CeoTronics AG is delighted that you have visited our website and that you are interested in our company and our products and services.
For CeoTronics AG, the handling of your personal data is top priority. In the following information, we explain when we collect data, which data we collect, and how we process it, and we also explain your rights vis-à-vis ourselves.
In order to comply with data protection regulations and to ensure that your personal rights are protected by us and by external service providers of the website, we have taken extensive technical and organizational measures.
What is personal data?
Personal data is all information that may relate to you personally (e.g. surname, first name, email address, IP address, etc.).
1. Who is responsible for data collection, processing and use?
Within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR) and the German Implementation Act (Privacy Act new [BDSG-neu]), as operators of the websites: https://www.ceotronics.de/ https://www.ceotronics.com/, ceoTronics AG is responsible for handling users' personal data (hereinafter referred to as “personal data”): “We”).
63322 Rödermark, Germany
Phone: +49 (0)6074 / 8751-0
You can contact our external Data Protection Officer at:
Am Lerchenberg 15
63322 Rödermark, , Germany
Phone: +49 (0)6074 / 3709395
2. What are your rights?
According to article 15 of the GDPR, you have the right to access personal data concerning you, which is collected, stored and used by us.
Pursuant to article 16 of the GDPR, you have the right to demand confirmation from the data controller (CeoTronics AG) as to which personal data will be processed, and to correct any incorrect data. You also have the right to amend incomplete data.
According to article 17 of the GDPR you have the right to delete your data stored by us.
According to article 18 of the GDPR, you have the right to restrict data processing if we are not yet allowed to delete your data due to legal obligations.
According to article 21 of the GDPR, you have the right to object to the processing of your data by us.
Pursuant to article 20 of the GDPR, you have the right to data portability, provided that you have consented to the processing of data or concluded a contract with us.
In the case of the right to information (article 15 of the GDPR) and the right to cancellation (article 17 of the GDPR), the restrictions under articles 34 and 35 of BDSG-neu apply. In addition, you have a right of appeal to a data protection supervisory authority (article 77 of the GDPR in conjunction with article 19 of BDSG-neu).
Your responsible supervisory authority complies with the federal state of your place of residence, workplace or the place of the presumed violation. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
You can informally revoke your consent to the processing of your personal data at any time with effect for the future.
Right to object to the processing of data for direct marketing purposes:
In individual cases, we process your personal data in order to instigate direct advertising. You have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising.
If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.
Please note that declarations of consent given to us prior to the application of the General Data Protection Regulation (i.e. before 25 May 2018) apply.
You can exercise these rights at any time using the contact details of our Data Protection Officer provided above.
3. For what purpose and on what legal basis do we process the data?
We process the aforementioned personal data in compliance with the applicable statutory data protection requirements. Processing shall be lawful if at least one of the following conditions is met:
a.) Based on your consent (article 6, para. 1 (a) of the GDPR)
If you have given us permission to process your personal data for specific purposes (e.g. passing on data within the company, using the data for marketing purposes). Your consent is voluntary and can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before 25/05/2018.
b.) In order to fulfill contractual obligations or to carry out pre-contractual measures (article 6, para. 1 (b) of the GDPR)
We process data so that we can fulfill our contractual obligations to provide services for our customers or to carry out pre-contractual measures, which take place on request. The purposes of data processing result primarily from the concrete service/product and can include, among other things, needs analyses and consultations. Further details regarding data processing purposes can be found in the contract documents and General Terms and Conditions.
c.) Based on legal requirements (article 6, para. 1 (c) of the GDPR)
CeoTronics AG is subject to various legal obligations, which means legal requirements (e.g. commercial and tax retention periods in accordance with the German Tax Code and the German Commercial Code). The purposes of processing also include the fulfillment of control and reporting obligations under tax law as well as risk assessment and control within the company.
d.) As part of the balancing of interests (article 6, para. 1 (f) of the GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract to protect the legitimate interests of the data controller or a third party. Examples are:
- Prevention of criminal offenses
- Ensuring IT operation and security
- Advertising or market and opinion research, insofar as you have not objected to the use of your data
- Assertion of legal claims and defense in legal disputes
- Consultation of and data exchange with credit agencies
4. For how long is your personal data stored?
Your personal data will only be stored as long as it is necessary for the fulfillment of our contractual and legal obligations.
If the data is no longer necessary for the fulfillment of contractual or legal obligations, it will be deleted regularly unless temporary and limited further processing is necessary for the following purposes:
- Compliance with commercial and tax retention periods: These include the German Commercial Code (HGB) and the German Tax Code (AO). The storage periods laid down therein are up to 10 years.
- Preservation of evidence within the framework of the legal provisions related to limitation periods. According to articles 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years, and, in special circumstances, up to 30 years.
- Compliance with storage obligations under telecommunications law in accordance with the German Telecommunications Act (TKG) and other laws.
5. What general information is collected when our website is visited?
When you access our website, generally necessary information is automatically recorded by means of a cookie. This information (server log files) contains, for example:
- the IP address used (for the functionality of the website)
- the date and time at the time of access
- websites (sub-pages) visited
- the amount of data sent in bytes
- the source/reference from which you came to the page
- the browser used
- the operating system used and its interface
- the language and version of the browser software
This information is technically necessary for the correct delivery of content requested by you from websites and is mandatory when using the Internet. In particular, it shall be processed for the following purposes:
- Ensuring a trouble-free connection to the website,
- Ensuring the smooth use of our website,
- Evaluation of system safety and stability, and
- for other administrative purposes.
The processing of your personal data is based on our legitimate interest from the aforementioned purposes for data collection (the legal basis is article 6, para. 1 (f) of the GDPR).
We do not use your data to draw conclusions about your person.
The only recipients of the data are the data collector and external service providers carefully selected by us.
Anonymous information (pseudonymization according to article 4, para. 5 of the GDPR) of this type may be statistically evaluated by us in order to optimize our website and the technology behind it.
6. What are cookies and how do we use them?
Like many other websites, we also use “cookies”. Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as the IP address, browser used, operating system and your connection to the Internet (the legal basis is our legitimate interest pursuant to article 6, para. 1 (f) of the GDPR).
Cookies cannot be used to start programs or transfer viruses to a computer. The information contained in cookies enables us to make browsing easier for you and to display our website correctly.
Under no circumstances will we pass on the data collected by us to third parties or establish a link to your personal data without your consent.
• Transient cookies (temporary use)
• Persistent cookies (temporary use)
• Third-party cookies (from third-party providers)
Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a session ID which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website.
Persistent cookies are automatically deleted after a specified period which may vary depending on the cookie. In the security settings of your browser, you can carry out the deletion yourself. Please note that for technical reasons, an opt-out cookie only works in the browser in which it was set. If you delete cookies or use a different browser or device, please opt out again.
7. Which data is collected, processed and stored during registration on our website?
8. How do we (technically) secure your data?
Security is a top priority for us. In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. In addition, we have taken extensive technical and organizational measures (in accordance with article 32 of the GDPR) which we constantly adapt to the state of the art.
9. What do you need to know about our newsletter?
If you have given us your explicit voluntary consent, we will regularly send you our newsletter or similar information by email to your email address.
In order to receive the newsletter, you must enter your email address, title, first and last name and your company. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose and will not be passed on to third parties. Subscribers may also be informed of circumstances relevant to the service or registration (such as changes to the newsletter or technical circumstances).
We require a valid email address to carry out an effective registration. We use the “double opt-in” procedure to verify that a registration is actually performed by the owner of an email address. By activating the confirmation link, you give us your consent to the use of your personal data (pursuant to article 6, para. 1 (a) of the GDPR). In doing so, we record the newsletter order, the dispatch of a confirmation mail, and the receipt of the answer requested hereby. No further data is collected. The data will be used exclusively to send the newsletter and will not be passed on to third parties.
10. What do you need to know about our contact form?
If you contact us via email or the contact form with any questions you may have, your personal data will be collected. The type of data that is collected in the case of a contact form (in particular, the mandatory fields) is apparent on the respective contact form. The provision of further data is optional and voluntary. This data is stored and used exclusively to answer your request and/or to establish the related contact and the technical administration details. The legal basis for processing the data is our legitimate interest pursuant to article 6, para. 1 (f) of the GDPR. If the reason for your contact is to conclude a contract, the legal basis for the processing, i.e. article 6, para. 1 (b) of the GDPR, is also valid. The information you provide will be stored for the purpose of processing your inquiry and for any follow-up questions. Once the request you have made has been processed, your personal data will be deleted unless there are legal retention periods to the contrary.
11. What do you need to know about using Google Analytics?
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (hereinafter referred to as Google). Google Analytics uses “cookies” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on these websites, Google will previously truncate your IP address within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
The purposes of data processing are to evaluate the use of the website and to compile reports on activities on the website. This should improve the website and make it more interesting for users. The processing is based on the legitimate interest of the website operator (the legal basis is article 6, para. 1 (f) of the GDPR).
You can find out more about Google data processing by clicking the Google data privacy notices in the link provided here. There, you can also change your personal data protection settings in the data protection center.
12. What do you need to know about the embedded YouTube videos?
We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This will tell YouTube which pages you are visiting. If you are logged in to your YouTube account, YouTube will be able to personally assign your surfing behavior to you. You can prevent this by logging out of your YouTube account beforehand.
If you have deactivated the saving of cookies for the Google Ad program, you will not have to deal with such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in the browser.
13. What do you need to know about embedded Vimeo videos?
Our website uses plugins of the video portal Vimeo. The provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plug-in, a connection is established to the Vimeo servers. The Vimeo server will be informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged in to your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo is used for the purpose of providing an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of article 6, para. 1 (f) of the GDPR.
14. What do you need to know about the embedded social plugins?
Currently we have not included any social media buttons on our website.
15. Use of script libraries (Google Web Fonts)
In order to display our content correctly and graphically in an appealing way across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font. Calling script libraries or font libraries automatically triggers a connection to the library operator.
The processing is based on the legitimate interest of the website operator (the legal basis is article 6, para. 1 (f) of the GDPR).
You can find out more about Google data processing by clicking the Google privacy notices in the link provided here. There, you can also change your personal data protection settings in the data protection center.
16. Links to other websites
Our website contains links to other websites or services. In this regard, the data protection regulations of the respective providers of the websites or services apply. We have no influence as to whether these contain the data protection provisions or a data protection policy.
If a link to another (external) website is clicked on, referrer information (including the address of the currently active page) can be transferred to the destination of the link and thus to the subsequent website clicked on.
17. Transmission of data to third parties/service providers
Third parties: your data will not be passed on to third parties unless we are legally obliged to do so or you have given us your consent.
Service provider: we carefully commission selected external service providers with tasks such as hosting, marketing services and programming. All service providers are obliged by us to maintain confidentiality and to comply with the statutory requirements and are regularly checked and controlled with regard to compliance with the provisions of data protection laws. Other companies within CeoTronics AG may also be service providers.
18. Is data transferred to third countries?
An active transfer of personal data to third countries only takes place if this is necessary for the execution of your orders.
19. Is there automated decision making (including profiling)?
In principle, we do not use fully automated decision-making pursuant to article 22 of the GDPR for the establishment and implementation of business relationships. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.
20. Do you have any questions for our Data Protection Officer?
21. Severability clause