Data protection notice


The protection of your personal data is important to us. Thus, we want to inform you as easy and detailed as possible about contact opportunities as well as about the affected data. First you’ll get the information how to contact our data protection supervisor as well as information about possibilities for an encrypted contacting. Further we’ll introduce you into the legal and technical terms that are used in the following. Then you’ll get an overview over the rights of the affected person as well as information on the responsible employee. Finally we’ll give some information on the used technologies, services as well as our handling.


1 Contact to the data protection supervisor

In case, that you have any questions or you need further information, feel free to contact out external data protection supervisor. Contact under:

Oliver Offenburger, M.Sc.

E-Mail: datenschutz@tcsag.de

eye-i4 GmbH Division data protection

Mönchweilerstraße 12

78048 Villingen-Schwenningen

GERMANY

Fon: +49 7721 69724 00

Fax: +49 7721 69724 01

Web: eye-i4.de

Our preferred contact option is E-Mail. You also can contact the data protection supervisor via Post or telephone. If you want to encrypt your E-Mail to our data protection supervisor, we recommend you to read the following section.

Notes on requests:

If an E-Mail comes in during our standard opening hours, we confirm the received message at the same day. If you don’t get any confirmation, we would please you to contact us via telephone.

In case you send a postal query, we send you an acknowledgement of receipt on the same day, at the latest one work day after delivery. If you don’t get any confirmation, we would please you to contact us via telephone.

For a query via telephone we would like to please you to directly use the phone number of our data protection supervisor, the eye-i4 GmbH.

1.1 Encrypting E-Mails to our data protection supervisor

We support encrypted data transferring via E-Mail. Thus, to maintain confidentiality and integrity, we offer to encrypt your requesty to the data protection supervisor.

For encyrption we use a so called PGP. Information on free possible uses as well as the setup you’ll find at the website of our data protection partner, see the following link: eye-i4.de/blog-kostenlose-pgp-verschluesselung.html

You can download our PGP key via the following link: [Link to PGP Key]

If you would like to have a verification of the fingerprint, please contact our data protection partner, the eye-i4 GmbH, via telephone.

In case of any further questions regarding the encryption, feel free to contact our data protection partner.


2 Terms in legal context

Before touching legal facts in the following declaration, we want to explain the used terms:

2.1 EU-DSGVO (also called DSGVO)

The term EU-DSGVO (hereinafter also called “DSGVO“) does stand for the data protection basic regulation. It is a basic regulation of the European Union that regulates the handling of personal data. For detailed information the legal text of the DSGVO can be read via the following link: eur-lex.europa.eu/legal-content/DE/TXT/

2.2 Person in charge

“Person in charge“ does stand for any natural or legal person, institution, facility or other place, that decides alone or in common with others about the purposes and means regarding the handling of personal data; if the purposes and means of this handling are predefined by Union law or the law of the Member States, the ‘Person in charge’ resp. the certain criteria of its designation according to the Union law or the law of the Member States.

2.3 Personal data and affected persons

“Personal data“ are all information, that refers to an identificated or identifiable natural person (in the follwing called “affected person“); a natural person is identifiable, if she or he can be irdentified directly or indirectly, specifically via assignation to an idenfier such as a name, to an identification number, to location data, to an online identifier or to one or several specific characteristics, which are expression of physical, physiological, genetical, psycological, economical, cultural or social identity of this natural person.

2.4 Handling

”Handling“ means any process that is executed with or without the help of automated procedures or any operation sequence in connection with personal data such as collecting, gathering, managing, arranging, saving, adapting or changing, reading-out, retrieving, using, disclosing through transferring, spreading or any other form of providing, comparing or linking, limiting, deleting or destroying.

2.5 Limiting the handling

“Limiting the handling“ means to mark saved personal data with a view to limit their future handling.

2.6 Processor

”Processor“ means a natural or legal person, institution, facility or other place, that handles personal data on behalf of the person in charge.

2.7 Recipient

The “Recipient“ is a natural or legal person, institution, facility or other place, denen personenbezogene Daten offengelegt werden, independent from the fact, if it is a third party or not. Institutions, that possibly get person data as part of a specific investigation according to the Union law or the law of the Member states, shall not be regarded as ‚Recipient‘; the handling of these data by the named institutions is executed according to the applicable data protection provisions in accordance with the purposes of the handling.

2.8 Third party

“Third party“ does stand for any natural or legal person, institution, facility or other place, except the affected person, the person in charge, the processor and the persons, which are able to handle the personal data under the direct responsibility of the person in charge or the processor.

2.9 Consent

“Consent“ of the affected person means any freely for a particular case, in an informed way and unambigous emitted declaration of intent in the form of a declaration or any other explicit confirming action, with that the affected person insinuates, that she or he agrees to the handling of the personal data regarding to them.

2.10 Personal data breach

“Personal data“ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed in connection with the provision of publicly available electronic communications services.

2.11 Health data

“Health data“ does stand for individual-related data, which refer to the physical or mental health of a natural person, including delivery of health services, and from which arise information about their state of health.

2.12 Company

“Company“ means a natural or legal person, which exercises an economical activity, independently from its legal form, including partnerships or associations, which regulally pursue an economical activity.

2.13 Supervisory authority

The “supervisory authority“ is an independent public authority, established from a member state according to article 51.

2.14 Relevant and justified objection

“Relevant and justified objection“ means an objection with regard to the fact, if there is an infringement of the Regulation or not or if the intended measure against the person in charge or the processor is consistent with this Regulation, whereby this objection clearly shows the scopes of risks, that based on the draft decision regarding to the fundamental rights and fundamental freedoms of affected persons and the free traffic of personal data within the Union if necessary.


3 Terms in technical context

Before mentioning further technical facts in the following text, we want to introduce you into the corresponding terms:

3.1 File system

“File system“ is any structured collection of personal data, that are accessable according to specific criteria, independent from the fact, if the order of this collection is managed in central, decentral or according to functional or geographical aspects.

3.2 Cookies

Cookies are text files that are stored on your end device via browser when visiting a website. This text files can be intended to implement technical features such as a shopping cart mechanism or also to analyse your online visitor behaviour. Therefore the text files can be fitted with identification features as well as additional information.

You can prevent the storage of Cookies in the browser menu of your end device. Eventually there will be technical restrictions when visiting web sites if you have deactivated the Cookies.

3.3 Server logs

Server logs are log files that are created from the web server; they document the access to a website. Within a log file a great number of information can be gathered, for example the time of access, the type of browser, the IP address of the visitor etc.

3.4 Referrer

Referrer does stand for those, who helped to get to the site of the person in charge. In case of server logs for example the Referrer can be read out.


4 Rights of the affected person

The rights of the affected persons result from the DSGVO as well as of the relevant national legal provisions on data protection. If you intend to claim rights, we would like tp please you to contact our data protection supervisor via the contact possibilites mentioned at the beginning. Hereinafter we want to inform you about your rights that result from the DSGVO, especially chapter 3:

4.1 Information obligation

The affected person has a right to have information about the stored personal data of the affected person, if the collection of data has obtained from the data subject or if the data was not obtained from the data subject. The same is regulated in chapter article 13 and 14 DSGVO.

4.2 Right to information

The affected person has the right to request a confirmation from the person in charge on whether personal data relating to him or her are processed; if this is the case, he or she has the right to have information on these personal data and on further information according to article 15 DSGVO.

4.3 Right to rectify

The affected person has the right to request the promptly correction from the person in charge on incorrect personal data relating to hm or her.

Considering the purposes of the processing, the affected person has the right to request the completion of incomplete personal data – even with an explanatory statement.

4.4 Right of erasure

The affected person has the right to request that personal data concerning him or her are being deleted promply from the person in charge, and the person in charge is obliged to delete the personal data immediately, as far as one of the reasons according to article 17 DSGVO applies.

4.5 Right to limit the processing

The affected person has the right to request to limit the processing from the person in charge, if one of the conditions according to article 18 DSGVO applies.

4.6 Disclosure requirement

The person in charge informs all recipients, to whom personal data relating to him or her has been disclosed, about any rectification or erasure of personal data or any limitation oft he processing according to article. 16, 17 paragraph 1 and article 18 DSGVO, unless this turns out to be impossible or is associated with an unreasonable expense.

The person in charge informs the affected person about these recipients, if this is required by the affected person.

4.7 Right of data portability

The affected person, who has made his or her personal data available to a person in charge, has the right to get the personal data relating to him or her in a structured, conventional and machine readable format, and he or she has the right, to transmit these data to another person in charge without any obstruction by a person in charge to whom the personal data were provided.

4.8 Right of objection

The affected person has the right to object at any time, on compelling legitimate grounds relating to his or her particular situation, to the processing of data relating to him or her, according to Article 6 Paragraph 1 Letter e or f; this is also relevant for a profiling based on these regulations. The person in charge does no longer proceed the personal data, except they can provide compelling legitimate reasons for the processing, which predominates the interests, rights and freedoms of the affected person, or the processing serves for the establishment, exercise and defense of legal claims.

4.9 Complaint to the supervisory authority

According to Article 77 DSGVO you have the right to complain to a supervisory authority. Generally you can contact the supervisory authority of your current usual residence, work place or of the seat of the person in charge.

Our competent supervisory authority is: Data Protection Commissioner of Saxony-Anhalt


5 Information on the person in charge

The person in charge according to Article 24 DSGVO is mentioned hereinafter:

TCS TürControlSysteme AG

Geschwister-Scholl-Straße 7

39307 Genthin

GERMANY

Further information on the person in charge can be found in the imprint

6 Used web technologies

6.1 Encryption of data transmission
We are using the SSL technology (Secure Socket Layer), to encrypt the transmission and requests of data from and to our website. Therefore we use a 128-Bit-Key with SHA256-Hash.

Further, we are using appropriate technical and organisational security measures to protect your data against accidental or willful manipulation, partial or full loss, destruction or against unauthorised access by third parties. Our safety measures are continually being improved and maintained corresponding to technological development.

6.2 Server logs
Only when visiting the website, so that you don’t register or not transmit any information to us, we only collect the personal data that your browser transmits to our server. If you want to visit our website, we collect the hereinafter listed data, technically necessary for us, to display the pages of our website and guarantee the stability and safety (legal basis is Article 6 Paragraph 1 Page 1 lit. f DSGVO):

• anonymised IP address,
• date and time of the request,
• time zone difference to Greenwich Mean Time (GMT),
• content of the request (certain page),
• access status/HTTP status code,
• volume of transferred data,
• website, the request has come from (Referrer),
• browser,
• operating system and its surface,
• language and version of the browser software.


6.3 Cookies

When visiting our website Cookies are stored on your computer. You can configure your browser setting according to your requirements and e.g. reject the acceptance of Third-Party-Cookies or all Cookies. Please note that you might not be able to use all the functions of this website.

This website uses the following types of Cookies, the functionality and extent is described hereinafter:

• Transient Cookies
• Persistent Cookies.

6.3.1 Transient Cookies

Transient Cookies are deleted automatically, if you close your browser. In particular, these are the Session-Cookies. Those store a so called session ID, with that various queries from your browser can be assigned to the joint meeting. Thus, your computer can be recognised, if you return to our website. The Session-Cookies are deleted, if your sign off or close the browser.

6.3.2 Persistent Cookies

Persistent Cookies are deleted automatically after a predefined time interval, which can differ depending on the Cookie. You can delete the Cookies at any time in the safety settings of your browser.

6.4 Google Analytics

This website uses Google Analytics, a web analysis service of the Google Inc. („Google“). Google Analytics uses so called “Cookies“, text files that are stored on your computer to analyzes your website usage. The information generated by the Cookie concerning the usage of this website are generally transmitted to a server of Google in the USA and stored there. In case of activating the IP anomysation on this website, your IP address is shortened before by Google within the European Union or in other countries which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases wird the complete IP address is transmitted to a Server of Google in the USA and shortened there. Under the authority of the provider of this website, Google will use this information to analyse your website usage, to compile reports about the website activities and to provide further services connected to the website use and the Internet use.

You can prevent the storage of the Cookies by an appropriate setting of your browser software; we would point out that in this case you might be not able to use all functions of this website. Furthermore, you can prevent the collection of data, created through Cookie and related to your use of the website (incl. your IP address) as well as you can prevent the processing of these data by Google, when downloading and installing the available browser Plug-in via the following link: tools.google.com/dlpage/gaoptout.

This website uses Google Analytics with the extension „_anonymizeIp()“. Thus, IP addresses are proceed in shortened form, in order to eliminate direct reference to persons. If the collected data, related to you, contain any reference to persons, it is excluded immediately and the personal data will be deleted promptly.

We use Google Analytics to analyse the usage of our website and to generally improve the site and our services. Via the achieved statistics we can improve our services and design our site much more interesting for you as a user. For exceptional cases, where personal data were transmitted into the USA, Google has submitted to the EU-US Privacy Shield , www.privacyshield.gov/EU-US-Framework. Legal basis for the usage of Google Analytics is Article 6 Paragraph 1 Page 1 Lit. f DS-GVO.

Information of a third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: www.google.com/analytics/terms/de.html, 
Overview on data protection: www.google.com/intl/de/analytics/learn/privacy.html,
as well as the data protection declaration: www.google.de/intl/de/policies/privacy.
The usage of Google Analytics can be prevented by activating the Opt-Out: deactivate Google Analytics


7 Youtube

We have integrated YouTube videos into our online service, that are stored on www.youtube.com and that can be played directly from our website.

By visiting this website YouTube receives the information that you have accessed the correspoinding sub-page of our website. Further, the data named under § 3 of this declaration are transmitted. This is executed independently from the fact, if you have an user account at YouTube where you have currently signed in or whether you have no user account. If you are signed in to Google your data are assigned directly to your account. If you don#t want the assignation of your account at YouTube, please sign off before activating the button. YouTube stores your data as usage profile and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out especially (even for user that are not signed in) to provide needs-based advertisement and to inform other user of the social network about your activities on out website. You have the right to object against the creation of personal user profiles, but therefore please directly refer to YouTube.

Further information on the purpose and extent of data capture and the further processing by YouTube you’ll find tin the data protection declaration. There you also receive further information about your rights and setting options in order to protect your privacy: www.google.de/intl/de/policies/privacy. Your personal data is also processed by Google in the USA and Google has submitted to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.


8 Newsletter

With your consent you can subscribe to our newsletter, in which we inform you about on our current interessant offers. The advertised goods and services are named in the Consent declaration.

For registering to our newsletter, we use the so-called double-opt-in process. This means that we send an E-Mail to the address that you entered during your registration, in which we please you to confirm that you wish to receive our newsletter. If you don’t confirm you registration within 48 hours, your information will be blocked and deleted after one month automatically. Further, we store your used IP addresses as well as date of registration and confirmation. The purpose of this procedure is to prove your registration and eventually clarify a possible misuse of your personal data.

Only your E-Mail address is a required disclosure to receive the newsletter. Additional disclosures can be made freely and are used to address you personally and individually. After your confirmation we store your E-Mail address for the purpose of sending you the newsletter. Legal basis ist Article 6 Paragraph 1 Page. 1 Lit. a DSGVO.

You can reject your consent in receiving the newsletter at any time and to unsubscribe from our newsletter. You can explain your withdrawal by clicking the link, contained in each newsletter E-, über dieses Formular der Website, via E-Mail to datenpflege@tcsag.de or with sending a message to the contact date specified in the imprint.

Please note that we evaluate your user behaviour in case of sending the newsletter to you. For this evaluation the send E-Mails contain so-called web beacons resp. tracking pixel, which are one-pixel image files that are stored on our website. For the evaluation we combine the data and the web beacons with your E-Mail address and an unique ID.

Also links used in the newsletter contain these ID. With the data collected that way we create a personal user profile to provide the newsletter individually on your interests. Therefore we collect, the date of reading our newsletter, which links you clicked and infer your personal interests from that. We combine these data with actions made by you on our website.

You can object to this tracking at any time by clicking the special link that is contained in each E-Mail or by informing us using another way of contact. The information is stored as long as you have subscribed to the newsletter. After an unsubscription we store the data pure statistically and anonymously. Such a tracking would not be possible, if you have deactivated the display of images by default. In this case the newsletter is displayed not completely to you and you cannot use all function eventually. If the images are displayed manually, the above-mentioned tracking is executed.


9 Transfer to third parties

Transferring your personal data to third parties to others for purposes listed hereinafter, does not take place. We only transfer your personal data to third parties, if:

• you have given your explicit consent to it according to Article 6 Paragraph 1 Page 1. Lit a. DSGVO,
• the transferring is neccessary according to Article 6 Paragraph 1 Page 1 Lit. f DSGVO for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding interest warranting protection relating to disclosure of your data,
• in case that there is a legal obligation for the disclosure according to Article 6 Paragraph 1 Page 1 Lit. c DSGVO, as well as
• this is permitted by law and necessary for the settlement of terms and conditions of contracts with you according to Article 6 Paragraph 1 Page. 1 Lit. b DSGVO.