1. Data privacy statement
This website (referred to hereinafter as the “website”) is provided by CiS Electronic GmbH (referred to hereinafter as “us” or “we”).
For additional information about the provider of the website, refer to our legal notice.
1.1. Name and address of the responsible party
The responsible party as defined in the General Data Protection Regulation and other national data protection laws of the Member States, as well as other legal data privacy regulations is:
CiS electronic GmbH
Europark Fichtenhain A 15
47807 Krefeld, Germany
Tel.: +49 2151 3787-0
1.2. Name and address of the data protection officer
The data protection officer of the responsible party is:
40764 Langenfeld, Germany
1.3. Principles of the data processing
1.3.1. Purpose and scope of the processing of personal data
We only collect and use personal data of our users to the extent that is necessary to provide a functional website and our content and services.
The collection and use of personal data of our users normally only takes place after the user’s consent. An exception applies in such cases where it is no possible to obtain consent beforehand based on the circumstances and the processing of the data is permitted by other statutory regulations.
(1) Consent Insofar as we have obtained consent of the data subject to process personal data, Art. 6, para. 1 lit. of the EU General Data Protection Regulation (GDPR) as a legal basis.
2) Fulfilment of a contract When processing personal data of a person who is a contractual party is necessary for fulfilment of said contract, Art. 6, para. 1, lit. b of the GDPR applies as a legal basis. This also applies for processing which is necessary for implementation of pre-contractual measures.
(3) Legal obligation Insofar as processing of personal data is necessary for fulfilment of a legal obligation to which our company is subject, Art. 6, para. 1, lit. c of the GDPR applies as a legal basis.
(4) Vital interests In cases where the essential interests of the data subject or another natural person necessitate processing of personal data, Art. 6, para. 1, lit. d of the GDPR applies as a legal basis.
(5) Entitled interests If processing is necessary for protection of a legitimate interest of our company or a third party and said interest does not override the interests, basic rights and basic liberties of the data subject, Art. 6, para. 1, lit. f of the GDPR applies as a legal basis for the processing.
1.3.2. Storage period and data deletion
The personal data of the data subject is deleted or blocked as soon as the purpose of storage is no longer provided. Storage beyond that time can also take place if required by European or national legislation in European Union regulations, statutes or other requirements to which the responsible party is subject. Blocking (“limitation”) or deletion of the data also takes place if a storage period prescribed by the indicated standards has expired, unless continued storage of the data is necessary for conclusion or fulfilment of a contract.
1.3.3. Possibility of objection
The collection of data for preparation of the website and the storage of data in log files are necessary for operation of the internet site. Consequently, there is no possibility of objection on the part of the user.
1.4. Handling of personal data
We would like to inform you about how we handle personal data with the use of this website. If nothing different is described in the paragraphs below, the legal basis for the handling of your personal data arises from the necessity of handling for the provision of the functionalities on this website requested by you (Art. 6(1)(b) General Data Protection Regulation).
1.5.1. Accessing the website
1.5. Use of the website
When you call up our website, your browser transfers certain data to our web server in order to provide you with the information that you requested.
In order to enable your visit to the website, the following data is collected, stored temporarily and used:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Contents of the request (concrete page)
- Operating system and its access status / HTTPS status code
- Amount of data transmitted
- Website from which the request to our website comes
- Websites called up by the user of our website
- Browser, language and version of the browser software
Furthermore, we store the data for a limited time to protect our legitimate interests in order to be able to deduce personal data in case of impermissible access or attempts to access local servers (Art. 6(1)(f) General Data Protection Regulation).
What cookies are
We use “cookies” on this website. Cookies are small text files for your browser which are placed in the memory of your end device. Cookies store certain information (e.g. your preferred language or page settings) which can be sent to us by your browser on a return visit of our website (depending on the life of the cookie).
Which cookies we use
We differentiate between two categories of cookies:
(1) technically necessary (function-related) cookies without which the functionality of our website and the provision of services would be limited for users of the website and (2) optional cookies for website analysis and marketing purposes.
Basically, you can change the settings in your browser so that you are informed when cookies are set and decide whether to accept the cookies individually or to reject acceptance of cookies for specific cases or in general. Non-acceptance of cookies can limit the functionality of our website.
We use the following optional cookies on this website:
Web analysis with Google Analytics The purpose of the processing of this cookie is the issuance of a randomly generated ID for your device with which we recognise your device on your next visit. These cookies are stored for 6 months. Details about the website analysis are provided in the relevant chapter below.
Subject to your consent
We only use these optional cookies with your prior consent (Art. 6(1)(a) of the General Data Protection Regulation).
If you are visiting our website for the first time, a banner appearing on our website requests your consent to the use of optional cookies. If you provide our consent, we store a cookie on your computer and the banner is no longer displayed for the life of the cookie. Afterwards, or if you actively delete this cookie beforehand, the banner will appear again on your next visit to our website in order to obtain your consent again.
Of course, you can also use our website entirely without cookies. You can configure or deactivate cookies in the settings of your browser at any time. However, this can result in limitations of the functions or user-friendliness of our offering. You can reject the use of optional cookies at any time by utilising the appropriate rejection possibilities in the table above.
1.5.3. Google Analytics
On this website, we use Google Analytics, a website analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
Google analyses your use of this website on our behalf. For this purpose, we use, among other things, cookies which are described in detail in the cookie table above. The information collected by Google about your use of this website (e.g. the referring URL, our pages you have visited, your web browser used for the visit, your language setting, your operating system or screen resolution) is sent to a Google server in the USA, stored and analysed there and the result is provided to use in an anonymised form. In the process, your usage data is not associated with your full IP address. We have activated the IP anonymisation function offered by Google on this website, so that the last octet (type IPv4) or the last 80 bits (type IPv6) of your IP address is/are deleted.
Google is certified for EU-US Privacy Shield, so that a reasonable data protection level is established for data at Google in the USA.
The legal basis for the evaluation of your data using Google Analytics is a legitimate interest (i.e. interest in the analysis, optimisation and commercial operation of our apps) within the meaning of Art. 6 (1) (f) of the GDPR.
You can revoke your prior consent to web analysis at any time by downloading and installing the available browser plug-in from Google or revoking your consent as indicated in the table above, wherein an opt-out cookie is placed. Both possibilities prevent web analysis as long as you are using a browser on which you have installed the opt-out cookie and as long as you do not delete the opt-out cookie.
1.5.4. Google reCAPTCHA
On this website, we use reCAPTCHA, a Catcha service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
reCAPTCHA is used to differentiate whether an entry is made by a human or misuse has taken place with automated processing by a machine. The query made in this respect includes transmission of your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and subsequent analysis there.
The legal basis for the evaluation of your data by reCAPTCHA is our legitimate interest in the correctness of data (e.g. for prevention of automatic registrations or orders) (Art. 6, para. 1, lit. f of the GDPR).
The collection of data for preparation of the website and the storage of data in log files are necessary for avoidance of bots and the commercial operation of our online offering. There is no possibility of objection on the part of the user.
1.5.5. Use of contact forms
Personal data in the contact forms is processed exclusively for the purpose of establishing contact.
In this connection, you have the possibility of providing us with the following information, in particular:
- First and last name, title
- Contact details (e.g. email address, telephone number)
We collect, process and use the information disclosed by you via the contact form exclusively for the handling of your concrete matter. There is no transfer of data to third parties in this connection.
The legal basis for the transfer data is the content given on registration in accordance with Art. 6, para. 1, lit. a of the GDPR.
The legal basis for the processing of data transferred by sending an email is Art. 6, para. 1, lit. f of the GDPR.
The intent of the email contact is the conclusion of a contract, so Art. 6, para. 1, lit. b of the GDPR is also a legal basis for the processing.
We use data for this purpose until the respective conversation with you is finished. The conversation is finished when it can be assumed based on the circumstances that the relevant matter has been concluded.
The user has the possibility to revoke their consent to the processing of their personal data at any time. If the user contacts us via email, they can reject the storage of their personal data at any time. In such cases, the conversation cannot continue.
1.5.6. Registration on our website
We offer users the possibility of registration with specification of personal data in order to be able to access certain content and services of our web offering.
In the process, the following data is entered in an input mask and transmitted to us and stored:
- All fields of the forms
- Operating system of the user
- Browser of the user
- IP address
- Date/time of registration
This data is stored in the Typo3 databases and then sent via email. In the further registration process, the user's consent to processing of their data is obtained. The legal basis for the processing of data is the user’s content in accordance with Art. 6, para. 1, lit. a of the GDPR. Transfer of the data to third parties does not take place. The data is deleted as soon as it is no longer need to achieve the purpose of its collection.
1.5.7. Rejection of advertising
If you object to advertising purposes, we will place your personal data (name, address, telephone number, fax number, email address) in a blocked list. In the process, we ensure that no undesired advertisements are sent to you.
The legal basis is a legitimate interest in accordance with Art. 6, para. 1, lit. f of the GDPR, wherein the legitimate interest is that we fulfil our duties from your rejection of advertisements. The data is only stored for this purpose until you have asserted your right to deletion in accordance with Art. 16 of the GDPR.
1.5.8. External services and content on our website
We incorporate external services or content in our website. If you use such services or if third-party content is shown to you, data is exchanged between you and the respective provider for technical reasons.
In addition, the provider of the respective service or content may process your data for other internal purposes. Services or content of providers who process known data for internal purposes have been configured in all conscious so that communication for other purposes than representation of contents or services on our website are omitted and communication only takes place if you actively decide to use said services.
However, since we have no influence on the data collected by third parties and the processing thereof, we cannot provide any binding information about the purpose and scope of the processing of your data.
For further information about the purpose and scope of the collection and processing of your data, therefore, please refer to the data protection information of the respective provider of the services or content integrated by us who is responsible according to data protection law:
- YouTube (videos)
- Google Maps
1.5.9 BootstrapCDN (MaxCDN)
We use Bootstrap technology on our web pages for a modern design and to display the available content on a variety of consumer devices. To increase the loading speed of our web pages, we use BootstrapCDN (Content Delivery Network) from MaxCDN to deliver so-called ‘libraries’ (collections of technical instructions) to your browser. The probability is very high that you have already downloaded one of these libraries after visiting another BootstrapCDN website. In this case, your browser is able to access a saved copy in the cache. If your browser does not have a saved copy in its cache or you need to download the file from BootstrapCDN for some other reason, then your IP address will be transferred to MaxCDN, the provider of the BootstrapCDN server, during the connection.
The provider is NetDNA, LLC. (MaxCDN), 3575 Cahuenga Blvd West suite 330, Los Angeles, Ca 90068, USA.
More information about data protection at NetDNA, LLC. (MaxCDN) is available at: www.maxcdn.com/legal/
1.5.10 Google Web Fonts
Google Web Fonts are implemented on our web pages. These are responsible for displaying typesets. The use of Google Web Fonts accesses a Google server in the USA, provided your browser does not access a local copy in the cache. In this case, you IP address is transferred to Google. If you are simultaneously logged in to Google with your user account while visiting our web pages, Google may possibly also assign your visit to our web pages to your user behaviour. We do not have any influence on this process and do not receive any information from Google about the transferred content.
The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
More information about data protection at Google Inc. is available at: www.google.com/intl/de/policies/privacy/
1.5.11 jQuery / ajax.googleapis.com
The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
More information about data protection at Google Inc. is available at: www.google.de/policies/privacy/
Our website loads a web service from CloudFlare Inc., 101 Townsend St, 94107 San Francisco (hereafter: CloudFlare). We use these data to ensure the functionality of our website. In this context, your browser may transfer personal data to CloudFlare. The legal basis for this data processing is provided by Art. 6 Para.1 lit. f GDPR. The justified interest consists of smooth functionality of the website. CloudFlare has certified itself within the scope of the EU-US Privacy Shield agreement (see www.privacyshield.gov/list ). The data shall be deleted as soon as the purpose for their collection has been fulfilled. More information about how transferred data are handled is provided in the CloudFlare data protection declaration: www.cloudflare.com/security-policy/=https://www.google.de/ . You may prevent data collection and processing by CloudFlare by deactivating execution of script code in your browser or by installing a script blocker in your browser (examples are available from www.noscript.net and www.ghostery.com ).
1.6. Transfer of data for processing on our behalf
We use specialised service providers for some of the processing of your data. Our service provided are selected carefully and reviewed regularly.
They only process personal data on our behalf and strictly according to our instructions on the basis of corresponding contracts for order processing.
The legal basis for the use of these order processors is a legitimate interest as per Art. 6, para. 1, lit. f of the GDPR in pursuit of our commercial purposes, particularly also performance of the services described in this data privacy statement. There does not appear to be any conflicting interest, because we have concluded a contract with the respective contractors in accordance with Art. 28 of the GDPR.
1.6.1. Inclusion of order processors for hosting
For the purposes of hosting our platform and back-up services, we use order processors and, therefore, personal data that is stored on our platforms is transferred to these order processors.
These order processors are digital art media nova gmbh new media & print, an der Eickesmühle 8, 41238 Mönchengladbach.
These order processors will store personal data for as long as the data is stored on our platforms on the basis of the purposes defined in this data privacy statement.
1.6.2. Inclusion of order processors for administrative, troubleshooting and support services
For administrative, troubleshooting and support services, we use digital art media nova gmbh new media & print, an der Eickesmühle 8, 41238 Mönchengladbach, which may also have access to your personal data.
Basically, digital art media nova gmbh new media & print, an der Eickesmühle 8, 41238 Mönchengladbach does not store your personal data. This only takes place in cases of exception, i.e. if it should be necessary in connection with the elimination of technical problems.
In these cases, storage only takes place in the scope and for the period that is necessary.
1.7. Processing of data outside of the EU / the EEA
Your data is also processed, in part, in countries outside of the European Union ("EU") of the European Economic Area ("EEA"), where the data protection level could be lower than in Europe. In these cases, we also ensure that an adequate data protection level for your data is guaranteed with, for example, contractual agreements with our contractual partners (copy available on request), or we request your express consent.
1.8. Information about your rights
You may have further rights based on applicable data protection law.
1.8.1. Right to information
You can demand that the responsible party confirms whether personal data related to you is processed by us.
If such processing takes place, you can demand the following information from the responsible party:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipients and/or categories of recipients to whom the personal data related to you was disclosed or is still disclosed;
(4) the planned period of storage of the personal data related to you or, if concrete information is not possible, criteria for definition of the storage period;
(5) the existence of a right to reporting or deletion of the personal data related to you, a right to limitation of the processing by the responsible party or a right of objection to this processing;
(6) the existence of a right of appeal with a supervisory authority;
(7) all available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of an automated decision-making process, including profiling in accordance with Art. 22, para. 1 and 4 of the GDPR and – at least in these cases – meaningful information about the involved logic and the scope and desired effects of such processing for the data subject.
You are entitled to demand information about whether the personal data relating to you will be transmitted to a third country or to an international organisation. In this connection, you can demand to be informed about the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.
1.8.2. Right to reporting
You have a right to reporting and/or completion from the responsible party insofar as the processed personal data relating to you is incorrect or incomplete. The responsible party must carry out the reporting immediately.
1.8.3. Right to limitation of the processing
Under the following conditions, you can demand limitation of the processing of the personal data related to you:
(1) if you dispute the correctness of the personal data related to you for a period which makes it possible for the responsible to check the correctness of the personal data;
(2) the processing is incorrect and the you reject the deletion of personal data and, instead, demand limitation of the use of the personal data;
(3) the responsible party no longer requires the personal data for the purposes of processing, but they require it to assert, exercise or defend legal claims, or
(4) if you have submitted an objection to the processing in accordance with Art. 21, para. 1 of the GDPR and have not specified whether the legitimate reasons of the responsible party override your reasons. If the processing of the personal data related to you was limited, said data – apart from its storage – must only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of other natural or legal persons or for reasons of an important public interest of the Union or a Member State. If the limitation of the processing according to the aforementioned requirements was limited, you will be notified by the responsible party before the limitation is lifted.
1.8.4. Right to deletion
a) Deletion obligation You can demand that the responsible party deletes the personal data related to you immediately and the responsible party is obligated to delete this data immediately, insofar as one of the following reasons apply:
(1) The personal data relating to you is no longer necessary for the purposes for which it was collected or processed in another manner.
(2) You rescind your consent which supported the processing according to Art. 6, para. 1, lit. a or Art. 9, para. 2, lit. a of the GDPR, and there is no other legal basis for the processing.
(3) In accordance with Art. 21, para. 1 of the GDPR, you submit an objection to the processing and there are no prioritised legitimate reasons for the processing, or you submit an objection to the processing in accordance with Art. 21, para. 2 of the GDPR.
(4) The personal data related to you was processed wrongfully.
(5) The deletion of the personal data related to you is necessary for fulfilment of a legal obligation according to Union law or the law of the Member States to which the responsible party is subject.
(6) The personal data related to you was collected in relation to services offered by the information company in accordance with Art. 8, para. 1 of the GDPR.
b) Information to third parties If the responsible party has published the personal data related to you and is obligated to delete said data in accordance with Art. 17, para. 1 of the GDPR, they shall take reasonable measures, including of a technical manner, in consideration of the available technology and implementation costs in order to inform the party responsible for the data processing who processes the personal data that you as the data subject have demanded the deletion of all links to this personal data or copies or replications of said personal data.
c) Exceptions The right to deletion does not exist insofar as the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for fulfilment of a legal obligation which necessitates the processing of data according to the law of the Union or the Member States to which the responsible party is subject or for administration of a task which takes place in the public interest or when exercising official authority, which was transferred to the responsible party;
(3) for reasons of public interests in the area of public health in accordance with Art. 9, para. 2, lit. h and i, as well as Art. 9, para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89, para. 1 of the GDPR, insofar as the right mention under section a) foreseeably impedes the achievement of goals of this processing or makes it impossible altogether, or
(5) to assert, exercise or defend legal claims.
1.8.5. Right to notification
If you have asserted the right to notification, deletion or limitation of the processing against the responsible party, they are obligated to notify all recipients to whom the personal data related to you was disclosed about this reporting or deletion of data or limitation of processing, unless this proves to be impossible or is associated with a disproportionately high expense.
You are entitled to be informed by the responsible party about these recipients.
1.8.6. Right to data portability
You have the right to receive the personal data related to you which you have provided to the responsible party in a structured and common format which can be read by machine. Furthermore, you have the right transfer this data to a different responsible party without obstruction by the responsible party to whom the personal data was provided, insofar as
1) the processing is based on consent in accordance with Art. 6, para. 1, lit. a of the GDPR or Art. 9, para. 2, lit. a of the GDPR or is based on a contract according to Art. 6, para. 1, lit. b of the GDPR and
(2) the processing takes place with the aid of automated processes. When exercising this right, you also have the right to demand that the personal data related to you is transferred from one responsible party directly to another responsible party, insofar as this is technically feasible. Freedoms and rights of other persons must not be interfered with in this connection.
The right to data portability does not apply to processing of personal data which is necessary to administer a task which is in the public interest or when exercising official authority, which was transferred to the responsible party.
1.8.7. Right to objection
You have the right to submit an objection to the processing of the personal data related to you, which takes place on the basis of Art. 6, para. 1, lit. e or f of the GDPR, for reasons arising from your specific situation at any time; this also applies for profiling based on these provisions.
The responsible party no longer processes the personal data related to you unless they can prove compelling reasons for the processing, which override your interests, rights and liberties or the processing is necessary to assert, exercise or defend legal claims. If the personal data related to you is processed for the purpose of direct advertising, you have the right to submit an objection to the processing of the personal data related to you for the purposes of said advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to the processing for purposes of direct advertising, the personal data related to you will no longer be processed for these purposes.
You have the possibility, in connection with use of the services of the information company – irrespective of Directive 2002/58/EC (Data protection directive for electronic communication, the so-called "ePrivacy Directive") – of exercising your right to objection by means of an automated process in which technical specifications are used.
1.8.8. Right to revocation of the issued data privacy consent
You have the right to revoke your issued data privacy consent at any time. By revoking consent, the legality of the processing which has taken place on the basis of the consent until the revocation remains unaffected.
1.8.9. Automated decision in the individual case, including profiling
You have the right to a be subject to a decision which is not exclusively based on automated processing – including profiling – which produces legal effects for you or significantly affects you negatively in another manner. This does not apply if the decision
(1) is necessary for conclusion or fulfilment of a contract between you and the responsible party,
(2) is permissible on the basis of legal regulations of the Union or the Member States to which the responsible party is subject and said legal regulations include reasonable measures for protection of your rights and liberties as well as your legitimated interests or
(3) takes place with your express consent. However, these decisions must not apply to certain categories of personal data according to Art. 9, para. 1, GDPR, insofar as Art. 9, para. 2, lit. a ("express consent" or g of the GDPR ("public interest) does not apply and reasonable measures for protection of the rights and liberties and your legitimate interests were taken.
With respect to the cases mentioned in (1) and (3), the responsible party takes reasonable measures to protect the rights and liberties as well as your legitimate interests, which includes at least the right to intervene with a person on the part of the responsible party on the presentation of their case and to contest the decision.
1.8.10. Right to objection with a supervisory authority
Without prejudice to other remedies under administrative law or judicial remedies, you have the right to file an objection with a supervisory authority, particularly in the Member State of your place of residence, your place of work or the location of the suspected violation if it is your view that the processing of the personal data related to you violates the GDPR. The supervisory authority with which the objection was submitted shall notify the complainant about the status and the results of the objection, including the possibility of a judicial remedy in accordance with Art. 78 of the GDPR.
1.9. Amendment of the data privacy statement
We reserve the right to update this data privacy statement from time to time. Updates of this data privacy statement are published on our website. Amendments apply from the time of their publication on our website. Therefore, we recommend visiting this page regularly in order to remain informed about any updates which may have taken place.
Date: 24 May 2018