In all cases, this processing takes place in accordance with the valid data protection laws, in particular in accordance with the requirements of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and supplementary legal regulations. The legal basis for the processing of your personal data on our website is Article 6 (1) Sentence 1 lit. f GDPR.
The controller within the meaning of the General Data Protection Regulation (“GDPR”) is:
Dortmunder Gußasphalt GmbH & Co. KG
Am Hafenbahnhof 10
Phone: +49 231 395797-0
2. DATA PROTECTION OFFICER
You may contact our data protection officer in matters relating to data protection:
Basalt-Actien-Gesellschaft data protection officer
53545 Linz am Rhein
Phone: +49 2644 5630
3. THE PROCESSING OF YOUR PERSONAL DATA/ NATURE AND PURPOSE OF THIS PROCESS/LEGAL BASIS FOR PROCESSING AND STORAGE
Our website collects a series of (general data) and information every time a person or an automated system accesses the website. The collection and storage takes place in the log files of our server.
The following data may be collected and stored:
– The operating system used
– The date and time of access
– Internet Protocol (IP) address
– Browser types and versions
– Referrer (internet page from which our system was accessed),
– Sub-websites controlled by our system
– The internet service provider for the system accessing our website
– Similar data information which protect the user’s system against digital attacks (e.g. anti-virus programmes)
The background to this data collection is:
– Correct provision of the content on our website
– Optimisation of the website
– Ensuring the functionality of our website
– Provision of necessary information to enable prosecution in the event of a cyber attack
– Evaluation in order to increase data protection and security levels to reach an optimum level of protection
– For administrative purposes.
The storage of the server log files takes place separately from the other personal data that is detailed. The legal basis for this processing of your personal data on our website is Article 6 (1) Sentence 1 lit. f GDPR. The legitimate interest results from the abovementioned background to the data collection. No connection will be made to the data subject (user) when collecting and using the abovementioned data. The server log files are deleted on a regular basis.
4. DELETION AND BLOCKING OF PERSONAL DATA
We only process and store your personal data for the period of time necessary to achieve the purpose of the storage or insofar as this is provided for by the GDPR, BDSG, other policies and regulations or other laws.
If the purpose of the storage ceases to be applicable or if a retention period expires, your personal data will be routinely blocked or deleted in accordance with the statutory provisions.
5. SSL OR TLS ENCRYPTION
For security reasons and in order to ensure safe transmission of confidential content that you transmit to us in our capacity as site operator, our website uses SSL or TLS encryption. Thereby, the data you transmit via this website cannot be read by any third party. You can identify an encrypted connection by the “https://“ in your browser’s address bar, as well as by the padlock icon in your browser line.
7. CONTACT FORM
Data transmitted via the contact form, including your contact information, is stored in order to be able to process your request or to be available for follow-up questions. This information will not be shared without your consent. The processing of data entered into the contact form is carried out exclusively on the basis of your consent (Art. 6(1) point a GDPR). You may revoke your consent at any time. To revoke your consent, an informal notice per email will suffice. The legitimacy of the data processing carried out prior to the revocation remains unaffected by such revocation. Data transmitted via the contact form shall remain with us until you request its deletion, you revoke your consent to storage or until there is no longer a need for data storage. Mandatory statutory provisions – in particular storage periods – remain unaffected.
9. VIDEO SURVEILLANCE
Insofar as video surveillance is carried out, the applicable provisions of Section 4 BDSG shall be observed.
In this regard, we would point out that Brief Paper No. 15 of the Data Protection Conference (Datenschutzkonferenz) contradicts CJEU jurisdiction (Judgement v. 11.12.2014, File No.: C-212/13).
10. DATA PROTECTION AND EMAIL APPLICATIONS
We collect and process personal data of applicants for the purpose of facilitating the application process. You can find the data protection information regarding the handling of applicant data of BAG here.
11. YOUR RIGHTS
Your rights are important to us.
In order to exercise your rights that are set out below you can contact our abovementioned data protection officer at any time. In accordance with Article 12 et seq. GDPR, you have the following rights:
A) RIGHT TO CONFIRMATION
In accordance with GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed.
B) RIGHT TO INFORMATION
In accordance with GDPR, you have the right to obtain information about the personal data that is stored concerning you free of charge and to receive a copy of this information. Furthermore, in accordance with GDPR, you have the right to find out
– the purposes of processing
– the categories of personal data that are being processed
– the recipients or categories of recipients to whom the personal data has been or is still being disclosed
– the planned duration for which the personal data is to be stored
– the existence of a right to rectification or deletion of the personal data concerning you or
– to the restriction of the processing by the controller or
– the right to object to this processing,
– the existence of the right to lodge a complaint with a supervisory authority.
C) RIGHT TO RECTIFICATION
In accordance with GDPR, you have the right to request the rectification of personal data concerning you that is incorrect without undue delay. Taking into account the purposes of the data processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
d) RIGHT TO ERASURE
(Right to be forgotten)
In accordance with GDPR, you have the right to require the personal data concerning you to be erased without undue delay where one of the following grounds applied and processing is not essential:
– The purpose of the processing has been achieved
– You withdraw your consent and there is no other legal basis for the processing
– You object to the processing pursuant to Article 21 (1), (2) GDPR
– Your data has been unlawfully processed
– The erasure of personal data is necessarily erased for compliance with a legal obligation in Union or German law
e) RIGHT TO RESTRICTION OF PROCESSING
You have the right to require restriction of the processing where one of the following prerequisites applies:
– You contest the accuracy of the personal data
– The processing is unlawful. You oppose the deletion of the personal data and request the restriction of the use of your data instead
– We no longer require the personal data for the purposes of the processing. However, you require this data for the establishment, exercise or defence of legal claims
f) RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you with which you have provided us in a structured, commonly used and machine readable format. You have the right to transmit this data to another controller without hindrance from us.
g) RIGHT TO OBJECT
Insofar as the processing results from your particular situation, you have the right to object against the processing of personal data concerning you at any time. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights, and freedoms or the processing is for the purpose of the establishment, exercise or defence of legal claims.
h) RIGHT TO WITHDRAW CONSENT TO DATA PROCESSING
You have the right to withdraw consent to the processing of your personal data at any time.
i) RIGHT TO LODGE A COMPLAINT
In accordance with GDPR, you have the right to lodge a complaint with the authority to which we are accountable.
The supervisory authority responsible for us is:
State commissioner for data protection and freedom of information in North Rhine-Westphalia
Postfach 20 04 44
12. TRANSFER OF DATA TO THIRD PARTIES
The transfer of personal data collected via your visit to our website to third parties, except in the abovementioned cases if you have explicitly provided your consent for this in accordance with Article 6 (1) Sentence 1 lit. a GDPR, if there is a legal obligation to transfer the data in accordance with Article 6 (1) Sentence 1 lit. c GDPR or if the data transfer in accordance with Article 6 (1) Sentence 1 lit. b GDPR is necessary for the fulfilment of a contract between you and others.9.
The processing of your personal data carried out by our website is not used for automated decision-making or evaluation (profiling).
14. DEFINITIONS OF TERMS
These terms are explained below:
j) personal data
This means all information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
k) data subject
This means any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
m) restriction of processing
This means the marking of stored personal data with the aim of limiting the processing of this data in the future.
This means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
This means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
This is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
This is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, regardless of whether this is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
s) third parties
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent means any freely given, specific to the individual case, informed and unambiguous indication of the data subject’s wishes made by the data subject by which he or she, by means of a statement or another clear affirmative action, signifies agreement to the processing of personal data relating to him or her.