1) General Notes
We, the operators of this website, take the protection of your personal data very seriously. We treat your personal data confidentially in accordance with legal data protection regulations and this data policy.
Fundamentally, our website can be used without providing any personal data.
However, processing of personal data may be required insofar as the data subject would like to take advantage of special services provided by our company via our website.
We do not forward your data to any third parties if we have not received consent from you.
2) Who’s responsible for processing your data?
The controller, as the term is used in the General Data Protection Regulation, other data protection laws which are valid in the member countries of the European Union and further regulations which deal with data protection law, can be found in the imprint of this website.
3) Who can you contact with questions and suggestions regarding data protection?
Any data subject can directly contact the controller (see above) with any questions and suggestions regarding data protection.
4) What are your rights?
a) Your Rights with Regard to Processing
You can exercise the following rights at any time:
• Right to confirmation and information (article 15 of the GDPR)
• Right to rectification (article 16 of the GDPR)
• Right to erasure (right to be forgotten) (article 17 of the GDPR)
• Right to restriction of processing (article 18 of the GDPR)
• Right to data portability (article 20 of the GDPR)
• Right to object (article 21 of the GDPR)
• Right to withdraw a data protection consent (article 7, section 3 of the DSGVO)
• Automated individual decision-making, including profiling (article 22 of the GDPR)
Simply contact the responsible body listed in the imprint in order to exercise these rights, or if you have any questions.
b) Right to lodge a complaint
Beyond this, you can also lodge a complaint with the above named data protection officer or a regulatory agency (article 77 of the GDPR). A list of German regulatory agencies can be accessed by clicking this link.
5) Which cookies do we use and which of your attributes do we collect and save?
We use cookies in order to make user-friendly services available to the users of this website, which would not be possible without cookies.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved to your computer or a message always appears before a new cookie is accepted. If you fully deactivate cookies, you might not be able to use all of the functions provided by our website.
We also collect data concerning visits to our website and save this data in server log-files. The following data are documented in this way:
• Visited website
• Time of day that access occurred
• Volume of transmitted data in bytes
• Source/link from which you access the website
• Utilized browser
• Utilized operating system
• Utilized IP address (if applicable in anonymized form)
Collected data are used exclusively for the purpose of statistical analysis and in order to improve the website. Nevertheless, we reserve the right to examine server log-files subsequently in the event that concrete indication of illegal use should arise.
6) Which data collection and data processing tools do we use?
a) Marketing and Comfort Tools
• Google Web Fonts
In order to provide you with a uniform experience on a variety of platforms, we use the Web Fonts service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google saves the following data when our website is accessed:
• Operating system
• Server time
• Approximate location of the user
• Utilized browser
Google Web Fonts is used in the interest of a uniform, appealing display of our online offerings. This is a legitimate interest in the spirit of article 6, section 1, paragraph f of the GDPR.
• Data Protection Agreements
We comply with all legal regulations concerning data protection in our dealings with all of our service providers and have entered into corresponding agreements with them (e.g. order processing agreements).
• Matomo/Piwik
In accordance with article 6, section 1, paragraph f of the GDPR, data are collected and saved on this website through the use of Matomo web analytics software (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (”Matomo”), on the basis of our legitimate interest in analysis of user behavior for the purpose of optimization and marketing. Pseudonymized usage profiles can also be generated from this data of and evaluated for the same purpose. Cookies may be used to this end. Amongst other functions, cookies make it possible to recognize the utilized Internet browser. Data collected with the help of Matomo technology (including your pseudonymized IP address) are processed on our servers.
The information generated by the cookie in the pseudonymized user profile is not used to personally identify visitors to this website and is not combined with the personal data of the bearer of the pseudonym.
If you do not agree to the storage and evaluation of the data generated during your visit to the website, you can object to storage and use by clicking the following link. In this case a so-called opt-out cookie is saved to your browser, after which Matomo no longer collects any session data. Please note that complete deletion of all of your cookies results in deletion of the opt-out cookie as well, which you may then have to reactivate.
• YouTube
Our website uses plug-ins from the “YouTube” service offered by Google. The operator of this service is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
If you visit one of our pages which includes a YouTube plug-in, a connection is established to the servers operated by YouTube. In this case, the YouTube server is informed which of our pages you have visited.
If you’re logged into your YouTube account, this makes it possible for YouTube and Google to allocate your web surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing display of our online offerings. This is a legitimate interest in the spirit of article 6, section 1, paragraph f of the GDPR.
Further information concerning the handling of user data can be found in the privacy policy issued by YouTube: https://policies.google.com/privacy?hl=en&gl=en.
b) Forms and Online Registration Processes
• Registering with Our Website
You can register with our website in order to make use of additional functions and services. We only use the data entered to this end for the purpose of providing the respective offering or service for which you have registered. The mandatory registration entries must be completed in full. We are otherwise required to refuse registration.
In the event of important changes, for example concerning the scope of offerings, or in the case of modifications required for technical reasons, we use the e-mail address provided by you during registration to inform you of such changes.
We store data collected during registration for as long as you are registered for these functions and services.
7) Online Shop
In order to be able to provide you with a shop on our website, we use WooCommerce software from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. You can find out how WooCommerce handles data by clicking the following link:
https://docs.woocommerce.com/document/marketplace-privacy/.
a) Data Processing (customer and contract data)
We only collect, process and use personal data to the extent that they are necessary for the establishment, formulation or alteration of a legal relationship (existing database). These operations are conducted on the basis of article 6, section 1, paragraph b of the GDPR which permits the processing of data for the fulfillment of a contract or for taking steps required prior to entering into a contract. We only collect, process and use personal data concerning the use our website (usage data) insofar as this is necessary in order to make it possible for the user to take advantage of the service or for us to bill it to him.
Collected customer data are deleted after the contract has been completed or the business relationship has been ended. Legally specified periods of retention are unaffected by this provision.
b) Data Transmission upon Conclusion of Contracts for Online Shops, Distributors and Shipment of Goods
We only transmit personal data to third parties if this is necessary within the framework of order processing, for example to a freight forwarder who has been commissioned to ship the goods or to the credit institute which has been commissioned to process payment. No data transmission takes place beyond the limits described above without your explicit consent. Your data will not be forwarded to any third parties, e.g. for the purpose of advertising, without your explicit consent.
Data processing is conducted on the basis of article 6, section 1, paragraph b of the GDPR which permits the processing of data for the fulfillment of a contract or for taking the steps required prior to entering into a contract.
8) How do we secure your date?
This website uses SSL or TSL encryption for security purposes and in order to protect the transmission of confidential content, for example RFQs which you have sent to us as operators of the website. A secure connection can be recognized by the fact that the address line in the browser changes from “http://” to “https://” and the padlock symbol appears in your browser line. When SSL or TSL encryption is activated, the data you transfer to us cannot be read by any third parties.
9) Further Information on the Handling of Personal Data
a) How do we handle data from interested parties and customers?
Click here to find out how we handle data from interested parties and customers.
b) How do we handle data from applicants?
Click here to find out how we handle data from applicants.
c) Profiling and Automated Decisions
We don’t use any entirely automated processing procedures in order to make decisions.
10) Terminology
Our data policy is based on the terminology used by the European directive and regulatory body for the enactment of the General Data Protection Regulation (GDPR). Our data policy is meant to be easily readable and understandable for the general public, as well as for our customers and business partners. In order to assure that this is the case, we would like to explain the utilized terminology in advance.
Amongst others, we use the following terms in this data policy:
a) Personal Data
Personal data includes all information which makes reference to an identified or an identifiable natural person (hereinafter referred to as “data subject”). A natural person is deemed identifiable if he or she can be identified, either directly or indirectly, in particular by means of assignment to an identifier such as a name, an ID number, location data, an online username or one or more special characteristics which represent the expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of such natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
c) Processing
Processing is any operation or sequence of operations conducted with or without the help of automated procedures involving personal data such as collection, entry, organization, sorting, storage, adaptation or editing, read-out, retrieval, usage, disclosure by means of transmission, distribution or any other form of making available, reconciliation or linking, restriction, deletion or destruction.
d) Restriction of Processing
Restriction of processing is the identification of stored personal data for the purpose of restricting its future processing.
e) Profiling
Profiling is any type of automated processing of personal data which involves the use of such data in order to evaluate certain personal aspects of a natural person, in particular in order to analyze or predict aspects with regard to work performance, financial status, health, personal preferences, interests, reliability, behavior, whereabouts or changes in the whereabouts of such natural person.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be traced back to a specific data subject without the help of additional information, insofar as this additional information is stored separately and subject to technical and organizational measures which ensure that the personal data cannot be traced back to an identified or identifiable natural person.
g) Controller or Controller Responsible for Processing
The controller or the controller responsible for processing is the natural person or legal entity, public authority, institution or other body which, either alone or together with others, makes decisions regarding the purposes and means of processing personal data. If the purposes and means of this processing are specified by EU law or the laws of the member countries, the controller or the specific criteria for his appointment may be subject to EU law or the laws of the member countries.
h) Processor
A processor is a natural person or legal entity, public authority, institution or other body which processes personal data on behalf of the controller.
i) Receiver
A receiver is a natural person or legal entity, public authority, institution or other body to whom data is disclosed, regardless of whether or not a third party is involved. However, public authorities which receive conceivably personal data within the framework of a specific investigation mandate in accordance with EU law or the laws of the member countries are not deemed receivers.
j) 3rd Party
A 3rd party is a natural person, legal entity, public authority, institution or other body to the exclusion of the data subject, the controller, the processor and persons who, under the direct responsibility of the controller or the processor, are authorized to process personal data.
k) Consent
Consent is any unmistakable declaration of intent provided voluntarily by the data subject in an informed manner for the specific case in the form of a statement or other unequivocally confirmed act with which the data subject indicates that he or she agrees to processing of his or her own personal data.
l) Cookie
Cookies are text files which are transmitted to and saved on a computer system via an Internet browser.
m) Pixel
Pixels are graphics with a size of 1 x 1 pixel which are automatically loaded when a website or an HTML e-mail is accessed, and which make it possible to track user behavior.
11) Updating of and Amendments to this Data Policy
This data policy is currently valid and has a revision level of May 2018.
Further development of our website and offerings beyond this revision level, or changing legal or official requirements, may make it necessary to amend this data policy.
1) General Notes
We, the operators of this website, take the protection of your personal data very seriously. We treat your personal data confidentially in accordance with legal data protection regulations and this data policy.
Fundamentally, our website can be used without providing any personal data.
However, processing of personal data may be required insofar as the data subject would like to take advantage of special services provided by our company via our website.
We do not forward your data to any third parties if we have not received consent from you.
2) Who’s responsible for processing your data?
The controller, as the term is used in the General Data Protection Regulation, other data protection laws which are valid in the member countries of the European Union and further regulations which deal with data protection law, can be found in the imprint of this website.
3) Who can you contact with questions and suggestions regarding data protection?
Any data subject can directly contact the controller (see above) with any questions and suggestions regarding data protection.
4) What are your rights?
a) Your Rights with Regard to Processing
You can exercise the following rights at any time:
• Right to confirmation and information (article 15 of the GDPR)
• Right to rectification (article 16 of the GDPR)
• Right to erasure (right to be forgotten) (article 17 of the GDPR)
• Right to restriction of processing (article 18 of the GDPR)
• Right to data portability (article 20 of the GDPR)
• Right to object (article 21 of the GDPR)
• Right to withdraw a data protection consent (article 7, section 3 of the DSGVO)
• Automated individual decision-making, including profiling (article 22 of the GDPR)
Simply contact the responsible body listed in the imprint in order to exercise these rights, or if you have any questions.
b) Right to lodge a complaint
Beyond this, you can also lodge a complaint with the above named data protection officer or a regulatory agency (article 77 of the GDPR). A list of German regulatory agencies can be accessed by clicking this link.
5) Which cookies do we use and which of your attributes do we collect and save?
We use cookies in order to make user-friendly services available to the users of this website, which would not be possible without cookies.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved to your computer or a message always appears before a new cookie is accepted. If you fully deactivate cookies, you might not be able to use all of the functions provided by our website.
We also collect data concerning visits to our website and save this data in server log-files. The following data are documented in this way:
• Visited website
• Time of day that access occurred
• Volume of transmitted data in bytes
• Source/link from which you access the website
• Utilized browser
• Utilized operating system
• Utilized IP address (if applicable in anonymized form)
Collected data are used exclusively for the purpose of statistical analysis and in order to improve the website. Nevertheless, we reserve the right to examine server log-files subsequently in the event that concrete indication of illegal use should arise.
6) Which data collection and data processing tools do we you?
a) Marketing and Comfort Tools
• Google Analytics
This website makes use of functions provided by Google Analytics web analysis services. The service provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses cookies for the purpose of analysis. Google Analytics only transmits an anonymized version of your IP address to this end.
The purpose of Google Analytics components is to analyze the flow of visitors to our website. We use this information to optimize our website and arrange it in accordance with actual needs. Google uses collected data and information in order to, amongst other things, evaluate use of our website for the purpose of compiling online reports for us which illustrate activity on our website, and to provide other services associated with the use of our website.
You can prevent cookies from being saved to your computer by appropriately configuring the settings in your browser software, but we make reference to the fact that in this case you might not be able to take advantage of all of the functions offered by this website to their fullest extent. Furthermore, you can also prevent the transmission of data generated by cookies concerning your use of the website (including your IP address) to Google, as well as processing of this data by Google, by downloading and installing the browser plug-in which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
In addition to this, you can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie is then saved to your computer which prevents the collection of your data when you visit this website in the future: Deactivate Google Analytics. Further information concerning the handling of user data by Google Analytics can be found in the privacy policy issued by Google: https://support.google.com/analytics/answer/6004245?hl=en.
• Google Web Fonts
In order to provide you with a uniform experience on a variety of platforms, we use the Web Fonts service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google saves the following data when our website is accessed:
• Operating system
• Server time
• Approximate location of the user
• Utilized browser
Google Web Fonts is used in the interest of a uniform, appealing display of our online offerings. This is a legitimate interest in the spirit of article 6, section 1, paragraph f of the GDPR.
• Data Protection Agreements
We comply with all legal regulations concerning data protection in our dealings with all of our service providers and have entered into corresponding agreements with them (e.g. order processing agreements).
b) Forms and Online Registration Processes
• Newsletter
Our website provides you with the opportunity of subscribing to our company’s newsletter. This process is implemented by means of the Evalanche tool. The personal data which is transmitted to the controller responsible for processing when ordering the newsletter is determined by the input mask used for this purpose.
We inform our customers and business partners about our company’s offerings at regular intervals. You can only receive our company newsletter if you (1) have a valid e-mail address and (2) have registered as a newsletter recipient. For legal reasons, a confirmation e-mail is sent to the e-mail address which you initially entered for the purpose of receiving the newsletter, thus resulting in a double opt-in process. This confirmation e-mail is used to determine whether or not the owner of the e-mail address, as the data subject, has authorized receipt of the newsletter.
We keep your data in storage even after you have unsubscribed from the e-mail service, unless you request deletion. Deletion can be requested by sending an e-mail to the responsible body.
• Registering with Our Website
You can register with our website in order to make use of additional functions and services. We only use the data entered to this end for the purpose of providing the respective offering or service for which you have registered. The mandatory registration entries must be completed in full. We are otherwise required to refuse registration.
In the event of important changes, for example concerning the scope of offerings, or in the case of modifications required for technical reasons, we use the e-mail address provided by you during registration to inform you of such changes.
We store data collected during registration for as long as you are registered for these functions and services.
• Contact Form
When you send us an enquiry by means of our contact form, we save the entries you have made to the contact form, including your contact data, in order to process your enquiry and for the purpose of any follow-up questions. We do not forward these data to any third parties without your consent.
Data entered to the contact form is thus processed on the basis of steps which need to be taken prior to entering into a contract (article 6, section 1, paragraph b of the GDPR) and the legitimate interest (article 6, section 1, paragraph f) of being able to respond to your inquiry.
We keep the data entered by you to the contact form until you request deletion, or until the purpose served by data storage is no longer applicable (e.g. after processing of your inquiry has been completed). Compulsory legal regulations – in particular specified periods of retention – are unaffected by this provision.
7) Online Shop
In order to be able to provide you with a shop on our website, we use WooCommerce software from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. You can find out how WooCommerce handles data by clicking the following link:
https://docs.woocommerce.com/document/marketplace-privacy/.
a) Data Processing (customer and contract data)
We only collect, process and use personal data to the extent that they are necessary for the establishment, formulation or alteration of a legal relationship (existing database). These operations are conducted on the basis of article 6, section 1, paragraph b of the GDPR which permits the processing of data for the fulfillment of a contract or for taking steps required prior to entering into a contract. We only collect, process and use personal data concerning the use our website (usage data) insofar as this is necessary in order to make it possible for the user to take advantage of the service or for us to bill it to him.
Collected customer data are deleted after the contract has been completed or the business relationship has been ended. Legally specified periods of retention are unaffected by this provision.
b) Data Transmission upon Conclusion of Contracts for Online Shops, Distributors and Shipment of Goods
We only transmit personal data to third parties if this is necessary within the framework of order processing, for example to a freight forwarder who has been commissioned to ship the goods or to the credit institute which has been commissioned to process payment. No data transmission takes place beyond the limits described above without your explicit consent. Your data will not be forwarded to any third parties, e.g. for the purpose of advertising, without your explicit consent.
Data processing is conducted on the basis of article 6, section 1, paragraph b of the GDPR which permits the processing of data for the fulfillment of a contract or for taking the steps required prior to entering into a contract.
8) How do we secure your date?
This website uses SSL or TSL encryption for security purposes and in order to protect the transmission of confidential content, for example RFQs which you have sent to us as operators of the website. A secure connection can be recognized by the fact that the address line in the browser changes from “http://” to “https://” and the padlock symbol appears in your browser line. When SSL or TSL encryption is activated, the data you transfer to us cannot be read by any third parties.
9) Further Information on the Handling of Personal Data
a) How do we handle data from interested parties and customers?
Click here to find out how we handle data from interested parties and customers.
b) How do we handle data from applicants?
Click here to find out how we handle data from applicants.
c) Profiling and Automated Decisions
We don’t use any entirely automated processing procedures in order to make decisions.
10) Terminology
Our data policy is based on the terminology used by the European directive and regulatory body for the enactment of the General Data Protection Regulation (GDPR). Our data policy is meant to be easily readable and understandable for the general public, as well as for our customers and business partners. In order to assure that this is the case, we would like to explain the utilized terminology in advance.
Amongst others, we use the following terms in this data policy:
a) Personal Data
Personal data includes all information which makes reference to an identified or an identifiable natural person (hereinafter referred to as “data subject”). A natural person is deemed identifiable if he or she can be identified, either directly or indirectly, in particular by means of assignment to an identifier such as a name, an ID number, location data, an online username or one or more special characteristics which represent the expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of such natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
c) Processing
Processing is any operation or sequence of operations conducted with or without the help of automated procedures involving personal data such as collection, entry, organization, sorting, storage, adaptation or editing, read-out, retrieval, usage, disclosure by means of transmission, distribution or any other form of making available, reconciliation or linking, restriction, deletion or destruction.
d) Restriction of Processing
Restriction of processing is the identification of stored personal data for the purpose of restricting its future processing.
e) Profiling
Profiling is any type of automated processing of personal data which involves the use of such data in order to evaluate certain personal aspects of a natural person, in particular in order to analyze or predict aspects with regard to work performance, financial status, health, personal preferences, interests, reliability, behavior, whereabouts or changes in the whereabouts of such natural person.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be traced back to a specific data subject without the help of additional information, insofar as this additional information is stored separately and subject to technical and organizational measures which ensure that the personal data cannot be traced back to an identified or identifiable natural person.
g) Controller or Controller Responsible for Processing
The controller or the controller responsible for processing is the natural person or legal entity, public authority, institution or other body which, either alone or together with others, makes decisions regarding the purposes and means of processing personal data. If the purposes and means of this processing are specified by EU law or the laws of the member countries, the controller or the specific criteria for his appointment may be subject to EU law or the laws of the member countries.
h) Processor
A processor is a natural person or legal entity, public authority, institution or other body which processes personal data on behalf of the controller.
i) Receiver
A receiver is a natural person or legal entity, public authority, institution or other body to whom data is disclosed, regardless of whether or not a third party is involved. However, public authorities which receive conceivably personal data within the framework of a specific investigation mandate in accordance with EU law or the laws of the member countries are not deemed receivers.
j) 3rd Party
A 3rd party is a natural person, legal entity, public authority, institution or other body to the exclusion of the data subject, the controller, the processor and persons who, under the direct responsibility of the controller or the processor, are authorized to process personal data.
k) Consent
Consent is any unmistakable declaration of intent provided voluntarily by the data subject in an informed manner for the specific case in the form of a statement or other unequivocally confirmed act with which the data subject indicates that he or she agrees to processing of his or her own personal data.
l) Cookie
Cookies are text files which are transmitted to and saved on a computer system via an Internet browser.
m) Pixel
Pixels are graphics with a size of 1 x 1 pixel which are automatically loaded when a website or an HTML e-mail is accessed, and which make it possible to track user behavior.
11) Updating of and Amendments to this Data Policy
This data policy is currently valid and has a revision level of May 2018.
Further development of our website and offerings beyond this revision level, or changing legal or official requirements, may make it necessary to amend this data policy.
GOSSEN Foto- und Lichtmesstechnik GmbH . Lina-Ammon-Str. 22 . 90471 Nürnberg
T +49 911 800621 0 . F +49 911 800621 29 . info@gossen-photo.de