Introduction and terms
By operating our website with the URL https://tga-solutions-plus.de (hereinafter referred to as “website”), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws – in particular the German Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). With these data protection regulations, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your data protection.
Our data protection provisions contain technical terms that are in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:
“Personal data” is any information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data where the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
Article 4 No. 2 of the GDPR defines “processing” as any operation relating to personal data. This applies in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
Responsible person and data protection officer
Responsible for data processing is:
Company: TGA Solutions plus GmbH (“we”).
Legal representative: Kurt W. Holler, Sascha Legenbauer, Tamer Turan, Wolfgang Voigt (Managing Directors).
Address: Lahnstr. 41, 45478 Mülheim/Ruhr, Germany.
DATA PROTECTION OFFICER
Our company is not obliged to appoint a company data protection officer. For questions and concerns regarding data protection on our website and in our company, you can contact us using the aforementioned contact details.
PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website, we process the personal data from you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling in forms) or that you automatically provide when using our services.
Your data will only be processed by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. To operate our website, we use external service providers for hosting, as well as for maintenance, care and further development. We host our website with the external provider Strato (Strato AG, Pascalstraße 10, 10587 Berlin, Germany) at the data centre location […], […]. If further external service providers are used for individual processing operations listed in section IV, they will be named there.
As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information on exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.
EU standard contractual clauses.
The processing in detail
PROVISION OF THE WEBSITE AND SERVER LOGFILES
Description of the processing
Each time you access the website, we automatically collect information that your browser transmits to our server. This is the following data:
– IP address
– browser software used, as well as its version and language
– operating system
– the website from which visitors came to the website (so-called referrer)
– the sub-pages accessed on the website
– the date and time the website was accessed
– the country and place from which a user visited the website
These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to a user’s terminal device. For this purpose, the user’s IP address must remain stored for the duration of the session. Your IP address is also recorded in the log files for security reasons to defend against attacks on our website (in particular so-called DDos attacks) and for fraud prevention.
The processing is carried out to enable the website to be called up and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 6.2.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 7 days.
You can find out which cookies are used on our website for which purpose, how long they are stored on your terminal device and which consents you may have already declared in the following overview.
The processing is necessary with regard to technically required cookies, as well as the use of the Consent Tool to protect the overriding legitimate interests of the responsible party (Art. 6 para. 1 lit. f DSGVO in conjunction with § 25 para. 2 TTDSG). Our legitimate interest lies in the purpose named in section 7.2. For the processing of all other cookies – i.e. cookies that are not technically necessary – the legal basis is consent (Art. 6 para. 1 lit. a DSGVO in conjunction with § 25 para. 1 TTDSG). Such consent is voluntary.
Recipients and transmission to third countries
When third-party cookies are used, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transfer to third countries in the settings of the Consent Tool or in the corresponding section on the third-party service in these data protection provisions. If necessary, personal data will be transferred to the service provider of the “CookieYes” consent tool, Mozilor Limited. Mozilor Limited also processes your personal data in the United Kingdom (UK).
When displaying our website, the standard fonts of your terminal device are replaced by fonts. This is done to make the text on our website easier to read and more aesthetically pleasing. When replacing fonts, we have opted for a data protection-friendly solution. We do not use external services such as Google Fonts or Adobe Fonts. Instead, we store the fonts to be replaced locally on our server. This has the advantage that when you call up our site, no request is made by your browser to external font replacement services and thus no data, in particular your IP address in connection with the address of our website, is transmitted to third parties.
To protect your personal data from unauthorised access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognise active SSL or TLS encryption by a small lock logo displayed on the far left of the browser address bar.
Data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
Information (Art. 15 DSGVO).
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
Correction (Art. 16 DSGVO)
You have the right to request that we correct any inaccurate personal data relating to you without undue delay and, where applicable, to complete any incomplete personal data.
Deletion (Art. 17 DSGVO)
You have the right to demand that we delete personal data concerning you without delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes we pursue.
Restriction of data processing (Art. 18 DSGVO)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
Data portability (Art. 20 DSGVO)
You have the right, under the conditions set out in Art. 20 DSGVO, to request that the data relating to you be handed over in a structured, common and machine-readable format.
Withdrawal of consent (Art. 7 (3) DSGVO)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. The processing does not therefore become unlawful retroactively as a result of the withdrawal of consent.
Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the EU Member State of your residence, workplace or the place of the alleged infringement.
Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
Right to object (Art. 21 DSGVO)
If we process personal data of yours on the basis of Art. 6(1)(f) DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case – also irrespective of a specific situation – you have the right to object to the processing of your personal data for direct marketing at any time.