Data protection declaration

Thank you for your interest in our company. The management of Deutsche Werkstätten Hellerau GmbH takes data protection very seriously. It is generally possible to use the Internet sites of Deutsche Werkstätten Hellerau GmbH without providing personal data. Should an affected person wish to use special services of our company via our Internet site, the processing of personal data may however become necessary. Should processing of personal data be necessary and should no legal basis be present for this, we generally obtain the consent of the affected person.

The processing of personal data, for example the name, address, email address or telephone number of an affected person always takes place in accordance with the General Data Protection Regulation (GDPR) and in line with the country specific data protection provisions which apply to Deutsche Werkstätten Hellerau GmbH. By means of this data protection declaration, the company wishes to inform the public of the type, scope and purpose of the personal data which is gathered, used and processed by us. Furthermore, affected persons are being informed of their rights by means of this data protection declaration.

As a responsible body, Deutsche Werkstätten Hellerau GmbH has implemented numerous technical and organisational measures for the processing of personal data, in order to guarantee the highest level of protection for the personal data which is processed via this Internet site. However, Internet-based data transfers generally carry security risks, which means that absolute protection cannot be guaranteed. For this reasons, all affected persons are free to provide personal data to us via alternative channels, for example by telephone.

1. Definitions

The data protection declaration of Deutsche Werkstätten Hellerau GmbH is based on the definitions which were used by the issuer of European Directives and Regulations when issuing the General Data Protection Regulations (GDPR). Our data protection declaration should be easily readable and understandable both for the public and for our customers and business partners. In order to guarantee this, we wish to explain in advance the terms which are being used.

a) Personal data
Personal data is all information which relates to an identified or identifiable natural person (subsequently referred to as "affected person"). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular on the basis of information such as a name, ID number, location data, online name or one or more special characteristics which relate to the physical, physiological, genetic, psychological, economic, cultural or social identity of him or her.

b) Affected person
An affected person is any identified or identifiable natural person whose personal data is being processed by the responsible body for the processing.

c) Processing
Processing is any procedure carried out with or without the assistance of automated processes or any such part of the procedure in connection with personal data, such as the gathering, recording, organisation, allocation, saving, adjustment or alteration, reading, retrieval, use, disclosure by means of transfer, distribution or other form of making available, comparison or connection, restriction, deletion or destruction of this.

d) Processing restriction
Processing restriction refers to the marking of saved personal data with the objective of restricting its processing in the future.

e) Profiling
Profiling is any type of automated processing of personal data which means that personal data is used in order to evaluate certain personal aspects which relate to a natural person, in particular to analyse or forecast aspects concerning work performance, economic position, health, personal preferences, interests, reliability, behaviour, whereabouts or change to place of residence of this natural person.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific affected person without the use of additional information, should this additional information be stored separately and be subject to technical and organisational measures which guarantee that the personal data cannot be assigned to an identified or identifiable natural person.

g) Responsible body or responsible body for the processing
The responsible body or the responsible body for the processing is the natural or legal person, authority, institution or other body which takes a decision concerning the purposes and means of the processing of personal data either alone or with others. Should the purposes and means of this processing be prescribed by EU law of the law of the Member States, the responsible body or the specific criteria of its appointment can be determined under EU law or the law of the Member States.

h) Order processor
An order processor is a natural or legal person, authority, institution or other body which processes personal data on behalf of the responsible body.

i) Recipient
A recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether this is a third party or not. Authorities which may receive personal data within the framework of a specific investigation order under EU law or the law of the Member States are not however considered to be recipients.

j) Third party
A third party is a natural or legal person, authority, institution or other body apart from the affected person, the responsible body or order processor which is permitted to process the personal data under the direct responsibility of the responsible body or order processor.

k) Consent
Consent is a declaration of intent issued by the affected person in a voluntary manner for the specific case in an informed manner and without misunderstanding in the form of a declaration or other clear confirmed action, whereby the affected person states that he or she agrees to the processing of the personal data which relates to him or her.

2. The name and address of the responsible body for the processing as required by the General Data Protection Regulation (GDPR), other data protection laws which apply in the EU Member States and other provisions under data protection legislation is:
Deutsche Werkstätten Hellerau GmbH
Moritzburger Weg 68
01109 Dresden
Germany

3. Name and address of the Data Protection Officer

The Data Protection Officer of the responsible body is: 

Ronny Seffner

Seffner & Schlesier OHG

Hamburger Ring 11a

01665 Klipphausen

Germany

Phone: +49 35204 392050

E-mail: datenschutz@dwh.de

Website: www.seffner-schlesier.de

Any affected person can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

4. Cookies

The websites of Deutsche Werkstätten Hellerau GmbH use cookies. Cookies are text files that are stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can identify the specific internet browser in which the cookie has been stored. This enables the websites and servers visited to distinguish the individual browser from other internet browsers which may also contain cookies of the data subject. A specific internet browser can be recognised and identified by the unique cookie ID.

Through the use of cookies, Deutsche Werkstätten Hellerau GmbH can provide users of this website with more user friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimised to suit the user. Cookies enable us, as already mentioned, to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website who uses cookies does not need to re-enter his or her access data each time he/she visits the website, as this is done by the website and the cookie stored on the computer of the user. Another example is the cookie for a shopping cart in an online shop. The online shop uses a cookie to remember the items that a customer has placed in the virtual shopping cart.

The data subject can prevent our website from setting cookies at any time by means of making the appropriate adjustments in his/her internet browser settings and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be erased at any time via the internet browser itself or other software programmes. This is possible with all current internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, then under certain circumstances not all the functions of our website will be fully usable.

5. Collection of general data and information

The Deutsche Werkstätten Hellerau GmbH website collects various general data and information each time a person or an automated system accesses the website. This general data and information is stored in the server log files. Data captured can include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system reaches our Internet page (so called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information serving to protect against attacks on our information technology systems.

When using this general data and information, Deutsche Werkstätten Hellerau GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to (1) deliver the content of our website correctly, (2) to optimise the content of our website and its advertising, (3) to ensure the long term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack. Thus, this anonymously collected data and information is evaluated statistically by Deutsche Werkstätten Hellerau GmbH on the one hand and on the other hand with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

6. Routine erasure and blocking of personal dataThe data controller shall process and store personal data relating to the data subject only for the period of time necessary to achieve the purposes for which the data is stored, or to the extent provided for by the European guideline and regulatory body or any other legislator in laws or regulations to which the data controller is subject.

If the purpose of the storage expires or a retention period prescribed by the European directive and legislator or another competent legislator expires, the personal data shall be routinely blocked or erased pursuant to legal regulations.

7. Rights of the data subject

a)    Right of confirmation

Every data subject has the right, as granted by the European directive and legislator, to request confirmation from the data controller as to whether personal data relating to him/her is being processed. If the data subject wishes to exercise this right of confirmation, he/she may at any time contact an employee of the data controller.

b)    Right to information

Any data subject has the right, as granted by the European directive and legislator, to receive from the data controller at any time a copy of the personal data relating to him or her that is used. In addition, the European directive and legislator grants the data subject, access to the following information:

  • the purposes of processing
  • the categories of personal data processedthe recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisationsif possible, the planned duration for which the personal data shall be stored or, if this is not possible, the criteria for determining such durationthe right to correction or erasure of personal data concerning the data subject or restriction of its processing by the data controller, or a right of withdrawal from such processingthe existence of a right to lodge a complaint with a supervisory authority if the personal data is not collected from the data subject: all available information on the origin of the datathe existence of automated decision making including profiling in pursuant to Article 22 para. 1 and 4 of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effect of such processing with respect to the data subjectThe data subject also has the right to know whether personal data has been transferred to a third country or to an international organisation. In such a case, the data subject is also entitled to obtain information on the relevant guarantees in connection with the transmission.

If the data subject wishes to exercise this right to information, he/she may at any time contact an employee of the data controller.

c)    Right to correction

Any data subject has the right, as granted by the European directive and legislator, to demand the immediate correction of any inaccurate personal data concerning him or her. Furthermore and taking into account the purposes of processing, the data subject has the right to request that incomplete personal data be completed, with the inclusion of a supplementary declaration.

If the data subject wishes to exercise this right of correction, he/she may at any time contact an employee of the data controller.

d)    Right to erasure (“Right to be forgotten”)

Any data subject has the right, as granted by the European directive and legislator, to demand that the data concerning him or her be erased immediately, provided that one of the following reasons applies and insofar as the data processing is not necessary:

The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

The data subject withdraws his or her consent to the processing of personal data pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for processing.

The data subject lodges an objection against the processing of data pursuant to Article 21 para. 1 GDPR and there are no overriding legitimate reasons for processing, or the data subject lodges an objection against the processing of data pursuant to Article 21 para. 2 GDPR.

The personal data was processed illegally.

Erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States, to which the data controller is subject.

The personal data were collected in relation to the information society services offered pursuant to Art. 8 para. 1 GDPR.

If one of the above reasons is correct and a data subject wishes to arrange for the erasure of personal data held by Deutsche Werkstätten Hellerau GmbH, he/she may at any time contact an employee of the data controller. The employee of Deutsche Werkstätten Hellerau GmbH shall arrange that the erasure request be fulfilled immediately.

If personal data has been made public by Deutsche Werkstätten Hellerau GmbH and as the data controller our company is obliged to commit to the erasure of personal data pursuant to Article 17 para. 1 GDPR , then Deutsche Werkstätten Hellerau GmbH shall take the appropriate measures, including measures of a technical nature, taking into account the available technology and implementation costs, to inform other data processors who process the disclosed personal data that the person concerned has requested the erasure of their data. This includes all links to such personal data or copies or replications of such personal data from these other persons responsible for data processing, insofar as the processing is not necessary. The employee of Deutsche Werkstätten Hellerau GmbH shall make the necessary arrangements on a case by case basis.

e)    Right to restriction of processing

Any data subject has the right, as granted by the European directive and legislator, to demand that the data controller restrict the processing of such data if one of the following conditions is met:

The correctness of the personal data is refuted by the data subject for a period of time that enables the data controller to verify the correctness of the personal data.

The processing is unlawful, the data subject declines the erasure of personal data and instead demands that the use of personal data be restricted.

The data controller no longer needs the personal data for the purposes of processing, but the data subject does need them to assert, exercise or defend legal claims.

The data subject has lodged an objection to the processing of the data pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the data controller outweigh those of the data subject.

Insofar as one of the abovementioned conditions is met and a data subject wishes to request the restriction of personal data stored by Deutsche Werkstätten Hellerau GmbH, they can contact an employee of the data controller at any time. The employee of Deutsche Werkstätten Hellerau GmbH shall make arrangements for the restriction of processing.

f)     Right to data portability

Any data subject has the right, as granted by the European directive and legislator, to receive in a structured, established and machine readable format, personal data relating to him or her provided by the data subject to a data controller. In addition, the data subject has the right to transmit this data to another data controller without hindrance by the current data controller to whom the personal data has been made available, provided that the processing does not conflict with the given consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, or for a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is performed with the aid of automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the data controller.

Furthermore, the data subject has the right to transfer data pursuant to Article 20 para. 1 GDPR, he or she has the right to demand that the personal data be transmitted directly by a data controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons.

To assert the right of data portability, the data subject may at any time contact an employee of Deutsche Werkstätten Hellerau GmbH.

g)    Right to object

Any data subject has the right, as granted by the European directive and legislator, for reasons arising from his or her particular situation, to object at any time to the processing of personal data relating to him or her, as provided for in Article 6 para. 1 lit. e) or f) GDPR. This also applies to profiling based on these clauses.

Deutsche Werkstätten Hellerau GmbH shall no longer process personal data unless we can prove compelling reasons of security for such processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If Deutsche Werkstätten Hellerau GmbH processes personal data to carry out direct advertising, then the data subject has at any time the right to object to the processing of personal data for the purpose of such direct advertising. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the processing of data for direct advertising purposes by Deutsche Werkstätten Hellerau GmbH, then Deutsche Werkstätten Hellerau GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from his or her particular situation, to oppose the processing of personal data concerning him or her that is processed by Deutsche Werkstätten Hellerau GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless such processing is necessary for the fulfilment of a task in the public interest.

In order to exercise the right to object, the data subject can directly contact any employee of Deutsche Werkstätten Hellerau GmbH or another employee. The data subject is also free to exercise his or her right to object to the use of the data for services provided by information societies, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h)    Automated individual decision-making including profiling

Any data subject has the right, as granted by the European guideline and regulatory body, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him or her, or substantially impairs him or her in a similar manner where the decision, (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is admissible under the laws of the Union or of the Member States to which the data controller is subject and where such laws contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (3) is made with the express consent of the data subject.

If the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is made with the express consent of the data subject, then Deutsche Werkstätten Hellerau GmbH will take the appropriate measures to protect the rights and freedoms, as well as, the legitimate interests of the data subject, including at least the right to have a person intervene by the data controller, to explain their own position and to challenge the decision.

Should the data subject wish to assert his or her rights with regard to automated decision making, then he or she may at any time contact an employee of the data controller.

i)      Right to revoke consent under data protection law

Any data subject has the right, as granted by the European directive and legislator, to withdraw consent to the processing of personal data at any time.

Should the data subject wish to assert his or her right to right to revoke their consent, then he or she may at any time contact an employee of the data controller.

8. Data protection in applications and in the application process

The data controller collects or processes the personal data of applicants for the purpose of processing the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents by electronic means, for example by email, or via a web form on the website, to the data controller. If the data controller concludes a contract of employment with an applicant, the data transmitted shall be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the data controller, the application documents shall be automatically erased two months after the announcement of the rejection decision, unless erasure precludes other legitimate interests of the data controller. Further legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act.

9. Legal basis of data processing

Art. 6 para. lit. a of the GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations necessary for the supply of goods or to provide any other service, the processing is based on Article 6 para. 1 lit. b of the GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Article 6 para. 1 lit. c of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured at our company premises and his or her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 para. 1 lit. d of the GDPR. Finally, processing operations could be based on Article 6 para.1 lit. f of the GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. It considers that a legitimate interest could be assumed if the data subject is a client of the data controller (Recital 47 Sentence 2 GDPR).

10. Legitimate interests pursued by the data controller or by a third party

Where the processing of personal data is based on Article 6 para.1 lit. f of the GDPR, our legitimate interest is to carry out our business in favour of the well being of all our employees and the shareholders.

11. Period for which the personal data shall be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data shall be routinely erased, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

12. Provision of personal data as statutory or contractual requirement; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary in order to conclude a contract that the data subject provide us with personal data, which must subsequently be processed by us. The data subject is, for example, obligated to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data are provided by the data subject, the data subject must contact any employee. The employee shall clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

13. Existence of automated decision making

As a responsible company, we do not use automatic decision making or profiling.

Diese Datenschutzerklärung wurde durch den Datenschutzerklärungs-Generator von den <a href="https://dg-datenschutz.de/">datenschutz europa</a> in Kooperation mit der RC GmbH, die <a href="http://remarketing.company/">gebrauchte Notebooks</a> wiederverwertet und den <a href="https://www.wbs-law.de/abmahnung-filesharing/">Filesharing Rechtsanwälten</a> von WBS-LAW erstellt.