Политика конфиденциальности

A. Privacy statement for website

B. Privacy statement for social media appearances

C. Privacy policy for contract processing

Status 08/2019

A. Privacy statement for website

We only process users’ personal data (hereinafter known as “data”) to the extent that is is necessary to provide an effective and convenient website, along with its contents and services.

“Processing“ means the collection, use, transmission and/or storage. According to the General Data Protection Regulation (hereinafter called as GDPR) “personal data” is basically all data with which a natural person can be identified. The exact definitions of the terminology are laid down in Art. 4 of the GDPR.

The following explanations are to provide you with information about the type, purpose, duration and legal basis of the processing of personal data, about the intentions and means of processing decided by us alone or with others, as well as about the components of third parties, processing data at their own responsibility, which we adopt for purposes of optimisation and quality of use:

I. Information about the person/party responsible (controller)

II. Rights of the user

III. Information about data processing

I. Information about the person/party responsible (controller)

The controller (hereafter referred to as “supplier”) for the purpose of the GDPR and other national data protection laws of the member states, as well as any other legal data protection regulations is:

  • JBL GmbH & Co. KG
  • Dieselstraße 3
  • D-67141 Neuhofen
  • Tel.: +49/ (0)6236/ 4180-0
  • Fax: +49/ (0)6236/ 4180-999
  • E-Mail: info@jbl.de

The data protection officer of the responsible party is:

  • Killian Hedrich
  • c/o DatCQ GbR
  • Alexander F. Bräuer, Killian Hedrich
  • und Frank Weiß
  • Katharinenstraße 16
  • 73728 Esslingen
  • Phone: +49 (0)711/ 93277955
  • Fax: +49 (0)711/ 93277956
  • Email: dsb@datcq.de

II. Rights of the user

In relation to the processing of their personal data by the supplier, expressed below, the user has the right

  1. to request confirmation as to whether any data concerning them is being processed, to get precise information about this data and any further information and copies of this data according to Art. 15 GDPR; to request the immediate rectification of any inaccurate data concerning them or the correction of this data according to Art. 16 GDPR;
  2. to request that their data is promptly deleted according to Art. 17 GDPR, or, alternatively, if, for example, further processing according to Art. 17(3) GDPR is required, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR;
  3. to receive the data concerning them and supplied by them according to Art. 20 GDPR and to demand the transmission of their data to other persons/parties responsible;
  4. to file a complaint with the supervisory authority in accordance with Art. 77 GDPR, if the user believes that the processing of their data by the provider is in breach of the GDPR.
  5. In principle, the user is entitled at any time to object to the future processing of the data concerning them, which is processed by a person/party responsible on the basis of Art. 6(1) point f GDPR in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes. The provider is also obliged to inform any recipient of the data to whom the data was disclosed, of any correction or deletion of the personal data or of any restriction of the processing that takes place on the basis of Article 16 GDPR, Article 17(1) GDPR and Article 18 GDPR. The obligation does not exist in the event that this communication proves to be impossible or involves a disproportionate effort. The user has the right to receive information regarding these recipients.

III. Information about data processing

If no detailed information is given about data after processing, the user’s data will be deleted or blocked, once processed by the supplier. This will happen as soon as the purpose of the storage ceases to apply, and provided its deletion is not in conflict with statutory storage obligations.

Server data

For communication and security reasons the following data, amongst others, which the web browser of the user submits to the supplier or their webspace supplier (so-called server log files) are collected during their visit to the website:

  • Browser type and version;
  • operating system used;
  • website, from where the user has visited the supplier’s website (referrer URL);
  • website visited by the user;
  • date and time of the access;
  • internet protocol (IP) address of the user.

In addition the data is temporarily stored. The storage of this data together with other personal data of the user does not take place. Legal basis for the temporary storage is Art. 6(1) point f GDPR, based on the legitimate interest to improve the stability, statistics, functionality and the security of the website.

The data will be deleted after seven days at the latest. Data stored beyond this for purposes of evidence is exempt from deletion until the incident has been finally clarified.

Cookies

1. “Session” cookies

The suppliers use so-called cookies on their websites. Cookies are small text files or other storage technologies which the user’s internet browser places and saves on the end device. These cookies to a specific extent process certain user information, such as browser and location data and IP address information.

The processing allows the supplier to render their website more user-friendly, effective and reliable. Thus processing enables a viewing of the content in different languages or, if required, the use of a shopping cart function. If these cookies process personal data for the purpose of the initiation and execution of a contract, the legal basis of the processing is Art. 6(1) point b GDPR.

Should the processing not aim to achieve the initiation and execution of a contract, it serves the supplier’s legitimate interest for the improvement of the website functionality and is derived by the legal basis of Art. 6(1) point f GDPR.

These cookies will be deleted once the user closes the browser.

2. Cookies of third-party suppliers

Cookies from third-party suppliers may also be used on the website of the supplier. These third-party suppliers are partner companies which co-operate with the supplier for the purposes of advertising, analysis or the functionalities of the website. If this is the case the purposes and the legal basis of the corresponding processing are described in the following explanations.

3. Deletion options

The user can prevent or limit the installation of the cookies with their browser setting. Cookies that are already stored can also be deleted at any time. The settings required here are dependent on the respective browser. Flash cookies cannot be prevented with the browser setting, but through the respective setting of the Flash Player. If the user prevents or limits the installation of the cookies this can mean that not all functions of the website are fully usable.

Customer account/registration

With each registration, the IP address, the date and the time of the registration will be saved. Legal basis here is Art. 6(1) point f GDPR. The legitimate interest of the supplier is the proof of a data protection compliant registration. The data is not passed on to third parties.

1. General registration

In addition to the registration purposes detailed below, the supplier offers additional services which are accessible after registration. The user data entered on this occasion during registration, which can vary on the basis of the purpose of registration (name, email address and when appropriate, additional address and telephone number), are only processed by the supplier for the purpose selected by the user.

The legal basis for this is Art. 6(1) point a GDPR. In the consent wording the user is told the respective purpose of the processing. Based on Art. 7(3) GDPR the user can withdraw their given consent to this with a notification at any time.

2. Contract processing

If the user registers for the purpose of ordering goods, the data entered in the course of this registration (name, address, email address, telephone number) will in the first instance be used to form part of the contract processing.

The legal basis for this is Art. 6(1) point b GDPR. The user data processed for this purpose will be deleted upon the expiry of the deadline in accordance with the corresponding retention periods of fiscal and commercial law.

At the same time the data will be used to conclude future contracts and for general customer relations management (e.g. access to previous orders or memo function).

The legal basis for this is Art. 6(1) point a GDPR. Based on Art. 7(3) GDPR the user can withdraw their given consent to have a customer account with a notification at any time.

3. Product registration/guarantee extension

If the user registers for the purpose of a guarantee extension, the data entered in the course of this registration (name, address, email address, telephone number, type of device, date of acquisition, vendor) will in the first instance be used for the future processing of a guarantee claim.

The legal basis for this is Art. 6(1) point b GDPR. The user data processed for this purpose will be deleted upon the expiry of the guarantee in accordance with the corresponding retention periods of fiscal and commercial law.

4. Newsletter

If the user subscribes to the supplier’s free newsletter, the data (email address and name), requested in the registration mask, will be processed by the supplier in order to deliver the user’s chosen topic. In addition the IP address, the date and the time of registration will be saved. During the registration procedure the user's permission will be requested, and the contents will be clearly described. At the same time reference will be made to the data protection policy. The data collected this way will be exclusively used to dispatch the newsletter. The data will not be passed on to third parties.

The legal basis for this is Art. 6(1) point a GDPR. In accordance with Art. 7(3) GDPR the user can withdraw their future consent through a notification to the supplier or use of the unsubscribe link in the newsletter at any time.

5. Contact/ticket

If the customer registers for the purpose of contacting the supplier or making a service request, the personal data of the user entered on this occasion (name, address, email address, telephone number) will be used to process the request. The data is required to reply to the request. Without it a reply is not, or only to a limited extent, possible. The legal basis for this use is Art. 6(1) point b GDPR. The user data will be deleted, provided that the user request has been answered conclusively and as long as statutory storage obligations or guarantee/defect claims do not require otherwise.

6. Competition

If the user takes part in a competition organised by the supplier and registers for this purpose, the data entered for participation by the user (name, address, email address, telephone number) will be used by the supplier without further consent for the sole purpose of conducting and concluding the competition/raffle.

As part of the competition the user’s personal data will be transmitted to the forwarding company commissioned to deliver or to a financial service supplier, as far as this is necessary for the delivery or the payment of a prize.

The legal basis for processing participation data is Art. 6(1) point b GDPR.

The user data stored to participate in the competition will be deleted fourteen days after the draw, except the data of the winners, which will only be deleted upon the expiry of the deadline in accordance with the corresponding retention periods of fiscal and commercial law.

If the participation takes place through “Facebook”, Facebook will also process certain data and the supplier’s and user’s member accounts will be linked. For that purpose we refer to Facebook’s privacy policy here: https://de-de.facebook.com/about/privacy

7. Comments/posts

Through the evaluation or comment function (posts) of the website, which is available after registration, the users have the opportunity to publish their requests, replies or opinions.

In doing so the post, the post submission date and the name, stated by the user, will be processed and published by the supplier.

The legal basis is Art. 6(1) point a GDPR. Based on Art. 7(3) GDPR the user can withdraw their future consent with a notification to the supplier at any time.

In addition the IP address and the email address of the user will also be processed. The processing of the IP address takes place because of the legitimate interest of the supplier in the event that the contribution of the user interferes with the rights of third parties and/or that illegal contents are distributed.

The legal basis is Art. 6(1) point f GDPR. The supplier’s legitimate interest arises from any necessary legal defence.

While contacting of the user by email, the supplier uses the personal user data entered on this occasion to process the request. The data is required to reply to the request. Without it a reply is not, or only to a limited extent, possible. The legal basis for this is Art. 6(1) point b GDPR. The user data will be deleted, provided that the user request has been answered conclusively and as long as statutory storage obligations, such as a subsequent contract implementation etc., require otherwise.

Payment service provider Klarna

The provider uses the payment service provider Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, hereinafter referred to as "Klarna", for the payment processing of orders via the online shop.

For this purpose, the provider has integrated Klarna's "check-out" on the final order page.

The legal basis for the processing of personal data is Art. 6(1) point b GDPR (fulfilment of contract) and the legitimate interest of the provider in the offer of effective and secure payment options pursuant to Art. 6(1) point f GDPR.

As a result of this integration, the user's browser loads the "check-out" page from a Klarna server during the order process. As a result, the following data of the user are transmitted to the server of Klarna without the user interacting with the "check-out" page:

  • browser type and version;
  • used operating system;
  • website from which the user requests the "check-out";
  • date and time of the call;
  • internet protocol (IP) address of the user.

With the payment methods advance payment and PayPal the processing is limited without further consent of the user to the passing on of the payment data to the seller or PayPal.

When selecting the payment methods purchase on account, installment purchase, immediate transfer, credit card or direct debit, the following personal data are processed by Klarna for payment and, in this connection, for identity and credit checks:

  • Contact information such as first name, last name, address, date of birth, gender, email address, IP address, phone number, mobile phone number, etc .;
  • Information about processing the order, such as product type, product number, price, etc .; payment information, such as debit and credit card information (card number, expiry date and CCV code), billing information, account number, etc .;
  • In the case of the choice of "purchase on account" or "installment purchase", Klarna collects and uses personal data and information about the previous payment behavior of the user as well as probabilities for its payment behaviour in the future (so-called scoring). This is in order to decide whether the payment method can be offered to the user. The scoring calculation is carried out on the basis of scientifically recognized mathematical-statistical methods.

Further information on the aforementioned processing by Klarna and the applicable data protection provisions of Klarna can be found under https://cdn.klarna.com/1.0/shared/content/policy/data/en_de/data_protection.pdf .

Contact requests via email

In the event of an order completion by the user, data entries are made in the input mask of the "check-out" page and Klarna takes responsibility for payment processing.

Job applications

With digital job applications we collect and process the application data electronically for the purpose of conducting the application procedure.

The legal basis for the processing is § 26(1) sentence 1 BDSG (Bundesdatenschutzgesetz = German privacy law) in conjunction with Art. 88(1) GDPR.

If your application leads to an employment contract, the data submitted can be stored in the personnel file for the purpose of the usual organisational and administrative processes, in compliance with the relevant legal regulations.

The legal basis for the processing is § 26(1) sentence 1 BDSG (Bundesdatenschutzgesetz = German privacy law) in conjunction with Art. 88(1) GDPR.

The deletion of the data submitted will occur automatically with the rejection of the job application two months after notification of the rejection. This does not apply if legal requirements (burden of proof under German general equal treatment law (AGG)) require a longer storage period of up to four months or until any legal proceedings are concluded.

The legal basis for this is Art. 6(1) point f GDPR and § 24(1) no. 2 BDSG (Bundesdatenschutzgesetz = German privacy law). The legitimate interest of the supplier is the legal defence.

If consent has explicitly been given to store the data longer in a database for interested parties, the data will be processed on the basis of the consent.

The legal basis for this is Art. 6(1) point a GDPR. In accordance with Art. 7(3) GDPR any future consent given to this can be withdrawn at any time through a notification to the supplier.

Youtube

The supplier uses on its website a tool for the display of video sequences of the company YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. YouTube is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

YouTube, a subsidiary company of Google, is certified with the “EU-US Privacy Shield“ and thus guarantees compliance with EU data protection guidelines for any data processed in the USA.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The legal basis for this is Art. 6(1) point f GDPR. The legitimate interest of the supplier is the improvement of the quality of use on the website. The supplier uses YouTube with YouTube’s “enhanced privacy mode” option.

According to YouTube, when using the “Advanced Privacy Mode” any subsequent data is only sent to the YouTube server when a video is started.

If the user visits a page with an embedded video, a connection to the YouTube servers in the USA will be established and instructions issued to the user’s browser to enable the content to be shown on the website. For this purpose YouTube processes at least the IP address, the date, time and page visited by the user. This also leads to a connection to the Google “DoubleClick” network. If the user is logged in to YouTube at the same time, the connection information is assigned to the user’s YouTube member account.

If the user wishes to prevent YouTube from assigning the information it has collected directly to their member account, they need to log out of YouTube before they visit the website. In addition it is possible to configure the user account accordingly.

YouTube also uses permanent cookies for functionality and analysis.

Should a user not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Closer information about this can be found under “Cookies”.

For further information about the collection and use of data by Google and about the user’s corresponding rights and ways of protecting their privacy, please refer to Google’s Privacy Policy:

https://policies.google.com/privacy

HERE Maps

The supplier uses the component "HERE Maps" of the company HERE Global B.V, Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands, hereinafter referred to as "HERE", for the visual location display of the specialist dealers.

To display the locations a connection to the server of HERE and a request by the component for the visitor’s IP address are necessary. The component will initially use the IP address solely to send appropriate information to the browser or visitor. The IP address is therefore required to display this feature. The connection enables HERE to identify the website from which an enquiry has been sent and the IP address to which the location display of the specialist dealers is to be transmitted.

In addition, HERE will set a cookie to process user preferences and data when displaying the page and the associated features the "HERE Maps" component is integrated into.

If the user does not agree with this processing, it is possible to prevent the installation of the cookie by setting the browser accordingly. More information on this can be found under "Cookies".

The legal basis for this is Art. 6(1) point f GDPR. The legitimate interest of the supplier is the optimisation of its website functions.

If the visitor consents, specifically through a browser setting or browser release, HERE will also use the visitor’s IP address to process their approximate location and display the nearest specialist dealer.

The legal basis is Art. 6(1) point a GDPR. Future consent can be revoked at any time through the appropriate browser setting.

HERE offers further information on the relevant data processing under the following link: https://legal.here.com/en-gb/privacy/policy

JBL ProScan APP

Using application software (app) for mobile operating systems, the provider enables the user to analyse and diagnose their aquarium water. To do this the following data is collected from the provider and third parties:

1. Downloading the app

To use the app you need to install it on your mobile device. This can be done via the Google Play Store or the Apple App Store.

Google Play Store is a service of Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter "Google."

Google also collects, stores and processes data that may be required for the payment or function of the app. More about this: https://www.google.com/intl/en/policies/privacy/

App Store is a service of Apple Inc. One Apple Park Way, Cupertino, Calif. 95014 USA, hereinafter "Apple".

Apple also collects, stores and processes data that may be required for the payment or function of the app. More about this: https://www.apple.com/legal/privacy/en-ww/

2. Information about any access(es) required

For you to use its features, the app needs to access the following contents or features on your mobile device:

Accounts: To run the app, it needs to save and confirm a user account on the customer's device. To do this, the app accesses the account authentication features of the account manager.

Camera/photos: Access to the camera and photos also gives the app access to the memory of the mobile device while carrying out its functions. This allows the reading, saving, changing or deleting of photos in the memory. The contents are primarily images captured by the user via the app.

Access to or retrieval of network connections: The app requires partial access to existing networks so that it can retrieve data over the Internet. As part of this function, the app will also review which mobile networks, such as LTE or Wi-Fi, are available, in order to optimise the transmission.

The legal basis for the processing is Art. 6 para. 1 point b GDPR.

The user-approved app authorisations can be changed under "Settings" of the device at any time. If the permissions are deactivated you may not be able to use all the features of the app.

More information about the permissions of the settings:

https://support.google.com/googleplay/answer/6270602?hl=en&ref_topic=6046245

https://support.apple.com/en-en/HT207830

3. Server log files

For communication and security reasons, the following data on the mobile device is transmitted to the provider or their web space provider during use of the app (so-called server log files):

  • Smartphone type
  • App version
  • Operating system used
  • Date and time of access
  • User ID
  • Aquarium ID
  • Internet protocol (IP) address of the user or the device and card identifiers.

Your personal data will be stored in an anonymous form afterwards for analysis purposes.

4. Newsletter

If the user signs up for the provider’s free newsletter ProScan, the email address will be processed by the supplier in order to deliver the newsletter. As part of the installation of the APP, the consent of the user is obtained and reference will be made to this privacy policy. The data collected this way will be used exclusively to dispatch the newsletter. The data will not be passed on to third parties.

The legal basis for this is Art. 6(1) point a GDPR. In accordance with Art. 7(3) GDPR the user can withdraw their future consent through a notification to the supplier or use of the unsubscribe link in the newsletter at any time.

B. Privacy policy for social media appearances

To promote our products and services as well as to communicate with interested parties or customers, we use so-called social media platforms.

In particular, the details below will inform you of the nature, scope, purpose, duration and legal basis of the processing of personal data when you visit or contact one of our company presentations on a social media platform or contact us via this platform.

"Processing" is the collection, use, transfer and/or storage. According to the General Data Protection Regulation (hereinafter referred to as "GDPR"), "personal data" essentially includes all data with which a natural person can be identified. The exact definitions of the terms are defined in Art. 4 GDPR.

I. Information about the jointly responsible persons/parties (controllers)

II. Rights of the user

III. Information about data processing

I. Information about the jointly responsible persons/parties

For all social media platforms listed below,

  • JBL GmbH & Co. KG
  • Dieselstraße 3
  • D-67141 Neuhofen
  • Phone: +49/ (0)6236/ 4180-0
  • Fax: +49/ (0)6236/ 4180-999
  • Email: info@jbl.de

- hereinafter referred to as "provider" -

is jointly responsible with the platform operator named below within the meaning of Art. 26 GDPR.

The external data protection officer of the provider is:

  • Killian Hedrich
  • c/o DatCQ GbR
  • Alexander F. Bräuer, Killian Hedrich
  • und Frank Weiß
  • Katharinenstraße 16
  • 73728 Esslingen
  • Phone: +49 (0)711/ 93277955
  • Fax: +49 (0)711/ 93277956
  • Email: dsb@datcq.de

Facebook and Instagram

On the social media platforms "facebook", and “Instagram” the provider is jointly responsible with

  • Facebook Ireland Ltd.
  • 4 Grand Canal Square
  • Grand Canal Harbour
  • Dublin 2 Ireland

.

The data protection officer of facebook can be reached via a contact form: https://www.facebook.com/help/contact/540977946302970

The jointly responsible persons/parties have concluded an agreement on their respective obligations arising from the GDPR. This agreement can be accessed under the following link: https://www.facebook.com/legal/terms/page_controller_addendum

II. Rights of the user

Regardless of the details of the agreement, you may exercise your rights under the GDPR with and against each of the persons/parties responsible.

The user has the right, with respect to the processing of his personal data reproduced below by the controllers, to

  1. to request confirmation as to whether any data concerning them is being processed, to get precise information about this data and any further information and copies of this data according to Art. 15 GDPR;
  2. to request the immediate rectification of any inaccurate data concerning them or the correction of this data according to Art. 16 GDPR;
  3. to request that their data is promptly deleted according to Art. 17 GDPR, or, alternatively, if, for example, further processing according to Art. 17(3) GDPR is required, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR;
  4. to receive the data concerning them and supplied by them according to Art. 20 GDPR as well as the further right to demand their transmission to other persons/parties responsible;
  5. to file a complaint with the supervisory authority in accordance with Art. 77 GDPR, if the user believes that the processing of their data by the provider is in breach of the GDPR.
  6. In principle, the user is entitled at any time to object to the future processing of the data concerning them, which is processed by a person/party responsible on the basis of Art. 6(1) point f GDPR in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes. The person/party responsible is also obliged to inform any recipient of the data to whom the data was disclosed, of any correction or deletion of the personal data or of any restriction of the processing that takes place on the basis of Article 16 GDPR, Article 17(1) GDPR and Article 18 GDPR. The obligation does not exist in the event that this communication proves to be impossible or involves a disproportionate effort. The user has the right to receive information regarding these recipients.

III. Information about data processing

To advertise its products and services as well as to communicate with any interested persons/parties or customers, the provider operates a company presence on the following platform(s).

The legal basis for the processing of personal data resulting from this and subsequently reproduced for each platform is Article 6 (1) point f GDPR. The legitimate interest of the provider is in the analysis, communication, sales and promotion of its products and services.

Legal basis may also be a consent of the user to the platform operator in accordance with Art. 6(1) point a GDPR. According to Art. 7(3) GDPR, the user can revoke this consent at any time by sending a message to the platform operator.

Facebook and Instagram

Visiting the provider's online presence on their “Facebook” and “Instagram” platforms enables Facebook Ireland Ltd., as operator of both platforms in the EU, to process user data (e.g. personal information, IP address etc.).

This user data gives the provider statistical information about the use of its company presence on “Facebook” and “Instagram”. Facebook Ireland Ltd. uses this data for market research and advertising purposes in particular, and also to create user profiles. On the basis of these profiles, Facebook Ireland Ltd. is able, for example, to place advertising within and outside “Facebook” and “Instagram” in an interest-based manner for the user. If the users are logged in to their Facebook account at the time, Facebook Ireland Ltd. can also link the data to their respective user account.

If the user contacts the provider through “Facebook” and “Instagram”, the personal data of the user entered on this occasion is used to process the request. The user's data will be deleted by the provider once the user's request has been concluded, provided that no legal storage obligations, such as for a subsequent contract, exist.

Facebook Ireland Ltd. may also set cookies to process data.

If the user does not agree with this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented using the browser settings, but with the corresponding setting of the Flash Player. If the user prevents or restricts the installation of cookies, this may mean that not all facebook features are fully usable.

More details on the processing activities, their suppression and the deletion of the data processed by “Facebook” and “Instagram” can be found in the data policy of “Facebook” and “Instagram”:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

It can not be ruled out that Facebook Ireland Ltd.’s processing will also take place in the USA through Facebook Inc., 1601 Willow Road, Menlo Park, California 94025.

Facebook Inc. has submitted to the "EU-US Privacy Shield", thereby complying with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

C. Privacy policy for contract processing

1. Name and contact details of the person/party responsible (controller)

  • JBL GmbH & Co. KG
  • Dieselstraße 3
  • D-67141 Neuhofen
  • Phone: +49/ (0)6236/4180-0
  • Fax: +49/ (0)6236/4180-999
  • Email: info@jbl.de

The external data protection officer of the person/party responsible (controller) is:

  • Killian Hedrich c/o DatCQ GbR
  • Alexander F. Bräuer, Killian Hedrich und Frank Weiß Katharinenstraße 16
  • 73728 Esslingen
  • Phone +49 (0)711/93277955
  • Fax: +49 (0)711/93277956
  • Email: dsb@datcq.de

2. Collection and storage of personal data as well as nature and purpose and their use

When you place an order with us or request a quote, we collect the following information:

  • title, first name, surname, email address, address, telephone number and bank details, when applicable;
  • information required for contract processing.

The collection of this data takes place

  • to identify you as our customer or prospect;
  • to be able to carry out the order;
  • to be able to serve you properly;
  • for correspondence with you;
  • for customer administration;
  • for billing purposes.

The data processing takes place on the basis of your order or request for proposal and according to Art. 6(1) sentence 1 point b GDPR for the stated purposes necessary for the proper execution of the contract and for the mutual fulfilment of the contractual obligations.

In addition, we reserve the right to use your data for direct marketing by email or by post pursuant to Art. 7 (3) UWG if you do not object to this use. Direct advertising exclusively includes offers for similar services as those already booked by you with us. The legal basis in this case is Art. 6(1) point f GDPR. Our legitimate interest lies in the economic interest of the sale of our services.

The personal data collected by us for the commissioning will be stored until the end of the assignment and thereafter deleted, unless we are obliged under Article 6(1) sentence 1 point c GDPR to retain it for a longer period of time due to tax and commercial law or other statutory storage and documentation obligations (for example from HGB, StGB or AO), or you have consented to storage beyond that, according to Art. 6(1) sentence 1 point a GDPR.

3. Disclosure of data to third parties

A transfer of your personal data to third parties for purposes other than those listed below does not take place.

Insofar as this is required in accordance with Art. 6(1) sentence 1 point b GDPR for the execution of the contract, your personal data will be passed on to third parties. This includes in particular the transfer of your data to financial service providers or transport companies, if this is necessary for the payment and delivery of the subject of the contract.

4. Consent

Any processing of your personal data outside the fulfilment of the contract can take place with your consent. Such consent must have been expressly given by you and can be revoked by you at any time for the future. If we ask you for such voluntary consent, we will inform you separately about the purpose.

The legal basis for such processing is Art. 6(1) point a GDPR.

5. Rights of the persons affected

You have the right:

  • in accordance with Art. 7(3) GDPR, to revoke any consent you once gave to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of the personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the correctness of the data, if the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or if you have lodged an objection against the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive the personal data you disclosed to us, in a structured, common and machine-readable format or to request the transfer to another responsible party, and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, workplace or our company headquarters.

5. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1) sentence 1 point f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for doing so which arise from your particular situation. In particular, the objection may be lodged against the processing of your personal data for the purposes of direct advertising.

If you wish to exercise your right of objection, simply send an email to: info@jbl.de