Privacy
Policy

Controller

The controller per the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

Premium Stephan GmbH
Freibusch 2-4
31789 Hameln
Germany

Data Protection Officer

The controller’s data protection officer:

Triades Managementberatung
Proprietor: Martin Lorenz
Am Hang 8
31655 Stadthagen, Germany

Data Protection on Our Website

In the following we inform you about the nature, scope and purpose of the collection and use of personal data on our website. In terms of content, we are guided by the EU General Data Protection Regulation because the data protection provisions of the German Telemedia Act no longer apply as of 25/05/2018.

How can you contact us on privacy issues? How can you contact our data protection officer? All this is explained here.

Of course, you have numerous personal rights which we would like to fulfil:

• Right to information
  The obligation to provide information can be found in this privacy statement.
• Right to correction
  You can request correction of incorrect data.
• Right to deletion
  You may request the deletion of your data, as long as the numerous exceptions of the GDPR do not apply.
• Restriction of processing
  You can request that your data is no longer actively used (for example, if you doubt the accuracy of the data).
• Right to object to our “legitimate interests”
  If your individual case involves significant personal interests that outweigh our business interests, you may object to the data processing. An opt-out is possible in these cases.
• Data portability
  If you actively provide data and the legal basis of the processing constitutes (a) your consent or (b) our contractual relationship, you may request that we hand over this data to you in electronic form.

Contacting Us About Data Protection

You are also welcome to contact us about data protection issues. Two possible options for this are:

1. Do you have general questions or concerns about privacy? Then email us on privacy[at]premium-stephan.com. Your email will be forwarded to specially assigned employees in our company. (Please replace the [at] with @.) We will be able to support you quickly and simply. Alternatively, you can of course also contact us via the contact details which are shown above in the About Us section (German: Impressum). This is the right address for all specific questions and concerns about your data.
2. Would you like to contact our data protection officer in particular? Then email him at datenschutzbeauftragter.premium-stephan[at]triades-datenschutz.de. (Please replace the [at] with @.) You can also contact Mr. Martin Lorenz by phone (49 (5721) 898 4114) or by post (Am Hang 8, 31655 Stadthagen, Germany). Your request will be treated confidentially. Our data protection officer is not responsible for ensuring that your specific concerns are met (information, etc.); rather, the officer is available to you for confidential questions and general legal matters.

Data Protection and Your Right to Appeal

Per article 77 of GDPR, you have the right to complain to the data protection regulators. The contact details are as follows:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Barbara Thiel
Prinzenstraße 5
30159 Hannover
www.lfd.niedersachsen.de

You are welcome to contact us before you contact the authorities; our knowledgeable internal data protection officer will respond much faster and just as thoroughly. If we cannot help you, you can still contact the regulator.

Retrieval of Information from the Website

The following data are collected and used to deliver the website to you:

• Date and time (With this, we can identify the time of your visit and use this in various ways, such as to localise technical problems.)
• IP address (The collection of the IP address is necessary so that the web server can send you the requested data.)
• The requested data (What data do you request? In which sub-directory is it located?)
• The port through which you request the data (This information is automatically sent by your browser. This port will give you the requested page.)
• The referring web page (Some browsers also send the URL of the previously used web page when a new page is loaded)
• Name of the browser through which you request the data (this information is automatically sent by your browser. We may use this data so that everything looks as good as possible. Your browser may also send other information, e.g. about installed programmes)
• The access status (Here we can see if the desired website exists and could be successfully delivered to you.)
• Other: For the sake of completeness, it should be mentioned that your browser may send additional data to our web server (name of the browser, screen resolution, etc.). Naturally, we have no influence on this.

The data described above is stored in the web server’s memory only for fractions of a second.

When you access our website, some data is automatically collected and used. Due to the nature of the internet, this data is inevitably processed on a variety of servers until your request arrives on our web server; therefore, collection and use is also possible in “third countries” (such as the USA). Our company has no influence whatsoever on this process.

Contact Form

Using the contact form, you can send us a message quickly and simply. The data entered into the contact form will be forwarded confidentially to the email server. In this respect, confidentiality is guaranteed.

After the email containing the contact form data has been sent, no data remains on the web server.

Statistical Evaluation, Cookies

No direct personal evaluation takes place with your data. We reserve the right to evaluate pseudonymised or anonymised data records to improve the website and for statistical purposes. General information is logged, for example about which of our pages was visited and when, or which page was most frequently accessed.

On our website we use cookies to make your visit to our website more attractive and to enable the use of certain features. Cookies are small text files that are generated by a web server and stored on your computer while you visit a website. This is done via your web browser. Most of the cookies we use are session cookies. These will be deleted automatically after the end of your browser session. Cookies are unable to download data from your hard drive and cannot send us your email address or other personal information.

Social Media Plugins

We have no active plugins installed. Instead, we provide you with normal hyperlinks, which redirect you to the respective social network. This is data protection friendly, because this way we do not forward data to the providers. You decide whether you want to click on the hyperlink.

Data Subjects’ Rights

If your personal data is processed, you are per GDPR a data subject and you are entitled to the following rights with respect to the controller:

1. Right to Receive Information

You can require the controller to confirm whether personal data pertaining to you is processed by us.

If such data is being processed, you can request information from the controller regarding the following:

(1) The purposes for which the personal data is processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
(4) The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) The existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) The existence of a right of appeal to a supervisory authority;
(7) Any information available on the origin of the data where the personal data is not sent by the data subject;
(8) The existence of automated decision making, including profiling, referred to in article 22 subparagraphs 1 and 4 of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is sent to a third country or an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to article 46 of GDPR in connection with the sending of this data.

2. Right of Correction

You have a right with respect to the controller to rectification and/or completion, if the personal data you process is incorrect or incomplete. The controller must make the correction without delay.

3. Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1) If you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) The controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) If you have appealed against the processing in accordance with article 21 subparagraph 1 of GDPR and have not yet established whether the legitimate reasons of the controller outweigh your reasons.

Where processing of your personal data has been restricted, such data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted according to the above conditions, the controller will inform you before the restriction is lifted.

4. Right to Deletion

a. Obligation to Delete

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to article 6 subparagraph 1 letter a or article 9 subparagraph 2 of GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to article 21 subparagraph 1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21 subparagraph 2 of GDPR.
(4) Your personal data has been unlawfully processed.
(5) The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) Your personal data has been collected in relation to the offer of information society services referred to in article 8 subparagraph 1 of GDPR.

a. Information Provided to Third Parties

Where the controller has made the personal data public and is obliged pursuant to article 17 subparagraph 1 of GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c. Exceptions

There is no right to deletion in cases where processing is required:

(1) For exercising the right of freedom of expression and information;
(2) For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) For reasons of public interest in the area of public health in accordance with article 9 subparagraph 2 letters h and i and article 9 subparagraph 3 of GDPR);
(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 subparagraph 1 of GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) For the establishment, exercise or defence of legal claims.

5. Right to Be Informed

If you have, with respect to the controller exercised the right to rectification, deletion or restriction of the processing, the latter is obligated to inform all parties to whom your personal data has been revealed of the rectification, deletion or restriction, unless this proves to be impossible or involves a disproportionate effort.

You have the right with respect to the controller to be informed about these recipients.

6. Right to Data Portability

You have the right to receive personal data you provide to the controller in a structured, common and machine legible format. You also have the right to have the controller forward this personal data to another controller without hindrance, provided that:

(1) The processing is based on consent pursuant to article 6 subparagraph 1 letter a of GDPR or on article 9 subparagraph 2 letter a of GDPR or on a contract pursuant to article 6 subparagraph 1 letter of GDPR and
(2) The processing is carried out by automated means.

In exercising your right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you and which is based on article 6 subparagraph 1 letter e or f of GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

In the case of data processing for scientific, historical or statistical research purposes:

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to article 89 subparagraph 1 of GDPR, you have, on grounds relating to your particular situation, the right to object to processing of your personal data.

Your right of objection may be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impaired and that the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to Revoke Declarations of Consent to Data Processing

You have the right to revoke your declaration of consent to data processing at any time. The revocation of consent does not affect the legality of the processing that took place prior to the revocation of consent.

9. Automated Decision Making in Individual Cases, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) Is necessary for entering into, or performance of, a contract between you and a data controller;
(2) Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) Is based on your express consent.

These decisions shall not be based on special categories of personal data referred to in article 9 subparagraph 1 of GDPR, unless article 9 subparagraph 2 letters a or g applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to Complain to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to article 78 of GDPR.