Data protection policy

Data protection policy

Thank you for visiting our website. It is very important to us to comply with the specifications according to the Data Protection Act. It is the objective of this Data Protection Policy to inform you as user of the website of the type, extent and purpose of the processing of personal data and your rights in as far as they apply to you as the data subject in terms of Article 4 (1) of the General Data Protection Regulations. The following Data Protection Policy already considers the new features of the General Data Protection Regulations applicable as at 25.5.2018 (GDPR). At the same time, also the requirements of § 13 Telemedia Act are fulfilled.

1. Responsible authority

This website and the services offered by www.camfil.de are operated by

Camfil GmbH
Feldstr. 26-32
23858 Reinfeld

Managing Director: Mark Simmons
Company headquarters: Register court: District court Lübeck, HRB 18357  HL
VAT-ID DE 812971454

(hereinafter referred to as “Camfil”)

2. General

We designed the website to collect the least amount of data from you. The visit of our website is principally possible without providing personal data. The processing of personal data is only required once you have decided to utilise certain services (e.g. usage of contact form). In the process, we always ensure to process your personal data only in accordance with a statutory basis or a consent granted by you. We comply with the regulations of the General Data Protection Regulations (GDPR) applicable as at 25.5.2018 and the respectively applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act or other, more particular laws for the protection of data.

3. Definition

The terms used in this Data Protection Policy have the following meaning in accordance with GDPR.

“Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;

“Pseudonymisation”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

“Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Processor”: a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller;

“Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“Consent”: of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

4. Consent
 

Under certain circumstances, we collect certain personal data when you visit our website, which we require for your consent. On one hand, this occurs in our dialog and service section, but also specifically during the establishment of contact via a contact form, newsletter, order, customer registration, application or use of our services (e.g. in the download section/CamTab and the Filter Academy).

Declaration of consent
With the use of our forms provided below, you agree that we may collect data provided by you and process it in accordance with this Data Protection Policy. You may revoke this consent at any time effective in the future by submitting a respective declaration to us. However, we point out that the usage of our services without your consent is no longer possible. Please use the contact information above for your revocation (in this case, please state your name, email and postal address).

5. Purpose and legal Basis for processing of personal data
 

We process personal data required for the establishment, execution or processing of our services based on the specifications of Article 6 (1) lit. b GDPR. In as far as we utilise external service providers in the context of data processing, the processing occurs on the specifications of Article 28 GDPR.

We collect, process and use personal data exclusively for the following purposes:

Purpose of data processing

Lawfulness of data processing
(“Why is data processing necessary”)

to establish contact and the connected correspondence

based on your consent

to process your request and to any further consultation requested by you

based on your consent

for the registration at events

based on your consent

to ensure that our website is presented to you in the most effective and interesting manner (e.g. by anonymised analysis)

based on legitimate interests

for the technical realisation of our offers

based on legitimate interests

6. Collected and processed personal data

We collect and process your personal data only if you have provided it voluntarily with your knowledge, e.g. by completing forms or sending emails.

In the context of provided forms, this involves initially the following data:

Visiting request

            Name, company, email address, address

Event registrations

Name, company, email address, address, function/position

7. Cookies

Utilisation of cookies

On our website, information is collected and stored by using so-called Browser Cookies.

What are Cookies?

Cookies are small text files stored on your data carriers, which store certain settings and data for the exchange with our system via your browser. A Cookie generally contains the name of the domain from which the Cookie files were sent as well as information regarding the age of the Cookie and an alphanumerical identifier.

 Why do we apply Cookies?
Cookies allow our systems to recognise the user’s device and render any pre-setting available immediately. As soon as a user accesses the platform, a Cookie is transmitted to the hard drive of the respective user’s computer. Cookies help us to improve our website and provide you with an even better serviced tailored to you. They allow us to re-recognise your computer/your (mobile) terminal device when you return to our website and thus:

  • To store information regarding your preferred activities on the website and thus align our website to your individual interests.
  • To accelerate the processing speed of your enquiries.

We work with the services of third parties who support us in designing the internet services and the website more interesting for you. For this reason, also Cookies from these partner companies (third party suppliers) are stored on your hard drive. These are Cookies, which delete themselves after a predetermined time.

Please see the following table for a list of the Cookies placed by us:

Can I determine the use of Cookies?

If you do not wish the use of Browser Cookies, you can set your browser to prevent the storage of cookies. However, please note that you may not be able to use our website in this case or only in a limited capacity. If you only want to accept our own Cookies and not those of our third party suppliers, you can set your browser by selecting “Block Cookies of third-party-suppliers”. We are not responsible for the usage of third party Cookies.

Cookies on this website:

Name of Cookie 1st or 3rd party Cookie? If 3rd party: Who is setting it?Purpose of the Cookie?  What data holds the Cookie?  
Is it a session or
persistent Cookie?  
If persistent, how
long is its lifespan?
ASP.NET_
SessionId
1st party  
Session cookie sent to the web browser.
Used when you open the browser and
then go to a website that implements ASP.NET
session state.  to the web browser. Used when
you open the browser and then go to a website
that implements ASP.NET session state.  
SESSION ID  session  End of browser session  
EPi:Number
OfVisits  
1st party   SESSION ID  session   
_ga  3rd party – google-analytics.com  Used to distinguish users.  different values  persistent  2 years  
_gat    different values  persistent  10 minutes  
__utmc  3rd party – google-analytics.com  

 

Not used in ga.js. Set for interoperability
with urchin.js. Historically, this cookie
operated in conjunction with the __utmb
cookie to determine whether the user
was in a new session/visit.
different values  session  End of browser session  
_ utma  3rd party – google-analytics.com  

 

Used to distinguish users and sessions.
The cookie is created when the javascript
library executes and no existing __utma
cookies exists. The cookie is updated
every time data is sent to Google Analytics.
different values  persistent  2 years from set/update  
 _ utmt  3rd party – google-analytics.com  Used to throttle request rate.  different values  persistent  10 minutes
_ utmb3rd party – google-analytics.com
Used to determine new sessions/visits.
The cookie is created when the javascript
library executes and no existing __utmb
cookies exists. The cookie is updated
every time data is sent to Google Analytics.
 
different valuespersistent30 mins from set/update
_ utmz3rd party – google-analytics.com
Stores the traffic source or campaign that
explains how the user reached your site.
The cookie is created when the javascript
library executes and is updated every time
data is sent to Google Analytics.
different valuespersistent6 months from set/update

 

Can I determine the use of Cookies?

If you do not wish the use of Browser Cookies, you can set your browser to prevent the storage of cookies. However, please note that you may not be able to use our website in this case or only in a limited capacity. If you only want to accept our own Cookies and not those of our third party suppliers, you can set your browser by selecting “Block Cookies of third-party-suppliers”. We are not responsible for the usage of third party Cookies.

8. Click Dimension Marketing

We use a service of Click Dimensions to support online marketing and enquiries, operated by ClickDimensions LLC 5901 Peachtree Dunwoody Road, NE Suite B500 Atlanta, GA 30328, USA.

If a user completes a form on our website, this form data is processed by Click Dimensions and stored by Microsoft Dynamics.

Details for the establishment of Cookies by Click Dimensions are available at the following link:

http://help.clickdimensions.com/clickdimensions-cookies-for-web-analytics/

9. YouTube

Our website uses plugins from YouTube for the integration and illustration of video contents. Provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

A connection is established to the servers of YouTube when you visit one of our sites equipped with an integrated YouTube plugin. This informs YouTube about which of our sites you have accessed.

If you are logged in to your YouTube account, YouTube can allocate your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand.

The usage of YouTube occurs in the interest of an attractive representation of our online offers. This represents a justified interest in terms of Article 6 (1) lit. f DSGVO.

Details regarding the handling of user data are available in the Data Protection Policy of YouTube under: https://www.google.de/intl/de/policies/privacy.

10. Usage of Google Maps

 Our website uses the map service of Google Maps for the integration and illustration of map contents. Supplier of this service is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Your IP address is recorded when you access a site with integrated map of Google Maps. This information is generally transmitted to a server of Google in the USA and stored there. Google finds out your IP address even if you do not have a user account through which you are logged in. When you are logged in to your user account, you allow Google to allocate your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand. The provider of this site cannot influence this data transmission.

The usage of Google Maps occurs in the interest of an attractive representation of our online offers and the ease of discovery of the locations specified by us on this website. This represents a justified interest in terms of Article 6 (1) lit. f DSGVO.

Details regarding the handling of user data are available in the Data Protection Policy of Google under: https://www.google.de/intl/de/policies/privacy/.

11. Data Security

Unfortunately, the transmission of information via the Internet is never 100% secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet.

However, we secure our Website and other systems through technical and organisational measures against loss, destruction, access, alteration or distribution of your data by unauthorised persons.

We particularly transfer your personal data by way of encryption. For this process, we utilise the SSL/TLS (Secure Sockets Layer/ Transport Layer Security) encryption system. Our security measures are continuously improved in accordance with the technical development.

12. Rights of the data subject

In as far as you are considered the data subject in terms of Article 4 (1) GDPR, you have the following rights regarding the processing of your personal data based on GDPR. The text of the act for the rights listed below is available at

https://www.bfdi.bund.de/SharedDocs/Publikationen/Infobroschueren/INFO6.html.

Right to confirmation and information
Based on the prerequisites of Article 15 GDPR, you are entitled to demand confirmation about the processed personal data and receive a copy of the information on your stored personal data from the controller responsible for the processing free of charge and at any time.

Right to rectification
According to the prerequisites of Article 16 GDPR, you are entitled to demand the immediate rectification of your incorrect personal data. In addition, under consideration of the purpose of processing, you are entitled to the completion of personal data – also by way of independent declaration.

Right to erasure
Based on the prerequisites of Article 17 GDPR, you are entitled to demand that your personal data is erased immediately in the event of one of the reasons specified in Article 17 GDPR and if processing is not required.

Right to limit the processing
Based on the prerequisites of Article 18 GDPR, you are entitled to limit the processing of your personal data in the event of one of the reasons specified in Article 18 GDPR.

Right to data portability
Based on the prerequisites of Article 20 GDPR, you have the right to receive the personal data you have provided to the controller, in a structured, commonly used and machine-readable format, and you are entitled to transmit this data to another Controller without impediment from us, if the further prerequisites of Article 20 GDPR exist.

Right to revocation of your consent
You are entitled to revoke your consent to process personal data effective for the future at any time. Please direct the revocation to the above-mentioned contact data.

Right of objection
According to the prerequisites of Article 21 GDPR, you are entitled to object to the processing of your personal data at any time. If prerequisites exist for an effective objection, we may no longer process your personal data.

Right to complain to a supervisory authorityNotwithstanding of alternative administrative or legal redress, you are entitled to a complaint at a supervisory authority, particularly in the member state of your domicile, your place of work or the location of the alleged violation if you believe that the processing of your personal data violates the specifications of GDPR.

13. Transfer of your personal data

The transfer of your personal data occurs as described below.

The website is hosted by an external service provider in Finland. We hereby ensure that data processing occurs solely in Finland. This is required for the operation of our website as well as the establishment, execution and processing of the existing user agreement, and possible also without your consent.

In addition, transfer only occurs if we are entitled or obligated to transfer to data based on statutory regulations and/or official or court orders. This may particularly involve disclosure for the purpose of criminal prosecution, to prevent risks or to assert intellectual proprietorships.

If data is transferred to service providers at the necessary extent, these service providers only have access to your personal data as is required for the fulfilment of their obligations. These service providers are obligated to treat your personal data in accordance with the applicable Data Protection Acts, particularly GDPR.

We principally do not transmit your data beyond the above-mentioned circumstances without your permission. In particular, we do not transmit personal data to authorities in third countries or an international Organisation.

 14. Duration of storage of personal data

The following applies in terms of the duration of storage: we erase personal data as soon as their storage is no longer required for the fulfilment of the original purpose and as soon as the statutory retention periods have expired. The statutory retention periods ultimately provide the criterion for the duration of the storage of personal data. The respective data is routinely erased upon expiration of the term. In the event of retention periods, processing is restricted in form of the suspension of the data.

15. References and links

When accessing websites connected to our website via links, it is possible that information such as names, address, email address, bowser characteristics etc. are requested anew. This Data Protection Policy does not regulate the collection, transfer or handling of personal data by third parties.

Third party service providers might have deviating and own regulations for the handling of the collection, processing and usage of personal data. It is therefore recommended to gather information regarding their practice of handling personal data from the websites of third parties prior to entering personal data.

16. Changes to the Data Protection Policy

We are regularly developing our website to provide you with a constantly improving service. We shall always keep this Data Protection Policy up to date and adapt it if and in as far as this becomes necessary.

Naturally, we shall inform you of any changes to this Data Protection Policy in due time. We shall transmit this information in form of an email to the email address provided to us. As a matter of course, we shall obtain your approval if we require further consent from you regarding the handling of your personal data prior to any changes becoming effective.

17. Data protection controller

If you have questions regarding the Data Protection Act, please contact our data protection controller.

Mein-Datenschutzbeauftragter.de

Mr Philipp Herold
Hafenstraße 1a
23568 Lübeck

Email: philipp.herold@hub24.de

Version: 24.4.2018