Data Protection

Data Protection Policy According to the General Data Protection Regulation (GDPR)

I. Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

grindaix GmbH
Marie-Curie-Str. 8
50170 Kerpen
Germany
Tel.: +49 2273-95373 0
Email: info@grindaix.de
Website: www.grindaix.de

II. Provision of the website and generation of logfiles

1. Description and scope of data processing

Every time our Internet page is called up, our system automatically records data and information from the computer system of the calling computer. The following data is collected:
• Information on the browser type and the version used
• The operating system of the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the system of the user reaches our Internet page
• Websites which are called up by the system of the user via our website

The data is likewise stored in the logfiles of our system. The saving of this data together with other personal data of the user does not take place. Furthermore, we integrate the “Adobe Typekit” service. Among other things, Adobe Typekit allows fonts to be loaded and incorporated on the website. This a necessary technical function.

2. Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Art. 6(1)(f) GDPR. This is also the legal basis for the integration of Adobe Typekit.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the user. To do this, the IP address of the user must remain stored for the duration of the session. Storage on logfiles is carried out to ensure the functionality of the website. Furthermore, the data also assists us in optimizing the website and in ensuring the security of our information technology systems. Data evaluation for marketing purposes does not take place in this context. It is in these purposes that our legitimate interest in data processing lies according to Art. 6(1)(f) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. With respect to recording data for delivery of the website, the data is deleted when the relevant session has ended. In the case of data storage in logfiles, the data is deleted after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or modified, so that allocation to the calling clients is no longer possible.

III. Contact form and email contact

1. Description and scope of data processing

Our website contains a contact form which can be used for contacting us electronically. If a user makes use of this, the data entered in the input mask will be transmitted to us and saved. This data is as follows:
• Last name
• First name
• Company
• Position
• Street, postcode, town/city
• Email address
• Telephone
• Your message

At the time of sending the message the following data will also be saved:

• The IP address of the user
• Date and time of registration
Alternatively, it is possible to take up contact via the provided email address. In this case, the personal data of the user transmitted with the email will be saved. No data will be forwarded to third parties in this context. The data will only be used for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data which is transmitted when sending an email is Art. 6(1)(f) GDPR. If the email contact has the aim of concluding a contract, the additional legal basis for processing the data is Art. 6(1)(b) GDPR.

3. Purpose of data processing

The processing of personal data from the input mask is only carried out for the purpose of dealing with the communication. If contact is taken up via email, the necessary legitimate interest in processing the data exists. Other personal data processed when taking up contact serves to prevent misuse of the contact form and to ensure the safety of our information technology systems.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the input mask of the contact form and that which has been sent by email, the data will be deleted when the relevant conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the issue at hand has been clarified conclusively. The personal data additionally collected during the sending processes will be deleted after seven days at the latest.

5. Right of objection

The user has the possibility at any time to object to the processing of the data. The revocation must be directed to datenschutz@grindaix.de All personal data which is stored when taking up contact with the company will be deleted in this case.

IV. Web analysis by Google Analytics

1. Scope of personal data processing

In Google Analytics, the interactions of visitors to our website are logged primarily with the aid of cookies. Likewise, they are not merged with other data from Google.
If individual pages of our website are called up, the following data is stored:

• Two bytes of the IP address of the calling system of the user
• The called-up website
• The website from which the user has reached the called-up website (referrer)
• The subpages which are opened up from the called-up website
• The dwell time on the website
• The frequency at which the website is called up

The software is set up in such a way that the IP addresses are not saved in full. Rather, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the abbreviated IP address to the calling computer.

2. Legal basis for processing personal data

The legal basis for processing the personal data of the users is Art. 6(1)(a) GDPR.

3. Purpose of data processing

The processing of the personal data of the users enables us to analyse the surfing behaviour of our users. However, we must point out that in this case you will not be able to use all functions of our website to their full extent. By assessing the gained data, we are able to compile information on the use of the individual components of our website. This helps us in continuously improving our website and the user-friendliness thereof. The anonymisation of the IP address sufficiently takes account of the users’ interest in protecting their personal data.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for our record-keeping purposes. In our case, the data will be deleted after 14 months.

5. Right of objection and removal

With the aid of the browser add-ons for deactivating Google Analytics-JavaScript (ga.js, analytics.js, dc.js), visitors to the website can prevent Google Analytics from using their data. If you would like to deactivate Google Analytics, load this add-on for your web browser and install it. The add-on for deactivating Google Analytics is compatible with Chrome, Internet Explorer 11, Safari, Firefox and Opera. To ensure that the add-on works, it must be loaded and executed correctly in your browser. For Internet Explorer, third-party cookies must be activated. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can prevent the collection of the data generated by the cookies and related to your use of our website to Google and the processing of the data by Google. You can find more information on under the following link: tools.google.com/dlpage/gaoptout

V. DoubleClick

1. Description and scope of data processing

Doubleclick by Google is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies to present relevant advertisements to you. To do this, a pseudonym identification number (ID) is assigned to your browser to check which advertisements were displayed in your browser and which advertisements were called up.

2. Legal basis for data processing

The legal basis for processing the data of the user is Art. 6(1)(a) GDPR upon receiving the consent of the user.

3. Purpose of data processing

The use of DoubleClick cookies allows Google and its partner websites to place advertisements on the basis of previous visits to our or other websites on the Internet.

4. Right of withdrawal

You have the right to withdraw your declaration of consent relating to data protection at any time. You can withdraw it by downloading and installing the available browser plugin via the following link under DoubleClick deactivation extension .

VI. Youtube

For integration and presentation of video content, our website uses plugins from YouTube. Provider of the video portal is the YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with an integrated YouTube plug-in, it will connect to YouTube's servers. YouTube will find out which of our sites you've visited. YouTube may associate your browsing behavior directly with your personal profile should you be logged into your YouTube account. By logging out beforehand you have the option to prevent this. The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. For details on how to handle user information, please refer to the YouTube Privacy Policy at www.google.com/intl/en/policies/privacy.

VII. Vimeo

For integration and presentation of video content, our website uses plugins from Vimeo. Provider of the video portal is the Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When a page with integrated Vimeo plugin is called, a connection to the servers of Vimeo is established. Vimeo learns by this, which of our pages you have called. Vimeo learns your IP address, even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA. Vimeo can assign your surfing behavior directly to your personal profile. By logging out beforehand you have the option to prevent this. For details on how to handle user information, see the Vimeo Privacy Policy at vimeo.com/privacy.

VIII. Rights of the data subject

If your personal data is processed, you are a data subject in the sense of GDPR and you have the following rights with respect to the controller:

• Right to information
• Right to rectification
• Right to restrict processing
• Right to deletion
• Right to briefing
• Right to data portability
• Right of objection
• Right to withdraw the declaration of consent relating to data protection

You have the right to withdraw the declaration of consent relating to data protection at any time, without affecting the lawfulness of the data processing which has taken place due to the consent up to the time of withdrawal.

IX. Right of complaint to a regulatory authority

Irrespective of another administrative or judicial remedy, you have the right of complaint to a regulatory authority, in particular in the member state of your abode, your workplace or the place of the alleged violation, if you are of the opinion that the processing of the personal data relating to you violates the GDPR. The regulatory authority which the complaint is submitted to briefs the complainant about the status and results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.

X. Integration of the Trusted Shops Trustbadge

We have integrated the Trusted Shops Trustbadge on this website in order to display our Trusted Shops Trustmark and offer the Trusted Shops products to customers after placing an order. This serves the protection of our legitimate interests in the optimal marketing of our offer according to art. 6 (1) 1 lit f GDPR that are overriding in the process of balancing of interests. The Trustbadge and the advertised trust badge services are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. With every use of the Trustbadge, the web server automatically saves a so-called server log file which contains e.g. your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. Those access data are not analysed and are automatically overwritten no later than seven days after the end of your website visit. Other personal data are transferred to Trusted Shops only if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract concluded between you and Trusted Shops applies.