This website is operated by Nordbrand Nordhausen GmbH. In the following we inform you about the collection of personal data when you use this website. Personal data is all data which can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
Your data will be collected, processed and used in accordance with the provisions of the German Telemedia Act (Telemediengesetz, TMG) and data protection law, in particular the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the General Data Protection Regulation (GDPR).By means of this data protection declaration we inform about the collection of personal data on and via our website from the data subject in accordance with Art. 13 GDPR.
1. Collection of personal data for informational use
(1) If you use the website purely for information purposes, i.e. if you do not log on to, register, or provide us with any other information to use the website, we do not collect any personal data, apart from data which your browser sends to enable you to visit the website. The purpose of this data collection is to enable you to visit the website and to ensure that the website functions properly. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. This is:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Data volume transmitted
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) In addition, when you use the website, cookies will be stored on your computer. Cookies are small text files which are stored on your hard drive, are allocated to the browser used by you and through which certain information is sent to the body which places the cookie (in this case us). A cookie typically contains the name of the domain from which the cookie originates, the “lifetime” of the cookie, and a value, normally a unique randomly-generated number. Cookies cannot execute any programmes or transmit viruses to your computer. The purpose of the use is to make our website more user friendly and more effective. Some elements of our website require that the browser can be identified even after a page change.
- Transient cookies (temporary use) are deleted automatically when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests by your browser can be assigned to the shared session. As a result, your computer can be recognized when you return to the website. Session cookies are deleted when you log out or close your browser.
- Persistent cookies (use for a limited time) are automatically deleted after a predetermined time, which can vary depending on the cookie. You can delete these cookies any time in the security settings of your browser.
- Cookies in connection with third-party services, as described below.
- Flash cookies used are not recorded by your browser, but by your Flash plugin. These cookies store the necessary data regardless of the browser you are using and have no automatic expiration date. If you do not wish Flash cookies to be processed, you must install an appropriate add-on.
- Web beacons are electronic signs (also called "Clear GIFs" or "Web Bugs") that allow us to count the number of users who have visited the website.
You can configure your browser settings as you wish and, e.g., refuse the acceptance of third-party or all cookies. Please note, however, that you then may not be able to use all the functions of this website.
(3) This information is stored separately from any data that may further be stored by us. In particular, the cookie data is not linked to your other data that may be transmitted.
2. Collection of personal data for personalised use
(1) In addition to the use of our website purely for information purposes, we also offer a range of services which you can use if you are interested. For this purpose, you usually have to provide additional personal data which we use to provide the respective service. When you have the option of providing additional voluntary information, this is identified accordingly. Only the personal data which is necessary for your use of the website and/or the performance of a contract concluded with us or which you provide yourself is collected, processed and used by us. This concerns in particular master data and user data which may possibly be transmitted via forms on our website:
- Name (consisting of salutation, title, first name, surname and gender)
- Telephone number
- Fax number
- E-mail address
- Date of birth
- User's registration and login data
- User’s bank details
- VAT identification number (optional)
(2) Inventory data and user data are used by us as necessary in order to establish, provide the content of, amend or terminate a contractual relationship with you, in order to meet our contractual obligations, for login by the user on the website, and in order to contact you if you wish or if this is necessary within the scope of the contractual relationship or permitted by law.
The personal data will, with the exception of the data collected by the third-party providers stated below, be stored and processed within the European Union.
3. Erasure dates
Inventory data is deleted two years after the termination of the contractual relationship at the end of the calendar year, unless it needs to be stored for a longer period and this is permitted by law.
4. Anonymous statistical analysis of the user data
We have the right to create user profiles using a pseudonym for purposes of advertising, market research or to design the website to meet the needs of users, unless you object. In particular, we analyse the user data anonymously for statistical purposes in order to design the website to meet the needs of users. You can object to the use of your personal data by sending us a corresponding notification.
5. Subcontractors and Recipients of personal data
1) In the course of processing personal data we use subcontractors and conclude contracts with these contract data processors in accordance with the requirements of Art. 28 GDPR.
The subcontractor which is used to host the website is DFAU GmbH, Gustav-Weißkopf-Str. 5, 90768 Fürth, Germany.
6. Protection of personal data
We take technical and organisational measures in accordance with the requirements of Art. 32 GDPR to protect the user's personal data. All of our employees who are involved in the processing of personal data are under obligation to maintain data secrecy. The user’s personal data will be encrypted by HTTPS when it is transmitted to the website.
7. Legal basis
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing.
- Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
- In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
- Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
- The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
- The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 para. 1 lit. f GDPR GDPR.
- After your registration for our newsletter we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
- If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 letter f GDPR serves as the legal basis for processing.
If the processing of personal data is based on Article 6 I lit. f GDPR, it is in our legitimate interest to conduct our business for the well-being of all our employees and our shareholders.
8. No Automated individual decision-making / no profiling
We do not make automated decision making or profiling.
9. Rights of data subjects
The user and other data subjects may demand from us the following rights in respect of their personal data:
- Right of access by the data subject (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure ('right to be forgotten') (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to revoke consent given at any time without affecting the legality of the processing carried out on the basis of the consent until revocation, if the data processing is based on consent pursuant to Art. 6 para. 1 lit. a or Article 9 para. 2 lit. a GDPR.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
10. Reference to the right to object under Art. 21 GDPR
A. Right to object on grounds relating to your particular situation
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e (puplic interest) or lit. f (legitimate interests) of Article 6 para. 1, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
B. Rigth to object relating to direct marketing
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data is no longer be processed for such purposes.
C.Exercise of the right of objection
The right of objection can be exercised informally, for example by mail to Nordbrand Nordhausen GmbH, Bahnhofstraße 25, 99734 Nordhausen/Harz, Germany or via E-Mail to firstname.lastname@example.org.
11. Service provider / responsible body / contact details / objection / revocation of consent
The service provider in accordance with § 13 of the German Tele Media Act (Telemediengesetz, TMG), and responsible body in accordance with Art. 4 No. 7 GDPR other data protection laws and other provisions of a data protection nature in force in the Member States of the European Union is:
Nordbrand Nordhausen GmbH
Telefon: +49 (0) 36 31-636-0
Telefax: +49 (0) 36 31 636-400
All requests for information, corrections and deletions, objections or revocations of consent, the assertion of the right to limit the processing or the right to data portability, as well as comments or questions by the user relating to data protection are to be sent to this address.
12. Data Protection Officer
Our external Data Protection Officer is Stephan Schmidt, Lawyer, of Mainz. You can reach him at email@example.com or at our postal address with the addition "the data protection officer".
13. Data protection supervisory authority and right to complain
The data protection supervisory authority responsible for us, to which any complaint about a breach of data protection law can be sent, is:
Der Hessische Datenschutzbeauftragte,
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
Telefon: 0611/1408-0, Fax 0611/1408-900 oder -901,