We are pleased about every visit to our website www.cahsel.de and take the protection of the personal data of the users of our aforementioned website (hereinafter this data protection declaration = users) very seriously, especially so that they feel safe and comfortable when visiting the websites. We respect the privacy of users of our website and their right to adequate control of their personal data. With this data protection information we inform the users of our website when which data is stored and how it is used in each case. Of course, we always observe the applicable German and European data protection regulations, in particular EU-GDPR, and continually ensure the protection of the data received and processed by means of special technical protection measures which are always up to date. This data protection declaration applies to data processing by:
Benzweg 5 – 7
D – 32584 Löhne
Mobil: 01 71 / 21 33 290
Telephon: 0 57 32 / 976 8000
Fax: 0 57 32 / 976 8001
VAT no.: DE 188474814
Our data protection declaration is based on the terms used by the European legislator for directives and regulations when issuing the general data protection regulation (EU-GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers, business partners and in particular the users of our website. To ensure this, we would like to explain the terms used in advancep>
a) Personal data
Personal data is all information relating to an identified or identifiable natural person. Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier, such as a name to an identification number, to location data, to an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) User concerned
The user concerned is any identified or identifiable natural person whose personal data are processed by us in the context of visiting our website.
Processing means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the collection, collection, organisation, sorting, storage, adaptation or alteration, selection, query, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any form of automated processing of personal data leading to the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific concerned person without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.
g) Data Controller or data processing controller
The data controller or data processing controller is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by European Union law or by the laws of the Member States, the data controller or the specific criteria for his appointment may be defined in accordance with European Union law or the law of the Member States. With regard to the personal data received and/or processed by the user concerned, we are the data controller.
h) Data processor
Data processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
j) Third party
A third party is a natural or legal person, authority, institution or other body other than the user concerned, the person responsible, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the data controller or the data processor.
Consent is any informed and unambiguous expression of will voluntarily granted by the user concerned in the specific case in the form of a declaration or other clear affirmative act with which the user concerned indicates that he/she agrees to the processing of his/her personal data.
2. collection of general data and information:
3. Privacy of children
The use of our offer via our website is directed exclusively at persons of full legal capacity and not at children. We do not knowingly collect any personal data from users who are considered children under their respective national laws.
4. Passing on of personal data to third parties:
A transfer of user data, i.e. personal data of affected users of our website, to third parties takes place only if the affected user has expressly given his consent pursuant to Article 6 paragraph 1 S. 1 letter a EU-GDPR, if the transfer of the data is necessary to safeguard legitimate interests and there is no reason to assume that the affected user has an overriding interest worthy of protection in the non-disclosure of his data (Article 6 paragraph 1 S. letter f EU-GDPR), if a legal obligation exists for the transfer (Article 6 paragraph. 1 S. 1 letter c EU-GDPR) or if this is legally permissible and necessary for the processing of contractual relationships with the user concerned (Article 6 paragraph 1 S. 1 letter b EU-GDPR). The personal data of the user concerned will neither be passed on by us to third parties nor otherwise transmitted, unless this expressly serves the agreed purpose of contract processing, such as the passing on of bank data to the bank or financial service provider executing the direct debit, the passing on of address data to the commissioned carrier or for other processing purposes. For example, we store the financial and payment data of the user concerned for the processing of a contract executed with him, whereby this data is always treated confidentially and is used exclusively for purposes of contract processing.
5. Registration on our website:
Users of our website have the opportunity to register on our website by providing personal data. Which personal data is transmitted to us depends on the respective input mask used for registration. The personal data entered by the user concerned is collected and stored exclusively for our internal use and exclusively for our own purposes. For example, we can arrange for the data to be passed on to one or more contractors, such as a parcel courier, who also uses the personal data exclusively for internal use that is attributable to us as the person responsible. By registering on our website, the IP address assigned by the Internet service provider (ISP) of the user concerned, the date and time of registration are also stored. This data is stored because this is the only way to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences committed. In this respect, the storage of this data is necessary for our own protection. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution. The registration of affected users under voluntary indication of personal data allows us to offer contents or services to the registered users, which can only be offered to registered users due to the nature of the content. Registered users are free to change the personal data provided during registration at any time or to have it completely deleted from our database. Upon request, we will provide each affected user at any time with information about which personal data about the affected user is stored. Furthermore, we correct or delete personal data at the request or notice of the user concerned, insofar as there are no legal storage obligations to the contrary. In this context, all of our employees are available to the user concerned as contact persons. For the entirety of the rights to which the user concerned is entitled, see item 8.p>
6. Contact possibility over our web page:
Due to legal regulations, our website contains information that enables us to be easily contacted electronically and to communicate directly with us, which also includes a general address for so-called electronic mail (e-mail address). If a user contacts us by e-mail or via a contact form, the personal data transmitted by the user concerned will be stored automatically. Such personal data transmitted to us on a voluntary basis by an affected user will be stored for the purpose of processing or contacting the affected user. This personal data is not passed on to third parties. The data entered in the contact form is processed exclusively on the basis of consent (Article 6 paragraph 1 letter a EU-GDPR). The user can revoke this consent at any time. All that is required is to send us an informal email.
7. Routine deletion and blocking of personal data:
We process and store personal data of users concerned only for the period which is necessary to achieve the storage purpose or insofar as this has been provided for by the issuer of European guidelines and regulations or another legislator in laws or regulations to which we are subject. If the storage purpose ceases to apply or if a storage period prescribed by the issuer of European guidelines and regulations or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
8. Rights of the users concerned:
a) Right to request confirmation
Every user has the right to request confirmation from us whether personal data concerning him are being processed by us. If a user concerned wishes to make use of this right of confirmation, he can contact one of our employees at any time using the contact data stated in the imprint.
b) Right to receive informati
The user concerned can therefore request information from us at any time about his processed personal data, in particular also information about the purposes of processing, the category of personal data, the categories of recipients to whom the user data was or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing and/or objection, the existence of a right of appeal, the origin of his data, if these were not collected by us and/or about the existence of automated decision making including profiling and, if applicable, meaningful information regarding their nature. (cf. Article 15 EU-GDPR) Users also have a right of access to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the user concerned has the right to obtain information about the appropriate guarantees in connection with the transmission. If an affected user wishes to make use of the right of information described above, he can contact one of our employees at any time.
c) Right to correction
Any user affected by the processing of personal data has the right to request the immediate correction of incorrect personal data concerning him. Furthermore, the user concerned has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - also by means of a supplementary declaration. Consequently, the user concerned may at any time request the immediate correction of incorrect personal data or the completion of the personal data stored by us (cf. Article 16 EU-GDPR). If a user concerned wishes to make use of this right of correction and/or completion, he can contact one of our employees at any time.
d) Right to deletion (Right to be forgotten)
Every user affected by the processing of personal data has the right to demand from us that the personal data concerning him/her be deleted immediately, provided that one of the following reasons applies and insofar as the processing is no longer required:
For example, users concerned may request the deletion of their personal data stored by us, unless the processing is necessary to exercise their right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to process a contract (cf. Article 17 EU-GDPR). If one of the above-mentioned reasons applies and a user concerned wishes to have personal data stored with us deleted, he can contact one of our employees at any time. The contacted employee will then arrange for the deletion request to be complied with immediately. If the personal data have been made public by us and we as data controllers are obliged to delete the personal data pursuant to Article 17 paragraph 1 EU-GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers who process the published personal data, that the user concerned has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data controllers, insofar as the processing is not necessary. We will make the necessary arrangements as requested in each individual case.
e) Right to restrict processing <br Any user affected by the processing of personal data has the right to request us to restrict the processing if one of the following conditions is met:
In accordance with Article 18 of EU-GDPR, the user concerned may thus request the restriction of the processing of his personal data if and to the extent that the accuracy of the data is disputed by the user concerned, the processing is unlawful, but the user concerned refuses to delete the data and we no longer require the data, but the user concerned requires this data to assert, exercise or defend legal claims or the user concerned has filed an objection to the processing in accordance with Article 21 of the EU-GDPR. If one of the above-mentioned conditions is fulfilled and a user concerned wishes to request the restriction of personal data stored by us, he can contact one of our employees at any time. The contacted employee will then immediately initiate the restriction of the processing.
f) Every user affected by the processing of personal data has the right to receive the personal data concerning him, which was made available to us by him, in a structured, current and machine-readable format. The user concerned also has the right to transmit this data to another person responsible without our interference, provided that the processing is based on the consent pursuant to Article 6 paragraph 1 letter a EU-GDPR or Article 9 paragraph 2 letter a EU-GDPR or on a contract pursuant to Article 6 paragraph 1 letter b EU-GDPR and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority which was transferred to us. Furthermore, in exercising his right to data transferability pursuant to Article 20 paragraph 1 EU-GDPR, the user concerned has the right to request that the personal data be transferred directly from one data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this. This gives affected users the right to receive the personal data they have provided to us in a structured, common and machine-readable format or to request its transfer to another person responsible (cf. Article 20 EU-GDPR). To assert the right to data transferability, any user concerned can contact one of our employees at any time.
g) Right of objection
Any person concerned by the processing of personal data, and therefore of course also the user of our website, has the right granted by European regulators and legislators to object at any time to the processing of personal data concerning him/her on the basis of Article 6 paragraph 1 letters e or f of the EU-GDPR, for reasons arising from his particular situation. This also applies to profiling based on these provisions. We will no longer process personal data in the event of an objection, unless we can prove compelling grounds for processing that outweigh the interests, rights and freedoms of the user concerned or the processing serves to assert, exercise or defend legal claims. If we process personal data in order to carry out direct advertising, the user concerned has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If the user concerned objects to our processing for direct advertising purposes, we will no longer process the personal data for these purposes. In addition, the user concerned has the right, for reasons arising from his particular situation, to object to the processing of personal data concerning him/her which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1 EU-GDPR unless such processing is necessary to fulfil a task in the public interest. To exercise the right of objection, the user concerned can contact any of our employees directly. The user concerned shall also be free to exercise his right of objection in connection with the use of information society services by means of automated procedures which use technical specifications, notwithstanding Directive 2002/58/EC. In any case, the following applies
Right of objection:
If the user's personal data are processed on the basis of legitimate interests pursuant to Article 6 paragraph 1 sentence 1 letter f EU-GDPR, he has the right to object to the processing of his personal data pursuant to Article 21 EU-GDPR, insofar as there are reasons for this which arise from the user's particular situation or the objection is directed against direct advertising. In the latter case, the user has a general right of objection, which is implemented by us without stating a particular situation. If the user wishes to exercise his right of revocation or objection, simply send an e-mail to email@example.com
h) Automated decisions in individual cases including profiling
Any user affected by the processing of personal data has the right not to be subject to a decision based exclusively on automated processing - including profiling - which has legal effect against him or significantly affects him in a similar manner, unless the decision (1) is necessary for the conclusion or performance of a contract between the user concerned and us, or (2) is permitted by European Union or Member State law to which we are subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the user concerned, or (3) with the express consent of the user concerned. If the decision (1) is necessary for the conclusion or performance of a contract between the user concerned and us or (2) is made with the express consent of the user concerned, we shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the user concerned, including at least the right for us to intervene as the person responsible, to state our own position and to challenge the decision. If the user concerned wishes to assert rights with respect to automated decisions, he can contact one of our employees at any time.
i) Right to revoke a consent under privacy law
Every user affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time. As a consequence, we are no longer allowed to continue data processing based on this consent in the future (cf. Article 7 paragraph 3 EU-GDPR). If the user concerned wishes to assert his right to revoke his consent, he can contact one of our employees at any time.
j) Right of appeal
Users concerned can also complain to a supervisory authority. As a rule, the users concerned can contact the supervisory authority of their usual place of residence or workplace or our registered office (see imprint) (cf. Article 77 EU-GDPR). A list of data protection officers and their contact details can be found on the following link:
10. legal basis of the processing
Article 6 I letter a EU-GDPR serves as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the user concerned is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I letter b EU-GDPR. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If we are subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Article 6 I letter c EU-GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third parties. Then the processing would be based on Article 6 I letter d EU-GDPR. Ultimately, processing operations could be based on Article 6 I letter f DSGVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect one of our legitimate interests or that of a third party, provided that the interests, fundamental rights and freedoms of the user concerned do not prevail. Such processing procedures are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it was judged that a legitimate interest could be presumed if the data subject is a customer of the data controller (see: recital 47, second sentence, EU-GDPR).
11 Legitimate interests in the processing pursued by us or a third party
If the processing of personal data is based on Article 6 I letter f EU-GDPR, it is in our legitimate interest, among other things, to conduct our business activities for the benefit of our well-being and the well-being of all our employees.
12. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective legal retention period. Upon expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
13. Legal or contractual regulations for the provision of personal data; necessity for the conclusion of the contract; obligation of the user concerned to provide the personal data; possible consequences of the failure to make the data available
We inform the affected users of our website that the provision of personal data is partly prescribed by law (e.g. by tax regulations) or may also result from contractual regulations (e.g. necessary information about the contractual partner). In some cases, it may be necessary for a contract to be concluded if a user concerned provides us with personal data which must subsequently be processed by us. For example, the user concerned is obliged to provide us with personal data when we conclude a contract with him or her. Failure to provide personal data would mean that the contract with the user concerned could not be concluded. Before the user concerned provides personal data, the user concerned can contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have
14. Automated decision making
We do without automatic decision making or profiling.
16. Analysis -tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 paragraph 1 sentence 1 letter f EU-GDPR. With these tracking measures, we want to ensure that our website is continuously designed and constantly optimised to meet requirements. In addition, we use the tracking measures to statistically record the use of our website for the purpose of the optimization of our offer. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the following tracking tools:
17. Data security
We expressly point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible. Nevertheless, we naturally continue to use technical and organisational security measures in order to protect the data, in particular personal data, provided to us by the user concerned and managed by us, against intentional but also against accidental manipulation, loss, destruction or access by unauthorised persons.We continue to use appropriate technical and organizational security measures to protect the data of users of our website against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. All our security measures are continuously improved in line with technological developments. We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by the browser of the respective user of our website when visiting our website. This is usually 256-bit encryption. If the browser used by the user when visiting our website does not support 256-bit encryption, 128-bit v3 technology is automatically used. Whether a single page of our website is transmitted in encrypted form can be identified per the closed display of the key or lock symbol in the lower status bar of the browser.
18. Actuality and amendment of this data protection declaration
Diese Datenschutzerklärung ist aktuell gültig und hat den Stand Mai 2018.