Privacy policy

 

 

1. Data protection at a glance

General information


The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data are all data that can be used to personally identify you. You can find detailed information on the subject of data protection in our privacy statement below this text.


Data collection on this website

Who is responsible for the data collection on this website?

On this website, the data are collected by the operator of the website. You can find his contact data in the imprint of this website.


How do we collect your data?

On one hand, your data are collected when you provide them to us. Such data can be e. g. data you enter in a contact form.

Other data are collected automatically or upon your consent by our IT systems when you visit the website. These are above all technical data (e. g. internet browser, operating system or time of page view). These data are automatically collected as soon as you access this website.


What do we use your data for?

A part of the data is collected to guarantee a flawless provision of the website. Other data can be used to analyse your user behaviour.


Which rights do you have concerning your data?

You have the right to obtain information free of charge any time about the origin, recipient and purpose of your stored data. In addition, you have a right to demand the correction or deletion of these data. When you have consented to the data processing, you can revoke this consent any time for the future. In addition, you have the right, under certain circumstances, to demand the restriction of the processing of your personal data. Besides, you have a right to complain to the competent supervisory authority.

You can contact us any time at the address indicated in the imprint to address this or other privacy issues.


Analysis tools and tools from third-party providers

When you visit this website, your surfing behaviour can be statistically evaluated. This is done primarily by means of so-called analysis programs.

You can find detailed information on these analysis programs in the following privacy statement.

 

2. Hosting and Content Delivery Networks (CDN)

External hosting

Our websites are hosted by an external service provider (host). The personal data that are collected on this website are stored on the servers of the host. These can be, above all, IP addresses, contact requests, meta- and communications data, contract data, contact data, names, website accesses and other data generated via a website.

The use of the hosts serves the contract fulfilment towards our potential and existing clients (art. 6 sec. 1 lit. b GDPR) and the interest of a safe, quick and efficient provision of our online offer by a professional provider (art. 6 sec. 1 lit. f GDPR).

Our hosts will only process your data as far as this is necessary for them to fulfil their service obligations and will follow our instructions with respect to these data.


Conclusion of a processing contract

To guarantee that the processing complies with the data protection, we have concluded processing contracts with our hosts.

 

3. General and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal privacy provisions and this privacy statement.

When you use this website, different personal data are collected. Personal data are data by means of which you can be personally identified. The present privacy statement explains which data we collect and what we use them for. It also explains how and for which purpose this happens.

We inform you that the data transmission on the Internet (e. g. when communicating per email) can contain security gaps. A perfect protection of the data from third party access is not possible.


Information on the responsible body

The body responsible for the data processing on this website is:

EDUARD GERLACH GmbH
Chemische Fabrik
Bäckerstraße 4 - 8
32312 Lübbecke
Telephone: 05741 / 330-0
Email: info(at)gehwol.de


The Responsible Body is the individual or entity that decides on the purposes and means of processing of personal data (e. g. names, email addresses and the like) alone or together with others.


Legally imposed data protection officer

We have appointed a data protection officer for our company.

EDUARD GERLACH GmbH
Chemische Fabrik
z. Hd. Datenschutzbeauftragter
Bäckerstraße 4 – 8
32312 Lübbecke
Telephone: 05741 / 330-0
Email: datenschutz(at)gehwol.de


Notice on data transmissions into the USA

On our website, we have integrated, a. o., tools from companies headquartered in the USA. When these tools are active, your personal data can be forwarded to the US servers of the respective companies. Please note that the USA is not a safe third country within the meaning of the EU Data Protection Laws. US-American companies are obliged to provide personal data to security authorities without you as a concerned person being able to object to that before any court. Therefore, it cannot be excluded that US authorities (e. g. secret services) process, evaluate and permanently store your data located on US servers for supervision purposes. We have no influence on these processing activities.


Revocation of your consent to the data processing

Many data processing processes require your express consent. You can revoke a consent already granted any time. The legality of the data processing that has occurred until the revocation remains unaffected by the revocation.


Right of objection to the data collection in special cases and to direct advertising (art. 21 GDPR)

If the data are processed on the basis of art. 6 sec. 1 lit. e or f GDPR, you have the right any time to object to the processing of your personal data for reasons resulting from your special situation; this also applies to a profiling based on these provisions. You can find the respective legal basis on which a processing is based in this privacy statement. If you enter an objection, we will no longer process your concerned personal data, unless we can prove compelling and legitimate reasons for the processing that outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend any legal rights (objection according to art. 21 sec. 1 GDPR).

If your personal data are processed to employ direct advertising, you have the right to object to the processing of personal data concerning you for such advertising purposes any time; this also applies to profiling, as far as it is linked to such direct advertising. If you object, your personal data will no longer be used thereafter for direct advertising purposes (objection according to art. 21 sec. 2 GDPR).

 

Right to complain to the competent supervisory authority

In case of violations of the GDPR, the concerned persons have a right to complain to a supervisory authority, in particular in the member state of their habitual residence, of their workplace or the place of the suspected violation. The right to complain exists without prejudice to any other remedies under administrative law or of judicial nature.


Right to data portability

You have the right to have data that we automatically process on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. As far as you demand the direct transmission of the data to another responsible person, this will only happen as far as it is technically feasible.


SSL / TLS encryption

For security reasons and to protect confidential contents, like e. g. orders and requests you send to the website operator, this website uses an SSL or TLS encryption, respectively. You can recognize an encrypted connection by the address line of the browser changing from “http://“ to “https://“ and by the padlock symbol in your browser line.

When the SSL / TLS encryption is activated, the data you send to us cannot be read by any third parties.


Information, deletion and correction

Within the applicable legal provisions, you have the right to gratuitous information on your stored personal data, their origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of these data any time. You can contact us any time at the address indicated in the imprint on this or other personal data issues.


Right to restriction of the processing

You have the right to demand the restriction of the processing of your personal data. To this end, you can contact us any time at the address indicated in the imprint. The right to restriction of the processing exists in the following cases:

If you contest the correctness of your personal data stored with us, we generally need time to check this. For the time of the review, you have the right to demand the restriction of the processing of your personal data.

If the processing of your personal data occurs/occurred unlawfully, you can demand the restriction of the data processing instead of the deletion.

If we no longer need your personal data, but you need them to exercise, defend or assert any legal rights, you have the right to demand the restriction of the processing of your personal data instead of the deletion.

If you have entered an objection according to art. 21 sec. 1 GDPR, your interests must be weighed against ours. As far as it is still undecided whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – upon your consent or to assert, exercise or defend legal rights or to protect the rights of another individual or entity or for reasons of an important public interest of the European Union or a member state.

 

4. Data collection on this website

Cookies

Our websites use so-called “cookies“. Cookies are small text files and do not cause any harm on your device. They are stored on your device, either temporarily for the time of a session (session cookies) or permanently (permanent cookies). Session cookies will be automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Partially, cookies from third companies can also be saved on your device when you access our website (third-party cookies). They enable us or you to use certain services of the third company (e. g. cookies to process orders ).

Cookies have different functions. Many cookies are technically necessary, for certain website functions would not work without them (e. g. the shopping cart function or playing videos). Other cookies serve to evaluate the user behaviour or show advertising.

Cookies required to run the electronic communications process (necessary cookies) or to provide certain functions desired by you (functional cookies, e. g. for the shopping cart function) or to optimize the website (e. g. cookies to measure the web audience) are saved on the basis of art. 6 sec. 1 lit. f GDPR, as far as no other legal basis is mentioned. The website operator has a legitimate interest in the storage of cookies for a technically flawless and optimized operation of his services. As far as a consent to the storage of cookies has been obtained, the concerned cookies are only stored on the basis of such consent (art. 6 sec. 1 lit. a GDPR); the consent can be revoked any time.

You can correct and revoke your consent any time via the popup „Your cookie settings“ at the lower left screen.

You can configure your browser to inform you about the placement of cookies so that you permit cookies only in individual cases, exclude the acceptance of cookies in general or in certain cases and/or activate the automatic deletion of the cookies when closing the browser. When cookies are deactivated, the functionality of this website can be limited.

As far as cookies are used by third companies or for analysis purposes, we will inform you thereof separately within this privacy statement and, if applicable, seek your consent.


Cookie Consent

Our website uses a cookie-consent technology to obtain your consent to store certain cookies in your browser and document them in compliance with data protection.

When you access our website, a cookie is saved in your browser, in which the consents granted by you or the revocation of those consents are stored. The collected data will be stored until you ask us to delete them or delete the consent cookie yourself or the purpose of the data storage disappears.

Compulsory legal retention periods remain unaffected.

You can view your settings anytime and inspect and change cookies, even retroactively (e. g. at the foot of our website under „Your cookie settings).

The cookie-consent technology is used to obtain the legally imposed consents for the use of cookies. The legal basis for that is art. 6 sec. 1 p. 1 lit. c GDPR.


Server log files

The website’s provider automatically collects and saves information in so-called server log files that your browser automatically transmits to us. This includes:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with other data sources.

These data are collected on the basis of art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the technically flawless display and the optimization of his website – for this purpose, the server log files must be registered.


Contact form

When you send us requests via contact form, your information in the request form is stored with us, including the contact data provided there by you, to process the request and for any potential subsequent questions. We will not forward these data without your permission.

The data are processed on the basis of art. 6 sec. 1 lit. b GDPR as far as your request is linked to the fulfilment of a contract or is required to take measures prior to the contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (art. 6 sec. 1 lit. f GDPR) or on your consent (art. 6 sec. 1 lit. a GDPR) if it has been obtained.

We will keep the data you have entered into the contact form until you ask us to delete them, revoke your consent to the storage or the purpose of the data storage disappears (e. g. after the end of the processing of your request). Compulsory legal provisions – in particular retention periods – remain unaffected.


Request per email, telephone or telefax

If you contact us per email, telephone or telefax, your request, including all included personal data (name, request), will be saved and processed with us, to process your concern. We will not forward these data without your permission.

These data are processed on the basis of art. 6 sec. 1 lit. b GDPR, as far as your request is linked to the fulfilment of a contract or is required to take measures prior to the contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (art. 6 sec. 1 lit. f GDPR) or on your consent (art. 6 sec. 1 lit. a GDPR) if it has been obtained.

We will keep the data you have sent to us per contact request until you ask us to delete them or revoke your consent to the storage or the purpose of the data storage disappears (e. g. after the end of the processing of your request). Compulsory legal provisions – in particular retention periods – remain unaffected.


Sweepstakes

At least the following data are required to participate in sweepstakes: the complete name, email address and address. The use of the data by the sweepstake operator only serves the purpose of selecting the winner, send him the price and, if required, taking contact to agree an alternative address to send the price if it cannot be delivered to the indicated address. There will be no use of personal data beyond that. After the end of the sweepstake, the personal data of all participants will be immediately deleted as far as there is no legal retention period.


GEHWOL tester club

You have the possibility to apply for the GEHWOL tester club on our website. For the application to participate in the GEHWOL tester club, at least the following mandatory data are required: user name, first name, last name, date of birth, street or post office, address supplement, zip code, city, country, email address, blog URL. These data will be used only to provide the services connected to the membership in the GEHWOL tester club (art. 6 sec. 1 a/b GDPR). This includes the postal delivery of products for product tests and taking contact via email to inform about activities of the GEHWOL tester club and to agree and organize their realization. Beyond that, the data are only used in case of persons who have been accepted as members of the GEHWOL tester club. For persons who have not been accepted, there will only be a corresponding notification per email, but no further use of the data. The personal registration data of persons who are not accepted into the GEHWOL tester club are deleted after the end of the application procedure. The notification of non-acceptance will remain stored to prove the reasons of non-acceptance until revocation. The registration data of persons who are accepted into the GEHWOL tester club remain stored until revocation.


GEHWOL tester club newsletter

Members of the GEHWOL tester club can subscribe to a newsletter (§ 7 sec. 2 n° 3 UWG (German Unfair Competition Act), art.6 sec. 1 a GDPR). Subscribers can register for the newsletter on a separate sub-domain: newsletter.gehwol-testerclub.de. For the registration, a valid email address is required. The email address is stored automatically and separately from any other personal data from the application for the GEHWOL tester club until revocation. The newsletter can be unsubscribed any time without indicating any reasons. For this, it is sufficient to activate the opt-out link at the end of each newsletter issue. As soon as a participant cancels his/her newsletter subscription, his/her data will be deleted from the separate mailing list for the newsletter. The membership in the GEHWOL tester club, however, can continue. In such case, the membership master data remain stored in the membership database of the tester club.


Registration on this website

You can register on this website to use additional functions on it. The data entered for that purpose will only be used by us for the use of the respective offer or service for which you have registered. The mandatory data requested at the registration must be fully provided.

Otherwise, we will refuse the registration.

For important changes, e. g. to the scope of services or in case of technically required changes, we use the email address provided at the registration to inform you that way.

The data entered at the registration are processed to realize the user relationship created by the registration and, if applicable, to initiate additional contracts (art. 6 sec. 1 lit. b GDPR).

The data collected at the registration are stored by us as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

 

5. Social Media

There are integrated links on this website to our social media websites (Facebook, Twitter, Instagram and Pinterest), they can be recognized by the pictogram of the respective provider. After clicking on the embedded graph, you will be forwarded to the website of the respective provider, i. e. only then will user information be transferred to the respective provider. You can find information on handling your personal data when using these websites in the corresponding privacy provisions of the providers:

 

6. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyse the behaviour of the website visitors. To do this, the website operator obtains different user data, e. g. page accesses, time of stay, operating systems used and origin of the user. These data will, if applicable, be summarized by Google in a profile that is attributed to the respective user or his/her device.

 

Google Analytics uses technologies permitting the recognition of the user to analyse user behaviour (e. g. cookies or device fingerprinting). The information on the use of this website collected by Google will generally be transmitted to a Google server in the USA and saved there.

 

This analysis tool is used on the basis of art. 6 sec. 1 lit. f GDPR.

The website operator has a legitimate interest in the analysis of the user behaviour to optimize his web offer and his advertising. As far as a corresponding consent has been obtained (e. g. a permission to store cookies), the processing is exclusively based on art. 6 sec. 1 lit. a GDPR; the consent can be revoked any time.

 

IP anonymization

On this website, we have activated the function IP anonymization. Therefore, your IP address is abbreviated by Google within member states of the European Union or in other contract states of the Agreement on the European Economic Area before transmission into the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on the website’s activities and provide additional services related to the use of the website and the Internet to the website’s operator. The IP address transmitted by your browser within Google Analytics will not be combined with any other Google data.

 

Browser plugin

You can avoid the collection and processing of your data by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on Google Analytics’ handling of user data in the privacy statement of Google: https://support.google.com/analytics/answer/6004245?hl=de.

 

Contract processing

We have concluded a processing contract with Google and fully implement the strict rules of the German data protection authorities in the use of Google Analytics.

 

Demographic features of Google Analytics

This website uses the function “demographic features“ of Google Analytics to be able to show adapted advertising to the website visitors within Google’s advertising network. This allows for the production of reports containing information on age, sex and interests of the page visitors. These data stem from Google’s interest-related advertising and visitor data from third-party providers. These data cannot be attributed to any particular person. You can deactivate this function any time via the display functions in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the point “Objection to the data collection“.

 

Storage period

Data stored by Google on the user and event level linked to cookies, usernames (e. g. user ID) or advertising IDs (e. g. DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. You can find details about this via the following link:

https://support.google.com/analytics/answer/7667196?hl=de.

 

Matomo (ex-Piwik)

This website uses the open-source web analysis service Matomo. Matomo uses technologies allowing for an inter-website recognition of the user to analyse user behaviour (e. g. cookies or device fingerprinting). The information on the use of the website collected by Matomo will be saved on our server. The IP address will be anonymized before the storage.

The use of this analysis tool is based on art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of the user behaviour to optimize his web offer and his own advertising. As far as a corresponding consent has been obtained (e. g. a consent to the storage of cookies), the processing is exclusively based on art. 6 sec. 1 lit. a GDPR; the consent can be revoked any time.

The information on the use of this website collected by Matomo will not be forwarded to any third parties.


7. GEHWOL Shop

Processing of data (client and contract data)

We collect, process and use personal data only as far as they are required to create, conceive the content of or change the legal relationship (inventory data). This is based on art. 6 sec. 1 lit. b GDPR, which permits the processing of data to fulfil a contract or for measures prior to a contract. We only collect, process and use personal data on the use of this website (usage data) as far as this is necessary to allow the user to use the service or charge him/her for that.

The client data collected will be deleted after completion of the order or the end of the business relationship. Legal retention periods remain unaffected.


Data transmission at contract conclusion and product shipping

We only transmit personal data to third parties if this is necessary within the execution of the contract, e. g. to the companies charged with the delivery of the merchandise or to the credit institution charged with payment processing. There will be no further transmission of the data or only if you have explicitly consented to the transmission. There will be no transmission of your data to any third parties, e. g. for advertising purposes, without express consent.

The basis of the data processing is art. 6 sec. 1 lit. b GDPR, which allows for the processing of data to fulfil a contract or for measures prior to the contract.


8. Our social media presence

Data processing by social networks

We maintain publicly accessible profiles in social networks. You can find the individual social networks used by us further below.

In general, social networks like Facebook, Twitter etc. can comprehensively analyse your user behaviour when you visit their website or a website with integrated social media contents (e. g. like-buttons or advertising banners). Many processing steps with privacy relevance are triggered by a visit of our social media sites. In detail:

When you are logged into your social media account and visit our social media site, the operator of the social media portal can attribute such visit to your user account. But your personal data might also be collected when you are not logged in or have no account with the respective social media portal. In such case, the data collection occurs e. g. via cookies that are saved on your device or the collection of your IP address.

By means of those collected data, the operators of the social media portals can create user profiles in which your preferences and interest are registered. By this means, interest-related advertising can be shown to you within or outside the respective social media presence. As far as you have an account with the respective social network, the interest-related advertising can be shown on all devices on which you are or were logged in.

Please also note that we cannot trace all processing steps on the social media portals. Depending on the provider, additional processing operations can therefore be run by the operators of the social media portals. You can find details on that in the terms of use and privacy policy of the respective social media portals.


Legal basis

Our social media presence is supposed to guarantee an Internet presence as comprehensive as possible. This represents a legitimate interest within the meaning of art. 6 sec. 1 lit. f GDPR. The analysis processes initiated by the social networks are based, if applicable, on different legal bases, which must be indicated by the operators of the social networks (e. g. consent within the meaning of art. 6 sec. 1 lit. a GDPR).


Responsible person and assertion of rights

When you visit one of our social media sites (e. g. Facebook), we are responsible for the data processing steps triggered by such visit jointly with the operator of the social media platform. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) as well vis-à-vis us as vis-à-vis the operator of the respective social media portal (e. g. Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have any comprehensive influence on the data processing operations of the social media portals. Our possibilities are mainly determined by the corporate policy of the respective provider.


Storage period

The data directly collected by us via the social media presence will be deleted from our systems as soon as the purpose of their storage has disappeared, you ask us to delete them, you revoke your consent to their storage or the purpose of the data storage no longer applies. Stored cookies remain on your device until you delete them. Compelling legal provisions – in particular retention periods – remain unaffected.

We have no influence on the duration of storage of your data that are stored by the operators of the social networks for their own purposes. For details on that, please turn to the operators of the social networks to inform yourself (e. g. in their privacy statement, see below).


Social networks in detail


Facebook

We have a Facebook profile. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s declarations, the collected data are also transferred to the USA and into other third countries.

We have concluded an agreement on joint processing with Facebook (Controller Addendum). In that agreement, it is determined for which data processing operations we / Facebook are/is responsible when you visit our Facebook site. You can inspect that agreement via the following link:

https://www.facebook.com/legal/terms/page_controller_addendum.

You can autonomously adapt your advertising settings in your user account. To do that, please click on the following link and log in: https://www.facebook.com/settings?tab=ads.

You can find details in Facebook’s privacy statement: https://www.facebook.com/about/privacy/.


Twitter

We use the messaging service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

You can autonomously adapt your Twitter privacy settings in your user account.

To do that, please click on the following link and log in: https://twitter.com/personalization.

You can find details in Twitter’s privacy statement: https://twitter.com/de/privacy.


Instagram

We have a profile with Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can find details on their handling of your personal data in Instagram’s privacy statement: https://help.instagram.com/519522125107875.


Pinterest

We have a profile with Pinterest. The operator is Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA („Pinterest“). You can find details on their handling of your personal data in Pinterest’s privacy statement: https://policy.pinterest.com/de/privacy-policy.


YouTube

We have a profile with YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find additional information on the treatment of your personal data in YouTube’s privacy statement: https://policies.google.com/privacy?hl=de.


9. Changes

From time to time, it is necessary to adapt the content of the present privacy notices for data collected in the future. Therefore, we reserve the right to change this information any time. We will also publish the modified version of the privacy notices here. Therefore, you should read the privacy information once more when you visit us again.

10. Matomo Analytics


Status: August 2020