Privacy Policy
Privacy Policy
We inform you below in accordance with the legal requirements of data protection law (in particular in accordance with BDSG n.F. and the European General Data Protection Regulation ‘GDPR’) about the type, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. Regarding the definition of terms such as “personal data” or “processing”, we refer to Art. 4 GDPR.
Name and contact details of the controller
Our controller (hereinafter “controller”) within the meaning of Art. 4 No. 7 GDPR is:
NiTO Holzstein GmbH
Hohendinger Str. 3
28790 Schwanewede
Germany
Managing Directors: Torsten Staritz and Nico Herrmann
Commercial Register/No.: HRB 210768
Registration Court: Amtsgericht Walsrode
Email address: hello@woodenbrick.com
Types of data, purposes of processing and categories of data subjects
Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.
1. Types of data we process
Usage data (access times, websites visited, etc.), communication data (IP address, etc.),
2. Purposes of processing according to Art. 13 para. 1 c) GDPR
Uninterrupted, secure operation of our website,
3. Categories of data subjects according to Art. 13 para. 1 e) GDPR
Visitors/users of the website,
The data subjects are collectively referred to as “users”.
Legal bases for the processing of personal data
Below we inform you about the legal bases for the processing of personal data:
1. If we have obtained your consent for the processing of personal data, Art. 6 para. 1 p. 1 lit. a) GDPR serves as the legal basis.
2. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures which are carried out at your request, Art. 6 para. 1 p. 1 lit. b) GDPR serves as the legal basis.
3. If processing is necessary for compliance with a legal obligation to which we are subject (e.g. legal retention obligations), Art. 6 para. 1 p. 1 lit. c) GDPR serves as the legal basis.
4. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 p. 1 lit. d) GDPR serves as the legal basis.
5. If processing is necessary to protect our legitimate interests or those of a third party and if your interests or fundamental rights and freedoms do not override those interests, Art. 6 para. 1 p. 1 lit. f) GDPR serves as the legal basis.
Transfer of personal data to third parties and processors
We do not transfer your personal data to third parties without your express consent. The only exceptions to this are if we are legally obliged to disclose data (disclosure to external bodies such as supervisory authorities or law enforcement authorities), if the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, or if this is necessary for the performance of contractual relationships with you.
In addition, we only use processors if we have concluded a corresponding contract processing agreement with them. We select our processors carefully and control them regularly.
Transfer of personal data to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data is therefore predominantly processed by companies for which the GDPR applies. If processing by services of third parties outside the European Union or the European Economic Area should nevertheless take place, this only takes place if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called “standard contractual clauses”.
Deletion of data and storage duration
Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose for storing it ceases to apply or you revoke your consent to its storage, unless its further storage is necessary for evidentiary purposes or this is opposed by statutory retention obligations. This includes, for example, commercial law retention obligations for business letters according to § 257 para. 1 HGB (6 years) as well as tax law retention obligations according to § 147 para. 1 AO of documents (10 years). When the prescribed retention period expires, a deletion or blocking of the data takes place, unless the storage is further necessary for the conclusion or fulfillment of a contract.
Existence of automated decision-making
We do not use automatic decision-making or profiling.
Provision of our website and creation of log files
1. If you only use our website for informational purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
• IP address;
• Internet service provider of the user;
• Date and time of access;
• Browser type;
• Language and browser version;
• Content of the request;
• Time zone;
• Access status/HTTP status code;
• Amount of data;
• Websites from which the request comes;
• Operating system.
A storage of this data together with other personal data from you does not take place.
2. This data serves the purpose of user-friendly, functional and secure delivery of our website to you with functions and contents as well as its optimization and statistical evaluation.
3. The legal basis for this is our legitimate interest in data processing according to Art. 6 para. 1 p.1 lit. f) GDPR.
4. We store this data for security reasons for a storage period of 30 days in server log files. After expiration of this period, these are automatically deleted, unless we need their retention for evidential purposes in case of attacks on the server infrastructure or other legal violations.
Contact via contact form / email / fax / post
1. When contacting us via contact form, fax, post or e-mail, your details will be processed for the purpose of handling the contact request.
2. The legal basis for the processing of data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR and, if applicable, Art. 6 para. 1 p. 1 lit. b) GDPR if your request is aimed at concluding a contract. Your data will be deleted once your request has been processed, unless there are statutory retention obligations. You can object to the processing of your personal data at any time in the case of Art.6 para.1 p.1 lit.f) GDPR.
Rights of the data subject
1. Right to object or revoke against the processing of your data
Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a), Art. 7 GDPR, you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of the consent until revocation is not affected by this.
Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR, you may object to the processing. This is the case if the processing is not necessary in particular for the fulfillment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection under the following contact details: NiTO Holzstein GmbH, Hohendinger Str. 3, 28790 Schwanewede, Germany, Managing Directors Torsten Staritz and Nico Herrmann, Commercial Register/No.: HRB 210768, Registration Court: Amtsgericht Walsrode, Email address: hello@woodenbrick.com
2. Right to information
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes in particular the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it was not collected directly from you.
3. Right to rectification
You have a right to rectification and/or completion of your data in accordance with Art. 16 GDPR if the personal data stored about you is incorrect or incomplete.
4. Right to erasure
You have the right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights to further storage prevent this.
5. Right to restriction
You have the right to request the restriction of processing of your personal data if one of the conditions in Art. 18 para. 1 lit. a) to d) GDPR is met:
• If you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
• you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.
6. Right to data portability
You have a right to data portability in accordance with Art. 20 GDPR, which means that you can obtain the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller.
7. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
Data security
To protect all personal data transmitted to us and to ensure that the data protection regulations are observed by us as well as our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is transmitted encrypted via a secure SSL connection.
Status: 10.08.2024