Thank you for your interest in our company. In the following, we are pleased to provide you with information regarding the processing of personal data when using this website at hoenle.de in accordance with Article 13 EU General Data Protection Regulation (EU GDPR).
The controller of this website in the sense of the EU GDPR and other national data protection laws of the member states and other data protection regulations is:
GEPA Coating Solutions GmbH
88699 Frickingen (Bodensee)
Phone: +49 7554 989770-0
The controller’s data protection officer is
Dr Karsten Kinast, lawyer, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
I. General information about data processing
We only process our users’ personal data if this is necessary to provide a functioning website as well as our contents and services.
If we obtain the consent of the data subject for processing personal data, Article 6 Para. 1 Lit. a EU GDPR serves as the legal basis.
When processing personal data required for the performance of a contract to which the data subject is a party, Article 6 Para. 1 Lit. b EU GDPR serves as the legal basis. This also applies to processing required for executing precontractual measures.
If processing personal data is required to fulfil a legal obligation to which our company is subject, Article 6 Para. 1 Lit. c EU GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person make processing personal data necessary, Article 6 Para. 1 Lit. d EU GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 Para. 1 Lit. f EU GDPR serves as the legal basis for processing.
The personal data of the data subject is deleted or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
We sometimes use specialised providers (e.g. for hosting the pages or sending newsletters) to provide our website or for certain services on the website. These providers operate as service providers for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded “data processing contracts” with these providers in accordance with Article 28 EU GDPR, which ensure that data processing is carried out in a permissible manner.
II. Provision of the website and creation of log files
On every visit to our website, our system automatically collects data and information from the computer system of the computer being used.
The following data is collected:
(1) information about the browser type, including the version and language used
(2) the user’s operating system, including interface
(3) the user’s IP address
(4) date and time of access
(5) page of origin (HTTP-referrer)
(6) accessed address (2nd-level-domain.1st-level-domain/accessed_page)
(7) call status/HTTP status code
(8) amount of data transferred
The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of the data and log files is Article 6 Para. 1 Lit. f EU GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose.
Data is stored in log files to ensure the functionality of the website. The data also helps us to optimise the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing in accordance with Article 6 Para. 1 Lit. f EU GDPR also lies in these purposes.
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session has ended.
In the case of data being stored in log files, this is the case after seven days at the latest. Further storage is possible. Users’ IP addresses are distorted after just two days at the latest so that assignment to the visiting client is no longer possible.
The collection of the data for website provision and data storage in log files is necessary for operating the website. As a result, there is no objection option for the user.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions on our website cannot be offered without using cookies. For this it is necessary that the browser is recognised even after a page change.
The following data is stored and transmitted in the cookies:
(1) language settings
(2) pages visited
The legal basis for processing personal data using cookies is Article 6 Para. 1 Lit. f. EU GDPR.
We require cookies for the following applications:
(1) acceptance of language settings
(2) user frequency of pages
The user data collected by technically necessary cookies is not used to create user profiles.
Our legitimate interest in processing personal data in accordance with Article 6 Para. 1 Lit. f EU GDPR also lies in these purposes.
IV. Display and use of third-party content
The legal basis for processing personal data using CDN and other tools is Article 6 Para. 1 Lit. f. EU GDPR.
We use the following third-party providers:
• Google Inc. for the use of “Google Fonts” and “Google Maps”
When using CDN and other tools, your IP address, among other things, is transmitted to the third-party providers. Even though the third-party providers operate servers in the EU, it cannot be excluded that your browser also accesses servers outside the EU. For more detailed information about which personal data are processed by Google, Inc. in this relation, see https://policies.google.com/privacy?hl=en&gl=de
The use of CDN and other tools is in the interest of presenting our website in a uniform and appealing way. Our legitimate interest in processing personal data in accordance with Article 6 Para. 1 Lit. f EU GDPR also lies in these purposes.
V. Use of Google Analytics
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link: Deactivate Google Analytics. This installs an opt-out cookie on your device. This will prevent Google Analytics from collecting data for this website and for this browser in the future as long as the cookie remains installed in your browser.
There is the option of subscribing to a free newsletter on our website.
The legal basis for processing the data after the user has registered for the newsletter is Article 6 Para. 1 Lit. a EU GDPR if the user has given consent.
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. The user’s data will therefore be stored as long as the newsletter subscription is active.
The newsletter subscription can be cancelled by the user concerned at any time. There is a corresponding link in each newsletter for this purpose.
VII. Contact forms and email contact
There are contact forms on our website that can be used for electronic contact. If a user uses this option, the data entered in the input screen will be transmitted to us and stored.
Alternatively, you can contact us via the email address(es) provided. In this case, the user’s personal data transmitted by email will be stored.
The legal basis for processing data transferred as part of using the contact form or sending an email is Article 6 Para. 1 Lit. f. EU GDPR.
If the use of the contact form or the transmission of an email serves to fulfil a contract to which the user is a party or to execute pre-contractual measures, the legal basis for processing the data is Article 6 Para. 1 Lit. b GDPR.
Processing personal data from the input screen or in the event of contact being made by email is solely for the purpose of facilitating contact with us.
Our legitimate interest in processing personal data in accordance with Article 6 Para. 1 Lit. f EU GDPR also lies in these purposes if it does not already involve the fulfilment of a contract to which the user is a party or the execution of pre-contractual measures.
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the contact form input screen and that which was sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances show that it is certain that the matter in question has been conclusively resolved. If there are legal storage periods for the communication content, e.g. due to commercial and/or tax law provisions, the corresponding data will be deleted after these periods have expired.
If there are no legal storage obligations, the user can object to the storage of their personal data at any time. In a case such as this, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VIII. Rights of the data subject
You as data subject have the right to information according to Article 15 GDPR, the right to correction according to Article 16 GDPR, the right to deletion according to Article 17 GDPR, the right to restrict processing according to Article 18 GDPR, the right to objection from Article 21 GDPR and the right to data transferability from Article 20 GDPR. With regard to the right to information and the right to deletion, the restrictions in accordance with Sections 34 and 35 Federal Data Protection Act – BDSG – (new) shall apply. Furthermore, you have the right to complain to a data protection supervisory authority (Article 77 EU GDPR in conjunction with Section 19 BDSG (new)). The supervisory authority responsible for us is the Bavarian State Office for Data Privacy Supervision (Bayerisches Landesamt für Datenschutzaufsicht), PO box 606, 91511 Ansbach.
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the EU GDPR came into force, therefore, before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place prior to revocation is not affected by this.