I. Name and Address of the Controller
Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions under data protection law is:
W. CLASSEN GmbH & Co. KG
Tel: +49 2653-980-0
Dr. Hans-Jürgen Hannig, Stefanie Quervel, Tobias Hannig, Arne Loebel, Jürgen Resch
Koblenz Local Court, HRB 4799
VAT ID no.: DE 123 507 902
Name and Address of the Data Protection Officer
The controller’s data protection officer is:
Florinstraße 18, 56218 Mülheim-Kärlich
II. General Information on Data Processing
1. Extent of Personal Data Processing
In principle, we collect and use personal data of our users only to the extent required to provide a functioning website and for our contents and services. Our users’ personal data is collected and used regularly only with the user’s prior consent. This does not apply in cases where it is not possible to obtain prior consent for factual reasons and processing of the data is permitted by legal regulations.
2. Legal Basis for Personal Data Processing
Where we obtain a consent of the data subject for personal data processing operations, Art. 6(1) point (a) EU General Data Protection Regulation (GDPR) serves as a legal basis.
Where personal data processing is necessary for the performance of a contract to which the data subject is party, Art. 6(1) point (b) GDPR serves as a legal basis. This also applies to processing operations necessary to take steps prior to entering into a contract.
Where personal data processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1) point (c) GDPR serves as a legal basis.
In case that personal data processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6(1) point (d) GDPR serves as a legal basis.
Where processing is necessary for the purposes of pursuing legitimate interests of our company or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6(1) point (f) GDPR serves as a legal basis.
2. Data Erasure and Retention Period
The data subject’s personal data is erased or made unavailable once the purpose of its storage ceases to exist. However, data can be retained further if this has been provided for by the European or national legislator in legal EU regulations, laws or other stipulations to which the controller is subject. The data can also be made unavailable or erased if a retention period prescribed by the aforementioned standards expires, unless there is a necessity to further data retention for the conclusion or performance of a contract.
III. Website Provision and Log File Creation
1. Description and Extent of Data Processing
Any time our website is accessed, our systems automatically collects data and information from the system of the accessing computer.
In this context, the following data is collected:
(1) information about the browser type and the version used
(2) the user’s operating system
(3) the user’s Internet service provider
(4) the user’s IP address
(5) access date and time
(6) websites from which the user’s system accessed our website
(7) websites accessed by the user’s system using our website
The data is also saved in the log files of our system. Such data is not stored together with other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of the data and log files is Art. 6(1) point (f) GDPR.
3. Purpose of Data Processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must retained for the duration of the session.
Saving such data in log files ensures the functionality of the website. Moreover, we can use the data to optimise the website and to ensure the safety and security of our IT systems. Any evaluation of the data for marketing purposes is not effected in this context.
Those purposes also represent our legitimate interest in data processing acc. to Art. 6(1) point (f) GDPR.
4. Retention Period
The data is erased once it is no longer necessary to achieve the purpose for which it was collected. For the data collected to make the website available to the user, this applies once the session has been terminated.
For the data saved in log files, this applies after seven days at the latest. Further retention is possible. In this case, the users’ IP addresses are erased or distorted to ensure that they can no longer be assigned to the accessing client.
5. Objection and Elimination Option
Collection of the data to provide the website and retention of the data in log files are essential to operate the website. Consequently, the user does not have any objection option.
a) Description and Extent of Data Processing
In this process, the following data is saved in the cookies and transferred:
(1) language settings
(2) log-in information
In this way, the following data can be transferred:
(1) search terms entered
(2) frequency of page views
(3) use of website functions
The users’ data collected in this manner is pseudonymised by technical measures. It is thus no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
b) Legal Basis for Data Processing
The legal basis for personal data processing using technically necessary cookies is Art. 6(1) point (f) GDPR.
The legal basis for personal data processing using cookies for analysis purposes where a consent for such analysis has been obtained from the user is Art. 6(1) point (a) GDPR.
c) Purpose of Data Processing
The purpose for using technically necessary cookies is to simplify the use of websites for the users. Some functions of our website cannot be offered without using cookies. Use of those functions requires that the browser can be recognised even after another webpage has been accessed.
We need cookies for the following applications:
(1) adopting language settings
(2) remembrance of search terms
The user data collected by technically necessary cookies is not used to create user profiles.
Analytical cookies are used to improve the quality of our website and of its contents. The analytical cookies provide us with information as to how the website is used, enabling us to continuously optimise our offering.
Those purposes also represent our legitimate interest in personal data processing acc. to Art. 6(1) point (f) GDPR.
d) Retention Period, Objection and Elimination Option
V. Contact Form and E-Mail Contact
1. Description and Extent of Data Processing
Our website offers a contact form which can be used to contact us electronically. If a user makes use of this possibility, the data entered in the input mask is transferred to us and retained. This data includes:
2) company name
3) phone number
4) e-mail address
At the time the message is sent, the following data is retained additionally:
(1) the user’s IP address
(2) registration date and time
Alternatively, contact can be established using the e-mail address provided. In this case, the user’s personal data transferred with the e-mail is saved.
The data is not disclosed to third parties in this context. The data is used exclusively to process the conversation.
2. Legal Basis for Data Processing
The legal basis for data processing where the user’s consent has been obtained is Art. 6(1) point (a) GDPR.
The legal basis for processing of data transferred in the course of sending an e-mail is Art. 6(1) point (f) GDPR. Where the aim of making contact by e-mail is the conclusion of a contract, an additional legal basis for the processing is Art. 6(1) point (b) GDPR.
3. Purpose of Data Processing
Processing the personal data from the input mask only serves us to process the contact established. Where contact is established by e-mail, this also represents the necessary legitimate interest in data processing.
The other personal data processed during the dispatching process serves to prevent any misuse of the contact form and ensuring the safety and security of our IT systems.
4. Retention Period
The data is erased once it is no longer necessary to achieve the purpose for which it was collected. This applies to the personal data from the input mask of the contact form and to the personal data sent by e-mail once the respective conversation with the user has been terminated. The conversation is deemed terminated once it can be concluded from the circumstances that the relevant issue has been finally resolved.
The personal data additionally collected during the dispatching process is erased after a period of seven days at the latest.
5. Objection and Elimination Option
The user has the option to withdraw his/her consent to personal data processing at any time. If the user contacts us by e-mail, the user can withdraw his/her consent to the retention of his/her personal data at any time. In such a case, the conversation cannot be continued.
You can address the withdrawal to firstname.lastname@example.org at any time.
In this case, all personal data saved in the course of contacting is erased.
VI. Google Analytics
The company uses Google Analytics, a web analysis service of Google Inc. (“Google”) for the website http://www.sensa-flooring.com. Google Analytics uses so-called “cookies”, i.e. text files stored on your computer and allowing to analyse your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the US and stored there. If IP anonymisation has been enabled on this website, however, Google shortens your IP address beforehand within Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. The full IP address is transferred to a Google server in the US and shortened there only in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about the website activities and to provide further services related to the use of the website and of the Internet vis-à-vis the website operator. The IP address transferred from your browser within the framework of Google Analytics is not amalgamated with other data of Google. You can prevent the saving of the cookies by setting your browser software accordingly; please note, however, that you might no longer be able to use all functions of this website to their full extent in this case.
Moreover, you can prevent the data generated by the cookie and related to your use of the website (incl. your IP address) from being collected and transferred to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.
At various points on the website http://www.sensa-flooring.com, the company uses own cookies to make the offering of the website in a more user-friendly manner. Every user is free to prevent the installation of such cookies by adjusting the settings of his/her browser accordingly. The company points out, however, that the user might possibly not be able to use all functions of the website http://www.sensa-flooring.com to their full extent when making such settings.
On our website, we use Google AdWords, an online web programme of Google Inc. Moreover, conversion tracking is used in this context. Using this tool, Google AdWords places a cookie on your computer once you access our website from a Google advertisement. The cookie expires after 30 days. It is not used to allow for any personal traceability. If you visit our website as a user and the cookie is still working, both Google and we are informed that you have clicked on the corresponding ad and were forwarded to our website. In this context, every Google AdWords customer is assigned a different cookie. The website activities of the AdWords customers can thus not be used to keep track of the cookies. The data obtained by conversion cookies is used to create conversion statistics for AdWords customers. As customers, we are thus provided with information about the total number of users who had responded to our ad and had then been forwarded to a website provided with a conversion tracking tag. During this process, we do not obtain any information allowing us to personally identify you as a user. If you oppose the tracking procedure, you can disable the cookie of the Google conversion tracking via your Internet browser. If necessary, you should use the help feature of the browser for additional information. More detailed information about the Google privacy provisions can be found at https://policies.google.com/privacy?gl=de&hl=en-GB.
VIII. Google Maps Plug-In
IX. Google reCAPTCHA
X. Social Plug-Ins
As an additional service, the website http://www.sensa-flooring.com offers you social buttons, which can be used to interact with social media services. To prevent any undesired transfer of your usage data (e.g. address of the currently visited website) to such services, you can access the services only after clicking on the link (social media buttons). On their respective websites, the above-mentioned social networks can gather usage and, inter alia, user data. The company cannot influence the extent to which such data will be gathered and evaluated.
Therefore, we provide you with information according to our state of knowledge:
In some circumstances, your browser will establish a direct link with the servers of the above-mentioned services only when the links are used. In this way, the information about your visit to the company’s website is indirectly forwarded to those services (referer). If you have already logged into your personal user account with the service while visiting the website http://www.sensa-flooring.com and click on the social button, you can usually “Share” the document or leave a comment, etc. If you do not want any such data transfer, the company discourages from clicking on the social buttons.
The purpose and extent of data collection by the social services, as well as the further processing and use of your data there, as well as your related rights and setting options to protect your privacy can be found in the privacy notices of those services.
On its websites, the company uses plug-ins of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
If you access any websites of the web presence that are provided with such a plug-in, a connection is established to the Facebook servers while the plug-in is displayed on the website by notification to your browser. As a result, the Facebook server is provided with information about the company websites visited by you. If you are logged into Facebook as a member at the same time, Facebook assigns this information to your personal Facebook user account. When using the plug-in functions (e.g. clicking on the “Like” button, leaving a comment), this information, too, is assigned to your Facebook account. You can prevent this only by logging out before using the plug-in.
More detailed information about the collection and use of the data by Facebook, about your related rights and options to protect your privacy can be found in the Facebook privacy notice.
Twitter is a micro-blogging application. It is also defined as a social network or a usually publicly available Internet diary. Companies and press media use Twitter as a platform do disseminate news. If the registered user clicks on the Twitter button, the user can “tweet” such website on while having the possibility to add a personal text of up to 140 characters. Twitter collects personal data of its users and discloses it to third parties. Twitter regards this information as an asset item and reserves the right to sell it if the company changes hands. In particular, the question as to whether the Twitter button also transfers personal data of website visitors to Twitter.com who are not Twitter members has currently not yet been settled.
Our websites use functions of Google+. The operator is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Collection and dissemination of information: using the Google+ button, you can publish information around the world. Via the Google+ button, you and other users are provided with customised contents from Google and our partners. Google retains both the information that you have gave a page +1 and information about the website you have viewed when clicking on +1. Your +1 can be displayed as references together with your profile name and your photo in Google services, for example in search results or in your Google profile, or at other points on websites and ads on the Internet.
Google records information about your +1 activities to improve the Google services for you and others. In order to use the Google+ button, you need a globally visible, public Google profile which must at least contain the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another name used by you to share contents via your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or have other identifying information about you.
Use of the information gathered: besides the purposes of use explained above, the information provided by you is used in accordance with the applicable Google privacy provisions. Google potentially publishes aggregated statistics about the +1 activities of the users and/or disseminates them to users and partners, such as publishers, advertisers or affiliated websites.
Our website uses plug-in of the YouTube website operated by Google. The website operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our webpages provided with YouTube plug-ins, a link is established to the YouTube servers. At the same time, the YouTube servers are provided with information as to which of our websites you have visited.
If you are logged into your YouTube account, you enable YouTube to directly assign your browsing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.
XV. Rights of the Data Subject
Where personal data about you is processed you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of Access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed by us.
Where that is the case, you have the right to obtain from the controller access to the following information:
(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of the personal data concerning you or restriction of processing of the personal data concerning you or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain access to information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards acc. to Art. 46 GDPR relating to the transfer.
2. Right to Rectification
You have the right to obtain from the controller the rectification and/or completion of the processed personal data concerning you where such data is inaccurate or incomplete. The controller must effect such rectification without undue delay.
3. Right to Restriction of Processing
You have the right to obtain restriction of processing of the personal data concerning you where one of the following applies:
(1) the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.
Where processing of the personal data concerning you has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to above-mentioned conditions, you will be informed by the controller before the restriction of processing is lifted.
4. Right to Erasure
a) Erasure Obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller has the obligation to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw consent on which the processing is based acc. to Art. 6(1) point (a) or Art. 9(2) point (a) GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing acc. to Art. 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing acc. to Art. 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The personal data concerning you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to Third Parties
Where the controller has made the personal data concerning you public and is obliged acc. to Art. 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in acc. with Art. 89(1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to Notification
If you have asserted the right to obtain rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate such rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to obtain from the controller information about those recipients if you request it.
6. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent acc. to point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract acc. to point (b) of Art. 6(1) GDPR; and
(2) the processing is carried out by automated means.
In exercising such right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to personal data processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions.
The controller no longer processes the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right to object by automated means using technical specifications.
8. Right to Withdraw the Declaration of Consent under Data Protection Law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
Nevertheless, such decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless point (a) or (g) of Art. 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the controller implements suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.