- Home
- Ochrona danych
Ochrona danych
Welcome to Craiss Generation Logistik GmbH & Co. KG.
Thank you very much for your interest in our website and our company. We place great importance on your privacy and safeguarding your data. We collect personal data only to a limited extent as necessary to:
• provide our services,
• initiate, sign, fulfil, and terminate contracts,
• processing and answering enquiries sent via the contact form,
• ensure the security of customer accounts,
• secure our operations,
• improve our website and other offerings,
• prevent, detect, and investigate potentially prohibited or illegal activities, and to enforce our terms and conditions
To ensure that you are fully aware of the collection and use of personal data on our website, we have provided comprehensive, understandable information in this privacy policy. We would like to assure you that we will make every technical and organisational effort to protect your data.
By using this website you consent to the processing of your data as described herein. You may at any time revoke your consent to its collection and storage with future effect. If you have any further questions about data protection, please do not hesitate to contact us. You will find our contact details for such questions and objections to further processing of your data in our legal notice.
This privacy policy also applies to:
• craiss.de
• craiss.com
• the Facebook presence of Craiss Generation Logistik GmbH & Co. KG
Definitions
This privacy policy is based on the terms used in the EU General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy, we use, among others, the following terms:
a) Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular through the assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of said person.
b) Data subject
The data subject is any identified or identifiable person, whose personal data is processed by the person responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Responsible person or the person responsible for processing means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the data controller or the specific criteria for their appointment may be laid down in accordance with Union law or the law of the Member States.
h) Processor
Contract processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible person.
i) Recipient
The recipient is a person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may be entitled to receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent by the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1. Anonymous data collection
As a matter of principle, you can visit our website without informing us who you are. For technical reasons, we automatically collect and store the server log data transmitted by your browser:
• browser type/version
• operating system
• referrer URL (the website visited immediately beforehand)
• IP address (spam protection, unique assignment)
• time of your visit
The data stored by the server cannot and will not be assigned to natural persons. The data will be deleted after a statistical analysis. Please understand that server log data is absolutely necessary for the security and protection of this website.
2. Collection and processing of personal data
For technical reasons, the software on our homepage stores any information you voluntarily submit to us via forms (e.g. when registering, submitting comments, etc.). This applies in particular to links, comments, email addresses and other voluntary information and content which you knowingly transmit. You are free to transmit pseudonymous data. If our website is misused or attacked or illegal content is posted, the data you provider will be disclosed to the authorities if court-ordered.
2.1 Contact form
Data entered by you in the contact form such as subject, title, name, company, address, email, and the content of your message/enquiry will be stored and used solely for the purpose of individual communication with you. We will not disclose your information to third parties.
2.2 Jobs site
We store and use the data you enter on the jobs site such as your title, name, company, email, address, telephone number, message, and any files you upload (curriculum vitae, reference, etc.) for the purpose of evaluating and responding to your application. All data will then be automatically deleted in accordance with the applicable legal regulations.
If we receive your application documents by post or e-mail, they will be recorded electronically in our job exchange and a personal profile will be generated in the system for further processing. Your original documents in paper form will be returned to you immediately afterwards. In this case, we will store, use and delete your data as explained under 2.2 If you object to the procedure described, simply send an e-mail to bewerbungen@. craiss.com
2.3 Newsletter
If you have subscribed for our newsletter using your email address, this will be used for our own marketing purposes. The newsletter contains information about specials, offers, and the latest innovations. We will store your email address until you unsubscribe from our newsletter. You can unsubscribe at any time via the link in the newsletter or by sending us a request by email, etc. By unsubscribing, you revoke the use of your email address.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. We use what is referred to as the double opt-in procedure to ensure that newsletters are sent out in agreement. In the course of this, the potential recipient can be included in a distribution list. Subsequently, the user receives the opportunity to confirm the registration in a legally secure manner by means of a confirmation email. The address is only actively included in the distribution list if it is confirmed. We use this data exclusively for the dispatch of the requested information and offers. The software Newsletter2Go is used as the software for newsletters. In so doing, your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider selected in accordance with the requirements of the EU General Data Protection Regulation and the German Federal Data Protection Act. You can find further information here: www.newsletter2go.de/informationen-newsletter-empfaenger/. You may at any time revoke your consent to the storage and use of your data and your email address to send the newsletter. This can be done by clicking the Unsubscribe link in the newsletter. Because our data protection measures are subject to constant updating, we ask you that you check our privacy policy on a regular basis.
The newsletters of Craiss Generation Logistik GmbH & Co. KG contain web beacons. A web beacon is a miniature graphic that is embedded in emails that are sent in HTML format to enable recording and analysis of your interaction with the newsletter. This allows a statistical evaluation of the success or failure of online marketing campaigns. The embedded web beacon allows us to detect whether and when an email was opened by a data subject and which links they clicked on. Such personal data collected via the web beacons in the newsletters is stored and evaluated by the data controller for the purpose of optimising the dispatch of the newsletter and to better adapt the content of future newsletters to the interests of data subjects. The data will not be disclosed to third parties. The data subject is entitled at any time to revoke the separate declaration of consent given via the double opt-in procedure. Once revoked, this personal data will be deleted by the data controller. Craiss Generation Logistik GmbH & Co. KG automatically interprets a request to unsubscribe from the newsletter as a revocation of consent.
2.3.1 Newsletter2Go
Type and scope of processing
We have integrated components of the Newsletter2Go service on our website. Newsletter2Go is a service of Newsletter2Go GmbH and offers marketing automation for companies.
Newsletter2Go is used to store and transfer data entered in forms using cookies, to send marketing e-mails and automated messages and to create targeted campaigns.
In addition, Newsletter2Go offers us the possibility to analyse whether the e-mails sent have been opened, how many users have received an e-mail and whether users have unsubscribed from the newsletter after receiving an e-mail.
In this case, your data will be passed on to the operator of Newsletter2Go, Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin.
Purpose and legal basis
We process your data with the help of Newsletter2Go for the purpose of optimising our website and for marketing purposes on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Newsletter2Go GmbH. Further information can be found in the data protection declaration for Newsletter2Go: https://de.sendinblue.com/legal/privacypolicy/.
2.4 Customer login
The customer login area provides access to our online client, where you can enter transport orders, access status information, or download transport-related documents.
Customers must apply for this access; once approved, they will receive the corresponding login data from us.
We store and use the personal data collected here, such as name, address, telephone number and email address without your separate consent only for the purpose of providing our services and fulfilling and processing any contractual relationship we have with you.
2.5 Employee login
The employee login area provides authorised employees external access to selected programs. They must apply for this access and be approved. No additional personal data is collected that goes beyond the scope of the internal use of these programs.
2.6 Transport partner login
The transport partner login area provides authorised transport partner external access to selected programs and data. They must apply for this access and be approved.
We store and use the personal data collected here, such as name, address, telephone number and email address without your separate consent only for the purpose of providing you access to certain data (orders, status, etc.) related to our business relationship with you.
2.7 Support area
In order to provide you with the best possible support when using our systems, we have created a way for Craiss administrators to access your computer or your current CITRIX session after receiving your active consent.
To enable this remote access, you will have to download the TeamViewer program via the corresponding link on our homepage. Once the program has been installed and started, you will be shown an individual session ID, which you must provide to our administrators in order for them to gain temporary access to your system. You can terminate the access at any time!
3. Cookies
The Craiss Generation Logistik GmbH & Co. KG website uses cookies. Cookies are text files that are filed and stored on a computer system via an Internet browser. Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows websites and servers that have been visited to distinguish the individual's browser from other Internet browsers that contain other cookies. A particular web browser can be recognised and identified by the unique cookie ID. The use of cookies enables us to provide users of this website with more user-friendly services that would not be possible without cookies. By means of a cookie, the information and offers on our website can be optimised for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because the website and the cookie stored on the user's computer system remembers the information. Another example is the cookie of a shopping basket in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket using a cookie. The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting using the Internet browser used and thus permanently prevent cookies from being used. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies on the Internet browser used, not all functions of our Internet site may be fully usable.
4. Facebook
We use the Like button ("Like") and the Share button ("Share") ("Facebook Plugins") of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook"), which connects this website to the social network of Facebook. More information about the function and appearance of the Facebook plugins can be found at developers.facebook.com/plugins. By activating the Facebook plugins, your browser establishes a direct connection with the Facebook servers. The content of the plug-in is transferred from Facebook directly to your browser and embedded into the page. At the same time, certain data is transferred from your browser to Facebook. This happens regardless of whether you click the Facebook plugins or not. We have no influence on the extent of the data that Facebook collects in this way. As far as we currently know, the following data may be collected:
• the page visited on our website that contains the Facebook plugin,
• the general data transmitted by your browser (IP address, browser type and version, operating system, time),
• for registered Facebook users who are logged in, their respective Facebook identifier.
Please see Facebook's privacy policies for the purpose and scope of this data collection and how Facebook processes and uses your data, as well as your rights and options for protecting your privacy: http://www.facebook.com/policy.php. If you are a Facebook user and do not wish Facebook to collect information about your visit to our site and link it to your data already held by Facebook, you must log out of Facebook before visiting our website and delete any Facebook cookies on your computer. It is also possible to block the Facebook social plug-in with browser extensions or add-ons. Further information can be found in the help pages of your browser.
5. YouTube
Type and scope of processing
We have integrated YouTube Video on our website. YouTube Video is a component of the video platform of YouTube, LLC, where users can upload content, share it over the internet and receive detailed statistics.
YouTube Video enables us to integrate content from the platform into our website.
YouTube Video uses cookies and other browser technologies to evaluate user behaviour, recognise users and create user profiles. This information is used, among other things, to analyse the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can assign the played videos to the profile.
When you access this content, you establish a connection to the servers of YouTube, LLC, whereby your IP address and possibly browser data such as your user agent are transmitted.
Purpose and legal basis
The use of the service is based on our legitimate interests, i.e. interest in a platform-independent provision of content in accordance with Art. 6 para. 1 lit. f GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the data protection declaration for YouTube Video: https://policies.google.com/privacy.
6. CRAISS Community (Newtron)
Via our CRAISS Community platform, our partner companies can participate in cargo auctions. After you complete our user agreement, we will register you on the CRAISS Community platform via Newtron.
The purpose of registration is to offer you content and services that can only be offered to registered users. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the data processor. You can view Newtron's current privacy policy here: https://www.newtron.de/datenschutz/
The personal data you provide in the user agreement (name, company name, address, telephone number, email address) will be stored in your profile to ensure communication and trouble-free cooperation. You can always contact lieferantenmanagement@ if you have any questions about your profile or wish to have your account deleted. Via --> My Login --> Communication --> Auctions 2.0, you can also indicate how you wish to receive information. craiss.com
7. CDNJS
Type and scope of processing
We use CDNJS to properly provide the content of our website. CDNJS is a service provided by Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of CDNJS.
Purpose and legal basis
The use of the content delivery network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer in accordance with Art. 6 para. 1 lit. f GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the data protection declaration for CDNJS: https://www.cloudflare.com/privacypolicy/.
8. Cloudflare CDN
Type and scope of processing
We use Cloudflare CDN to properly provide the content of our website. Cloudflare CDN is a service provided by Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offer, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Cloudflare CDN.
Purpose and legal basis
The use of the content delivery network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer in accordance with Art. 6 para. 1 lit. f GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the data protection declaration for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.
9. Google Analytics Remarketing
Type and scope of processing
We have integrated components from DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with every impression as well as with clicks or other activities.
Each of these data transmissions triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.
DoubleClick uses a cookie ID, which is necessary to carry out the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplication. In addition, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser's website using the same internet browser.
A DoubleClick cookie does not contain any personal data, but can contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission invoices. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of Double Click, Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Further information and the applicable privacy policy of DoubleClick by Google can be found at https://www.google.com/intl/de/policies/.
Purpose and legal basis
We process your data with the help of the DoubleClick cookie for the purpose of optimising and displaying advertising on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You give your consent by setting the use of cookies (cookie banner/consent manager), with which you can also revoke your consent at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie also serves to prevent the same advertisement from being displayed multiple times. Each time you visit one of the individual pages on our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can visit our website without restriction, but not all functions may be fully available.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google LLC. Further information can be found in the data protection declaration for Google DoubleClick: https://policies.google.com/privacy.
10. Google Webfonts
Type and scope of processing
We use Google Fonts from Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, connect to the servers of Google LLC and your IP address will be transmitted.
Purpose and legal basis
The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision and the optimisation of our online offer in accordance with Art. 6 para. 1 lit. f GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google LLC. Further information can be found in the data protection declaration for Google Fonts: https://policies.google.com/privacy.
11. Routine deletion and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.
12. Rights of the data subject
a) Right to confirmation
Every data subject has the right under the General Data Protection Regulations (GDPR) to require the data controller to confirm whether it is processing the subject's personal data. If a data subject wishes to exercise this right to confirmation, they may contact any data controller employee at any time.
b) Right to information
Any data subject has the right under GDPR to obtain information from the data controller at any time and at no charge concerning the personal data the controller has on file and request a copy of the same. In addition, the data subject has the right to the following information:
• the purpose for which the data is being processed
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
• if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
• the existence of a right to correct or delete such personal data or to have its processing limited or to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data on file was not collected from the data subject, all available information on its source
• the existence of automated decision making, including profiling, as defined in Art. 22 para.1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject. The data subject also has a right to information concerning the disclosure of their personal data to a third party or to an international organisation. If this is the case, the data subject has the right to obtain information concerning the data protection guarantees given in connection with the transfer. If a data subject wishes to exercise this right to information, they may contact any data controller employee at any time.
c) Right of correction
Any data subject has the right to demand the immediate correction of inaccurate personal data concerning them. Furthermore, taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of a supplementary declaration. If a data subject wishes to exercise this right to correction, they may contact any data controller employee at any time.
d) Right to deletion (right to be forgotten)
Each data subject shall have the right to require the data controller to erase their personal data and the data controller shall erase said personal data without undue delay when one of the following grounds applies, provided processing is no longer necessary:
• the personal data was collected or otherwise processed for purposes or in such a way that no longer apply;
• the data subject withdraws their consent to the processing per Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing.
• the data subject objects to the processing per Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for processing, or the data subject is entitled to submit an objection pursuant to Art. 21 para. 2 GDPR.
• The personal data has been processed unlawfully.
• The deletion of the personal data is necessary in order to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data have been processed by an information service provider per Art. 8 Para. 1 GDPR. If one of the above-mentioned reasons applies and a data subject wishes to have their personal data deleted, they may contact a data controller employee at any time. The employee will arrange for the deletion request to be handled without delay. If the personal data have been made public by Craiss Generation Logistik GmbH & Co. KG and our company is the data controller per Art. 17 para. 1 GDPR for the deletion of the personal data, we will take appropriate measures, including those of a technical nature, taking into account the available technology and costs of such measures, to inform other parties processing the published personal data that the data subject has requested the deletion of all links, copies, or records of this personal data, to the extent its further processing is not necessary. The employee will arrange for the request to be handled without delay.
e) Right to restrict processing
Any data subject has the right to request that the processing of the data be restricted if one of the following conditions is met:
• for as long as it takes the data subject to prove the inaccuracy of personal data it has contested;
• the processing is unlawful, but the data subject has refused to have the data deleted and instead requests that its use be restricted;
• the data controller no longer needs the personal data for its purposes, but the data subject needs it to remain on file in order to assert, exercise, or defend their rights;
• the data subject has objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh those of the data subject. If any one of the above mentioned conditions is fulfilled and a data subject wishes to request the restriction of personal data stored by the company, they can contact an employee of the data controller at any time. The employee will arrange for the request to be handled without delay.
f) Right to data transferability
Any data subject has the right to receive a copy of the personal data they have provided the data controller in a structured, commonly used, machine-readable format. They also have the right to transmit this data to another party without hindrance from the data controller to whom the personal data was originally provided, provided that the processing is based on the consent provided for in Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR or in a contract in accordance with Art. 6 para. 1 lit. b GDPR and processing is carried out by means of automated procedures, except where such processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller. Furthermore, in exercising their right to data transferability pursuant to Art. 20 para. 1 GDPR, the data subject has the right to require that the personal data be transmitted directly from one controller to another as far as this is technically feasible and provided that this does not affect the rights and freedoms of others. In order to assert this right, the data subject may contact a data controller employee at any time.
g) Right of objection
Any data subject may object to the processing of their personal data on grounds arising from their particular situation pursuant to Art. 6 para. 1 lit. e or lit. f GDPR at any time. This also applies to profiling based on these provisions. The company will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If the company processes personal data in order to carry out direct advertising, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If the data subject objects to the company's processing of their data for direct marketing purposes, the company will no longer process the personal data for these purposes. In addition, the data subject has the right, for reasons arising from his/her particular situation, to object to the processing of personal data concerning him/her for scientific or historical research purposes or for statistical purposes at the company in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary to fulfil a task in the public interest. To exercise the right of objection, the person concerned may directly contact any employee of the company or any other employee. The data subject shall also be free to exercise his/her right of opposition in relation to the use of information society services by means of automated procedures using technical specifications, Directive 2002/58/EC notwithstanding.
h) Automated decision-making processes including profiling
Any data subject to the processing of personal data shall have the right granted by the European legislator of directives and regulations not to be subject to a decision based exclusively on automated processing, including profiling, which has a legal effect against them or significantly affects them in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is admissible under Union or Member State law to which the data controller is subject and that such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (3) with the express consent of the data subject. If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is made with the express consent of the data subject, the company shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data controller, to state their own position and to challenge the decision. If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the company.
i) Right to revoke consent
Each data subject shall have the right to withdraw consent to processing of their personal data at any time. If the data subject wishes to exercise the right to withdraw the consent, thy may, at any time, contact any employee of the data controller.
13. Data security
Your personal data will be encrypted via SSL when transmitted via the customer, transport partner, or employee logins. We secure our website and other systems using technical and organisational measures against loss, destruction, access, modification or processing of your data by unauthorised persons. Access to your customer account is only possible after entering your personal password. You should keep your access information confidential and close the browser window and delete your history when you have finished your session with us, especially if you share your computer with others.
14. Provision of personal data as a statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
15. Legal basis of processing
Art. 6 I letter a GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I letter b GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I letter c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. The processing would then be based on Art. 6 I letter d GDPR. Ultimately, processing operations could be based on Art. 6 I letter f GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are allowed to carry out such processing procedures because they have been specifically mentioned by the European legislator. In this respect, a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47, sentence 2, GDPR).
16. The legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6 para. 1 lit. f GDPR, our legitimate interest is to carry out our business for the well-being of all our employees and the shareholders.
17. Download and print
You can also download this text in PDF format. To view and print PDF files, you need a PDF viewer, which you can download free of charge from Adobe Systems GmbH, for example. You can print the PDF file using Adobe Reader by selecting Print (or Print) from the File menu.
Data Protection Officer
In accordance with Art. 37 GDPR, TÜV Technical Monitoring Hessen GmbH was named as the external data protection officer.
Questions about data protection at CRAISS
If you have any questions about data protection, please do not hesitate to contact us at datenschutz@. craiss.com