DECLARATION
This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer.
We point out that data transmission on the Internet (eg communication by e-mail) security gaps. Complete protection of data against access by third parties is not possible.
We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.
Unless the legal basis is mentioned separately in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures and responding to inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing for the performance of our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing for the protection of our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
DEFINITIONS
We use the following terms, among others, in this Privacy Policy:
(1) personal data.
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(2) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
(3) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(4) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
(5) Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
(6) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
(7) Controller or person responsible for processing.
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
(8) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
(9) Recipient
Recipient shall mean a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
(10) Third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
(11) Consent
Consent is any expression of will in the form of a declaration or other unambiguous affirmative act, given voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
With regard to the terms used, we also refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
RESPONSIBLE
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the
Altatec GmbH
Käthe-Kollwitz-Strasse 60
04109 Leipzig
E-mail: info@greensoils.de
Website: www.greensoils.de
Registered in the Commercial Register of the District Court of Leipzig under the registration number HRB 17278
Management: Uwe Becher
E-MAIL CONTACT
(1) It is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
(2) Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. No disclosure of this personal data to third parties shall take place.
(3) The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
(4) Accordingly, the processing of the personal data from the e-mail constitutes the necessary legitimate interest in the processing of the data.
(5) We process the inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) obtained through this for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit. b. DSGVO or to carry out the application process. User information may be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
(6) The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfillment or initiation of the contract.
(7) The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the correspondence cannot be continued. The revocation of consent and the objection to storage can be made in text form (e.g. e-mail). All personal data stored in the course of contacting us will be deleted in this case.
(8) No special categories of data within the meaning of Art. 9 (1) DSGVO (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation) are processed.
COOPERATION WITH PROCESSORS AND THIRD PARTIES
(1) If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this shall only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
(2) If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
RIGHTS OF THE DATA SUBJECT
If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
(1) Right of access
You may request confirmation from the controller as to whether personal data concerning you are being processed by us.
If such processing is taking place, you may request information from the controller about the following:
- the purposes for which the personal data are processed;
- the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data, if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject. You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.
(2) Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
(3) Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
- if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
- if you have objected to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.
Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
(4) Right to erasure
(a) Obligation to erasure
You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
- The personal data concerning you have been processed unlawfully.
- The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
(b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.
(c) Exceptions.
The right to erasure does not exist to the extent that the processing is necessary to
to exercise the right to freedom of expression and information;
- for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
- for the assertion, exercise or defense of legal claims.
(5) Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.
(6) Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
- the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
- the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(7) Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
(8) Right to revoke your declaration of consent under data protection law.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
(9) Automated decision in individual cases including profiling.
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for the conclusion or fulfillment of a contract between you and the responsible party,
- is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
- is done with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (9) points 1 and 3, the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
(10) Right to complain to a supervisory authority.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
SECURITY MEASURE
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access concerning them, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 of the GDPR).
DELETION OF DATA
Unless separately described in this Privacy Policy, the following applies to the deletion of data:
- The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
- According to legal requirements, the storage takes place in particular for 6 years according to § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) as well as for 10 years according to § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
CHANGES AND UPDATES TO THE PRIVACY STATEMENT
We adapt the privacy statement as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Status: 01.04.2023