Privacy policy

In accordance with the legal requirements of data protection law (in particular the German Federal Data Protection Act (BDSG) as amended and the European General Data Protection Regulation (GDPR)), we hereby inform you about the nature, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as ‘personal data’ or ‘processing’, we refer to Art. 4 GDPR.

Our controller (hereinafter referred to as “Controller”) within the meaning of Art. 4 (7) GDPR is:

Posthalterei Betreiber GmbH & Co. KG
Augsburger Str. 2, 86441 Zusmarshausen

Managing director: Ilir Seferi

eMail:
Phone: +49 (0) 8291 85 82 20‬

TYPES OF DATA, PURPOSES OF PROCESSING, AND CATEGORIES OF DATA SUBJECTS

Below, we provide information about the nature, scope, and purpose of the collection, processing, and use of personal data.

1. TYPES OF DATA WE PROCESS

Inventory data (name, address, etc.), contact details (phone number, email, fax, etc.), payment details (bank details, account details, payment history, etc.),

2. PURPOSES OF PROCESSING PURSUANT TO ART. 13(1)(c) OF THE GDPR

Processing contracts, fulfilling statutory retention obligations, marketing/sales/advertising, customer service and customer care, handling contact requests,

3. CATEGORIES OF DATA SUBJECTS PURSUANT TO ART. 13(1)(e) GDPR

Customers and affected persons are collectively referred to as “users.”

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Below, we provide information about the legal basis for the processing of personal data:

1. If we have obtained your consent for the processing of personal data, Art. 6 (1) (a) GDPR is the legal basis.
2. If processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract at your request, the legal basis is Article 6(1)(b) GDPR.
3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g., statutory retention obligations), the legal basis is Art. 6 para. 1 sentence 1 lit. c) GDPR.
4. If processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) GDPR.
5. If processing is necessary to safeguard our legitimate interests or those of a third party and your interests or fundamental rights and freedoms do not override these interests, the legal basis is Art. 6 (1) (f) GDPR.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES AND PROCESSORS

We do not disclose any data to third parties without your consent. Should this be the case, however, the disclosure will be made on the basis of the aforementioned legal grounds, e.g., when disclosing data to online payment providers for the purpose of fulfilling a contract, or due to a court order or a legal obligation to disclose the data for the purposes of criminal prosecution, averting danger, or enforcing intellectual property rights.

We also use processors (external service providers, e.g., for web hosting our websites and databases) to process your data. If data is passed on to processors within the framework of a data processing agreement, this is always done in accordance with Art. 28 GDPR. We select our processors carefully, monitor them regularly, and have been granted the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations in accordance with the BDSG (German Federal Data Protection Act) as amended and the GDPR.

DATA TRANSFER TO THIRD COUNTRIES

The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore be processed primarily by companies to which the GDPR applies. If processing is carried out by third-party services outside the European Union or the European Economic Area, these must meet the special requirements of Art. 44 ff. GDPR. This means that processing is carried out on the basis of special guarantees, such as the EU Commission’s official recognition of a level of data protection equivalent to that of the EU or compliance with officially recognized special contractual obligations, known as “standard contractual clauses.” For US companies, compliance with the so-called “Privacy Shield,” the data protection agreement between the EU and the US, fulfills these requirements.

DELETION OF DATA AND STORAGE PERIOD

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for storage no longer applies, unless further storage is necessary for evidentiary purposes or is required by statutory retention obligations. This includes, for example, commercial law retention obligations for business letters in accordance with Section 257 (1) of the German Commercial Code (HGB) (6 years) and tax law retention obligations for receipts in accordance with Section 147 (1) of the German Fiscal Code (AO) (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary for the conclusion or fulfillment of a contract.

EXISTENCE OF AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling.

PROVISION OF OUR WEBSITE AND CREATION OF LOG FILES

1. If you use our website for informational purposes only (i.e., without registering or otherwise transmitting information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:

• IP address;
• User’s Internet service provider;
• Date and time of access;
• Browser type;
• Language and browser version;
• Content accessed;
• Time zone;
• Access status/HTTP status code;
• Amount of data;
• Websites from which the request originates;
• Operating system.

This data is not stored together with other personal data relating to you.

2. This data is used for the purpose of providing you with a user-friendly, functional, and secure website with features and content, as well as for optimization and statistical analysis.

3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR, which is also reflected in the above purposes.

4. For security reasons, we store this data in server log files for a period of several days. After this period has expired, it is automatically deleted unless we need to retain it for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

COOKIES

1. We use cookies when you visit our website. Cookies are small text files that your internet browser stores on your computer. When you visit our website again, these cookies provide information that allows us to recognize you automatically. The information obtained in this way is used to optimize our website technically and economically and to provide you with easier and more secure access to our website. When you visit our website, we inform you about the use of cookies for the aforementioned purposes and how you can object to this or prevent their storage (“opt-out”) by referring you to our privacy policy. Our website uses session cookies, persistent cookies, and third-party cookies:

• Session cookies: We use cookies to recognize multiple uses of an offer by the same user (e.g., when you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and to make it easier for you to access our site. When you close your browser or log out, the session cookies are deleted.
• Persistent cookies: These are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
• Third-party cookies: You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all the functions of this website. For more information about these cookies, please refer to the respective privacy policies of the third-party providers.

2. The legal basis for this processing is Art. 6 (1) (b) GDPR if the cookies are set for the purpose of initiating a contract, e.g. for orders, and otherwise we have a legitimate interest in the effective functionality of the website, in which case Art. 6 (1) (f) GDPR is the legal basis.

3. Objection and opt-out: You can generally prevent cookies from being stored on your hard drive by selecting “do not accept cookies” in your browser settings. However, this may result in functional restrictions to our offers. You can opt out of the use of third-party cookies for advertising purposes via a so-called “opt-out” on this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

CONTRACT SETTLEMENT

1. We process inventory data (e.g., company, title/academic degree, names and addresses, and contact details of users, email), contract data (e.g., services used, names of contact persons), and payment data (e.g., bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of who the contractual partner is; establishment, content and execution of the contract; verification of the plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 6 (1) (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

2. This data will not be passed on to third parties unless it is necessary to pursue our claims (e.g., transfer to a lawyer for debt collection) or to fulfill the contract (e.g., transfer of data to payment providers) or if there is a legal obligation to do so in accordance with Art. 6 (1) (c) GDPR.

3. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails containing technical information.

4. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for inventory and contract data when the data is no longer required for the execution of the contract and no further claims can be asserted under the contract because they have become time-barred (warranty: two years / standard limitation period: three years). We are obliged under commercial and tax law to store your address, payment, and order data for a period of ten years. However, upon termination of the contract after three years, we restrict processing, i.e., your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

CONTACT US VIA CONTACT FORM / E-MAIL / FAX / POST

1. When you contact us via the contact form, fax, mail, or email, your details will be processed for the purpose of handling your contact request.

2. The legal basis for processing the data is Art. 6 (1) (a) GDPR if you have given your consent. The legal basis for processing the data transmitted in the course of a contact request or email, letter, or fax is Art. 6 (1) (f) GDPR. The controller has a legitimate interest in processing and storing the data in order to be able to respond to user inquiries, to preserve evidence for liability reasons, and to be able to comply with its legal retention obligations for business letters, if applicable. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. We may store your details and contact request in our customer relationship management system (“CRM system”) or a comparable system.

4. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. We store inquiries from users who have an account or contract with us for up to two years after the end of the contract. In the case of legal archiving obligations, deletion takes place after their expiry: end of commercial law (6 years) and tax law (10 years) retention obligations.

5. You have the right to withdraw your consent to the processing of your personal data at any time in accordance with Art. 6 (1) (a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.

CONTACT BY PHONE

1. When you contact us by telephone, your telephone number will be processed for the purpose of handling the contact request and will be temporarily stored or displayed in the RAM/cache of the telephone device/display. This storage is carried out for liability and security reasons, in order to be able to provide proof of the call, and for economic reasons, to enable a callback. In the case of unauthorized advertising calls, we block the phone numbers.

2. The legal basis for processing the telephone number is Art. 6 (1) (f) GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. The device cache stores calls for days and gradually overwrites or deletes old data. When the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked telephone numbers are checked annually to determine whether they still need to be blocked.

4. You can prevent your phone number from being displayed by calling with a suppressed phone number.

GOOGLE MAPS

1. We have integrated maps from “Google Maps” (Google Ireland Limited, registration no.: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) into our website. This allows us to display the location of addresses and directions directly on our website in interactive maps and enable you to use this tool.

2. When you visit our website, which has Google Maps integrated, a connection to Google’s servers in the US is established. Your IP address and location may be transmitted to Google. Google also receives information that you have accessed the corresponding page. This also occurs without a user account with Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this to happen, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purposes of advertising, market research, or optimizing its websites.

3. The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR, which is also reflected in the above purposes.

4. You have the right to object to Google creating user profiles. Please contact Google directly via the privacy policy below. You can opt out of advertising cookies in your Google account here: https://adssettings.google.com/authenticated.

5. In the Google Maps Terms of Service at https://www.google.com/intl/de_de/ help/terms_maps.html and in Google’s Advertising Privacy Policy at https://policies.google.com/technologies/ads, you will find further information on the use of Google cookies and their advertising technologies, storage duration, anonymization, location data, functionality, and your rights. Google’s general privacy policy: https://policies.google.com/privacy.

6. Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and is therefore obliged to comply with European data protection law.

SOCIAL MEDIA PRESENCE

1. We maintain profiles and fan pages on social media in order to communicate with users who are connected and registered there and to provide information about our products, offers, and services. The US providers are certified under the Privacy Shield and are therefore obliged to comply with European data protection regulations. When you use and access our profile on the respective network, the respective data protection information and terms of use of the respective network apply.

2. We process the data you send us via these networks in order to communicate with you and respond to your messages there.

3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for advertising purposes in accordance with Art. 6 (1) (f) GDPR. If you have given the social network operator your consent to process your personal data, the legal basis is Art. 6 (1) (a) and Art. 7 GDPR.

4. The privacy policies, information options, and opt-out options for the respective networks can be found here:

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) Datenschutzerklärung: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Datenschutzerklärung/ Opt-Out: http://instagram.com/about/legal/privacy/.

DATA PROTECTION IN APPLICATIONS AND THE APPLICATION PROCESS

1. Applications sent electronically or by post to the controller will be processed electronically or manually for the purpose of handling the application process.

2. We expressly point out that application documents containing ‘special categories of personal data’ pursuant to Art. 9 GDPR (e.g. a photo that provides information about your ethnic origin, religion or marital status) are undesirable, with the exception of any severe disability that you wish to disclose of your own free will. You should submit your application without this data. This will not affect your chances of being selected.

3. The legal basis for processing is Article 6(1)(b) GDPR and Section 26 BDSG, as amended.

4. If, after completion of the application process, an employment relationship is entered into with the applicant, the applicant’s data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completion of the application process, your application letter and documents will be deleted 6 months after the rejection letter has been sent in order to comply with any claims and obligations to provide evidence under the AGG (German General Equal Treatment Act).

RIGHTS OF THE DATA SUBJECT

1. Objection or revocation of the processing of your data

Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 (1) (f) GDPR, you may object to the processing. This is the case if the processing is not necessary for the performance of a contract with you, which is explained in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.

You may object to the processing of your personal data for advertising and data analysis purposes at any time. You may exercise your right to object free of charge. You can inform us of your objection to advertising using the following contact details:

Posthalterei Betreiber GmbH & Co. KG
Augsbrugerstraße 2, 86441 Zusmarshausen , Bayern

Managing director Ilir Seferi

eMail:

2. Right to information

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data if it was not collected directly from you.

3. Right to rectification

You have the right to have inaccurate data corrected or complete data supplemented in accordance with Article 16 of the GDPR.

4. Right to erasure

You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless this conflicts with statutory or contractual retention periods or other legal obligations or rights to further storage.

5. Right to restriction

You have the right to request a restriction on the processing of your personal data if one of the conditions in Article 18(1)(a) to (d) of the GDPR is met:

• If you dispute the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
• you have objected to processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

6. Right to data portability

You have the right to data portability under Article 20 of the GDPR, which means that you can obtain the personal data we hold about you in a structured, commonly used and machine-readable format or request that it be transferred to another controller.

7. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority in the Member State of your residence, place of work or place of the alleged infringement.

DATA SECURITY

We have implemented appropriate technical and organisational security measures to protect all personal data transmitted to us and to ensure that data protection regulations are complied with by us and our external service providers. Among other things, all data between your browser and our server is encrypted and transmitted via a secure SSL connection.

status: 10.05.2019
Source: Sample privacy policy from JuraForum.de