Consent* I agree to the privacy policy.
General Information
Scope of Application
This privacy policy applies to the processing of personal data on all websites provided and operated by us.
Data Controller
The data controller responsible for the processing of personal data on our websites is:
Company: DISAG GmbH & Co KG,
Gfer: Stefan Spiller, Florian Herrnleben,
Address: Heganger 16, 96103 Hallstadt,
Phone: +49 951 30 95 53-0,
Fax: +49 951 30 95 53-30,
Email: info@disag.de
Data Protection Officer
You can reach our Data Protection Officer at:
Email: datenschutzbeauftragter@rechtsanwalt-czap.de
[or]
Postal address:
RA Wolf-Dieter Czap, Industriestr. 13, 96114 Hirschaid
Personal Data
When operating our websites, we collect, store, and process data that can be used to identify you directly or indirectly (so-called personal data).
Purposes of Data Processing
The processing of personal data on our websites is carried out for the following purposes: providing information about us and our services, fulfilling contractual and pre-contractual obligations, customer retention and providing services, as well as advertising and marketing purposes.
Categories of Data Subjects
All users and visitors of our websites are affected by the processing of personal data.
Obligation to Provide Personal Data
There is no legal or contractual obligation for you to provide personal data on our websites. However, not providing such data may result in the website being unavailable or a technical malfunction or impairment of the proper display of our websites.
Automated Decision Making and Profiling
We generally do not use automated processes on our websites to make decisions based on specific personal data or to assess, analyze, or predict certain personal data or aspects. If we use such processes in individual cases, we will inform you about this and your rights in this regard in the following sections in accordance with legal requirements.
Duration of Data Storage
We store your personal data for as long as is necessary to fulfill our contractual and legal obligations, to protect our legitimate interests, or for the purposes for which you have consented. If processing of these data is no longer necessary for the aforementioned purposes, or if you object to further processing or withdraw a previously given consent and there are no other compelling legal regulations or other compelling reasons for the controller to retain the data, they will be deleted immediately unless their temporary and limited further processing is necessary for the following purposes:
– To comply with tax, professional, or supervisory retention periods for business correspondence and documents. These periods are usually six to ten years.
– To preserve evidence within the framework of statutory limitation regulations. According to §§ 195 ff BGB, these limitation periods can be up to 30 years, with the regular limitation period being three years.
The necessity of retaining the data is regularly reviewed.
Data Transfer to Third Countries
Data transfer to entities outside the European Union only occurs if the EU Commission has confirmed an adequate level of data protection for the third country or if other appropriate data protection guarantees (e.g., binding internal corporate data protection regulations, EU standard contractual clauses, or certification under the EU-US Privacy Shield) are in place.
Your Rights as a Data Subject
You have the right to request information from the controller regarding the processing of personal data concerning you, in accordance with Article 15 of the GDPR.
You have the right to request the rectification of incorrect personal data concerning you from the controller, in accordance with Article 16 of the GDPR.
You have the right to request the deletion of personal data concerning you from the controller, under the conditions of Article 17 of the GDPR.
You have the right to request the restriction of processing from the controller, under the conditions of Article 18 of the GDPR.
Under the conditions and in accordance with Article 20 of the GDPR, you have the right to data portability.
You have the right to withdraw consent given for the processing of general or special personal data at any time, in accordance with Article 7 (3) of the GDPR. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent using the same communication method through which you gave consent.
You have the right, according to Article 21 (1) of the GDPR, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) e GDPR (data processing in the public interest) and Article 6 (1) f GDPR (data processing based on a balancing of interests); this also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If we lawfully process personal data to carry out direct marketing, you have the right to object to the processing of personal data concerning you for such advertising purposes at any time, in accordance with Article 21 (2) of the GDPR; this also applies to profiling related to such direct marketing. If you object to the processing of data for direct marketing purposes, we will no longer process your personal data for these purposes.
If you wish to exercise your rights, it is sufficient to send your request or notification to the data controller mentioned above.
You have the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR if you believe that the processing of personal data concerning you violates the GDPR.
Special Information
Categories of Affected Data
Processing of Traffic Data
When you access our websites via your computer or similar devices, the technical framework conditions of this communication are processed. In this context, the IP address assigned to you, the address of the page called up, the address of the calling page, the type and version of your browser, your operating system, a protocol status, the data volume transmitted, as well as the date and time of the call are recorded by our hosting provider and stored in so-called log files for the duration of the communication. This processing is carried out for the purpose of correctly delivering the requested data packets, analyzing data transmission errors, misuse attempts, or attack attempts. After seven days, these data are anonymized by deleting part of the IP address. In this anonymized form, the data is then evaluated for statistical purposes (server statistics). This processing is carried out pursuant to Article 6 (1) f GDPR (balancing of interests) to protect our legitimate interests in maintaining the functionality, security, and availability of our websites. The recipients of the data are our employees and the IT service providers working for us.
Processing of Usage Data
In addition to the aforementioned traffic data, it is generally possible to process further personal data about users of websites that concern the specific process and the result of the interaction between the user and the visited websites.
These data include, for example, the user's current IP address, their device ID, their location data, their possible login status, as well as cookies or scripts embedded in websites (JavaScript) or other content data that can be used to capture additional information about the device used and the user's behavior. Furthermore, these data can be combined with personal data from other data sources, particularly if a user is logged into an online user account when accessing websites.
In principle, the processing of these data allows a specific device to be recognized or information about page views to be stored. These data can be used, among other things, to identify users and recognize them across different websites, to remember user settings, behavior, form data, or order data, and to analyze these data, to store error messages and technical information, or to secure payment transactions.
To the extent that such usage data are processed on our websites, we will inform you about this separately in the following sections of this privacy policy.
You have the option to restrict or prevent the processing of such usage data preemptively by your browser by activating the appropriate restrictions for the processing of cookies [1] and other content elements for activity tracking in the browser settings for privacy and security and restricting or disabling the execution of JavaScript [2] by your browser, e.g., by installing extensions such as NoScript or Ghostery. However, such restrictions may result in the visited websites not being fully functional and not displaying correctly.
[1] Cookies are small files that are stored locally on your computer or a similar device by your internet browser when you visit websites and can be retrieved by websites. For more information on this topic, see: http://www.allaboutcookies.org/ge/.
[2] JavaScript is a programming language that can be integrated into websites through appropriate scripts and transmit data to third parties, allowing comprehensive analysis of user behavior. For more information on this topic, see: https://de.wikipedia.org/wiki/JavaScript.
Communication
Protected Login Area
We provide a protected area on our websites that is only accessible after a separate registration (login) and by entering a username and password. You can register with us to use this area. We expressly reserve the right to verify your eligibility and possibly reject your registration. When registering for the first time, we create a user account with the data you provide, and you will receive a username and password to manage the data you provide and use the user account to visit the protected area of our websites. The legal basis for this processing is Article 6 (1) a GDPR (consent).
Each time you use the login function for the protected area of our website, the username you entered, the password entered, and the usage data are processed. Additionally, your browser may store a cookie to remember the login status. This processing is for verifying your access authorization to the login-protected area. The legal basis for this processing is Article 6 (1) f GDPR (balancing of interests) to protect our legitimate economic, legal, and ideological interests in the accessibility and use of our online offering and Article 6 (1) a GDPR (consent).
Your account will be deleted if it has not been used for a longer period – approximately every three years -, unless you previously object to further processing or withdraw a previously given consent and there are no compelling legal regulations or compelling reasons for the controller to retain the data.
The recipients of the data are our employees and the IT service providers working for us.
Contact Form Use
If you contact us via a contact form on our websites – the use of the contact form is optional – the personal data and information you enter in the form and the date and time of submission will be recorded and processed by us for each submission. This processing is carried out to process your message. The legal basis for this processing is Article 6 (1) f GDPR (balancing of interests). The recipients of the data are our employees and the IT service providers working for us.
We point out in this context that while our contact form is sent encrypted (TLS, SSL) and received by us, this is only so-called transport encryption. In principle, neither the authenticity, integrity, nor the confidentiality of a sent message is guaranteed. Therefore, please do not send sensitive personal data to us via the contact form.
Job Offers and Applications
Please note that application documents always contain particularly sensitive and confidential personal data. If you wish to apply to us based on job offers on our website, we expressly point out that we currently do not offer a secure electronic application process.
We also point out that we receive and send emails encrypted (TLS, SSL), but this is only so-called transport encryption. In principle, neither the authenticity, integrity, nor confidentiality of a received or sent email is guaranteed. It is therefore advisable to deliver application documents directly to us or to send them to us by postal mail.
Information on Direct Marketing
Newsletter Delivery
If you would like to subscribe to the newsletter offered on our websites, we require an email address from you and information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Other data is collected only on a voluntary basis. The processing of the data entered in the newsletter registration form is based on your consent (Article 6 (1) a GDPR).
Your personal data provided to us for the newsletter delivery will be deleted as soon as you unsubscribe from the newsletter or if you object to further processing or withdraw a previously given consent, and there are no compelling legal regulations or compelling reasons for the controller to retain the data. Data stored by us for other purposes remain unaffected by this.
The recipients of the data are our employees and the IT service providers working for us.
You have the right to withdraw your consent to the processing of your personal data for direct marketing purposes at any time without affecting the lawfulness of the processing carried out based on the consent until its withdrawal. You can object to such processing via the "unsubscribe" link in the newsletter or by a simple declaration to us.
You are not legally or contractually obliged to provide your data for the newsletter. The collected data is also not necessary for entering into a contract with us. Possible consequences of not providing the data are that you will not be able to use the newsletter service.
Supermailer
We use the software Supermailer on servers operated by us for sending and evaluating newsletters. The provider is Mirko Böer, Softwareentwicklungen, Malachitstraße 16, D-04319 Leipzig.
We use Supermailer to evaluate whether and when (time and date) a newsletter is opened and which links in newsletters are clicked. Technical information is also recorded (e.g., time of retrieval, IP address, browser type, and operating system). These results can be assigned to the respective recipient. We use the results of the analyses to improve future newsletter campaigns and adapt them more precisely to the recipients' needs.
Social Networks and Online Portals
We also offer websites with our content on social networks and online portals operated by third parties, as well as their functions for communication with their members and visitors and for providing information about our services. If you visit these websites, the operators of these social networks and online portals usually collect personal data using cookies or similar technologies and link them to any member or account data that may exist with these operators, especially if you are logged in to the social network or online platform during your visit to our websites. The data collected in this way is usually processed by the operators for advertising and marketing purposes and for creating user profiles, and is also combined with data from other sources. The scope, duration, type, and manner of this data processing result from the respective operator's privacy policies. In addition, we receive anonymized evaluations for statistical purposes, indicating when, how often, to what extent, and which of our websites have been visited by you.
This processing is carried out pursuant to Article 6 (1) f GDPR (balancing of interests) to protect our legitimate economic, legal, and ideological interests in effectively informing and communicating with the users of our websites and, if you have given your consent to us or the operator of the respective social network or online platform to such processing of your personal data, based on Article 6 (1) a GDPR (consent).
If you contact us via the comment functions provided by the operators of these social networks and online portals or any other form of contact provided there, your username, comment, contact details, and message will be processed by us. The personal data transmitted to us in this way is used to process your request or concern, if necessary also to establish, substantiate, perform, or modify a contractual relationship. The legal basis for this processing is Article 6 (1) f GDPR (balancing of interests) and, if applicable, Article 6 (1) b GDPR (contract performance).
Your personal data transmitted to us will be deleted once your request or order has been processed or if you object to further processing or withdraw a previously given consent, and there are no compelling legal regulations or compelling reasons for the controller to retain the data.
Recipients of the data are the operators of the respective social network or online platform, our employees, and the IT service providers working for us. You are not obliged to provide personal data. Possible consequences of not providing the data are that you will not receive any information from us and cannot contact us via our websites on social networks and online portals.
Facebook Fan Pages (Page Insights)
We use the social network Facebook as a service provider. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin, Ireland. Our fan page can only be accessed by users registered with Facebook. If you visit our fan page on Facebook, personal data concerning you is processed for so-called Page Insights. Data collection for Page Insights from users not registered with Facebook does not take place.
Page Insights are provided to us by Facebook in the form of statistics and insights. For Page Insights, the following information is processed:
Visiting a page or a post or a video from a page
Subscribing to or unsubscribing from a page
Liking or unliking a page or post
Information about the profile picture when our page is publicly visible and liked
Recommending a page in a post or comment
Commenting, sharing, or reacting to a page post (including the type of reaction)
Hiding a page post or reporting it as spam
Clicking a link that leads to the page from another page on Facebook or a website outside of Facebook
Hovering over a page name or profile picture to see a preview of the page content
Clicking on the website, phone number, "get directions" button, or any other button on a page
Information on whether you are logged in via a computer or mobile device while visiting a page or interacting with it or its content
Facebook also processes cookies stored on your device for up to two years. Such cookies may also be stored and processed by Facebook partners or other third parties. For more information on the use of cookies, please refer to Facebook's Cookie Policy. More information on the type and scope of data processing by Facebook can be found in Facebook's Data Policy.
The purpose of the processing is to provide anonymized statistical evaluations about visitors and their activities on our fan page to increase reach and improve the offer for visitors, as well as to improve and optimize advertising processes through Facebook. We also use your data to interact with visitors to our pages. The legal basis for publishing our fan page is Article 6 (1) f) GDPR (legitimate interest), and for further processing, Article 6 (1) a) GDPR (consent).
We and Facebook Ireland are jointly responsible for processing the data for these Page Insights. Therefore, we have concluded an additional agreement with Facebook Ireland Limited under Article 26 GDPR alongside the existing agreement on the use of Facebook products. The essence of this agreement is that Facebook Ireland and we have agreed that Facebook is primarily responsible for providing you with information about the joint processing of your data and enabling you to exercise the rights to which you are entitled under GDPR.
According to GDPR, you have the right to access, rectify, transfer, and delete your data, as well as to object to the processing of your data and to restrict the processing. You can learn more about these rights in your Facebook settings.
Facebook Ireland and we have agreed that the Irish Data Protection Commission is the lead authority overseeing the processing under joint responsibility. You have the right to file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or your local supervisory authority.
YouTube Channel
We use the video portal YouTube as a service provider. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 96043, USA. For more information, visit: https://www.youtube.com. You can object to the processing of data by Google at: https://adssettings.google.com/authenticated. More information about handling user data can be found in Google's privacy policy at: https://www.google.de/intl/de/policies/privacy/. Google LLC is a certified member of the Privacy Shield Framework. More information can be found at: https://www.privacyshield.gov/list.
Tracking and User Analysis
When you visit our websites, we collect and process data about the conditions of this communication (time, type, and duration of contact, visited pages), data about the type of communication (order, information retrieval, complaint, service request, etc.), and data about the outcome of the communication (successful completion, cancellation, saving a shopping cart, etc.).
We transmit these data to processors or third parties who process these data to analyze the reach of our websites and optimize our online offering.
These data can be used to derive profiles and personas for advertising and marketing purposes to better understand your interests. Based on these data, you may also be identified and tracked across numerous websites. The processed data can also be combined with personal data from other records and sources, especially if you are logged into an online user account while visiting our websites. See also the section above on the processing of usage data.
This processing is carried out pursuant to Article 6 (1) f GDPR (balancing of interests) to protect our legitimate economic, legal, and ideological interests in carrying out marketing and advertising measures and, insofar as you have consented to such processing of your personal data, based on Article 6 (1) a GDPR (consent).
The recipients of the data are our company's employees and the IT service providers working for us.
Google Analytics
We use the analysis tool Google Analytics (Classic) on our websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 96043, USA.
When you access our websites, personal data is transmitted to Google via cookies and scripts. Your browser type (with plugins), your operating system, date and time, and the URL of our websites are processed. Your IP address is stored by Google only in an anonymized (shortened) form. Google processes these data for advertising and marketing purposes. For more information on the nature and scope of this processing, see the explanation of Google Analytics.
You can block the setting of cookies in your browser settings. However, blocking cookies alone does not prevent data from being processed by Google Analytics. If you want your web activities to be unavailable and not processed by Google Analytics, you can install the browser add-on from Google. This prevents the execution of Google's scripts (ga.js, analytics.js, dc.js).
You can also prevent data collection by Google Analytics by clicking on the following link. This sets an opt-out cookie that prevents the future collection of your data by Google Analytics when visiting this website.
Google LLC is a certified member of the Privacy Shield Framework.
Disable Google Analytics
Embedding External Content
We use services from third parties on our websites to embed and display selected fonts or external content (images, videos, icons, or other files) on our websites. Technically, the respective third-party provider receives information about your IP address, the time of access, the calling domain, your operating system, your browser software, and the requested file already when you access our websites. These third-party providers also link these data with any member or account data already existing with these operators, especially if you are logged in to the third-party provider during your visit to our websites. On this occasion, the third-party providers may also store cookies on your device (PC, tablet, smartphone, etc.). The data collected in this way is usually processed by the operators for advertising and marketing purposes and for creating user profiles, and is also combined with data from other sources. The scope, duration, type, and manner of this data processing are derived from the respective operator's privacy policies. We do not store any personal data of the users in these processes.
The embedding of external content is carried out pursuant to Article 6 (1) f GDPR (balancing of interests) to protect our legitimate economic, legal, and ideological interests in a uniform and appealing functionality and display of our websites.
If you disagree with the future transmission and processing of your data by third-party providers, you can log out of your respective account with a third-party provider and/or disable the use of JavaScript and the setting of cookies in your browser settings. However, the consequence of disabling JavaScript may be that our websites are no longer displayed correctly.
Web Fonts from Font Awesome
We use fonts from Fonticons Inc., 1209 Orange St, Wilmington, New Castle, DE, 19801, USA, on our websites.
When you access our websites, the IP address assigned to you, the URL of our website, and possibly our project ID or customer ID are stored and processed in log files by Fonticons Inc. to verify our licenses and prevent unauthorized use of Font Awesome web fonts. After that, an anonymized statistic of page views is created and stored from these log files by Font Awesome. The log files are deleted after about 30 days unless irregularities or misuse have been detected.
For more information on how Fonticons Inc. handles the processed data, visit: https://fontawesome.com/privacy#cdns.
Google Web Fonts
We use Google Web Fonts to ensure a uniform display of fonts on our websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 96043, USA. For more information, visit: https://www.google.com/fonts.
More information about handling user data can be found in Google's privacy policy at: https://www.google.de/intl/de/policies/privacy/. Google LLC is a certified member of the Privacy Shield Framework.
Google Maps
Our online offering uses the plugin of the map service Google Maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 96043, USA.
For more information, see Google's privacy policy at: https://www.google.de/intl/de/policies/privacy/.
Google LLC is a certified member of the Privacy Shield Framework.
Status and Updates
These privacy notices may be adjusted at a later date due to changes, e.g., legal regulations or due to a changed assessment of the legal situation.
(Status: 13.11.2019 – wdc)