Privacy policy

Controller

daniels + erdwiens industrial design GbR
Merckstr. 1
64283 Darmstadt, Germany

Managing Directors: Micha Daniels and Alexander Erdwiens

Phone: +49 69 15046992
Email: hello@daniels-erdwiens.de

1. General Information on Data Processing and Legal Basis

1.1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offer and the associated websites, functions, and content (hereinafter collectively referred to as “online offer” or “website”). This privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used to execute the online offer.

1.2. For the terms used, such as “personal data” or “processing,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

2. Data and Data Categories

2.1. The personal data of users processed within the scope of this online offer includes usage data (e.g., the websites visited within our online offer, interest in our projects) and content data (e.g., entries in the contact form).

2.2. The term “user” encompasses all categories of data subjects. These include our business partners, customers, interested parties, and other visitors to our online offer. The terms used, such as “users,” are to be understood as gender-neutral.

2.3. We process personal data of users only in compliance with the relevant data protection regulations. This means that the data of users is processed only if a legal permission exists. This means, in particular, if the data processing is necessary for the performance of our contractual services (e.g., processing of orders) and online services, or is legally required, the user’s consent is given, as well as based on our legitimate interests (i.e., interest in the analysis, optimization, economic operation, and security of our online offer within the meaning of Article 6(1)(f) GDPR, especially in measuring reach), creating profiles for advertising and marketing purposes as well as collecting access data and using the services of third-party providers.

2.4. We point out that the legal basis for consents is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.

3. Security Measures

We take organizational, contractual, and technical security measures according to the state of the art to ensure compliance with the provisions of data protection laws and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or against access by unauthorized persons.

4. Encrypted Transmission

Among the security measures, in particular, is the encrypted transmission of data between your browser and our server.

5. Disclosure of Data to Third Parties and Third-Party Providers

5.1. Data is disclosed to third parties only within the scope of legal requirements. We disclose user data to third parties only if, for example, this is necessary for contractual purposes based on Article 6(1)(b) GDPR or based on legitimate interests according to Article 6(1)(f) GDPR in the economic and effective operation of our business operations.

5.2. If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data according to the relevant legal regulations.

5.3. If content, tools, or other means from other providers (hereinafter collectively referred to as “third-party providers”) are used within the scope of this privacy policy and their named seat is in a third country, it is to be assumed that a data transfer to the seat states of the third-party providers takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e., in principle, countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if an adequate level of data protection, user consent, or other legal permission is present.

6. Performance of Contractual Services

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services according to Article 6(1)(b) GDPR.

7. User Accounts

For users (employees), an optional user account can be created, where they can, in particular, view and edit their stored data. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data regarding the user account will be deleted, subject to retention is necessary for commercial or tax law reasons according to Article 6(1)(c) GDPR. It is the user’s responsibility to back up their data before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period, subject to retention for commercial or tax law reasons according to Article 6(1)(c) GDPR.

8. Data Storage

In the context of registration and repeated logins as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s interest in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation according to Article 6(1)(c) GDPR.

9. Processing of Usage Data

We process usage data (e.g., the websites visited within our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to display, for example, product references based on the services previously used by them.

10. Contact

10.1. When contacting us (via contact form or email), the user’s information is processed for handling the contact request and its processing according to Article 6(1)(b) GDPR.

10.2. User information can be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.

11. Collection of Access Data and Log Files

11.1. Based on our legitimate interests within the meaning of Article 6(1)(f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date, and time of access, transferred data volume, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

11.2. Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum duration of seven days and then deleted. Data, whose further retention is required for evidence purposes, is exempt from deletion until the respective incident is finally clarified.

12. Cookies and Reach Measurement

12.1. Cookies are information transmitted from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

12.2. We use “session cookies,” which are only stored for the duration of the current visit to our online presence (e.g., to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). A session cookie stores a randomly generated unique identification number, a so-called session ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser.

12.3. Users are informed about the use of cookies in the context of pseudonymous reach measurement within this privacy policy.

12.4. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

12.5. Users can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org) and additionally the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices). The settings are platform-independent, i.e., they are adopted for all devices, such as desktop computers or mobile devices.

13. User Rights

13.1. Users have the right to request and receive free information about the personal data we have stored about them.

13.2. Additionally, users have the right to correct incorrect data, restrict processing, and delete their personal data, if applicable, to assert their rights to data portability, and to lodge a complaint with the appropriate supervisory authority in the event of unlawful data processing.

13.3. Users can also revoke consents, generally with effect for the future.

14 Data Deletion

14.1. The data stored by us will be deleted as soon as it is no longer required for its intended purpose, and the deletion does not conflict with any statutory retention requirements. If the data of users is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

14.2. According to legal requirements, the retention is for 6 years in accordance with § 257(1) HGB (commercial books, inventories, opening balances, annual accounts, commercial letters, booking receipts, etc.) and for 10 years in accordance with § 147(1) AO (books, records, management reports, booking receipts, commercial and business letters, documents relevant to taxation, etc.).

15 Right to Object

Users can object to the future processing of their personal data at any time in accordance with the legal requirements. The objection can be made, in particular, against processing for direct marketing purposes.

16 Changes to the Privacy Policy

16.1. We reserve the right to change the privacy policy to adapt it to changed legal situations, or in case of changes to the service or data processing. This applies only to declarations regarding data processing. If user consents are required or parts of the privacy policy contain provisions of the contractual relationship with users, the changes will be made only with the consent of the users.

16.2. Users are requested to inform themselves regularly about the content of the privacy policy.