We manage our websites according to the principles set out below:
We undertake to comply with statutory data protection provisions and take efforts to always observe the principles of data avoidance and data minimisation.
1. Name and address of the controller and the data protection officer
a) The controller
The controller within the meaning of the General Data Protection Regulation, other national data protection regulations of the member states of the European Union and other data protection provisions is:
Würzburger Str. 10-16
97753 Karlstadt, Germany
Tel.: +49 9353 791 0
b) The data protection officer
You can contact the controller’s data protection officer at:
SiDIT GmbH, Langgasse 20, 97261 Güntersleben, firstname.lastname@example.org
We have prepared our privacy statement in accordance with the principles of clarity and transparency. If, despite this, there are any uncertainties regarding the use of various terms, the definitions can be found here.
3. Legal basis for processing personal data
We process your personal data such as your name and surname, e-mail address and IP address etc. only if there is a legal basis for doing so. Under the General Data Protection Regulation, this comprises in particular the following regulations:
- Article 6 (1) sentence 1 a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Article 6 (1) sentence 1 b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Article 6 (1) sentence 1 c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject.
- Article 6 (1) sentence 1 d) GDPR: processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Article 6 (1) sentence 1 e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Article 6 (1) sentence 1 f )GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We will always reference the legal basis for processing your personal data in the relevant sections of this privacy statement.
4. Disclosure of personal data
Disclosing personal data also constitutes processing within the meaning of section 3 above. However, we would like to take this opportunity to inform you separately about the disclosure of data to third parties. Protecting your personal data is very important to us. This is why we are particularly cautious when it comes to passing on your data to third parties.
Accordingly, data is disclosed to third parties only when there is a legal basis for this processing. For example, we disclose personal data to persons or companies who work for us as processors in accordance with Article 28 GDPR. A processor is anybody who processes personal data for us on our behalf – i.e. in particular they have a relationship with us where control is exercised and instructions issued.
In line with the specifications of the GDPR, we enter into a contract with each of our processors that obliges them to comply with data protection provisions and thus affords a high level of protection for your data.
5. Storage period and erasure
We erase your personal data once these are no longer needed for the purposes for which they were collected or otherwise processed and as long as processing is not required for exercising the right of freedom of expression and information, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
6. SSL encryption
This website uses SSL encryption for security reasons and to protect confidential information such as the inquiries that you send us as a website operator. When a connection is encrypted, the address bar of your browser will switch from “http://” to “https://” and the padlock symbol will be displayed in your browser bar.
When SSL encryption is activated, data that you provide to us cannot be read by third parties.
When using cookies, a distinction is made between essential cookies and “other” cookies. Essential cookies are when these cookies are required to provide the information society service that you have expressly requested.
a) Session cookies
We use session cookies (e.g. language and font choice, basket etc.) to make using our website more convenient. These session cookies are considered essential cookies and are automatically deleted once you leave our website. The legal basis for the cookies is Article 6 (1) sentence 1 f) GDPR, our legitimate interest in ensuring the website runs smoothly and our interest in optimising the provision of our services.
b) Other cookies
Other cookies include cookies used for statistical, analysis, marketing and retargeting purposes.
We use these cookies either in our legitimate interest in accordance with Article 6 (1) sentence 1 f) GDPR to improve our services or on the basis of your consent in accordance with Article 6 (1) sentence 1 a) GDPR.
Where cookies are used in our legitimate interest, you can opt out of further use in the future at any time.
Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can adjust your cookie settings on our website, deactivate cookies using your browser settings (which may restrict the functionality of the website) or opt out for a specific service.
In the privacy statement for each service, we describe the legal basis for processing these data.
Change cookie settings
1. Collection and storage of personal data and the nature and purpose of use
a) When visiting the website
When visiting our website, information from the browser you are using on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is collected and saved until automated erasure without any action on your part:
• IP address of the visiting computer
• Date and time of access
• Name and URL of the accessed file
• Website from which access is initiated (referrer URL)
• Browser used and possibly also the operating system of your computer and the name of your access provider
We process the data described for the following purposes:
• Ensuring that a smooth website connection is established
• Ensuring easy use of our website
• Assessment of system security and stability
• Fault diagnostics
• Other administrative purposes
Data that can identify you such as your IP address are erased after no more than seven days. If we store data for longer than this, these data are pseudonymised so that they can no longer be associated with you.
Article 6 (1) sentence 1 f) of the GDPR is the legal basis for data processing. Our legitimate interest results from the purposes for data collection listed above. We do not ever use the data collected to draw conclusions about your person.
Content of the newsletter and sign-up information
We will send you a newsletter only if you have requested this and granted your consent in accordance with Article 6 (1) sentence 1 a) GDPR. The content of the newsletter is described in detail when you sign up for the newsletter. To subscribe to the newsletter, all that is required is your e-mail address. Any additional optional information you provide such as your name and/or gender is used exclusively to personalise your newsletter.
Double-opt-in and logs
For security reasons, we use a double opt-in to sign up for our newsletter so that nobody can sign up with another person’s e-mail address. After signing up for our newsletter, you will thus first receive an e-mail asking you to confirm your subscription. This takes effect only once you confirm the subscription.
Your newsletter subscription is also logged. The logs include the time at which you sign up to the newsletter and confirm your subscription, the information you provide and your IP address. Any changes you make to your information are also logged.
You can withdraw your consent with effect for the future at any time if you no longer wish to receive our newsletter. Click on the unsubscribe link at the end of each newsletter or send us an e-mail to email@example.com
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Use of CleverReach
We use the e-mail tool CleverReach (CleverReach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede, Germany) to send our newsletter.
The information you provide is thus passed on to and processed by CleverReach. This tool allows us to evaluate how the newsletter is opened and used.
We have concluded an agreement on contract data processing with CleverReach. CleverReach is not entitled to pass on your data.
The service provider CleverReach is used on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 f) GDPR. Our interests are in having a user-friendly and secure newsletter system that serves our business interests and also meets the expectations of its users.
c) Contact form/e-mail contact
We provide a form on our website that you can use to contact us at any time. Using the contact form requires you to provide a name and a valid e-mail address so that we know who has sent the request and so that we can process it.
If you use the contact form to send us inquiries, your information from the inquiry form, including the contact information you provide and your IP address, will be processed in accordance with Article 6 (1) sentence 1 b) and f) GDPR to take steps at your request prior to entering into a contract or to safeguard our legitimate interests, specifically to perform our business activities.
Alternatively, you can also send us an e-mail using the e-mail address stated on our website. In this case, we will store and process your e-mail address and the information you provide in the e-mail in accordance with Article 6 (1) sentence 1 b) and f) GDPR in order to process your message.
The inquiries and related data are erased no later than three months after they are received, unless these are required for a further contractual relationship.
d) Google Tag Manager
We use the Google Tag Manager provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. Google Tag Manager is a management tool in which other tracking and/or statistics tools can be managed and used centrally.
When visiting our website and when you give your consent under Article 6 (1) sentence 1 a) GDPR, Google Tag Manager collects and processes your IP address, which may also be transmitted to the US. However, Google Tag Manager does not create a user profile or carry out analysis itself.
9. Analysis and tracking tools
We use the following analysis and tracking tools on our website. These ensure that our website is optimised on an ongoing basis and that it is designed to meet users’ needs.
We use these tools on the basis of consent given by you in accordance with Article 6 (1) sentence 1 a) GDPR. You can revoke your consent at any time by changing your cookie settings. Processing remains lawful until consent is revoked.
The data processing purposes and data categories are described in the tools in question. Please note that we have no influence over whether and to what extent service providers process data further.
We use etracker on our website, a web analysis service provided by etracker GmbH (Erste Brunnenstrasse 1 20459 Hamburg, Germany).
Data is processed on our website using etracker, which is then used to create user profiles on the basis of pseudonyms. Cookies can be used in this context to identify you the next time you visit our website.
The data collected using the etracker technology are not are not used to personally identify you and are not combined with personal information about person represented by the pseudonym unless you separately consent to this.
You can find more information about etracker’s data protection provisions at:
10. Rights of the data subject
You have the following rights:
In accordance with Article 15 GDPR, you are entitled to request information on your personal data that is processed by us. This right of access includes information on
- the purposes of the processing
- the categories of personal data
- the recipients or categories of recipient to whom your data have been or will be disclosed
- the envisaged period for which the data will be stored, or, at a minimum, the criteria used to determine that period
- the existence of the right to request rectification, erasure, restriction of processing or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from us, information as to their source
- the existence of automated decision-making, including profiling, and any meaningful information about the details of this
Under Article 16 GDPR, you are entitled to the rectification, without undue delay, of inaccurate or incomplete personal data stored by us.
Article 17 GDPR entitles you to request that we erase your personal data without undue delay, unless further processing is required for one of the following reasons:
- the personal data are still necessary in relation to the purposes for which they were collected or otherwise processed
- for exercising the right of freedom of expression and information
- for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health in accordance with Article 9 (2) h) and i) and Article 9 (3) GDPR
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
- for the establishment, exercise or defence of legal claims
d) Restriction of processing
In accordance with Article 18 GDPR, you can request restriction of processing for your personal data for one of the following reasons:
- You contest the accuracy of your personal data.
- The processing is unlawful and you oppose the erasure of your personal data.
- We no longer need the personal data for the purposes of the processing, but you require these for the establishment, exercise or defence of legal claims.
- You object to processing in accordance with Article 21 (1) GDPR.
If you have requested the rectification or erasure of your personal data or restriction of processing carried out in accordance with Article 16, Article 17 or Article 18 GDPR, we will communicate this to all recipients to whom your personal data were disclosed, unless this proves impossible or involves disproportionate effort. You can request that we inform you of these recipients.
You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to request that these data be transferred to a third party, provided the processing is carried out by automated means and based on consent pursuant to Article 6 (1) sentence 1 a) or Article 9 (2) a) or on a contract pursuant to Article 6 (1) sentence 1 b) GDPR.
In accordance with Article 7 (3) GDPR, you are entitled to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. We will no longer be permitted to continue data processing that was based on consent that you have since withdrawn.
Article 77 GDPR entitles you to lodge a complaint with a supervisory authority if you believe that the processing or your personal data infringes the GDPR.
Provided that your personal data are processed based on the legitimate interests under Article 6 (1) sentence 1 f) GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your personal data to the extent that there are grounds for this relating to your particular situation or if the objection is to direct marketing. In the case of the latter, you have a general right to object that will be enforced by us without specifying a particular situation. If you would like to assert your right to withdraw or object, please send an e-mail to firstname.lastname@example.org
j) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for entering into, or performance of, a contract between you and us
- is authorised by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
- is based on your explicit consent
However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) a) or g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in i) and iii), we shall implement suitable measures to safeguard the your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express our point of view and to contest the decision.
11. Changes to the privacy statement
Any changes to the privacy statement will be published on our website and registered customers will be informed by e-mail.
Updated: 28 May 2022