I. Name and address of the controller
joke Technology GmbH
Mr U. Fielenbach
Asselborner Weg 14-16
Phone: +49 (0) 22 04/8 39 – 0
Fax: +49 (0) 22 04/8 39 – 13
II. Name of the data protection officer
The controller’s data protection officer is:
Christian Bergmann / QMB Bergmann
III. General remarks on data processing
1. Scope of the processing of personal data
We process personal data of the visitors to our website only to the extent necessary in order to provide an operational website as well as our contents and other services. Processing is performed at least according to the GDPR, for the intended purpose according to Art. 6 of the GDPR.
2. Your rights as visitors to our website
You are entitled to the following rights vis à vis us as the controller:
• Right to information
• Right of rectification
• Right to restriction of processing
• Right of erasure
• Right of information
• Right to data portability
• Right of objection
• Right of revocation in the case of a declaration of consent
• Right to complain to a data protection supervisory authority
3. Data deletion and storage period
Personal data are always deleted or blocked as soon as the purpose for their storage/processing no longer applies. Data may also be stored if this is provided for or prescribed by the legislator. Further information regarding deletion periods and the storage period is presented in the data privacy statements with reference to specific applications.
4. Purposes and legal bases of this website
The purpose of this website is essentially customer communication and marketing as well as the service in the form of a shop on this website. The legal basis is the legitimate interest of the controller pursuant to Art. 6, para. 1, lit. f of the GDPR.
The legitimate interest arises from our company’s desire to also contact interested parties worldwide over the Internet and broadcast our products, contact persons and marketing information.
5. Automatic decision making/profiling
In principle, no automatic decision-making takes place on this website, but it cannot be ruled out that search engines may run background processes that we cannot influence. If we use third-party providers where we are aware that automatic decision-making is implemented via these providers, we explicitly point this out.
6. Processing of PD for purposes other than those specified here
If the purposes of processing indicated here change, we will update the relevant information contained here.
IV. Provision of the website and preparation of log files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically records data and information about the accessing computer system.
The following data is hereby collected:
- Information about the browser type and version
- The user’s IP address
- The date and time of the access
- Referrer website(s)
- Websites accessed by the user from our website
The data is also saved in our system’s log files. This data will not be saved with any other of the user’s personal data.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f of the GDPR (legitimate interest). In addition to upholding the function of the website, the legitimate interest also includes enabling the hoster to analyse malware or attacks on the website and to combat these together with the law enforcement authorities.
3. Legal basis for data processing
The system has to store the IP address temporarily to allow the website to be delivered to the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose
Storage in log files is carried out to ensure the proper functioning of the website. In addition, the data helps us optimise the website and ensure the safety and security of our IT systems. The data is not analysed for marketing purposes in this context.
4. Storage period
The above-mentioned data will be deleted as soon as it is no longer needed to achieve the purpose of its collection. If the data is collected to provide the website, this is the case at the end of the respective session.
Where data are stored in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP address of the user is deleted or altered by us so that the calling client can no longer be allocated and the data contained no longer have any personal reference.
V. Cookies / cookie or consent banner
1. Description of the purpose and scope of data processing and the legal basis
Our homepage offers you the possibility of registering for a newsletter. All data requested here are voluntary, with the exception of your email address, which we need in order to confirm that you have personally registered with us for the newsletter so that we can send it to you.
During the registration procedure your consent will be obtained to the processing of the data and reference will be made to this data protection declaration.
The newsletter is delivered as information for customers and interested parties as well as direct advertising:
If you purchase goods or service on our website and provide your email address for this purpose, this may consequently be used by us to send you a newsletter, taking into account the law on unfair competition. In this case, only direct advertising for our own similar goods and services will be sent with the newsletter.
No data will be forwarded to third parties in the context of data processing for the dispatch of newsletters. This data will only be used to send the newsletter.
The newsletter is delivered based on the user’s consent according to GDPR of Art. 6. lit. a.
2. Storage period
The data will be deleted as soon as it is no longer needed to achieve the purpose of its collection. The user’s email address will therefore be stored as long as the newsletter subscription is active.
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails sent in an HTML format to allow recording in a log file and an analysis of the log file. This allows a statistical analysis of the success or failure of online marketing campaigns. On the basis of the embedded tracking pixel we can detect how many of the sent emails have been opened and which links in the email were accessed how often.
The personal data that is collected via the tracking pixels in newsletters are saved and analysed by the controller responsible for processing so as to optimise the newsletter delivery and to tailor the content of future newsletters even better to the interests of the data subject. This personal data will not be forwarded/disclosed to third parties. Data subjects are entitled at all times to revoke the declaration of consent granted. Following a revocation, this personal data will be erased by the controller.
VIII. Contact form
1. Description, purpose, legal basis and type of data processing
On our homepage, we offer you the possibility of contacting us via a contact form. The purpose of the processing is to enable you to contact us via various different communication channels. The following data are collected as part of the registration process and based on your consent (GDPR Art. 6 lit a), the legitimate interest of the controller (GDPR, Art.6 lit f):
We would like to collect the following data, with the information marked with an “*” being mandatory:
- Date and time of sending
- Form of address*
- First name
- Street and house number
- Telephone number
By clicking on the “submit” button, you consent to processing of the data.
2. Storage period
The data will be deleted as soon as they are no longer required to achieve the present underlying purpose, or as a result of a new purpose’s arising from the processing of your comment, they will be allocated to the new purpose and further processed in accordance therewith. Further information in this connection can be obtained from us through our “Duty to inform” below.
3. Objection and opt-out option
You have the option of objecting to continuation of your request at any time via the contact form. The moment you object, processing will be discontinued and the collected data will be erased if no other legal grounds oppose their erasure, e.g. legal requirements, such as retention periods.
IX. Data protection regulations for the use of Google Analytics with anonymization function
We use Google Analytics with an anonymization function on our website.
This collects and evaluates data concerning the Internet usage of website visitors.
The following data is collected, for example:
- The website from which someone comes (referrer)
- Which sub-pages are accessed on the website
- How frequently websites are visited
- How long visitors spend on websites
The purpose of this service on our website is to analyse visitor flows so as to optimise the website and for a cost-benefit analysis of Internet advertising.
The operating company of Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The suffix “_gat._anonymizeIp” is used for the web analysis via Google Analytics. If our website is accessed from a member state of the European Union or a different state party to the Agreement on the European Economic Area, this suffix abbreviates and anonymises the IP address of the website visitor’s Internet connection.
Google also uses the data and information for online reports about activities on our website as well as to render further services connected to the use of our website. Google Analytics places a cookie on the corresponding data subject’s system. Setting cookies allows an analysis of how our website is used.
Data is transferred to Google for the purpose of an online analysis every time a data subject visits our website on which a Google-Analytics component has been installed.
In the course of this procedure, Google receives personal data, such as the IP address of the data subject. The IP address is used to trace the source of the visitor and the clicks and to then allow a resulting settlement of commissions.
The following data with respect to the data subject is collected and saved by means of the aforementioned cookies:
- The time of access
- The place from where our site was accessed
- The frequency of visits to our website
This data, including the UP address of the data subject, is forwarded to Google in the United States of America every time our website is visited. This personal data is saved by Google in the United States of America. Google may forward this personal data to third parties under certain circumstances.
You can adjust the settings of the Internet browser at any time to prevent our website from placing cookies as described. This setting in your Internet browser would also prevent Google placing a cookie on your system.
In addition, a cookie that has already been placed by Google Analytics can be erased at any time via your Internet browser or other software program.
Google classifies the installation of the browser add-on as an objection. If the data subject’s IT system is erased, formatted or re-installed at a later point in time, the data subject has to re-install the browser add-on to deactivate Google Analytics. If the browser add-on is de-installed or deactivated by the data subject or any other person, the browser add-on can be re-installed or re-activated.
For further information and the data protection provisions of Google, visit https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is also explained in more detail from this linkhttps://www.google.com/intl/de_de/analytics/.
X. Information obligation pursuant to Art. 12/13 and 14 of the GDPR for customers, interested parties and suppliers ofjoke Technology GmbH
In accordance with Art. 12 of the GDPR, the controller takes appropriate measures to inform data subjects in accordance with Art. 13 and 14 of the GDPR in a precise, transparent, understandable and easily accessible manner using clear and simple language. This information is provided in writing, though it can also be transferred electronically. It can also be transmitted verbally in special cases where the identity of the data subject has been proven.
Insofar as our order processing system allows, you will receive the necessary and requisite information via our order documents, offers, inquiries or confirmations of orders as a PDF file per mail, or will be handed directly. We normally provide all of the necessary information for all data objects on the Internet on our website in the area of our data protection declaration and refer to this in our mail signatures.
We take our information obligation very seriously, which is why we inform you about all of your rights relative to our information obligation with respect to the GDPR. Despite this, we cannot be certain that you will understand the way we present this information. If this is the case, please contact us and we will immediately find a way to inform you in a manner that can be understood by everyone.
What happens when the purpose specified here changes?
If the original purpose of processing your personal data changes, we will notify you of this in an appropriate information. If you are unable to find the purpose of the processing of your personal data here, please contact us so that we can provide you with the information immediately, either in person or in writing, or tell you where you can find this information.
Name and contact data of the controller
Mr Udo Fielenbach /Managing Director
Tel.: 0 22 04 / 8 39-545
Name and contact data of the data protection officer
Christian Bergmann / email@example.com
Explanation of the processing activities
This information relates to at least the following processing activities, during which the personal data of interested parties, customers and suppliers is processed directly.
- Letter shop
- Accident report / first-aid book
- Order processing (including inquiries, offers, logistics)
- In-house training
- Service repairs
- New customer acquisition
- Complaints management
Details of the purpose of the processing and the legal grounds.
- Purpose – the performance of all billing transactions with customers and suppliers
- Legal basis – according to letter b) of Art. 6 of the GDPR, fulfilment of a contract and/or financial stipulations.
1. Purpose – information for customers in the form of a circular
2. Legal basis - according to letter f) of Art. 6 of the GDPR, to safeguard a legitimate interest of the controller, to fulfil the business purpose, to sell and offer products.
- Accident report / first-aid report
- Purpose - to ensure that accidents that may befall customers during a visit to the jokeTechnology GmbH company are documented correctly and are possibly insured through the employers' liability insurance association as the insurer and can be settled through them.
- Legal basis - letter c) of Art. 6 of the GDPR, fulfilment of a legal obligation
- Purpose - to offer and facilitate the sale of goods and products via new media.
- Legal basis - according to letter f) of Art. 6 of the GDPR, to safeguard a legitimate interest of the controller, to fulfil the business purpose, to sell and offer products.
- Order processing (including inquiries, offers, logistics)
- Purpose - to offer, inquire services and products. Processing of orders.
- Legal basis - according to letter b) of Art. 6 of the GDPR, pre-contractual measures and fulfilment of a contract. As well as safeguarding the legitimate interests of the controller to fulfil the business purpose pursuant to letter f) of Art 6 of the GDPR.
- In-house training
- Purpose - performance of product trainings for customers
- Legal basis - safeguarding the legitimate interests of the controller to fulfil the business purpose pursuant to letter f) of Art 6 of the GDPR. With a corresponding agreement on the performance of training, the performance of pre-contractual measures and fulfilment of contracts pursuant to letter b) of Art 6 of the GDPR.
- Service repair
- Purpose – the performance of service repairs in the event of complaints about own products and repairs to third-party devices.
- Legal basis - in the event of a complaint, possibly considering the product liability act, as well as third-party repairs and complaints, the performance of pre-contractual measures and fulfilment of contracts pursuant to letter b) of Art 6 of the GDPR. As well as safeguarding the legitimate interests of the controller to fulfil the business purpose pursuant to letter f) of Art 6 of the GDPR.
- New customer acquisition
- Purpose – to extend the customer bases so as to improve the business success.
- Legal basis - safeguarding the legitimate interests of the controller to fulfil the business purpose pursuant to letter f) of Art 6 of the GDPR.
- Complaints management
- Purpose – to increase customer satisfaction and avoid dissatisfaction amongst customers through an optimum processing of complaints.
- Legal basis - considering the product liability act and the performance of pre-contractual measures and fulfilment of contracts pursuant to letter b) of Art 6 of the GDPR. As well as safeguarding the legitimate interests of the controller to fulfil the business purpose pursuant to letter f) of Art 6 of the GDPR.
Naming the recipients or categories of recipients of personal data.
In principle, every employee who has access to a PC can also access all of the data in the ERP system. The marketing and advertising department has separate systems that can only be accessed directly by marketing and other employees have conditional access via marketing.
- Accounting - all of the employees of joke Technology GmbH, who have access to the ERP system and inspect documents have to guarantee safe operational procedures.
- Lettershop - marketing department, sales, management
- Accident reports / first-aid book - reception, management assistants and representatives, possibly first-aiders, witnesses to the accident.
- Website/Shop – service providers for the web shop, sales, marketing
- Order processing (including inquiries, offers, logistics) – purchasing, sales, warehouse/dispatch
- In-house training - management assistants, sales operations
- Service Repair – specifically the service and repair department, though also all employees who have access to the system
- New customer acquisition – New customer acquisition – primarily sales, data that is entered into the system can be seen internally by all employees with access to the ERP system.
- Complaints management - all employees with PC access to the ERP system.
Is data transferred to a third country or an international organisation?
Not as long as you as a customer or supplier do not have your registered offices in these.
How long is the personal data saved or which rules are applied for the storage period?
In principle, the statutory storage periods are observed, in other words at least 10 years for all documents that are processed in accounting and at least 5 years for accident reports and entries in the first-aid book or until a case that it still being processed is concluded.
Your data will be updated and kept transparent by us as far as possible and blocked if necessary. We currently have no possibility of limiting the storage and of erasing data after a fixed period; for this reason we have set up a project group to address this topic. As soon as we have found a satisfactory solution to this problem, the storage period and erasure of system data will be updated here.
Your further rights as a data subject
You have a right to data portability, rectification, erasure or restriction of processing as well as a right to object to the processing and a right to data portability of your data that is processed by the controller.
If the processing of your personal data is based on a consent that you have granted, you have the right to object to and revoke this consent at any time; this does not affect the legitimacy of the processing carried out on the basis of the consent up to its withdrawal.
You have the right to lodge a complaint with a supervisory authority:
Is the provisions and processing of your data stipulated by law/contract and/or necessary for the conclusion of a contract?
- Accounting - yes, both contractually and legally
- Letter shop - no
- Accident report / first-aid book – yes, legally
- Website/shop - no
- Order processing (including inquiries, offers, logistics) - yes contractually and consequently legally too, see accounting
- In-house training - no
- Service repair - yes, contractually and legally too with respect to the product liability act
- New customer acquisition - no
- Complaints management - yes, contractually and legally too with respect to the product liability act
Are you obliged to provide your data and what would be the consequence of not
providing your data?
- Accounting – no, (no personal data) company data is normally sufficient, though this would greatly hamper direct communication in larger companies
- Letter shop – no, you would not receive any further info
- Accident report / first-aid book - yes, accidents would no longer be documented, the BG would not provide any benefits in the event of an accident at work.
- Website/shop – no, you would not be able to order any goods over the Internet.
- Order processing (including inquiries, offers, logistics) – no (no personal data), company data is normally sufficient, though this would greatly hamper direct communication in larger companies
- In-house training – yes, the training is carried out and certificates issued on a personal level, these would then no longer be able to be issued for individuals
- Service repair – no, (no personal data) company data is normally sufficient, though this would greatly hamper direct communication in larger companies
- New customer acquisition – no, there is no direct personal contact, this can then only be directly via the company.
- Complaints management – no, (no personal data) company data is normally sufficient, though this would greatly hamper direct communication in larger companies.
Is there any automated decision-making and/or profiling during the processing of your data?
From which source does your data come if we do not receive the data directly from you personally?
If we have not received your personal data directly from you in person, we obtain your data from public sources such as the telephone book, Internet (your homepage/search engines/social networks) or other public sources. We may have received your contact data through your company via a telephone or mail contact in individual cases. Either from your colleagues, superiors or your company’s central office. In special cases, we may also have received your data in the course of order processing by our customers because we may deliver goods to you on their behalf that you have ordered from our range of products through them.