INFORMATION ON THE COLLECTION OF PERSONAL DATA
Thank you for visiting our website and for your interest in the services offered by Ganter Interior GmbH.
We take the protection of your personal data very seriously in our role as data controller. Internet pages can only be displayed if data of the visitor, at least the IP address, is transmitted beforehand. Therefore, we would like to inform you comprehensively with this data protection declaration about the processing of your personal data in the context of visiting this website. We are legally obligated to do so as the entity responsible for data processing. You can reach us via the following contact options:
Ganter Interior GmbH
m Kraftwerk 4
Tel. +49 (0)7681 4018-0
The website of Ganter Interior GmbH is subject to the EU Data Protection Act (EUDSGVO) and the German Federal Data Protection Act (BDSG), and to the German Telemedia Act (TMG). We are therefore obliged to protect and treat confidentially all information and data collected from visitors to this website. The data stored in the course of visiting this website is processed exclusively in the manner described in this data protection declaration. We do not intend to use personal data in any other way or to pass it on to third parties.
Personal data is information about personal or factual circumstances of an identified or identifiable person. This includes names and contact data, such as address, telephone number, e-mail address, as well as sensitive data, such as information about the state of health but also usage data such as your IP address.
Scope of the processing of personal data
As a matter of principle, Ganter Interior GmbH collects and uses personal data of visitors to this website only to the extent that this is necessary for the provision of a functional website and of our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.
Purposes and legal basis of data processing, storage period of the data
If you use our website for purely informational purposes and do not send us any other information (e.g. by e-mail), we only collect data that your browser transmits to our server (so-called “server log files”). This data is processed in accordance with Art. 6 (1) f EUDSGVO on the basis of our legitimate interest in improving the stability and functionality of our homepage. This data is not used in any other way or even passed on to third parties. However, we reserve the right to analyze the log files retrospectively if there are indications of illegal use. The stored data will be deleted regularly.
If you contact us by e-mail, personal data will be collected. This data is stored and used exclusively for the purpose of processing your request and the associated technical administration. The legal basis for processing the data is our legitimate interest in processing your request in accordance with Art. 6 (1) f EUDSGVO. Your data will be deleted after final processing of your request, this is the case when the matter concerned has been conclusively clarified and provided that no legal retention obligations prevent deletion. We use service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 b or f EUDSGVO, insofar as they are not order processors. Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures) may have access to your data to the extent necessary. The legal basis for the disclosure is then Art. 6 (1) b or f EUDSGVO. Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) a EUDSGVO serves as the legal basis.
We process personal data of our suppliers and service providers as well as their employees for the initiation and implementation of our contractual relationships on the basis of Art. 6 para. 1 p. 1 b EUDSGVO and Art. 6 para. 1 p. 1 c EUDSGVO.
We process employee data for the establishment, implementation and termination of employment relationships (Art. 88 EU Data Protection Regulation, § 26 BDSG).
We process applicant data for the purpose of carrying out the application procedure and deciding on the establishment of an employment relationship (Art. 88 EU Data Protection Regulation, § 26 BDSG).
If we collect personal data for the purpose of implementing measures to combat the coronavirus (SARS-CoV-2) in accordance with federal (e.g. BIfSG) and state law, we process this data exclusively within the framework of the applicable legal regulations. For example, there may be an obligation to forward personal data, in particular health data, to competent authorities.
When processing personal data that is necessary for the performance of another contract to which the data subject is a party, Art. 6 (1) b EUDSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c EUDSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) d EUDSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) f EUDSGVO serves as the legal basis for the processing.
PROCESSING OF DATA IN COMMUNICATIONS PURSUANT TO ART. 6 ABS. 1 A TO F EUDSGVO
If you send us information by e-mail or via a contact form, the data you provide (your e-mail address, your name, if applicable, and your telephone number) will be stored by us in order to respond to your inquiry. For this purpose, your information will be read within Ganter Interior GmbH and forwarded to the responsible department. The personal data will be stored and processed for this purpose. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are legal retention obligations.
If you send us an application by e-mail, we subsequently process your transmitted data exclusively for the purpose of handling the application process. If an employment relationship is established with an applicant, we store the transmitted data in order to perform the activities required within the scope of the employment relationship. Only our employees responsible for personnel processing have access to such applicant data. If no employment relationship is established, we generally delete the application documents two months after notifying you of the rejection, unless there is a legitimate interest in deletion.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. Where possible, we will also state the criteria defined for the storage period.
COLLECTION OF GENERAL INFORMATION WHEN YOU VISIT OUR WEBSITE
As long as you use our website for information purposes only, i.e. without registering or otherwise transmitting information, we only collect the personal data that your browser transmits to our server (log files).
In this respect, information is automatically collected by us or the web space provider with each access. This information, also referred to as server log files, is of a general nature and does not allow any conclusions to be drawn about your person.
Among other things, the following information is collected: Name of the website, language, requested data, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transferred in each case, web browser and web browser version, operating system and its version, the domain name of your Internet provider, the so-called referrer URL (the page from which you accessed our offer – if transmitted. Users can switch this on and off in the browser), access status/HTTP status code and the IP address.
Without this data, it would not be technically possible in part to deliver and display the contents of the website. In this respect, the collection of the data is mandatory. In addition, we use the anonymous information for statistical purposes. They help us to optimize the offer and the technology. We also reserve the right to subsequently check the log files if we suspect illegal use of our offer.
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. As the operator of this website, we are considered a provider of a telemedia service in the sense of the TTDSG (Telecommunications Telemedia Data Protection Act). When using cookies, we particularly observe the consent rules of § 25 TTDSG in order to ensure the protection of the privacy of visitors to this website. We always obtain consent if § 25 TTDSG provides for this. Accordingly, consent under Section 25(2) TTDSG is not required in the following cases:
- the sole purpose of storing information in the terminal equipment or the sole purpose of accessing information already stored in the terminal equipment is to carry out the transmission of a message via a public telecommunications network, or
- the storage of information or the access to information already stored is absolutely necessary so that we, as the provider of this website, can make available the contents called up by you as a user and expressly requested in this respect.
General information on cookies
Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which the party setting the cookie (in this case this is done by us) receives certain information. This information may include, for example, user settings, history information about visits to the website or language settings.
Cookies serve to make the website as a whole more user-friendly and effective. We do not pass this data on to third parties or link it to personal data without your consent. Cookies fulfil two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly.
Cookies cannot execute programmes or transfer viruses to your computer and therefore cannot cause any damage. Cookies can, however, contain data that enable recognition of the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. Cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
- Technical cookies: these are essential to navigate our website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;
- Performance cookies: these collect information about how you use a website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests our users;
- Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or third party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing cookies: these are used to improve the interactivity of a website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
THIRD COUNTRY TRANSMISSION
We would like to point out that when using our online offer, personal data is partly transferred to the USA. A data transfer to the USA is no longer permitted without further ado since the ruling of the European Court of Justice EU-US-PRIVACY SHIELD/SCHREMS-II-URTEIL of 16.07.2020.
A data transfer to the United States (USA) was previously permitted if the company to which the data is to be transferred was certified under the EU-US Privacy Shield. Although this certification continues to exist, it is no longer sufficient for legal reasons alone since the ECJ ruling SCHREMS II. The European Court of Justice (ECJ) declared the Privacy Shield agreement as such to be insufficient.
Since then, the USA is no longer considered a safe third country in the sense of the EU Data Protection Regulation. It is particularly critical to see that US companies are obliged to hand over personal data to the American security authorities upon request. There is no effective legal protection against this for non-US citizens. Therefore, the European Court of Justice considers the U.S. Privacy Shield to be insufficient when it comes to protecting the rights of Internet users. The problem here is that it cannot be ruled out that authorities in the U.S., e.g., intelligence agencies, investigative authorities, etc., use your data stored on servers in the U.S. for surveillance, for example, and store the data or knowledge gained from it permanently. We have no influence on these processing operations and processes.
We have therefore taken further protective measures to ensure a level of data protection in accordance with European standards. We have directly asked providers from the USA whose services we use and who transfer personal user data how they will react to the ECJ ruling. We contacted the provider with the aim of reaching binding agreements on this matter immediately. In doing so, we are guided by the standard data protection clauses pursuant to Article 46 (2) c of the GDPR or use them by working towards ensuring that the companies concerned guarantee appropriate handling of personal user data via the EU standard contractual clause. This obliges data recipients in the USA to process the data in accordance with the level of protection in Europe. To the extent that agreements of this kind could not be concluded at the present time, we are continuing our efforts to obtain corresponding regulations and commitments from all data recipients in the USA. As long as the legal situation has not been conclusively clarified, we obtain consent for all applications on our website with data transfers to the USA using a consent tool.
For more information about the personal data we transfer to companies in the USA, please refer to the section “Data processing within the scope of this website”.
RECIPIENTS OR CATEGORIES OF RECIPIENTS
We sometimes use external service providers, such as IT and telecommunications companies or companies that support us in archiving and destroying documents, to implement and comply with our contractual and legal obligations. We do not pass on data to other recipients not listed in this data protection declaration.
NOTE ON PROFILING AND SCORING
We do not make automated decisions in individual cases, including profiling.
YOUR RIGHTS AS A DATA SUBJECT
Data protection law grants you a number of data subject rights of which we must inform you. Depending on the reason and type of processing of your personal data, you have the following rights:
- Your right to information, Art. 15 EUDSGV.
You have the right to find out from us whether and – if so – which of your personal data we process. You have the right to request copies of your personal data from us. This right always applies. There are some exceptions regarding the personal data to be communicated. This means that you will not always receive all the information we process.
- Your right to rectification, Art. 16 EUDSGV.
You have the right to request from us without undue delay the rectification of personal data concerning you that you consider to be inaccurate. You also have the right to request us to complete such personal data that you consider incomplete. This right always applies.
- Your right to deletion, Art 17 EUDSGV.
Under certain conditions, you have the right to request that we delete your personal data. You can read more about this here.
- Your right to restriction of processing, Art 18 EUDSGV.
Under certain conditions, you have the right to demand that we restrict the processing of your personal data.
- Your right to data portability, Art. 20 EUDSGV.
You only have this right with regard to personal data that you have provided to us yourself. You have the right to request that we transfer this personal data directly to another controller or organization. Alternatively, you have the right to request that we provide you with the data ourselves in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract or in the context of contract negotiations and the processing is carried out with the help of automated processes. You can find more information on the right to data portability here.
- Your right to object to processing, Art 21 EUDSGV.
If we process your personal data because the processing is part of our public tasks or if we process your data on the basis of a legitimate interest, you have the right to object to the processing.
You are not required to pay a fee for exercising your rights. The assertion of your data subject rights is free of charge. If you exercise your data subject rights, we have one month to respond to you.
In order to be able to consider a data block at any time, it is necessary to keep the data in a blocking file for control purposes. If there is no legal archiving obligation, you can also request that the data be deleted. Otherwise, we will block the data if you so wish.
We would like to point out that in certain cases we may request additional information from you in order to establish your identity. For example, when exercising the right to information, we can ensure that information is not disclosed to unauthorized persons.
You also have the right to complain to the competent data protection supervisory authority about our processing of your personal data.
The contact details of the competent supervisory authority are:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
OUR DATA PROTECTION OFFICER
You have the possibility to contact our data protection officer:
Mr. Jörg Leuchtner (Lawyer)
Freiburger Datenschutzgesellschaft mbH
DATA MINIMIZATION AND STORAGE LIMITATION
In accordance with the principles of data minimisation and storage limitation, we only store personal data for as long as is necessary or prescribed by law (statutory storage period). Therefore, the personal data we store will be deleted in accordance with legal requirements. We delete the data as soon as they are no longer required for the processing purpose, a given consent is revoked or other permissions cease to apply. Data that must still be stored, e.g. for reasons of commercial or tax law, or whose storage is still required for the assertion, exercise or defence of legal claims, will be deleted as soon as this is no longer the case.
Due to the constant development of new Internet technologies and changes in applicable data protection regulations, our data protection declaration is updated to the extent necessary. The data protection statement which is available at the time of the respective visit to the website of Ganter Interior GmbH shall always apply.
DATA PROCESSING WITHIN THE FRAMEWORK OF THIS WEBSITE:
As part of the information offered and the use of our website by our visitors, we make use of functions provided by external service providers. By doing so, we want to make your visit to our website as informative and convenient as possible. In addition, we have a vested interest in using features that allow you to engage, interact with us or other Internet users, and track and improve the functionality and effectiveness of our website. When selecting and using such services, we make a responsible choice and take into account data protection aspects. In particular, in order to ensure the processing of data in compliance with data protection law, we have concluded a contract on commissioned processing with the respective providers.
Data processing within the scope of the services listed below is based on our legitimate interests. Website operators regularly have a legitimate interest in particular in the following aspects: the greatest possible visibility in social media, analysis of user behavior, uniform and appealing presentation of content, error-free and secure provision of the web offer, ease of finding the locations we specify on the website, etc. If a corresponding consent was requested, the processing is based on this consent, which can be revoked at any time.
If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the data controller. The registration for our newsletter is carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a) DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Article 7 (3) UWG.
INTEGRATION OF THIRD PARTY SERVICES AND CONTENT
We use the jQuery script library to process and display dynamic content. The provider is the OpenJS Foundation, Legal Department, 1 Letterman Drive, Bulding D, Suitde D4700, San Francisco, CA 94128. In order to ensure that the functions used are up to date, we reload the libraries every time our visitors visit our website. Among other things, their IP address and information about the website they visited are transmitted to the OpenJS Foundation. You can find more information about the processing of your data at:
We use the map service Google Maps on this website to make it possible to locate relevant places as part of our information offering. This function is offered by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google stores your IP address for this purpose and transfers data to Google servers in the USA. We have no influence on this data transmission and any further processing of the data. The legal basis for the data transfer to the USA is the standard contractual clauses of the EU Commission:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
Further information on data processing by Google can be found here: https://policies.google.com/privacy?hl=de.
We use rapidmail for sending newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not wish to have your data analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail we can determine whether and which links are clicked on in the newsletter message. All links in the e-mail are so-called tracking links, with which your clicks can be counted. Depending on the font used to design the respective newsletter, a connection to external servers such as Google Fonts takes place.
The legal basis for the data processing is Art. 6 para. 1 lit. a) DSGVO. The recipient of the data is rapidmail GmbH. The data will not be transferred to third countries. Duration: The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. You have the option of revoking your consent to data processing at any time with effect for the future. The legality of the data processing operations already carried out remains unaffected by the revocation.
For further data protection information, please refer to the data security information and analysis functions of rapidmail at: https://www.rapidmail.de/datensicherheit and https://www.rapidmail.de/wissen-und-hilfe.