Data-privacy

Privacy policy:
Date: 05/2018

 

We process users' personal data (hereinafter referred to as “data”) only if this is necessary for the provision of a functional and user-friendly website and of our content and services.

 

“Processing” refers to collection, use, forwarding and/or storage. Under the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “personal data” refers to all data by means of which a natural person can be identified. The precise definitions of the terms are set out in Article 4 GDPR.

 

The statements below inform you in particular of the nature, scope, purpose, duration and legal basis of the processing of personal data; we, alone or in conjunction with others, decide on the purposes and means of processing of said data, and on the components of third parties that may be used by us for optimisation and quality of use and process data under their own responsibility:

_________________________________________

 

A) Information on the controller

B) Rights of the user 

C) Information on data processing

_________________________________________

 

A) Information on the controller

 

The controller (hereinafter referred to as the “provider”) as defined by the GDPR and other national data protection legislation of the member states as well as other data protection regulations is:


Volmary Digital GmbH

Kaldenhofer Weg 70

D-48155 Münster

 

Tel.: +49 (0)251-270 70-100

Fax: +49 (0)251-270 70-270

E-mail: info@volmary.com

 

The data protection officer of the controller is:

 

Christian Westkemper

Kaldenhofer Weg 70

D-48155 Münster

 

Tel.: +49 (251) 27070 312

Fax.: +49 (251) 27070 112

E-mail: datenschutz@volmary.com

 

B) Rights of the user 

 

With regard to the processing of their personal data carried out by the provider and described below, the user has the right,

 

1. to request confirmation of whether the data relating to them will be processed and to request precise information on these data as well as further information and copies of the data as per Article 15 GDPR;

 

2. to request immediate rectification of incorrect data concerning them or completion of said data as per Article 16 GDPR;

 

3. to request that the data relating to them are erased immediately as per Article 17 GDPR, or alternatively, for example if further processing as per Article 17(3) GDPR is required, to request restriction of processing of the data in accordance with Article 18 GDPR;

 

4. to receive the personal data concerning them which they have provided in accordance with Article 20 DSGVO, and to request that said data be transmitted to other controllers;

 

5. to lodge a complaint with the supervisory authority as per Article 77 GDPR if the user considers that processing of their data by the provider infringes the GDPR.

_________________________

 

6. In accordance with Article 21 GDPR, the user can object at any time to future processing of data concerning them that is performed by a controller on the basis of Article 6(1)(f) GDPR. In particular, the objection can be raised on account of processing for the purpose of direct marketing.

_________________________

 

7. The provider is additionally obliged to communicate any rectification or erasure of personal data or restriction of processing carried out on the basis of Article 16 GDPR, Article 17(1) GDPR and Article 18 GDPR to all data recipients to whom the provider has disclosed the data. This obligation does not apply in the event that this notification proves impossible or would involve a disproportionate effort. The user has the right to receive information on these recipients.

 

C) Information on data processing

 

If no detailed information is subsequently provided regarding the individual data processing operations, the user's data processed by the provider shall be deleted or blocked as soon as the storage purpose ceases to apply and no statutory storage obligations stand in the way of erasure. 

 

Server data

 

For communication and security reasons, data such as those listed below are collected during the visit to the website and are sent by the user's web browser to the provider or the provider's web space provider (server log files): 

 

- Browser type and version;

- Operating system used; 

- Website from which the user switched to the provider's website (referrer URL); 

- Website visited by the user; 

- Date and time of access; 

- The user's internet protocol (IP) address. 

 

In addition, the data are stored temporarily. These data are not stored together with other personal data of user. The legal basis for temporary storage is Article 6(1)(f) GDPR on the basis of the legitimate interest in improving the stability, functioning and security of the website.

 

The data are deleted after no more than seven days. Data that has to be stored for longer for verification purposes are exempt from erasure until the respective matter is finally resolved.

 

Cookies

 

a) Session cookies/persistent cookies

 

The provider uses cookies on its website. Cookies are small text files or other storage technologies that the user's web browser deposits and stores on the terminal. These cookies process specific information of the user, such as browser and location data and IP address values, to an individual extent.  

 

Processing allows the provider to make its website more user-friendly, effective and secure. For instance, if applicable, processing of session cookies enables reproduction of the content in different languages or use of a shopping-basket function.

 

Persistent cookies allow the website to recognise the user via their browser on a regular visit to the website.  

 

If personal data is processed by these cookies for the purpose of contract initiation or contract execution, the legal basis for processing is Article 6(1)(b) GDPR.

 

If processing is not intended for contract initiation or contract execution, processing serves the provider's legitimate interest in improving the functioning of the website and is based on the legal basis of Article 6(1)(f) GDPR.

 

The session cookies are erased when the user closes their browser. The persistent cookies are automatically erased after a period stipulated by the provider. This period differs depending on the cookie, but shall not exceed one year.

 

b) Cookies from third-party providers

 

If applicable, cookies from third-party providers are also used on the website. These third-party providers are partner companies with which the provider collaborates for the purpose of marketing, analysis or the functions of the website. If this is the case, the purposes and legal bases of the corresponding processing operations are listed in the subsequent statements.  

 

c) Possibility of rectification

 

The user can prevent or restrict installation of the cookies by configuring their browser accordingly. Cookies that have already been stored can also be erased at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by corresponding configuration of Flash Player.  If the user prevents or restricts installation of cookies, this may mean that some functions of the website are no longer fully usable.

 

Contact requests

 

If the user makes contact with the provider via contact form or e-mail, the user's personal data entered in this instance shall be used for processing of the request. The data content is essential to a response to the request; only a partial response or no response at all is possible without provision of the data. 

 

If the contact request serves the purpose of fulfilling a contract or implementing precontractual measures, the legal basis is Article 6(1)(b) GDPR.

 

The user's data shall be erased if the user's request has been definitively answered and no statutory storage obligations stand in the way of this, e.g. in the event of subsequent contract execution.  

 

Consent from the user can also be a legal basis as per Article 6(1)(a) GDPR. In the context of the contact form, if applicable, the user's consent to the aforementioned processing shall be obtained and this privacy policy shall be referred to. 

 

The user can withdraw granted consent for the contact request at any time under Article 7(3) GDPR by notifying the provider. The data processed in connection with this shall be erased as soon as processing thereof is no longer required.

Matomo (formerly PIWIK)

This website uses the software package “Matomo” as a web analysis service. “Matomo” is an open-source software and processes the following visitor information on the provider's server:

  • User's IP address;
  • Accessed website;
  • Website from which the user switched to the provider's website (referrer URL);
  • Website visited by the user;
  • Time spent on the website;
  • Frequency of access to the website:

To gather these data, the software deposits a cookie on the user's terminal. The cookie is stored for a week.

The legal basis here is Article 6(1)(f) GDPR. The legitimate interest of the provider consists of analysis and optimisation of the website.

The provider uses the software with the additional feature “Automatically Anonymize Visitor IPs”. As a result of this, the user's IP address is reduced by two bytes so that it is no longer possible to associate the IP address with the user.

If the user does not consent to this processing, it is possible to prevent installation of the cookies by configuring the browser the accordingly. Further details can be found above in the “Cookies” section.

In addition, the user can end analysis by way of the opt-out:

Clicking on the link causes a cookie to be deposited on the user's terminal, preventing future storage of the analysis.

Please note: if the user erases the cookies in their browser settings, the opt-out cookie is usually also erased and must be activated again by the user.

Please note: if the user erases the cookies in their browser settings, the opt-out cookie is usually also erased and must be activated again by the user.

Job applications


In the event of digital applications, we shall electronically collect and process the application data for the purpose of handling the application process. 


The legal basis for processing is Article 26(1) sentence 1 of the German Federal Data Protection Act (BDSG) in conjunction with Article 88(1) of the General Data Protection Act (GDPR).


If your application results in conclusion of an employment contract, the transmitted data may be stored in the personnel file for the purpose of the customary organisational and administrative process, with due consideration of the relevant statutory regulations.


The legal basis for processing is Article 26(1) sentence 1 BDSG in conjunction with Article 88(1) GDPR.


If the job application is rejected, the transmitted data shall be automatically erased two months after notification of rejection. This shall not apply if a longer storage period of two to four months or conclusion of legal proceedings is necessary on the basis of statutory requirements (burden of proof under the German General Equal Treatment Act, AGG). 


The legal basis here is Article 6(1)(f) GDPR and Section 24(1) no. 2 BDSG. 

The legitimate interest of the provider consists of legal defence. 


If consent has been expressly given for storage of the data for a longer period in a database of interested parties, the data shall be processed further on the basis of said consent. 


The legal basis is Article 6(1)(a) GDPR. Consent relating to this can be withdrawn for the future at any time under Article 7(3) GDPR by notifying the provider.