The use of IBG Monforts GmbH & Co.’s website is generally possible without providing personal data.
The processing of personal data, for example a data subject’s address, email address or telephone number, is always carried out in accordance with the General Data Protection Regulation and in agreement with the country-specific data protection regulations which apply to IBG Monforts GmbH & Co. (especially BDSG (the Federal Data Protection Act)).
1. Definition of terms
2. Controller responsible for processing
IBG Monforts Oekotec GmbH & Co. KG Hanns-Martin-Schleyer-Straße 2 41199 Mönchengladbach Germany
Managing director: Mr Christian Monforts von Hobe Tel.: +49 2166 8682-45 E-mail: email@example.com
4. Collection of data and information (logfiles)
IBG Monforts GmbH & Co.’s website collects general data and information whenever a particular person accesses the website. This data is stored in the server’s logfiles. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the ‘referrer’), (4) the sub-pages which are controlled on our website via an accessing system, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the accessing system’s internet service provider and (8) other similar data and information which serves to reduce risk in the event of attacks on our IT systems. IBG Monforts GmbH & Co. does not draw any conclusions about the data subject when using this general data and information. The legal basis for this data processing is Article 6(1)(f) GDPR (controller’s legitimate interest). This information is required so that we can: (1) correctly display the content of the website, (2) optimise the content of the website and advertising for it, (3) guarantee the long-term functionality of the IT systems and technology relating to the website, and (4) provide the information necessary for prosecution to the relevant authorities in the event of a cyberattack or other crimes. These reasons also represent the legitimate interest in this data processing according to Article 6(1)(f) GDPR. The anonymous data from the server logfiles will be stored separately from all personal data provided by a data subject.
5. Google Analytics
7. GA Audiences
8. Hosting of the website
This website is hosted by the company 1&1. All data provided is therefore collected on this provider’s servers. The provider does not, however, access the data. We have concluded an order data processing contract with this company. The legal basis for this data processing is Article 6(1)(f) GDPR (controller’s legitimate interest).
9. Option to contact via the website
We provide a contact form and email address on this site so you can contact us simply. Where a data subject contacts us by email or via the contact form, the following data must be provided in the entry form and is automatically stored after the form is submitted:
- Email address or phone number
- First name, surname
- Reason for the query
- Company name
- Attachments relating to the requested project (optional)
The legal basis for processing the data which is transferred in the course of using the contact form or sending an email is Article 6(1)(f) GDPR. If the email contact is intended to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. The processing of personal data from the entry form serves only for us to process the data subject’s contact. The following data on the data subject is automatically saved during the submission process:
- IP address
- Date and time of login
This data serves to prevent misuse of the contact form, and to ensure the security of our IT systems. The legal basis for this data processing is Article 6(1)(f) GDPR (controller’s legitimate interest). This data will not be passed on to third parties.
10. Routine erasure and blocking of personal data
The data subject’s personal data is only stored for the period required to achieve the storage purpose, or as long as storage is legally mandated. If the storage purpose is eliminated or a legally mandated storage period expires, the personal data will be routinely blocked or erased according to the legal requirements.
11. The data subject’s rights
a) right to confirmation All data subjects have the right to request information as to whether their personal data is being processed. b) right to information (Article 15 GDPR) All data subjects have the right to receive free information regarding the personal data being stored regarding their person, and to receive a copy of this information. c) right to rectification (Article 16 GDPR) The data subject has the right to demand that the controller immediately rectify incorrect personal data. d) right to erasure (right to be forgotten) (Article 17 GDPR) All data subjects have the right to demand that their personal data be erased immediately, providing one of the legally mandated reasons applies and the processing is not necessary. e) right to restrict processing (Article 18 GDPR) All data subjects have the right to demand that processing be restricted, providing one of the legally mandated reasons applies. f) Right to data portability Article 20 GDPR All data subjects have the right to receive the personal data which they provided to a controller in a structured, common and machine-readable format, and to transfer this data to another controller without hindrance, where the processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or another contract according to Article 6(1)(b) GDPR and the processing is being carried out using automated processes, as long as the processing is not necessary for a task to be carried out which is in the public interest or in the exercise of official authority vested in the controller. The data subject also has the right when exercising their right to data portability according to Article 20(1) GDPR to have their personal data transferred directly from one controller to another, where this is technically feasible and this does not affect other persons’ rights and freedoms. g) right to cancel consent under data protection law according to Article 13 GDPR All data subjects have the right to cancel consent to processing of personal data at any time, if the processing is based on Article 6(1)(a) or Article 9(2)(a), without this affecting the legality of the processing carried out based on their consent until it was cancelled. _____________________________________________
h) right to object Article 21 GDPRAll data
subjects have the right to object to the processing of their personal data based on Article 6(1)(e) or (f) GDPR for reasons resulting from their particular situation. This also applies to profiling based on these provisions.
If personal data is processed in order to operate direct marketing, the data subject has the right to object to the processing of their personal data for the purpose of such marketing; this also applies to profiling where it is connected to direct marketing.
12. Right to lodge a complaint with the responsible supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the responsible supervisory authority. This is the state data protection officer of the state where the company has its registered office. You can find a list of data protection officers here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.