Privacy Notice

Name and contact details of the controller in accordance with Art. 4 (7) GDPR

Company: ZENIT GmbH
Address: Bismarckstr. 28, 45470 Mülheim an der Ruhr, Germany
Telephone: +49 208 30004-0
Fax: +49 208 30004-68
Email:


Data Protection Officer
Normcondata GmbH, represented by Mr. Carlo Somodji
Email:

Security and protection of your personal data

For us, our primary task is to preserve the confidentiality of the personal data you place at our disposal and to protect such data from unauthorised access. To this purpose, we apply the utmost care and state-of-the-art security standards in order to guarantee the maximum protection of your personal data.

As a company governed by private law, we are subject to the provisions of the European Union’s General Data Protection Regulation (GDPR) and the rules of the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)). We have installed technical and organisational mechanisms which ensure compliance with these data protection requirements both by ourselves as well as our external service providers.

Definitions

The legislator requires that all processing of personal data is lawful, fair and transparent for the data subject. To ensure this, we would like to inform you of specific legal definitions which also find application in this Privacy Notice.

1. Personal data

“Personal data” means any information relating to an identified or identifiable natural person (referred to hereinafter as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

4. Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

5. Pseudonymisation

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. Filing system

“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

7. Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

8. Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not to be regarded as recipients; the processing of such data by those public authorities takes place in compliance with the applicable data protection rules according to the purposes of the processing.

10. Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Lawfulness of processing

The processing of personal data is only lawful if there is a legal basis for such processing. In accordance with Art. 6 (1) Sentence 1 Points (a) to (f) GDPR, processing is lawful only if and to the extent that at least one of the following applies:

a.    The data subject has given consent to the processing of his/her personal data for one or more specific purposes.

b.   Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

c.    Processing is necessary for compliance with a legal obligation to which the controller is subject.

d.    Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

e.    Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

f.     Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Information on the collection of personal data

In the following section, we would like to inform you about the collection of personal data when using our website. Personal data are, for example, name, address, email addresses, user behaviour.

If you contact us by email or via a contact form, we store the data you have provided (your email address, your name and your telephone number, if applicable) for the purpose of answering your enquiries. We delete such data once their storage is no longer necessary or their processing is restricted in the case that legal obligations concerning their retention are in place.

Collection of personal data when visiting our website

When using our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we collect only those data that your browser transmits to our server. If you wish to browse our website, we collect the following data as required for technical reasons in order to provide you with our website and to ensure its stability and security (the legal basis for this is Art. 6 (1) Sentence 1 Point (f) GDPR):

–        IP address

–        Date and time of the request

–        Time difference to GMT (Greenwich Mean Time)

–        Content of the request (specific page)

–        Access status/HTTP status code

–        Data volume transmitted

–        Website from which the request was sent

–        Browser

–        Operating system and interface

–        Language and version of the browser software

Use of cookies

(1) In addition to the data listed above, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard disk and assigned to the browser you have used; they deliver specific information to the party that placed the cookie. Cookies cannot run programmes or transfer viruses to your computer. Their purpose is to improve the overall efficiency and user friendliness of websites.

(2) This website uses the following types of cookie, of which the scale and operating mode are explained below:

– Transient cookies (see a.)
– Persistent cookies (see b.)

a.   Transient cookies are automatically deleted when you close the browser. This type especially includes session cookies. These cookies store what is known as a session ID, with which various requests from your browser can be assigned to the same session. This enables your computer to be recognised again when you return to our website. The session cookies are deleted when you log off or close the browser.

b.    Persistent cookies are automatically deleted after a pre-set duration, which can differ depending on the cookie. You can delete such cookies in your browser’s security settings.

(3) You can configure your browser settings according to your preferences and, for example, block the acceptance of third-party cookies or of all cookies in general. “Third-party cookies” are cookies set by a third party, i.e. they are not set by the website you are actually visiting at that moment. We would like to point out that by deactivating cookies you might not be able to use in full all our website’s functions.

Other functions and offers on our website

(1) Apart from use of our website for solely information purposes, we offer various services that may be of interest to you and you may use. In this case, you must as a rule provide further personal data, which we use to provide the respective service and for which the data processing principles apply as described above.

(2) In some cases, we use external service providers for processing your data. We select and appoint them with due care; they are bound by our instructions and monitored on a regular basis.

(3) We may also disclose your personal data to third parties when staging special offers/competitions or for entering contracts or for similar services together with third parties. Further information in this context is supplied when you provide your personal data or can be found at the end of the description of the service offered.

(4) Insofar as our service providers or partners are domiciled in a country outside the European Economic Area (EEA), information regarding the consequences of such circumstances is provided in the description of the service offered.

Newsletters

(1) If you wish, you can subscribe to our free newsletter via our website (https://nrweuropa.de/). When registering for our newsletter, the data from the input form are transmitted to us. During the registration process, we request your consent to the processing of your data and draw your attention to the privacy notice shown on the website. No data are disclosed to third parties in connection with the processing of data for the dispatch of newsletters. Data are used exclusively for the purpose of dispatching the newsletter.

(2) Once the user has issued his/her consent, the legal basis for data processing following the user’s registration for the newsletter is Art. 6 (1) Sentence 1 Point (a) GDPR.

(3) The purpose of collecting the user’s email address and other personal data is to deliver the newsletter.

(4) The data are deleted from the mailing list as soon as they are no longer necessary for fulfilling the purpose for which they were collected.

(5) The user concerned may cancel his/her newsletter subscription at any time. To unsubscribe, please send an email to .

Children

In general, our web presence is intended for adults. Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or guardians.

Rights of the data subject

(1) Withdrawal of consent

Insofar as the processing of your personal data is based on your given consent, you have the right to withdraw such consent at any time. Withdrawing your consent does not affect the lawfulness of processing based on your consent before its withdrawal.

You may contact us at any time to exercise your right to withdraw your consent.

(2) Right to confirmation

You have the right to obtain confirmation from the controller as to whether or not we are processing personal data concerning you. You may request such confirmation from us at any time using the contact details provided above.

(3) Right of access

Where your personal data are being processed, you have the right of access to information at any time about the personal data being processed and on any of the following:

a.    The processing purposes.

b.    The categories of personal data concerned.

c.    The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations.

d.    Where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period.

e.    The existence of the right to request from the controller rectification or erasure of the personal data or a right to restriction of processing of personal data concerning the data subject or to object to such processing.

f.     The right to lodge a complaint with a supervisory authority.

g.    Where the personal data are not collected from the data subject, any available information as to their source.

h.    The existence of automated decision-making, including profiling, as referred to in Art. 22 (1) and (4) GDPR and – at least in those cases – authoritative information on the logic involved as well as the significance and envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Art. 46 GDPR relating to such transfer. We will provide a copy of the personal data which are the subject of such processing. For all further copies requested, we are entitled to demand a reasonable fee based on our administrative costs. If such a copy is requested electronically, the information will be provided in a commonly used electronic format unless stated otherwise. The right to obtain a copy in accordance with (3) may not adversely affect the rights and freedoms of others.

(4) Right to rectification

You have the right to obtain from us the rectification without undue delay of inaccurate personal data concerning you. Taking into account the processing purposes, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

(5) Right to erasure (“right to be forgotten”)

You have the right to obtain from us the erasure without undue delay of personal data concerning you and we are obliged to erase such personal data without undue delay, where any of the following grounds applies:

a.    The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

b.    The data subject withdraws his/her consent on which the processing is based in accordance with Art. 6 (1) Sentence 1 Point (a) or Art. 9 (2) Point (a) GDPR and there are no other legal grounds for the processing.

c.    The data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21 (2) GDPR.

d.    The personal data have been processed unlawfully.

e.    Erasure of the personal data is necessary in order to comply with a legal obligation in accordance with Union or Member State law to which the controller is subject.

f.     The personal data have been collected in relation to the offer of information society services in accordance with Art. 8 (1) GDPR.

Where the controller has made the personal data public and is obliged in accordance with (1) to erase such data, the controller, taking into account the technology available and the cost of implementation, is to take reasonable steps, including technical measures, to inform controllers who are processing the personal data that a data subject has requested the erasure by such controllers of any links to or copy or replication of such personal data.

The right to erasure (“right to be forgotten”) does not apply insofar as the processing is necessary for:

a.    Exercising the right of freedom of expression and information.

b.    Compliance with a legal obligation which requires the processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

c.    Reasons of public interest in the area of public health in accordance with Art. 9 (2) Points (h) and (i) and Art. 9 (3) GDPR.

d.    Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in (1) is likely to render impossible or seriously impair the achievement of the objectives of such processing.

e.    Establishing, exercising or defending legal claims.

(6) Right to restriction of processing

You have the right to obtain from us the restriction of processing of your personal data where any of the following applies:

a.    The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.

b.    The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

c.    The controller no longer requires the personal data for the purposes of the processing, but the data subject requires such data in order to establish, exercise or defend legal claims.

d.    The data subject has objected to processing in accordance with Art. 21 (1) GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where the processing has been restricted in accordance with the above conditions, such personal data may, with the exception of their storage, only be processed with the data subject’s consent or for establishing, exercising or defending legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

To exercise your right to restriction of processing, you may contact us at any time using the contact details provided above.

(7) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us as controller, in a structured, commonly used and machine-readable format and you have the right to transmit such data to another controller without hindrance from the controller to which the personal data have been provided, insofar as:

a.    The processing is based on consent in accordance with Art. 6 (1) Sentence 1 Point (a) or Art. 9 (2) Point (a) or on a contract in accordance with Art. 6 (1) Sentence 1 Point (b) GDPR.

b.    The processing is carried out by automated means.

In exercising your right to data portability in accordance with (1), you have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right to data portability is without prejudice to the right to erasure (“right to be forgotten”). This right does not apply for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 (8) Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) Sentence 1 Point (e) or (f) GDPR, including profiling based on those provisions. The controller will no longer process such personal data unless he or she demonstrates compelling and legitimate grounds for such processing which override the interests, rights and freedoms of the data subject or such processing is necessary for establishing, exercising or defending legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this includes profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In connection with the use of information society services and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1), unless such processing is necessary for the performance of a task in the public interest.

You may exercise the right to object at any time by contacting the controller responsible.

(9) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated data processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.

This does not apply for such a decision if any of the following applies:

a.    It is necessary for entering into or performance of a contract between the data subject and the controller.

b.    It is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms as well as his/her legitimate interests.

c.    It is based on the data subject’s explicit consent.

The controller takes suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express his/her point of view and to contest the decision.

The data subject may exercise this right at any time vis-à-vis the controller responsible.

(10) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes this regulation.

(11) Right to an effective judicial remedy

Without prejudice to any other administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation.

Use of Matomo (formerly Piwik)

(1) This website uses the Matomo web analysis tool for the purpose of improving our website and analysing its use on a regular basis. The statistics gathered enable us to improve our web presence and make it more interesting for you as a user. The legal basis for using Matomo is Art. 6 (1) Sentence 1 Point (f) GDPR.

(2) Cookies are stored on your computer for such analysis purposes. The controller stores information collected in this way solely on his/her server in Germany. You can control such analysis by deleting existing cookies and blocking the storage of cookies in general. We would, however, like to point out that if you block the storage of cookies you might not be able to use in full all the functions of this website.
You can prevent the storage of cookies by adjusting your browser settings. Blocking the use of Matomo is possible by unticking the following box and in so doing activating the opt-out plugin [Matomo iFrame].

(3) This website uses Matomo with the “AnonymizeIP” extension. As a result, IP addresses are further processed in truncated form, meaning that they cannot be linked to a particular individual. The IP address transmitted to us from your browser by Matomo is not aggregated with other data we collect.

(4) Matomo is an open source project. Information on data privacy is available under: matomo.org/privacy-policy/.

Use of Google Maps

(1) We use Google Maps on this website. This enables us to show you interactive maps directly on the website and allows you comfortable use of the map function.

(2) When you visit our website, Google receives the information that you have retrieved the corresponding subpage on our website. In addition, the data listed in the section on “Collection of personal data when visiting our website” of this Privacy Notice are transmitted to Google, regardless of whether Google provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data are directly attributed to your account. If you do not want such attribution with your profile in Google, you must logout before activating the button. Google stores your data as a user profile and uses them for advertising, market research and/or demand-oriented design of its website. The purpose of such data analysis is especially (even for users who are not logged in) to provide demand-oriented advertising and to inform other social network users of your activities on our website. You have the right to object to the creation of such user profiles, whereby you must contact Google directly in order to exercise this right.

(3) Further information on the purpose and scope of data collection and processing through the plugin provider can be found in their data privacy notice. There you will also find further information about your rights in this context and possibilities to adjust your server settings in order to protect your privacy: www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA too and has subscribed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

Use of social media plugins

(1) We do not currently use social media plugins on this website. Our social media accounts are linked under “Social Media” only.

Processors

We use external service providers (processors), for example for the dispatch of goods, newsletters or for payment processing. We have concluded a separate agreement for data processing with these service providers in order to protect your personal data.

Contact:

ZENIT GmbH
Data Protection Officer
Send email

Copyright

Unless stated otherwise, all copyrights and rights of use for texts, graphics, images, designs and source codes lie with ZENIT GmbH. The non-commercial production, use and distribution of copies in electronic or printed form are permitted, provided that the contents remain unchanged, the source code (www.zenit.de) is indicated and no rights of third parties are affected.