1. Name and contact details of the Controller as well as the Company Data Protection Officer
The following information regarding data protection is applicable for the processing of data by:
LECO-Werke Lechtreck GmbH & Co. KG
Telefon: +49 (0)2572 / 207-0
The Company Data Protection Officer is contactable at the aforementioned address, FAO Mr. Marcus Friedenberger, or datenschutz(a)leco-werke.de.
2. Collection and storage of personal data, as well as nature and purpose of use
Art. 6 (1) p. 1, point (a) GDPR shall always be the legal basis for processing operations for which we obtain consent for a specific processing purpose. So long as the processing of personal data is necessary for the performance of a contract (sending of goods, performance of services) to which you are a contractual party, the processing shall be based on Art. 6 (1) p. 1 point (b) GDPR. The existing legal basis is also applicable for the implementation of contractual measures (e.g. enquiries regarding our products or services).
Should our company be subject to a legal (statutory) obligation through which the processing of personal data is required and which is based on European Union law or the law of a Member State to which we are subjected, the processing shall be based on Art. 6 (1) p. 1 point (c) GDPR. Furthermore, the processing can be based on Art. 6 (1) p. 1 point (d) GDPR where the vital interests are affected (danger to life and/or catastrophes). A further the legal basis for processing personal data is Art. 6 (1) p. 1 point (f) GDPR. In this case, we will inform you separately of our legitimate interest pursuant to Art. 6 (1) p. 1 point (f) GDPR.
A) Visiting our website
When accessing our website, your browser automatically sends information to our website’s server,
which is temporarily stored in a so-called log file. This includes the following
• IP address of the requesting computer,
• date and time of access,
• name and URL of requested file,
• website from which access occurred (referrer URL),
• browser used and, where applicable, operating system of the computer as well as name of the access provider.
It is saved until automatic deletion after seven days. We process this data
for the following purposes:
• safeguarding a smooth connection establishment to the website,
• safeguarding comfortable use of our website,
• analysis of system security and stability, as well as
• for further administrative purposes.
Data processing carried out by us shall be pursuant to Art. 6 (1) p. 1 point (f) GDPR as a legal basis. The purposes listed above for data collection justify our legitimate interest. We do not draw conclusions about you as a person from the data collected.
B) Contact form
A contact form can be found on our website, which you can use to ask questions of any kind. This type of data processing occurs according to Art. 6 (1) p. 1 point (a) GDPR with your voluntary consent. So that we know who the sender of the enquiry is and are able to answer it, a valid email address is required. All further information is voluntary.
We automatically delete all personal data collected through the use of the contact form as soon as your enquiry has been completed.
C) Retailer area
On our website we have a retailer area. This is only accessible through a user registration with a customer number and a password. This type of data processing occurs pursuant to Art. 6 (1) p. 1 point (a) GDPR with your voluntary consent, which is provided when you register as a customer and receive the access data from us. It is not possible to access this area without the disclosure of a customer number and password.
We automatically delete all personal data collected through the user registration as soon as you are no longer listed as a customer.
D) Business processing
If you conclude a contract with us, data processing occurs pursuant to Art. 6 (1) p. 1 point (b) GDPR. We also have legitimate interest in a credit assessment according to Art. 6 (1) p. 1 point (f) GDPR. The data provided by you within the scope of the conclusion of contract, in particular: name, address and email address; are required for fulfilment and execution of the contract. The contract cannot be carried out without them. Hereupon you are expressly referred to Art. 13 (2) point (e) GDPR. The data is also transferred to third parties (fig. 3) where it is compellingly required (e.g. shipping providers).
All data for the conclusion of contract is saved until the end of the limitation period. The data is, at the most, saved until expiration of the legal retention period (e.g. commercial and tax law retention periods). Should this no longer be required beforehand for the aforementioned purposes, it will be swiftly deleted.
3. Data portability
Your personal data will fundamentally not be transferred to third parties. Transference only occurs
in the following instances:
• you have provided express consent in accordance with Art. 6 (1) p. 1 point (a) GDPR for the transfer to third parties;
• according to Art. 6 (1) p. 1 point (f) GDPR, the transfer is required for the safeguarding of our legitimate interests or that of a third party, in particular for establishment, exercising or defence of legal claims, and where you do not have an overriding legitimate interest in the non-disclosure of your data;
• there is a legal obligation pursuant to Art. 6 (1) p. 1 point (c) GDPR;
• the data is transferred with you for the development of contractual relationships pursuant to Art. 6 (1) p. 1 point (b) GDPR. A transfer of your personal data to third parties exclusively occurs to the participating service provider partners within the scope of the contract execution, for example, to the commissioned logistics company for delivery, to the commissioned financial institution for payment matters or service provider responsible for merchandise management and bookkeeping, provided that this is compellingly required for the contract fulfilment and execution. In the event that there is a transfer of data to a third party, the scope of transferred data will be restricted to the required minimum within the framework of contract execution.
The data processed through cookies is required for the named purposes and serves to safeguard our legitimate interests as well as those of third parties according to art. 6, para. 1, page 1, lit. f GDPR.
As the affected person, you can prevent the implementation of cookies by the website at any time through a corresponding settings of your internet browser and thereby permanently object the implementation of cookies. Cookies that have already been implemented can be deleted at any time through the internet browser or another software program. We would like to advise that the deactivation of implementation of cookies can, where applicable, lead to the loss of use of functions of our website.
5. Data subject rights
Through the new General Data Protection Regulation, your rights have been significantly extended. They are listed in the following and explained in short under the legal basis.
• Right of access, Art. 15 GDPR: You reserve the right to obtain access to the personal data processed by us. Included herein, for example, is information about the purposes of processing, the categories of personal data, the categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for storage, the existence of the right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your information where the personal data has not been collected by us, as well as the existence of automated decision-making, including profiling and, where applicable, meaningful information about their details;
• Right to rectification, Art. 16 GDPR: You shall have the right to obtain, without undue delay, the rectification of inaccurate or incomplete personal data stored by us;
• Right to erasure (“right to be forgotten”), Art. 17 GDPR: You shall have the right to obtain the erasure of personal data from us where the processing is not required for exercising the right of freedom of expression and information, for fulfilment of a legal obligation in the public interest or for establishment, exercising or defence of legal claims;
• Right to restriction of processing, Art. 18 GDPR: You shall have the right to restrict the processing of your personal data. The prerequisite is that the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure of the personal data and we no longer require the data, however you require it for the establishment, exercising or defence of legal claims or you have objected (fig. 6) to processing pursuant to Art. 21 GDPR;
• Right to data portability, Art. 20 GDPR: You shall have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format or to have it transmitted to another controller;
• Withdrawal of consent, Art. 7, para. 3 GDPR: You shall have the right to withdraw your consent at any time. As a result, we will in future no longer be able to continue processing the data that was subject to this consent. The lawfulness of processing based on consent before its withdrawal shall not be affected by the withdrawal of consent;
• Right to lodge a complaint, Art. 77 GDPR: You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infringes on this Regulation. You can generally do this at the supervisory authority of your habitual residence or place of work or our headquarters.
6. Right to object
You are also able to exercise your right to object pursuant to Art. 21 GDPR. This is applicable to the processing of your personal data, which is based on the legitimate interests pursuant to Art. 6 (1) p. 1, point e or f GDPR and insofar as there are grounds for an objection to the processing that are a result of your particular situation. Where the objection is to direct marketing, you have an unrestricted right to object, even without the provision of a particular situation.
You right to object and your further rights can be exercised by email: firstname.lastname@example.org and email@example.com.
7. Data security
For our website, we use the widespread SSL procedure (Secure Socket Layer) in connection with the respective highest level of encryption, which is supported by your browser. Generally, this is a 256-Bit encryption. In the event that your browser does not support a 256-Bit encryption, we will rely upon 128-Bit v3 technology. You can see whether an individual page of our website is being transmitted in encrypted form from the locked presentation of the key, more specifically the padlock symbol in the lower status bar of your browser.
And it is important to protect your data. We therefore take suitable technical and organisational security measures to protect your data against incidental or intentional manipulations, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved according to the technological development.
8. Existence of automated decision-making
Automated decision-making or profiling does not occur.
Current status: 18 May 2018