you can request a correction (Art. 16 GDPR). Should your details be incomplete, you may demand a completion. If we have passed on your details to third parties, we will inform these third parties about your correction - insofar as this is required by law.
According to Art. 17 GDPR you can request the deletion of your personal data if
- Your personal data is not longer required for the purposes for which it was collected
- You revoke your consent and there is no other legal basis for doing so
- You object to the processing and there is no predominant reason of protection for processing
- Your personal data have been processed unlawfully
- Your personal data have to be deleted to comply with legal requirements
Please note that legal obligations of the person responsible can lead to the fact that your data cannot be finally deleted or only after expiration of a period.
In addition, you have a right to limitation of processing in accordance with Art. 18 GDPR, the right of objection under Art. 21 GDPR and the right to data transferability under Art. 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
10. Information about your right of objection according to Art. 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Art. 6 para. 1 p. 1 s. 1 lit. f GDPR (data processing on the basis of a balance of interests), including profiling within the meaning of Art. 4 para. 4 GDPR based on this provision. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
11. Usage of our website
11.1 Collection of general data
The website of the Langer EMV-Technik GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be
- the browser types and versions used
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrers)
- the sub-websites
- the date and time of access to the website
- an internet protocol address (IP address)
- the Internet service provider of the accessing system
- any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the Langer EMV-Technik GmbH does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack (according to Art. 6 para. 1 p. 1 S. 1 lit. f GDPR).
Therefore, the Langer EMV-Technik GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
11.2 Subscription to our newsletter
On the website of the Langer EMV-Technik GmbH and Gunter Langer Ingenieurbüro, users are given the opportunity to subscribe to our enterprise's newsletter.
The Langer EMV-Technik GmbH and Gunter Langer Ingenieurbüro inform its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprises' newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the web browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an web browser or other software programs. This is possible in all popular web browsers. If the data subject deactivates the setting of cookies in the web browser used, not all functions of our website may be entirely usable.
11.4 E-Mail contact
The website of the Langer EMV-Technik GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
11.5 Google Analytics
We use Google Analytics on our website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
Through certification according to the EU-US Privacy Shield Google guarantees that it will follow the EU's general data protection regulations when processing data in the United States. For further information click on the following link: www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our website, and to provide other services concerning the use of our website for us. Our legitimate interest lies in the analysis, optimization, and economic operation of our website. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and into which a Google Analytics component was integrated, the web browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our website, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the web browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Alternatively to the browser add-on or on browsers on mobile devices the data subject can click on the following link to set an opt-out cookie: tools.google.com/dlpage/gaoptout?hl=en
Further information and the applicable data protection provisions of Google may be retrieved under www.google.com/intl/en/policies/privacy/ and under www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link www.google.com/analytics/.
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our website was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube's data protection provisions, available at www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
This website contains a link to the Facebook page of Langer EMV-Technik GmbH. Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The data protection guideline published by Facebook, which is available at facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
This website contains a link to the LinkedIn page of Langer EMV-Technik GmbH. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
This website contains a link to the XING page of Langer EMV-Technik GmbH. XING is an Internet-based social network that enables users to connect with existing business contacts and to create new business contacts. The individual users can create a personal profile of themselves at XING. Companies may, e.g. create company profiles or publish jobs on XING.
The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a XING component (XING plug-in) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding XING component of XING. Further information about the XING plug-in the may be accessed under dev.xing.com/plugins. During the course of this technical procedure, XING gains knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in at the same time on XING, XING detects with every call-up to our website by the data subject—and for the entire duration of their stay on our website, which specific sub-page of was visited by the data subject. This information is collected through the XING component and associated with the respective XING account of the data subject. If the data subject clicks on the XING button integrated on our website, e.g. the "Share"-button, then XING assigns this information to the personal XING user account of the data subject and stores the personal data.
XING receives information via the XING component that the data subject has visited our website, provided that the data subject is logged in at XING at the time of the call to our website. This occurs regardless of whether the person clicks on the XING component or not. If such a transmission of information to XING is not desirable for the data subject, then he or she can prevent this by logging off from their XING account before a call-up to our website is made.
The data protection provisions published by XING, which is available under www.xing.com/privacy, provide information on the collection, processing and use of personal data by XING. In addition, XING has published privacy notices for the XING share button under www.xing.com/app/share?op=data_protection.
11.10 Payment method: Visa or MasterCard via Sparkassen-Internetkasse
This website offers payment by credit card – Visa/MasterCard via Sparkassen-Internetkasse. Sparkassen-Internetkasse is a management system to process, approve and manage E-Payments. The operating company of Sparkassen-Internetkasse is BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany. The personal data transmitted to BS Payone GmbH is usually first name, last name, email address, IP address, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. The transmission of the data is used solely for the purpose of payment processing via BS Payone GmbH. Further information regarding the data protection of BS Payone GmbH can be found under the following link: www.bspayone.com/DE/en/privacy
12. Data protection for applications and the application procedures
The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the German General Equal Treatment Act (AGG).
The legal basis for the data processing of the application procedure is § 26 para. 1 p. 1 BDSG in conjunction with Art. 88 para. 1 GDPR.
If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations. The legal basis for this processing is § 26 para. 1 p. 1 BDSG in conjunction with Art. 88 para. 1 GDPR.
If we do not hire you, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded, or four months. In this case, the legal basis is Art. 6 para. 1 p. 1 lit. f GDPR and § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in any legal defense we may have to mount.
Legal basis for the household and tax records is Art. 6 para. 1 p. 1 lit. c GDPR in conjunction with § 147 of the Fiscal Code of Germany (AO).
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 para. 1 p. 1 lit. a GDPR. You may withdraw your consent at any time per Art. 7 para. 3 GDPR with future effect.