COMPO Data privacy Statement
Valid from 25 May 2018
Thank you for visiting our website. COMPO is not just concerned about the care and protection of your plants. The protection of your privacy when collecting and processing personal data is also a matter we take very seriously. The following information aims to provide you with an overview of the processing of your personal data by us and of your rights under data protection legislation. We process personal data that we receive whenever our website is accessed by, among others, customers/applicants or other interested parties (hereinafter referred to as 'you'). The type of data we process and how we use it depends primarily on the requested or agreed services; therefore, not all the information below will be applicable to you.
Which entity controls the data processing and which entity can I contact in this regard?
The controller is
Gildenstraße 38, 48157 Münster
Telefon: 0251/ 3722 0
You can reach our company's data protection officer at the above address using the keywords DATA PROTECTION or using the following email contact: firstname.lastname@example.org
1. Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the EU's General Data Protection Regulation (GDPR) and Germany's Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG)
a) to fulfil contractual obligations (Article 6(1.)(b) GDPR)
The processing of data can take place in the context of executing contracts with you as our customer or in order to implement pre-contractual measures.
b) in the balancing of interests (Article 6(1.)(f) GDPR)
If required, we can process your data beyond the actual fulfilment of the contract to safeguard our or a third party's legitimate interests. Examples:
- reviewing and optimising the processes of requirements analysis for the purpose of direct customer contact;
- advertising or market and opinion research insofar as you have not objected to the use of your data;
- asserting legal claims and defence in the event of legal disputes;
- safeguarding IT security and IT operations within the company, and
- measures to control business processes and develop services and products.
c) based on your consent (Article 6(1.)(a) GDPR)
Once you have agreed to the processing of personal data for specific purposes (e.g. for marketing purposes, receipt of newsletters), the legitimacy of such processing shall be deemed to be given based on your consent.
d) based on legal requirements (Article 6(1.)(c) GDPR) or in the public interest (Article 6(1.)(e) GDPR)
In addition, we are subject to various legal obligations, i.e. statutory requirements (e.g. tax laws). The purposes of processing include the fulfilment of fiscal inspection and reporting requirements, and much more.
e) in the context of establishing an employment relationship (Article 88 GDPR in conjunction with Section 26(1) BDSG)
Your personal data may also be processed if you submit an application to us.
2. What does this mean precisely in relation to the provision of this website and the services available therein?
2.1 Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the accessing computer. The following data are collected:
- information about the browser type and the version used;
- the user's operating system;
- the user's internet service provider;
- the user's ip address;
- date and time of access;
- websites from which the user's system accesses our website, and
- websites accessed by the user's system via our website.
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user. The legal basis for the temporary storage of data in log files is Article 6(1.)(f) GDPR. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To do this, the user's IP address must be kept for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this instance. These purposes represent our legitimate interest in the processing of data in accordance with Article 6(1.)(f) GDPR.
The data are deleted immediately when no longer required for the purpose of collection. In terms of data collection for the provision of the website, this is the case when the respective session has ended.
Data collection for the provision of the website and data storage in log files is essential for the operation of the website. Consequently, the user has no opportunity to opt out.
2.2 Cookies and similar technologies
2.2.1 Technically required cookies
Among other things, we use technically required cookies. These are cookies that are merely required for the collection of information on our web pages in order to provide a service requested or desired by you, the user. Here, the following data are stored and transmitted in the cookies:
- language settings
- data in the download list
- login information
- session ID
2.2.2 Other cookies, e.g. for web analysis services
Analysis cookies are used for the purpose of improving the quality of our website and its content. Using analysis cookies informs us how our website is used, enabling us to make continuous improvements to our services. These purposes constitute our legitimate interest in the processing of your personal data pursuant to Article 6(1.)(f) GDPR.
Below you will find information on each of the cookies, the respective provider and how you can object to the use of the cookie.
The provider of this website uses the services of the Hamburg (Germany) based etracker GmbH to analyse usage data. Here, cookies are used which enable a statistical analysis of this website’s use by its visitors, as well as the display of usage-relevant content or advertising. Cookies are small text files that are stored by the internet browser on the user's device. etracker cookies do not contain any information that could identify a user.
The data generated with etracker are processed and stored by etracker solely in Germany on behalf of the provider of this website and are thus subject to stringent German and European data protection laws and standards. In this regard, etracker has been checked, certified and awarded the data protection seal of approval.
The data are processed on the legal basis of Article 6(1.)(f) (legitimate interest) GDPR. Our legitimate interest is the optimisation of our online services and our website. As the privacy of our visitors is very important to us, etracker anonymises the IP address as early as possible and converts login or device IDs into a unique key not attributable to any person. etracker does not use it for any other purpose, combine it with other data or pass it on to third parties.
You can object to the type of data processing outlined above at any time provided it is related to your person. Your objection will not have any negative implications for you.
Further information on data protection at etracker can be found here.
2.3 Contact form and email contact
Our website contains contact forms that can be used for electronic communication. If you make use of this option, then the data entered in the input mask will be transmitted to us and stored. Such data include:
- first name
- middle name
- last name
- email address
- road and building number
- phone number (queries)
- your message/question
As part of the sending operation, your consent will be obtained and you will be referred to this Data Privacy Statement for the processing of your data.
Alternatively, contact can be initiated using the email address provided. In this case, the personal data transmitted with your email address will be stored. Data will not be passed on to third parties in this instance. It will only be used for the purpose of processing the correspondence.
The legal basis for the processing of data with your consent is Article 6(1.)(a) GDPR. The legal basis for the processing of data transmitted when sending an email is Article 6(1.)(f) GDPR. If the email contact is geared towards the conclusion of a contract, then the additional legal basis for processing shall be Article 6(1.)(b) GDPR.
The processing of personal data in the input mask is for the sole purpose of facilitating communication. The legitimate interest also concerns the processing of data in the case of communication by email. The remaining personal data processed during the sending operation are used to prevent misuse of the contact form and to ensure the security of our IT systems.
The data will be deleted if no longer required for the purpose of its collection. This is the case for personal data entered in the input mask of the contact form and data sent by email if the respective correspondence with you, the user, has concluded. This is the case where circumstances make clear that the matter in question has been resolved. You may withdraw your consent to the processing of personal data at any time. You may object to the storage of your personal data at any time by sending us an email. Correspondence cannot be continued in such cases. To do this, please send an email to email@example.com. All personal data stored during this period of communication will be deleted in such cases, unless statutory retention periods apply at the time.
2.4 Disclosure of personal data to service providers
When making use of the technical support services of our contract partners or during co-operation with our hosting partners, for example, it is possible that personal data may be viewed by these service providers.
We currently co-operate with the below service providers for the following reasons:
Episerver: Email forwarder
Episerver is an email marketing service provider based in Berlin, among other places. We use this partner for sending newsletters (see section 2.4) and campaign emails, for example. Episerver data protection information can be found at: https://www.episerver.com/legal/privacy-statement.
Adacor and Host Europe: Hosting
Adacor is our Essen-based hosting partner. Adacor's data centres are located in Frankfurt am Main. You can access the data protection information here: https://www.adacor.com/datenschutz/.
Nexum: Administrative, troubleshooting and support services
Nexum is our IT consultant. The company is based in Germany. You can find the data privacy statement here: https://www.nexum.de/en/legal.
If your data are processed by these service providers, it will normally only be data that you have made available to us, e.g. for making contact electronically or other reasons mentioned above.
The legal basis for the temporary processing of your data for the above purposes is Article 6(1.)(f) GDPR. We would not be able to provide you with the website and services offered if we did not co-operate with our service providers.
Processing the personal data enables us to continue corresponding with you by email and to offer and make available our website.
The data will be deleted if no longer required for the purpose of its collection. Accordingly, in the case of a support service, the data are deleted immediately after completion by the service provider. In this regard, please also note the information on the descriptions mentioned in section 2 concerning data processing, as well as the options of objection and disposal.
3. What rights can you assert?
Every person concerned has the right to information according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to the restriction of processing according to Article 18 GDPR, the right to object arising from Article 21 GDPR, and the right to data portability arising from Article 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure. There is also a right to appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
You may withdraw consent to the processing of personal data given to us previously at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into effect, i.e. prior to 25 May 2018. Please note that such a withdrawal only applies to the future. Processing that has taken place prior to consent being given is not affected by this.
Please contact our data protection officer for queries in this regard.
4. Do I have to provide my personal data?
In the context of our business relationship, you must provide such personal data as are required for the establishment and implementation of a business relationship and for the fulfilment of associated contractual obligations or for whose collection we are legally required. We would normally be forced to refuse conclusion of the contract or execution of the order or unable to continue implementing an existing contract and possibly have to terminate it without these data.
5. Is there automated decision-making?
No. For the establishment and implementation of business relationships, at present, we do not use any fully-automated decision-making processes pursuant to Article 22 GDPR. Profiling does not take place.
6. Information on your right to object according to Article 21 GDPR
Right to object based on an individual case
You have a permanent right to object – on grounds relating to your particular situation – to the processing of personal data concerning you, which is based on Article 6(1.)(e) GDPR (data processing in the public interest) and Article 6(1.)(f) GDPR (data processing based on a balancing of interests). That also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
We shall no longer process your personal data if you lodge an objection, unless we can demonstrate compelling legitimate grounds for its processing, which override your interests, rights and freedoms or such processing is used for the establishment, exercise or defence of legal claims.
Recipient of the objection
The objection may be filed without any form requirement using the subject 'Objection' and specifying your name, address and date of birth, and should be sent to:
Gildenstraße 38, 48157 Münster
0251/ 3277 0
7. More information
If you require information not contained in this Data Privacy Statement or if you would like to receive additional information at a later date, please contact our data protection officer, who will be pleased to assist.