Personal data (hereinafter referred to as “data”) is processed by us only to the extent necessary for providing a functional and user-friendly website, including its content and the services offered there.
According to Article 4, Paragraph 1 of Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), “processing” refers to any operation or set of operations performed with or without automated processes in relation to personal data. This includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure through transmission, dissemination, or any other form of provision, alignment or combination, restriction, deletion, or destruction of data.
With the following privacy statement, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we either alone or jointly with others decide on the purposes and means of processing. Additionally, we will inform you about any third-party components used by us for optimization purposes and to enhance user experience, insofar as these third parties process data under their own responsibility.
Our privacy policy is structured as follows:
I. Information about us as the Data Controller
II. Rights of Users and Data Subjects
III. Information on Data Processing
IV. Data Protection in the Context of Contractual Relationships
V. Currency and Changes to the Privacy Policy
I. Information about Us as the Data Controller
The use of our website is possible without providing personal data. However, the use of certain services on our site may require different regulations, which will be explained separately in such cases. Your personal data is processed by us in accordance with German data protection laws. Data is considered personal if it can be clearly assigned to a specific natural person. The legal foundations of data protection can be found in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The following regulations provide information on the type, scope, and purpose of the collection, use, and processing of personal data by the provider Dowe GmbH, Erzgebirgstraße 4, 73466 Lauchheim, 07363-95290-0, info@dowe.de.
We would like to point out that internet-based data transmission has security vulnerabilities, and a complete protection against access by third parties is therefore not possible.
II. Rights of Users and Data Subjects
With regard to the data processing described below, users and data subjects have the following rights:
Confirmation and Information: The right to obtain confirmation as to whether data concerning them is being processed, access to the data being processed, additional information about the data processing, and copies of the data (see also Art. 15 GDPR). Rectification: The right to request the correction or completion of inaccurate or incomplete data (see also Art. 16 GDPR). Deletion: The right to request the immediate deletion of data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing is necessary according to Art. 17 (3) GDPR, the right to request the restriction of processing in accordance with Art. 18 GDPR. Data Portability: The right to receive the data concerning them and that they have provided, and to transmit this data to other providers/controllers (see also Art. 20 GDPR). Complaint: The right to lodge a complaint with the supervisory authority if they believe that their data is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).
Additionally, the provider is obligated to inform all recipients to whom data has been disclosed about any corrections or deletions of data or restrictions on processing that have occurred based on Articles 16, 17 (1), or 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Regardless, the user has the right to know about these recipients.
Furthermore, users and data subjects have the right under Art. 21 GDPR to object to the future processing of their data if the data is processed by the provider under Art. 6 (1) (f) GDPR. This includes the right to object to data processing for the purpose of direct marketing.
III. Information on Data Processing
1. Scope and Processing of Personal Data
We collect and use personal data of our users primarily only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data generally occur only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by legal provisions.
2. Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. For processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures. If processing personal data is required to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. If processing is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis. If processing is necessary for safeguarding a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.
3. Data Deletion and Retention Period
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored further if required by European or national laws, regulations, or other provisions applicable to the data controller. Data will also be blocked or deleted when the retention period required by these norms expires, unless further storage of the data is necessary for the conclusion or performance of a contract.