Data Privacy Statement of Deutsche Saatgutgesellschaft mbH Berlin
General notices on processing your data
This data privacy statement informs you about the nature, scope and purpose of the processing of personal data on our website, www.dsg-berlin.de.
1. Controller, contact
The Controller within the meaning of Article 4 (7) EU General Data Protection Regulation (GDPR) is:
Deutsche Saatgutgesellschaft mbH Berlin
Grünauer Str. 5
Telephone: +49 30 657 23 43
Fax: +49 30 657 23 46
Contacts: Martin Röhrig, Stefanie Brabandt
- If you have questions about data protection, wish to exercise rights or claims to your personal data, you can contact us at the contact details above (in paragraph 1)
- When you contact us (for example by telephone or e-mail) your data are stored pursuant to Article 6 (1) point (b) GDPR for the purpose of processing the enquiry and in case follow-up questions arise. Once storage is no longer necessary we erase the data generated in this regard, or we restrict the processing, if a legal duty to preserve the records exists (see paragraph 13).
2. Data processed by us
2.1 Legal principles
- Every time you visit our website personal data may be processed. Your personal data are processed only if this is permitted by law (legal base). This is the case pursuant to Article 6 (1) GDPR, if
- you have granted us your consent, or
- the processing is necessary for the fulfilment of our contract with you, or
- provisions precedent to the contract are necessary in the event that you make an enquiry, or
- the processing is necessary to protect your vital interests, or those of another natural person, or
- the processing is necessary to safeguard our legitimate interests or those of a third party, provided that this is not overridden by your interests or fundamental rights and freedoms, which require the protection of personal data (balancing of interests)
- Personal data collected from you are erased as soon as the purpose of collection has ceased to apply (see paragraph 14).
2.2. What are personal data?
- The definition of "personal data" is contained in Article 4 of the General Data Protection Regulation GDPR). In accordance with this personal data are those data, which with the use of suitable methods can identify your personal identity. Personal data are divided into four groups. These include user data (e.g. name and address of the customer), contract data (e.g. services utilised, names of specialists, payment information), usage data (e.g. the websites of our online presence visited, interest in our products) and content data (e.g. entries in the contact form). Information, which it is impossible or which it would be possible only with a disproportionately great expenditure in time, costs and workforce to associate with an identified or identifiable person are not treated as anonymous data and are not attributed to a person.
- In addition, when you visit our website other data are processed for technical reasons. These concern in particular technical information such as the IP address, which your Internet access provider assigns to your computer, when you access the Internet, or information about the Internet site, from which you accessed this offer, or about the type and version of the Internet browser used by you. This also includes log-in data, your operating system, download errors, the length of your visit to identified sites and all the telephone numbers from which you call our customer service number. In individual cases this technical information can also be personal data. As a rule, however, we use technical information only if it is necessary for technical reasons for the operation of our site and to protect it from attacks and abuse in accordance with Article 6 (1) point (f) GDPR.
2.3. What is meant by "processing"?
The definition of "processing" similarly is contained in Article 4 of the General Data Protection Regulation (GDPR). This encompasses all the procedures, which are included in dealing with the data. The collating or collection, plus the organisation or the structuring and/or storage, adaptation or alteration of the data come under the term "processing". However, other ways of dealing with the data, such as our own use of the data or transferring or transmitting them come under the generic term, "processing". Finally the term also covers the restriction, erasure or destruction of data.
3. Data security
We consider the security of your personal data to be of the highest importance. We therefore protect your data stored by us by means of technical and organisational measures. For this reason we guarantee that the provisions of the laws on data protection shall be complied with and that any loss or abuse shall be effectively prevented. In particular a duty of non-disclosure is imposed on our employees, who process personal data and they must comply with this.
4. SSL encryption
Our website uses secure SSL encryption in all matters of transferring personal data or personal contents concerning our users. Please be aware that SSL encryption is operative during appropriate activities from your side. It is easy to identify the use of encryption: the display in your browser line changes from "http://" to "https://". SSL-encrypted data cannot be read by third parties. Therefore transfer your confidential information only where there is activated SSL encryption and in case of doubt contact us.
5. Collection of personal data when you visit our website
- When the website is used purely for information purposes, in other words if you do not register or send us other information, we collect only the personal data, which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical reasons, in order to show you our website and to ensure its stability and security, for which the legal basis is Article 6 (1) 1st sentence (f) GDPR:
- the IP address of the requesting device (in other words, your computer or Smartphone),
- date and time of access,
- time zone difference from Greenwich Mean Time (GMT),
- content of the request (specific page),
- access status/ http status code,
- operating system and its interface,
- as well as the browser used and the operating system of your computer.
- For reasons of security (e.g. to investigate abuse or fraud) the information specified in a) is stored for a maximum period of 7 days and then erased. Data, which must be stored for longer periods for the purposes of evidence, are retained until the incident is finally cleared up.
- In addition to the data referred to above, when you use our website cookies are stored on your computer. More detailed information on cookies can be found in paragraph 9.
- We collect the data on the basis of our legitimate interest within the meaning of Article 6 (1) point (f) GDPR. In no case do we use the data collected for the purpose of drawing inferences as to the identity of the person. The purposes pursued by us in this respect include:
- guaranteeing smooth dial-up on the website,
- guaranteeing convenient use of our website,
- investigation of cases of abuse or fraud,
- assessing system security and stability and
- other administrative purposes.
6. Further functions and offers on our website
As well as use purely for information purposes, we offer you a variety of services, which you can use if you are interested. For this purpose as a rule, you have to provide further personal data, which we use to perform the respective service and to which the principles of data processing, which we referred to previously, apply.
6.1. Contacting us (telephone or e-mail)
- When you contact us (by telephone or e-mail) your data are processed to deal with the contact query and its settlement pursuant to Article 6 (1) point (b) GDPR (steps prior to entering into a contract) or pursuant to Article 6 (1) point (f) GDPR (legitimate interest in responding to your enquiry and in communicating further with you). If you contact us by e-mail we store the contents, which you have sent by e-mail. Personal data transferred by you are used solely for the purpose for which you have provided the data to us when you contacted us.
- We erase data retained during the period of contact as soon as they are no longer necessary for the achievement of the purpose, for which they were collected. This applies also to data provided voluntarily by you. It lies within our legitimate interest to store these data together with the required data. With respect to personal data, which has been transferred to us by e-mail or by telephone, the data are erased, when the respective conversion with the user has ended. The conversation has ended, when it can be assumed from the circumstances that the issue concerned has been finally clarified, at the latest however 1 month from the last contact. If a contractual relationship results, the legal retention periods, which are to be found in paragraph 13, shall apply.
7. Disclosure of data to third parties
- Data are disclosed to third parties only in accordance with the statutory regulations. We disclose users' data to third parties only, if
- you have granted your express consent thereto in accordance with Article 6 (1) sentence 1 of point (a) GDPR,
- disclosure is necessary in accordance with Article 6 (1) sentence 1 of point (f) GDPR for the establishment, exercise or defence of legal claims and there is no ground for the assumption that you have an overriding protectable interest in your data not being transferred,
- in the case where there is a legal duty to disclose the data in accordance with Article 6 (1) sentence 1 of point (c) GDPR, and
- this is legally admissible and necessary for the processing of contractual relationships with you in accordance with Article 6 (1) sentence 1of Point (b) GDPR.
- When we transfer your personal data we always ensure the highest possible level of security. Therefore, your data are disclosed only to service providers and partner firms, which have previously been carefully selected and placed under a contractual obligation, in order to ensure protection of the personal data pursuant to the relevant statutory provisions.
- We draw your attention to the fact that, in addition to this data privacy statement, the data protection guidelines and statements of the partners locally responsible and of their authorised institutions may apply.
8. Where are your personal data stored?
- The personal data collected by us concerning you are as a matter of principle stored within the European Union (EU). By way of exception personal data maybe transferred to non-EU countries. The GDPR is not directly applicable law in these "third countries". For this reason as a rule the law on data protection in those countries is less strict.
- Data transfer of this kind to countries outside the European Union may occur in processing a service provision query or in the provision of support services by electronic means.
- When data are transferred to a third country, however, we ensure that such a transfer is performed in conformity with this data privacy statement. Furthermore, we ensure that the respective recipient in the third country guarantees a commensurate level of data security for you and other data subjects or otherwise that a statutory licence is in existence. This is ensured, for example, by concluding a contract with the recipient in the third country on the basis of the European Commission standard contract clauses. These standard contract clauses guarantee a similar level of data security as is offered in the European General Data Protection Regulation.
We use what are known as cookies to recognise a user, when our offer is used several times by the same user or Internet connection holder.The data processed by the cookies are necessary for the safeguarding of our legitimate interests and those of third parties in accordance with Article 6 (1) sentence 1 of point (f) GDPR (see paragraph 5).
9.1. What are cookies?
Nowadays nearly all websites use various types of cookies so that the respective sites function as required and their design and functions are displayed to best advantage for you.
Cookies are information files, which are transferred from our web servers or the web servers of third parties to your web browser and stored there. They are stored there for further access to our site. Information files use specific information gathered about your respective device (PC, Smartphone and browser used). However, this does not mean that we obtain direct knowledge of your identity. In particular cookies serve to make websites more user-friendly (e.g. they store log-in data or the language). Cookies do not damage your terminal, contain no viruses, Trojan horses or other malicious software.
9.2. What types of cookies do we use?
This website uses the following types of cookies, the scope and mode of operation of which are explained in the following:
- Permanent cookies are automatically erased after a specified time, which may vary from cookie to cookie. You can erase cookies at any time by adjusting the security settings of your browser.
Most browsers accept cookies automatically. If you do not want cookies to be stored on your computer, you may deactivate the appropriate option in the system preferences of your browser. In addition, stored cookies can be erased in the system preferences of the browser. The exclusion of cookies may, however, result in restrictions in the functions of this online offer. Information on the deactivation of cookies for the most popular browsers is available at the following links:
Microsoft Internet Explorer
10. Integration of services and the contents of third parties
- We do not transfer the data, which you have provided to us, to third parties, unless the data are needed to process your contract, legitimate interests exist or you have expressly granted your consent to the transfer. Insofar as we are bound by law to do so, we transfer your data to governmental bodies and authorities entitled to receive information. Our legitimate interests are, for example, the interest in the analysis, optimisation and the commercial operation of our online offer within the meaning of Article 6 (1) point (f) GDPR.
- When we disclose your personal data we always ensure the highest possible level of security. Therefore, your data are disclosed only to service providers and partner firms, which have previously been carefully selected and placed under a contractual obligation, in order to ensure protection of the personal data pursuant to the relevant statutory provisions.
- If our service providers or partners are domiciled in a state outside the European Economic Area (EEA), we inform you of the consequences of this circumstance in the specification of the offer.
We use Google Maps API, a map service of Google (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA) to display an interactive map. This occurs on the basis of our legitimate interest in the user-friendly design of our online offer, namely in order to be able to display to you our seminar locations on a map produced by Google (Article 6 (1) point (f) GDPR).
When you visit our website, Google receives the information that you have accessed the relevant sub-page. In addition, further information on the use of our website (including your IP address) is transferred to a Google server in the USA and stored there. This happens irrespective of whether Google provides a user account, to which you are logged in or whether no user account exists. If you are logged on to Google, your visit to our website is allocated directly to your account.
If you do not want allocation to your profile with Google, you must log out prior to your visit to our site. Google stores your data as a user profile and uses this for purposes of advertising, market research and/or designing its website to match market requirements. Data is analysed in this way in particular (even for users, who are not logged in) to provide advertising tailored to the market and in order to inform other users of the social network of your activities on our website. You have the right to object to the creation of this user profile; to exercise this right you must contact Google.
Further information on the purpose and scope of data collection and processing by Google are contained in Google's data privacy statements, together with further information on the associate rights and settings options for the protection of your personal privacy. http://www.google.de/intl/de/policies/privacy.
Google also processes your personal data in the USA and has subscribed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
11. Your rights to your data
You have the following rights to the data processed concerning you:
- pursuant to Article 15 GDPR you can request information on your personal data processed by us. In particular you can request information on the processing purposes, the category of personal data, the categories of recipients, to whom your data have been or are disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of the processing or the right to object, the existence of the right to lodge a complaint, the origin of your data, insofar as these were not collected by us, and on the existence of any automated individual decision-making including profiling and if applicable, meaningful and informative information on its details;
- pursuant to Article 16 GDPR you can request the immediate correction of your incorrect personal data or the completion of your incomplete personal data stored by us:
- pursuant to Article 17 GDPR you can request the erasure of your personal data stored by us, unless the processing is necessary for exercising the rights of freedom of expression and information, for satisfying a legal obligation, on grounds of public interest or to establish, exercise or defend legal claims;
- pursuant to Article 18 GDPR you can request the restriction of the processing of your personal data, if the accuracy of the data is disputed, the processing is illegal, but you refuse to have it erased and we no longer need the data, however you need the data for establishing, exercising or defending legal claims or you have lodged a complaint against the processing pursuant to Article 21 GDPR;
- pursuant to Article 20 GDPR you have the right to data portability, i.e. to receive your personal data, which you have provided to us, in a structured, current, machine-readable format and/or can request the transfer to another Controller, if the processing relies on your consent or a contract with us and the processing is performed by means of automated processes. In the case of data portability to another Controller you can only effect the transfer however, insofar as this is technically feasible;
- pursuant to Article 7 (3) GDPR you can withdraw the consent you granted us at any time. the consequence of this is that we may not for the future continue the data processing, which relied on this consent; and
- pursuant to Article 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule you may contact the supervisory authority for your normal place of residence or place of work or our registered office.
The quickest, simplest and most convenient way to exercise your rights to correction or erasure of personal data is to log into your account and process your data stored there directly or to erase your account in full.
A simple message to us is sufficient for your requests for information, the withdrawal of consent or to object. You will incur no costs for the exercise of your rights. You can contact us at the contact information in paragraph 1 of this data privacy statement.
12. Right to object
- Provided that we base the processing of your personal data on the balancing of interests in accordance with Article 6 (1) point (f), you have the right to object to the processing. This is the case, in particular if the processing is not necessary for fulfilling a contract with you and we made this clear in each case as regards the respective processing of the data. If you exercise this right to object, please state the reasons why we should not continue processing your personal data as we had been doing. In the case of your legitimate objection we shall investigate the circumstances and shall either cease processing the data or change our method of processing the data or demonstrate to you the compelling legitimate grounds on which we continue to process the data. We shall notify you of such compelling grounds. You have the right at any time to lodge a complaint with a supervisory authority (e.g. the supervisory authority at your place of residence or at the domicile of our company).
- Of course, you may object at any time to the processing of your personal data for purposes of advertising and data analysis. You can inform us about your objection to advertising at the contact details specified in sub-paragraph 1.1.
- If you wish to exercise your right to object, an e-mail to the person designated in paragraph 1 is sufficient.
13. General information on erasure of and retention periods for your data
- The data stored by us are erased, as soon as they are no longer required for the planned specific purpose. The details are contained in the points in this statement, in which the nature and purpose of the respective processing procedures of the personal data are explained.
- Data, which we have to store by virtue of duties of retention prescribed by law, our Articles of Association or contract (e.g grounds under tax law), are blocked instead of being erased, to prevent them being used for other purposes. These duties include, for example, retention for 6 years pursuant to § 257 (1) German Commercial Code (for account books, inventories, opening balances, annual financial statements, business correspondence, vouchers, etc.) or retention for 10 years pursuant to § 147 (1) German Tax Code (books, records, Management Reports, vouchers, trade and business correspondence including e-mails, for the taxation of certain documents,etc.). The period begins at the close of the calendar year, in which the respective document was produced or received and ends on the expiry of the period at the end of a calendar year.
- When the period has expired it is verified whether it is more appropriate to block or to erase the data or whether by reason of special circumstances the retention period should be extended to a necessary extent.
14. Amendments to the Data Privacy Statement
- This data privacy statement is currently valid as at January 2019.
- By virtue of changes in the law or updates to data processing procedures, it may become necessary to update this data protection information. We therefore recommend that you keep yourself informed of amendments to this site. The amendment can affect your consents or the provisions of the contractual relationship only with your agreement. If this should become the case we shall contact you separately on the matter.