Data Protection Declaration
1. Responsible body
The responsible body for collecting, processing and use of your personal data within the meaning of Article 4 No. 7 of the General Data Protection Regulation is:
SCHIFFSDIESELTECHNIK KIEL GmbH
Managing director: Thomas Schwarke and Fin-Olav Wittstock
Kieler Straße 177
24768 Rendsburg
E-Mail: info@sdt-kiel.de
2. Processing of personal data
2.1 Access data
We collect information about you when you visit this website. We automatically collect information about your usage behaviour and interaction with us and thereby record data about your computer or mobile device. We collect, store and utilise data about every login to our website (known as server log files). The login data include, among others;
– name and URL of the requested file
– date and time of the access
– amount of data transferred
– notification of successful request
– browser model and browser version
– operating system
– referrer URL (i.e. the last page visited)
– websites that the user’s system accesses via our website
– Internet service provider of the user
– IP address and the requesting provider
We utilise this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operating our business, for security and optimisation of our website, but also for anonymous recording of the number of visitors to our website as well as the extent and type of utilisation of our website and services, as well as for calculation purposes in order to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and location-based content, analyse traffic, troubleshoot and remedy errors or faults as well as improve our services. This is also relates to our legitimate interest pursuant to Article 6 Paragraph 1 S. 1 f) GDPR.
We reserve the right to subsequently inspect the log data in the event that there is a justified suspicion of illegal utilisation based on specific, defined evidence. We store IP addresses in the log files for a limited period of time when this is necessary for security purposes or for the provision of services or invoicing for a service e.g. when you utilise one of our offers. After the order process has been terminated or a remittance has been received, we will delete the IP address if this is no longer required for security purposes. We also store IP addresses when we have a specific, defined suspicion relating to a criminal offence in connection with the utilisation of our website. We also store the date of your last visit as a part of your account (e.g. registration, login, clicking on links).
2.2 Hosting
The hosting services we utilise are intended for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we employ to operate the website. We and/or our hosting provider hereby process inventory data, contact data, content data, contract data, usage data, metadata and communication data from customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website in accordance with Article 6 Paragraph 1 S. 1 f) GDPR in connection with Article 28 GDPR.
2.3 Cookies
We utilise so-called session cookies to optimise our website. A session cookie is a small text data file that is sent by the respective servers when you visit a website and is then stored temporarily on your hard drive. Such data also contain what is known as a Session ID, which enables various requests to be allocated to your browser during the shared session. This allows your computer to be recognised again when you return to our website. These cookies will be deleted once you close your browser. These enable you, for example, to utilise the shopping basket function across several pages.
We also utilise persistent cookies (also small text data files that are stored on your terminal device) to a limited extent, which remain on your terminal device and enable us to recognise your browser again the next time you visit the website. These cookies will be stored on your hard disc and are subsequently automatically deleted after the specified time. Their lifespan is 1 month to 10 years. This enables us to present our services to you in a more user-friendly, effective and secure manner and, for example, to display information on the website that is specifically tailored to your particular interests.
Our legitimate interest in the use of cookies pursuant to Article. 6 Paragraph 1 S. 1 f) GDPR is intended to make our website more user-friendly, effective and secure. In the cookies data and information are stored, for example,log-ininformation, language settings, entered search terms or information on the number of visits to our website, as well as the usage of individual functions of our website.
When the cookie is activated, it will then be assigned an identification number; your personal data will not be assigned to this identification number. Your name, your IP address or similar data, which would enable the cookie to be assigned to you are not placed in the cookie. Based on the cookie technology involved, we only receive pseudonymous information, for example about which pages of our shop have been visited, which products have been viewed, etc.
You can set your browser in such a way that you will be informed in advance about the use of cookies and can decide in individual cases whether to accept individual cookies or refuse the acceptance of cookies for certain cases or in general or that the cookies will be prevented completely. This could result in the website functionality being reduced.
2.4 Data for fulfilling our contractual obligations
We process personal data that we require to fulfil our contractual obligations, such as name, address, e-mail address, ordered products, invoicing data and payment data. The collection of these data is required for concluding the contract. The data will be deleted after the expiry of the guarantee and/or warranty periods and statutory retention periods. Data that are linked to the user account (refer to below) will be retained in all cases for as long as the account is active and being managed. The legal sbasis for the processing of these data is Article 6 Paragraph 1 S. 1 b) GDPR, as these data are required so that we can fulfil our contractual obligations on your behalf.
2.5 Contact
When you contact us (e.g. via contact form or e-mail), we will then process your details in order to deal with your enquiry and also in the event that follow-up questions could arise. If the data processing is implemented for the execution of pre-contractual measures, which will then be executed at your request and/or if you are already our customer, for the execution of the contract, then the legal basis for this data processing is Article 6 Paragraph 1 S. 1 b) GDPR. We will only process additional personal data when you provide your consent (Article 6 Paragraph 1 S. 1 a) GDPR) or if we have a legitimate interest in processing your data (Article 6 Paragraph 1 S. 1 f) GDPR). A legitimate interest could be, for example, to be able to answer your e-mail.
3. Storage duration
Insofar as not otherwise specifically stated, we will only store personal data for as long as is necessary to fulfil the purposes pursued. In some certain cases, the legislator provides for the storage of personal data, for example in cases of tax law or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and deleted after expiry of the legal retention period.
4. Rights
According to the applicable laws, you have various rights regarding your personal data. If you would like to assert these rights, then please send your request by e-mail or by post to the address specified in Section 1 and clearly identify yourself therein. You can find an overview of your rights in the following.
4.1 Right to information according to Article 15 of the GDPR version applicable from 25/05/2018.
You have the right to request information about your personal data processed by Schiffsdieseltechnik Kiel GmbH. In detail:
you have the right to receive confirmation from us at any time as to whether personal data which relate to you will be processed. If this should be the case, then you have the right to request from us, free of charge, access to information about the personal data stored about you together with a copy of these data. Furthermore, there is a right to access to the following information:
1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. where the personal data are not collected from you, any available information as to their source;
8. the existence of automated decision-making, including profiling, referred to in Article 22 Paragraphs 1 and 4 GDPR and – and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Where personal data are transferred to a third country or to an international organisation, then you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
4.2 Right to rectification according to Article 16 GDPR in the version applicable from 25/05/2018
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.3 Right to erasure (“right to be forgotten”) according to Article 17 GDPR in the version applicable from 25/05/2018
Pursuant to Article 17 Para. 1 GDPR you have the right to request from us the immediate erasure of respective personal data held by Schiffsdieseltechnik Kiel GmbH. We are obliged to immediately delete personal data if one of the following reasons exists:
1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing is based according to Article 6 Paragraph 1 S. 1 a) GDPR or Article 9 Paragraph 2 a) GDPR and where there is no other legal ground for the processing.
3. You object to the processing pursuant Article 21 Paragraph 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 Paragraph 2
GDPR.
4. The personal data have been unlawfully processed.
5. The personal data have to be erased for compliance with a legal obligation in Union or the Member State law , to which we are subject.
6. The personal data have been collected in relation to the offer of information society services referred to in Article 8 Paragraph 1 GDPR .
Where we have made the personal data public and are obliged pursuant to Article 17 Paragraph 1 GDPR to erase the personal data, then we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
4.4 Right to the restriction of processing according to Article 18 GDPR in the version applicable from 25/05/2018
You shall have the right to obtain from us restriction of processing where one of the following applies:
1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
2. the processing is unlawful and you opposes the erasure of the personal data and request the restriction of their use instead;
3. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
4. you have objected to processing pursuant to Article 21 Paragraph 1 GDPR pending the verification whether the legitimate grounds of the controller override yours.
4.5 Right to data portability according to Article 20 GDPR in the version applicable from 25/05/2018
You shall have the right to receive the personal data concerning you, which you have provided to Schiffsdieseltechnik Kiel GmbH, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
1. the processing is based on consent pursuant to Article 6 Paragraph 1 S. 1 a) GDPR or Article 9 Para. 2a) GDPR or on a contract according to Article 6 Para. 1 S. 1b) GDPR and
2. the processing is carried out by automated means.
In exercising your right to data portability pursuant to Paragraph 1, you shall have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
4.6 Right to revocation of consent in terms of data protection law according to Article 7 Paragraph 3 GDPR in the version applicable from 25/05/2018
You have the right to revoke your consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The revocation is to be addressed to Schiffsdieseltechnik Kiel GmbH using the contact data mentioned above.
4.7 Right to file a complaint with a supervisory authority according to Article 77 GDPR in the version applicable from 25/05/2018
You shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
4.8 Right to object according to Article 21 GDPR in the version applicable from 25/05/2018
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on Article 6 Paragraph 1 S. 1 e) or f) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 Paragraph 1 GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
5. Data security
Furthermore, within the limits of the technical and organisational possibilities, personal data are protected against access by third parties, manipulation, destruction, unauthorised access, loss and unintentional destruction or damage. The security measures are constantly adapted to the latest technological developments. Here, the rules according to Article 5 of the GDPR in the version applicable from 25/05/2018 are observed.
6. Disclosure of data to third parties
In principle, we will only utilise your personal data exclusively within our company. When and insofar that we have to involve third parties in the performance of contracts, then those personal data will only be received by them to the extent to which the transfer is necessary for the corresponding service. In the event that we have to outsource certain parts of the data processing (“order processing”), we contractually oblige our contractors who process the data to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the affected person.