Data Protection Officer:
Dr. Gerhard KERCKHOFF
Head of Legal Department
T. +352 31 20 85-1
Personal data means all information relating to an identified or identifiable natural person. This includes your name, address and communication data or your e-mail address.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, both with or without automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclo-sure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data subject means each identified or identifiable natural person whose personal data is pro-cessed by the controller.
Controller means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
User covers all categories of data subject affected by data processing. This includes our busi-ness partners and other visitors to our website.
The terms we use are supplemented by the definitions set out in Article 4 of the General Data Protection Regulation (GDPR).
1. Name and address of the controller
101 route de Holzem,
L-8232 Mamer, Luxembourg
Share capital: EUR 17,700,000.00
Registered in the Grand Duchy of Luxembourg, Luxembourg Register of Commerce, Register number: B-4610
Operating License Number 736 of the Ministry of the Economy of the Grand Duchy of Luxem-bourg, 19-21 Boulevard Royal, L-2449 Luxembourg
VAT identification number: LU194170-61
Tel. : +352 31 20 85-1
Fax : +352 31 19 11
2. Data protection responsibility
All questions on data protection can be addressed to: firstname.lastname@example.org or using our postal address with the addition of "FAO Data Protection ".
3. Processing of personal data
3.1. Visits to our website
3.1.1. Scope of data processing
When you visit our website, your browser transmits certain data to our web server for technical reasons. This information comprises the following data (known as "server log files"):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Operating system and its access status/HTTP status code
- The volume of data transferred
- Website from which the request is received ("referrer URL")
- Browser used, as well as the language and version of the browser software
3.1.2. Purpose of data processing
It is necessary to store this data in log files in order to safeguard website functionality. We use it to optimise the website and ensure that our IT systems remain secure.
3.1.3. Legal basis for processing
We collect this data on the basis of our legitimate interest within the meaning of Article 6(1f) GDPR, in order to display our website and guarantee your security.
3.1.4. Storage period
For security reasons (e.g. for clarifying misuse or acts of fraud), information in the log files is stored for a maximum of fourteen days and is then erased. Data that must be stored for longer for evidence purposes is exempted from erasure until the incident in question has been defini-tively resolved.
3.1.5. Options for objecting and erasure of data
For technical reasons, the collection of data for the purpose of providing the website and its subsequent storage in log files is essential for the operation of the website. Consequently, the user does not have the option to object.
3.2. Contact form and e-mail contact
3.2.1. Scope of data processing
We process the following data when you use the contact form on our website: first name, sur-name, company, street, house number, postcode, town/city, country, e-mail address and the message you sent.
Alternatively, depending on the issue, you can contact us using the e-mail addresses we have provided. In this case, the sender's personal data transmitted in the e-mail will be processed.
No data is disclosed to third parties in this context. The data is solely used to process the conversation and resolve the issue.
3.2.2. Purpose of data processing
The personal data from the input screen is processed so that we can make contact with you. This also constitutes the necessary legitimate interest in processing the data in the event that we contact you by e-mail. Any other personal data processed when you submit the form (e.g. IP address, date, time, etc.) is used to prevent misuse of the contact form and ensure that our IT systems remain secure.
3.2.3. Legal basis for processing
When a user contacts us (using the contact form or by e-mail), their details are processed for the purpose of handling and concluding the contact enquiry in accordance with Article 6(1b) GDPR.
3.2.4. Storage period
We erase personal data once it is no longer required to achieve the purpose for which it was collected. For personal data taken from the input screen of the contact form and the data transmitted via e-mail, this is the case if the relevant conversation with the user is terminated. The conversation is ended if it can be inferred from the circumstances that the issue in question or the request for information has been fully resolved.
3.2.5. Options for objecting and erasure of data
You have the option of withdrawing your consent to the processing of your personal data at any time.
If you contact us by e-mail, you can object to the storage of your personal data at any time. Please note that doing so will naturally mean that our conversation cannot be continued. Please communicate any withdrawal of this nature to email@example.com. All personal data that has been stored in the course of this communication will then be erased.
3.3.1. Scope of data processing
This does not work by association with you personally, but rather by assigning an identification number to the cookie ("cookie ID"). This cookie ID is not linked with your name, IP address or similar data that would enable the cookie to be linked to you.
This website uses transient and persistent cookies.
a) Transient cookies are automatically deleted when you close your browser. These primarily include session cookies. These store a session ID, which is used to assign different requests from your browser to the session as a whole. This means that your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
b) Persistent cookies are automatically deleted after a specified time period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings for your browser.
3.3.2. Purpose of data processing
Some elements of our website require the requesting browser to be identified after moving to a new page. In these cases, it is necessary for the browser to be recognised after accessing a new page.
3.3.3. Legal basis for the data processing
Article 6(1f) GDPR provides the legal basis for the processing of personal data using cookies that are necessary from a technical perspective.
3.3.4. Storage period
Session cookies are deleted as soon as the browser is closed.
Persistent cookies are automatically deleted after a specified time period.
3.3.5. Options for objecting and erasure of data
However, please note that you block or delete cookies, you may not be able to use of all the features on this website.
3.4. Web analytics
3.4.1. Scope of data processing
We use Google Analytics on our website, which is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
The data collected by Google in this process that concerns your use of the website (e.g. the pages you visit on our site) is transmitted to a Google server in the USA and stored and ana-lysed there, and the results are made available to us in anonymised form.
We use the IP anonymisation feature on our website that is provided by Google. This means that your IP address is truncated prior to processing by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA, where it is trun-cated.
Google is certified under the EU-U.S. Privacy Shield, which guarantees a suitable level of data protection for data held by Google in the USA.
3.4.2. Purpose of data processing
Google uses this information on our behalf in order to evaluate use of our website and to com-pile reports about activity on our website. This enables us to improve your online experience to and increase the user-friendliness of our website.
3.4.3. Legal basis for processing
For the purposes indicated above, we have a legitimate interest in data processing carried out by Google Analytics. The legal basis in this instance is Article 6(1f) GDPR.
3.4.4. Storage period
Sessions and campaigns are ended after a certain period of time has elapsed. By default, ses-sions are ended after 30 minutes of inactivity and campaigns after six months. The maximum time limit for campaigns is two years.
3.4.5. Options for objecting and erasure of data
The IP address relayed by your browser is not combined with other Google data. You may pre-vent the saving of cookies by selecting the appropriate settings in your browser software, as described above in the "Cookies" section. Furthermore, you can prevent the collection of data generated by the cookie and related to your usage of our website being sent to and processed by Google by downloading and installing Google's browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
If you wish to prevent future collection of your data by Google Analytics when you visit our website via different devices (particularly mobile devices such as smartphones and tablets), you must perform this opt-out on each system you use. Click here to implement this opt-out cookie.
3.5. Google AdWords
3.5.1. Scope of data processing
We use Google AdWords to advertise our services on external websites by means of advertis-ing materials (Google AdWords). These advertising materials are provided by Google via Ad Servers. To this end, we use Ad Server cookies, which enable the measurement of certain pa-rameters for assessing performance, such as advertisement displays or clicks from users. If you reach our website via a Google advertisement, Google AdWords saves a cookie on your computer. For information explaining what cookies are and how they can be deleted, see above. These cookies allow Google to recognise your web browser. If a user visits certain pages on the AdWords customer's website and the cookie saved on their computer has not yet expired, Google and the customer will be able to detect that the user clicked on the advert and was redirected to this page. Each AdWords customer is assigned a different cookie. Cookies cannot, therefore, be tracked through AdWords customers' websites. We do not collect or pro-cess any personal data as part of these advertising measures; we solely receive statistical analyses from Google. These analyses enable us to identify which of the advertising measures we use that are most effective. We do not obtain additional data from the use of advertising materials, and in particular we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser will automatically establish a direct connection to Google servers. We have no influence on the scope and further use of data collected by Google as a result of the use of this tool, and therefore inform you that, to our current knowledge: The integration of AdWords conversion tracking means that Google is informed that you have requested the corresponding section of our website or clicked on one of our ad-verts. If you are registered with a Google service, Google can attribute the visit to your ac-count. Even if you are not registered with Google or have not logged in to your Google ac-count, there is a possibility that this provider will discover your IP address and store that infor-mation.
3.5.2. Purpose of data processing
Data from advertising campaigns enables us to determine the level of success of individual advertising measures. In this context, our interest lies in showing you advertisements that will interest you, in making our website more engaging for you and in calculating advertising costs fairly.
3.5.3. Legal basis for processing
This data processing serves our legitimate interest in designing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR.
3.5.4. Storage period
In general, these cookies expire after 30 days and are not used to identify you personally. As a rule, the unique cookie ID, number of advertisement impressions per placement (frequency), latest impression (relevant for post-view conversions) and opt-out information (to indicate that the user does not wish to be targeted any more) are stored as analytical values for this cookie.
3.5.5. Options for objecting and erasure of data
You can opt out of this tracking process in various ways: a) By changing your browser soft-ware settings accordingly; rejecting third-party cookies in particular will result in you not receiv-ing advertisements from third-party providers, b) By deactivating conversion tracking cookies by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked, https://www.google.co.uk/settings/ads; note that this setting will be reversed if you delete your cookies, c) By deactivating personalised advertising from providers participating in the self-regulatory program "About Ads", via the link http://www.aboutads.info/choices; note that this setting will be reversed if you delete your cookies, d) By permanently deactivating it in Firefox, Internet Explorer or Google Chrome, using the link http://www.google.com/settings/ads/plugin.
You can find further information on data protection at Google here: https://policies.google.com/privacy?hl=en-GB and https://services.google.com/sitestats/en.htm l. Alternatively, you can visit the Network Advertis-ing Initiative (NAI) website at http://www.networkadvertising.org. Google is compliant with the EU-U.S. Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
4. Data security
We take technical, organisational and contractual measures to safeguard the security of data processing in accordance with the state of the art. In so doing, we ensure that the provisions of data protection law, and the General Data Protection Regulation in particular, are complied with and that the data we process is protected against destruction, loss, modification and unauthor-ised access. These security measures include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption for online data transfers is only ac-tive if the padlock symbol appears in the lower menu bar of your browser window and the ad-dress begins with "https://". SSL (Secure Socket Layer) protects data transmission against ille-gal access by third parties using encryption technology. If this option is not available, you may also decide not to send certain data via the Internet.
All information that you send to us is stored and processed on our servers in the European Un-ion.
5. Disclosure of data to third parties and third-party providers
Data is only transferred to third parties in accordance with the statutory requirements. We only disclose user data to third parties if, for example, this is necessary for contractual purposes, on the basis of Article 6(1b) GDPR, or due to our legitimate interests, in accordance with Article 6(1f) GDPR, in the profitable and efficient operation of our business activities.
In the context of commissioned data processing in accordance with Article 28 GDPR, we en-gage sub-contractors for the provision of our services, in particular for the operation, mainte-nance and hosting of the website. We have taken suitable legal precautions and appropriate technical and organisational measures in order to provide protection for personal data in ac-cordance with the applicable statutory provisions.
6. External services and content on our website
We use external services and content on our website. We do so on the grounds of our legiti-mate interests in the analysis, optimisation and profitable operation of our online content within the meaning of Article 6(1f) GDPR.
Where such a service is used or third-party content is displayed, communication data such as the date, time and IP address is exchanged for technical reasons between your browser and the provider in question. This includes your IP address in particular, which is required to display content in your browser.
It may be the case that the provider of the services or content in question processes your data for further internal purposes. Given that we have no influence on the data collected by third par-ties and its subsequent processing, we are unable to provide binding information about the purpose and scope of the processing of your data.
Therefore, for additional information about the purpose and scope of the collection and pro-cessing of your data, please refer to the data protection information supplied by the provider of the services or content that are/is integrated by us who has responsibility under data protec-tion law.
The following list provides an overview of third-party providers, their content and links to their respective privacy policies, which contain further information on the processing of data and your options for objecting.
7. Your rights
If we process personal data that concerns you, this means that you are a data subject as de-fined in the General Data Protection Regulation (GDPR), and that you have the following rights regarding us in relation to the personal data in question:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to processing (Article 21 GDPR)
You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority.
8. Links to other websites
Our website may contain links to other websites and their professional content. These other websites are not controlled by us. You visit these websites at your own risk. CERATIZIT cannot assume responsibility or liability for such other websites and their content, which it hereby ex-cludes, nor for their data protection practices, which it does not certify. We recommend that you familiarize yourself with the privacy policies of these other websites before providing them with information about yourself or carrying out transactions with them.