With this data protection notice, we would like to inform you about the types, scope and purposes of the
processing of your personal data (pbD). HE applies to all processing activities carried out by us
processing activities carried out by us both in the context of the provision of our services and in particular
on our website and, if applicable, in mobile applications.
The Shoring Company GmbH
73560 Böbingen an der Rems
Tobias Kern (General Manager)
Table of contents
- Explanation of terms
- Rights of data subjects
- Applicable legal bases
- Purposes of processing
- Transfer of personal data (pbD) to third parties
- Data processing in third countries
- Security measures
- Limitation of storage
- Collection of accesses and log files
- Contact us
- Video conferencing, online meetings, webinars and screen sharing
- Cloud services
- Newsletters and electronic notifications
- Change and activation of data protection notice
Explanation of terms
Personal data (pbD) is information that relates to a natural person. I.e. information about an identified or identifiable person. E.g. name, address, identification number, date of birth, bank data, religion, date of joining, financial circumstances, genetic and biometric characteristics, etc.
Data subject is the person whose data is processed. He is the focus and object of protection of data protection.
Processing is any handling of personal data e.g.: Viewing, collecting, storing, using, modifying, erasing, destroying, ... Any processing requires a legal basis.
Controller is any legal person who determines the purposes and means of processing of personal data collected. He is the addressee of the rights and obligations of the GDPR. E.g.: the association, the company.
Supervisory authority is an established, independent state body to ensure the implementation of data protection requirements. It is responsible for your complaint.
Rights of the data subjects
According to the GDPR, you have the right to:
- Transparency about the handling of your data (Art. 12)
- Information when your data is collected directly from you or from third parties
- Information on whether pbD concerning you are processed, their category, nature, scope, purpose and origin, recipients, ... (Art. 15)
- rectification if your processed pbD are incorrect or outdated (Art. 16) - erasure or being forgotten (Art. 17).
Upon receipt of your request for erasure, we will delete your data without delay. If there is a legal requirement to the contrary, we will block further processing. - Restriction of the processing of your pbD if the requirements are met (Art. 18) - Notification that your request for rectification or erasure has been complied with (Art. 19) - Data portability in a structured, common and machine-readable format to you or to a controller designated by you (Art. 20).
- Object to the processing of your pbD if the legal basis is our legitimate interest or the processing is based on direct marketing, profiling and automated decision making (Art. 20 and 21)
- Restriction of the processing of your pbD (Art. 22).
- Complaint to the supervisory authority if you believe that your privacy rights have been violated (Art. 77): https://www.baden-wuerttemberg.datenschutz.de/
Relevant legal basis
The processing of personal data is generally prohibited, unless one of the legal bases according to Art. 6. 1 lit. a-f DSGVO is present: Consent, performance of a contract, etc....
Purposes of processing
We process the data of our interested parties, contractual and business partners only within the framework of given legal relationships for our services and communication. E.g., to answer inquiries.
Transfer of pbD to third parties
Should the commissioning of another company and consequently the transfer or disclosure of your data to them be necessary within the scope of our business processes, this will only be done on the basis of your consent, a legal permission, a legal obligation or on the basis of legitimate interests (e.g. when using web designers, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing agreement (AV)", this is done in accordance with the Art. 28 DSGVO.
Data processing abroad
If our business processes require the transfer and disclosure of your data to a third country (outside the European Economic Area - EEA-), this will only be done on the basis of your consent, a legal permission, a legal obligation or on the basis of legitimate interests (e.g. when using agents, web hosts, etc.).
Subject to legal or contractual permissions, we only have the data processed in a third country if the special requirements of Art. 44 et seq. DSGVO are met. I.e. the processing is based on special guarantees for compliance with the level of data protection or compliance with the "Standard Contractual Clauses" (SCC).
We take appropriate technical and organizational measures (TOM's) in accordance with the law, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk (Art. 32).
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, access to it, input, disclosure, etc.
We already ensure the protection of your personal data during the development, selection of hardware, software as well as implementation of our processes: data protection by technology design (Privacy by Design) and by data protection-friendly default settings (Privacy by Default). Art. 25 DSGVO.
As soon as the purpose of the collected pbD ceases to apply, they are deleted or destroyed in accordance with the legal requirements. If legal storage obligations prevent this, we restrict or block their processing.
Cookies are small text files that are transferred from a website server to your hard drive. This automatically stores certain data concerning you. For example: IP address, browser used, operating system about your computer and your connection to the Internet. The information contained in cookies helps us to display our website correctly and to make it easier for you to navigate on it.
Cookies cannot launch programs or transmit viruses to your computer.
Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.
WHAT COOKIES AND SIMILAR TECHNOLOGIES DOES THE SHORING COMPANY GMBH USE ON THIS WEBSITE?
Collection of access data and log files
We ourselves or our web hosting provider collect data on each access to the server by means of so-called server log files. The following data is collected:
- Browser type and version
- Operating system of the user
- IP address and requesting provider
- Host name of the computer
- Time of the server request
The server log files may be used for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks), or to ensure server utilization and stability; legal basis: legitimate interest (Art. 6 1 f. DSGVO).
The log file information is stored for a maximum of 30 days and then deleted or anonymized.
Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details will be used to process the contact request and its settlement pursuant to Art. 6 para. 1 lit. b. (contractual relations), Art. 6 para. 1 lit. f. (other requests) are processed.
The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.
Video conferencing, online meetings, webinars and screen sharing.
When selecting conferencing platforms and their services, we comply with legal requirements. We use the following platforms and applications:
Order processing agreement: https://workspace.google.com/terms/dpa_terms.html; Standard contractual clauses (guaranteeing level of data protection for processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause.
We use the following "cloud services" ("Software as a Service"):
- Google Workspace
- Google Drive
- Google Calendar
- Google Mail
In the process, your data is transmitted to the USA. We would like to point out that the level of data protection there may not meet the requirements of the GDPR.
The use is based on your consent and the fulfillment of contractual processes (Art. 6 1a and 6 1b).
Newsletter and electronic notifications
Newsletters and other electronic notifications will only be sent with your consent. Your consent can be revoked at any time with effect for the future.
Changes in our data protection notice
As legislation is constantly changing, this data protection notice will be adapted from time to time to ensure that it always complies with the latest legal requirements or to notify you of changes to our service portfolio.
Latest update: 01. August 2023