#Data Protection Regulation
General Data Protection Regulation per GDPR
The data controller in accordance with the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is:
A&M STABTEST Labor für Analytik und Stabilitätsprüfung GmbH
Managing Directors: Dr. H.-J. Diehl, Dr. D. N. Dill, Björn Kümer, Dr. Lejon Martens
Tel +49 (0) 2271-7559100
Fax +49 (0) 2271-7559200
I. General information regarding data processing
1. Scope of the processing of personal data
We only process the personal data of our users insofar as this is necessary in order to provide a functional website, as well as our contents and services. The processing of personal data of our users usually only takes place with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons, and where processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Section 1 letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for this. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 Section 1 letter b GDPR serves as the legal basis for this. This also applies to processing activities that are necessary in order to perform pre-contractual measures.
Insofar as the processing of personal data is necessary in order to satisfy a legal obligation to which our company is subject, Art. 6 Section 1 letter c GDPR serves as the legal basis for this. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Section 1 letter d GDPR serves as the legal basis for this. If processing is necessary in order to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 Section 1 letter f GDPR serves as the legal basis for processing.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose for it being stored has ceased to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU directives, laws or other regulations to which the data controller responsible is subject. The data is then also blocked or deleted if a storage period stipulated by the standards cited expires, unless there is a requirement for further storage of the data in order to conclude or fulfil a contract.
II. Provision of the website and creation of log files
1. Description and scope of data processing
very time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected:
(1) Information regarding the browser type and version used
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access
The data is also stored in our system’s log files. This data is not saved together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 Section 1 letter f GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website. Furthermore, the data enables us to optimise the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 Section 1 letter f GDPR.
4. Duration of storage
The data are deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of data acquisition for the provision of the website, this applies when the relevant session is ended. If the data are stored in log files, this is the case after no more than seven days. It is possible to save the data beyond that. In this case, the user IP addresses are deleted or altered so that it is no longer possible to assign the accessing client.
5. Option of objection and removal
The acquisition of data for the provision of the website and the storage of the data in log files is essential for operation of the website. The user therefore has no option to object.
III. Email contact
It is possible to contact us via the email addresses provided on our website. In this case, the user's personal data transmitted with the email is stored. Data transmitted in this way are not passed on to third parties. The data are used exclusively for processing the correspondence.
1. Legal basis for data processing
The legal basis for the processing of data transmitted during the course of sending an email is Art. 6 Section 1 letter f GDPR. If email contact takes place with the intention of concluding a contract, Art. 6 Section 1 letter b GDPR serves as an additional legal basis for processing.
2. Purpose of data processing
If you contact us by email, this also constitutes the legitimate interest required for processing the data.
Any further personal data processed within the scope of the sending process serves to prevent misuse of the contact email and to ensure the security of our information technology systems.
3. Duration of storage
The data are deleted as soon as they are no longer necessary for the purpose for which they were collected. For personal data sent by email, this is the case when the respective correspondence with the user has ended. Correspondence ends when it is clear from the circumstances that the matter in question has been definitively clarified.
Any additional personal data acquired during the sending process are deleted after a period of seven days at the latest.
4. Option of objection and removal
The user has the option of withdrawing their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such cases, the correspondence cannot continue.
All personal data stored during the course of contact will be deleted in this case.
IV. Rights of the data subject
If your personal data is processed, you are the data subject according to GDPR and you are entitled to the following rights in relation to the data controller:
1. Right to information
You can request confirmation from the data controller as to whether personal data concerning you are being processed by us.
In the event of such processing, you may request the following information from the data controller:
(1) The purposes of processing personal data concerning you;
(2) The categories of personal data that are being processed;
(3) The recipients or the categories of recipients respectively to whom personal data concerning you has been disclosed or will be disclosed;
(4) The planned duration of storage of personal data concerning you or, if it is not possible to provide definitive information in this regard, the criteria for the duration of storage;
(5) The existence of a right to the rectification or deletion of personal data concerning you, of a right to have the processing limited by the data controller, or of a right to object to such processing;
(6) The existence of a right to object to a regulatory authority.
You have the right to demand information on whether personal data concerning you is being transmitted to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
2. Right to correction
You have the right to demand that the data controller correct and/or complete any personal data processed concerning you, if it is incorrect or incomplete. The data controller must perform the correction immediately.
3. Right to restriction of processing
Under the following conditions, you can request that the processing of personal data concerning you be restricted:
(1) If you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
(2) If processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;
(3) If the data controller no longer requires the personal data for the purposes of the processing, but you require it in order to assert, exercise or defend legal claims, or
(4) If you have lodged an objection to the processing in accordance with Art. 21 Section 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed - with the exception of its storage - with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal entity, or on grounds of an important public interest of the European Union or a Member State.
If the processing restriction has been limited in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You may request that the data controller delete personal data concerning you without delay, and the data controller is obliged to delete such data without delay, if one of the following reasons applies:
(1) The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based in accordance with Art. 6 Section 1 letter a, or Art. 9 Section 2 letter a GDPR and there is no other legal basis for the processing.
(3) You lodge an objection to the processing in accordance with Art. 21 Section 1 GDPR and there are no legitimate reasons for the processing that take precedence, or you lodge an objection to the processing in accordance with Art. 21 Section 2 GDPR.
(4) Personal data concerning you have been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to comply with a legal obligation under European Union law or the law of the Member States to which the data controller is subject.
(6) The personal data concerning you has been collected in relation to information society services offered in accordance with Art. 8 Section 1 GDPR.
b) Information to third parties
If the data controller has publicly disclosed your personal data and is obliged to delete these data in accordance with Art. 17 Section 1 of the GDPR, the data controller shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those data controllers who process the personal data that you, as a data subject, have requested that they delete all links to these personal data or copies or replications of these personal data.
The right of deletion does not apply if the processing is necessary:
(1) In order to exercise the right to freedom of expression and information;
(2) In order to comply with a legal obligation to do so under European Union or Member State law to which the data controller is subject, or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;
(3) For reasons of public interest in the field of public health in accordance with Article 9 Section 2 letters h and i, as well as Article 9 Section 3 GDPR;
(4) für im öffentlichen Interesse liegende Archivzwecke, wissenschaftliche oder historische Forschungszwecke oder für statistische Zwecke gem. Art. 89 Abs. 1 DSGVO, soweit das unter Abschnitt a) genannte Recht voraussichtlich die Verwirklichung der Ziele dieser Verarbeitung unmöglich macht oder ernsthaft beeinträchtigt, oder
(5) For the purposes of archiving, or for scientific or historical research purposes, which are in the public interest, or for statistical purposes in accordance with Art. 89 Section 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or (5) In order to assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to data correction or deletion, or to the restriction of data processing in relation to the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this data correction or deletion, or the restriction of data processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller.
6. Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 Section 1 letters e or f of the GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless they can demonstrate compelling reasons for processing that are worthy of protection and that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as this relates to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You may exercise your right to object in connection with the use of information society services by means of automated procedures involving technical specifications, without prejudice to the European Directive 2002/58/EC.
7. Right to appeal to a regulatory authority
Without prejudice to any other administrative or legal remedy, you have the right to appeal to a regulatory authority, in particular in the Member State in which you are resident or work, or the place of the suspected infringement, if you are of the opinion that the processing of personal data concerning you is a violation of the GDPR.
The regulatory authority to which the appeal is submitted shall inform the complainant about the status and the results of the appeal, including the possibility of legal remedy in accordance with Art. 78 GDPR.