Data Protection

 

1. Our data protection statement

Protecting your personal data is a top priority for Südwestdeutsche Salzwerke AG. With this in mind, we always treat your personal data as confidential and in accordance with the applicable provisions on data protection.

In principle, it is possible to use our website without providing personal data. However, it you wish to utilize particular services of our company via our website as a visitor to our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no statutory basis for such processing, we generally obtain the consent of the data subject.

Our data protection statement provides you with information on the nature, scope and purpose of the personal data we collect, use and process. This data protection statement also explains what rights a data subject has in connection with your personal data.

As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure as much protection as possible for the personal data processed via this website. Still, please note that Internet-based data transfers can be subject to security gaps in principle, so it is not possible to guarantee absolute protection.

 

2. Definitions

Our data protection statement uses terms that are also used in the General Data Protection Regulation (“GDPR”).  To make it easier for you to read and understand this statement, the section below presents the most important terms.

2.1 Personal data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Data subject

“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.

2.3 Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4 Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

2.5 Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

2.6 Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

2.7 Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.8 Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.9 Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

2.10 Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

2.11 Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

3. Name and address of the controller

The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Südwestdeutsche Salzwerke AG

Salzgrund 67

74076 Heilbronn

Germany

 

4. Contact information for the data protection officer

The data protection officer’s address is as follows:

Südwestdeutsche Salzwerke AG

Data Protection Officer

Salzgrund 67

74076 Heilbronn, Germany

Alternatively, you can send inquiries to the following e-mail address:

Datenschutz@salzwerke.de

 

5. How we protect your data

We take protecting your personal data very seriously and implement appropriate technical and organizational measures to protect your data against access by unauthorized persons, manipulation, destruction and loss in connection with the use of this website. The security measures used undergo improvement on an ongoing basis in accordance with technological advances.

For example, communication via our website is protected via HTTPS (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be read by unauthorized parties. This serves to protect the transmission of confidential content such as inquiries that you make to us as the site operator.

If service providers are involved in handling services of our website and these providers meet the definition of processors, we have set out provisions governing these relationships in order to protect your personal data via a contract for processing on our behalf within the meaning of Article 28 GDPR.

 

6. Collection of general data and information when our website is used

Every time our website is accessed, it collects a range of general data and information, which are stored in the server’s log files. The information collected may include the browser types and versions used, the operating system used by the user, the website from which a system accessing our site reaches our website (known as the “referrer”), the subpages to which a system accessing our site navigates on our website, the date and time of access to our website, an Internet Protocol (IP) address and the Internet service provider of the system accessing our site. No conclusions regarding the data subject, meaning you as the website visitor, are drawn when these general data and items of information are used. This information is needed in order to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. All anonymous server log file data are stored separately from all personal data provided by a data subject. The collection of the data on the provision of the website and storage of the data in log files are essential to the operation of the website. The user therefore has no possibility of objecting to this. The log file data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. In the case of collection of the data to provide the website, this is the case after seven days at the latest.

 

7. Data within the context of the use of a contact form offered on the website

For questions of all kinds, we offer you the possibility of contacting us via a form provided on the website or a corresponding online function. It is necessary to provide a valid e-mail address to do this so that we know who has sent us the inquiry and can respond to it. Further required information is marked with an asterisk (*) in the contact form. Depending on the subject, type of data, and whether or not you are already a customer, the processing of the data is based on the contract with you, your consent or your or our legitimate interest in clarifying the matter pursuant to Article 6(1)(a), (b), and (f) GDPR. We will erase your data relating to the inquiry unless we are under a legal obligation to continue to store or keep these data. Where the data are still needed to process outstanding inquiries, erasure thereof will take place after these inquires have been handled through to completion at the earliest. Your personal data will not be shared with third parties.

 

8. Links to other websites

Our website may contain links to the websites of third parties, and some of our services may enable you to access the services of third parties (e.g. social networks). We have no influence over how the websites and services of third parties process your personal data. We do not check the websites or services of third parties, nor are we responsible for such websites and services of third parties or their data protection practices. Please read the data protection and privacy statements of the websites and/or services of third parties that you access via our website or services. If our website includes other services, you will find an explanation regarding this in this data protection statement.

 

9. Cookie statement

9.1 What are cookies?

Cookies are small text files in which the Web browser stores information on visited websites that is transmitted by the Web server. This can be information on site visits, such as duration, login information, user entries and similar.

These cookies are stored on your computer or mobile device when you visit a website. They hardly take up any storage space at all, and they are automatically erased when they expire. Certain cookies expire at the end of your Internet session, while others are stored for a limited period.

9.2. What kinds of cookies are there?

9.2.1 Strictly required cookies

These cookies are strictly required in order to guide you through the website or allow you to access certain functions you have requested.

9.2.2 Functionality cookies

These cookies improve a website’s functionality by storing your settings. They allow you to do things like save an existing shopping cart, optimize the way the website is displayed depending on the device you are using, or store your shipping information to speed up the payment process.

9.2.3 Performance cookies

These cookies help to improve the website’s performance and offer a better user experience.

9.2.4 Cookies for managing Web statistics

Cookies are also used to identify the frequency of use and also recurring visits to websites. We use the analysis software Google Analytics for this. For information about Google Analytics and how we use it, please consult the section of this data protection statement titled “Data protection provisions on the use of Google Analytics (with anonymization function and opt-in).”

Targeting cookies, advertising cookies, and social media cookies collect your preferences in order to show you relevant ads on external websites. Social media cookies can also be used to track your activity on social media platforms.

If we use these kinds of services, you will find information on this in this data protection statement.

9.3 Why do we use cookies?

We use cookies primarily to make your visit to our website as user-friendly as possible (session cookies). We also use cookies that can be used to analyze tracking on the website.

9.4 How you can manage cookies

You can adjust your browser settings to erase cookies or prevent certain cookies from being stored on your computer or mobile device without your consent. Your browser’s help section should contain information on managing your cookie settings. The links below will help you learn how to adjust your browser settings properly:

Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/kb/PH21411?locale=de_DE

Mozilla Firefox: http://support.mozilla.com/de-DE/kb/Cookies

Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

Adobe (Flash cookies): http://www.adobe.com/de/privacy/policies/flash-player.html

9.5. Updates to the cookie statement

Our cookie statement may change from time to time, for example to take changes in the cookies we use into account or if this is necessary for other operational or legal reasons. As a result, please access this cookie statement regularly so you can stay informed about our use of cookies on an updated basis.

 

10. Erasure and blockage of personal data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage thereof or where this has been stipulated by the European legislative and regulatory authorities or another legislative authority in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or a storage period stipulated by the European legislative and regulatory authorities or another legislative authority with jurisdiction expires, the personal data will be blocked or erased in accordance with the statutory provisions.

 

11. Legal bases of the processing of personal data

Article 6(1)(a) GDPR serves as our company’s legal basis for processing operations in which we obtain consent for a specific purpose of processing; this is the case with the use of a contact form integrated into the website, for example.

If the processing of personal data is necessary in order to perform a contract to which the data subject is party, such as in the case of the processing operations that are necessary in order to deliver goods or provide other services or consideration, then the processing is based on Article 6(1)(b) GDPR. The same applies to those processing operations that are necessary in order to take steps prior to entering into a contract, such as in the case of inquiries regarding our products or services.

If our company is under a legal obligation that necessitates the processing of personal data, such as to fulfill tax obligations, then the processing is based on Article 6(1)(c) GDPR.

Furthermore, processing operations may be based on Article 6(1)(f) GDPR. This is the case if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to engage in such processing operations in particular because they were specifically mentioned by the European legislative authorities. The legislature took the view, in this regard, that there could be a legitimate interest if the data subject is a client of the controller or is in the service of the controller (recital 47, second sentence, GDPR). If processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest consists in carrying on our business activities for the benefit of our shareholders, with consideration for the legitimate interests of the data subjects. When these interests are weighed, the focus is always on an appropriate relationship between the data subject and us as a company.

 

12. Social Media Presence

We maintain fanpages on various social networks and platforms, with the aim of communicating with customers, prospective customers and users active on them, and informing them about our services.

We would like to point out that your personal data may be processed outside of the European Union, such that risks may arise for you (for example, in the enforcement of your rights under European / German law). Please note that some US providers are certified under the Privacy Shield and undertake to comply with the data protection standards of the EU.

The data of users is generally processed for market research and advertising purposes. Usage profiles can therefore be created, for example, based on the usage behaviour and interests of the users. These usage profiles can also be used, for example, to activate advertising inside and outside of the platforms, where it is suspected that such advertising is in the interest of the users. For these purposes, cookies are usually stored on the computers of the users, in which their usage behaviour and interests are stored. In addition, data may be stored in the usage profiles which is independent of the equipment used by the users (in particular, if the users are members of the respective platforms and are logged in to them).

The processing of the personal data of the users is done on the basis of our legitimate interests, with respect to effectively informing and communicating with users according to Article 6(1f) GDPR. If the users are asked by the respective providers to consent to the processing of data (i.e. consent, for example, by ticking a checkbox or confirmation via a button), the legal basis for the processing is Article 6(1a) and Article 7 GDPR.

For more information about the processing of your personal data and about your options for objection, see the links below of the respective provider. The assertion of the right to receive information and other rights of the data subject may also be made vis-à-vis suppliers, though only to those who have direct access to the data of users and have the relevant information. Of course we are available to answer any questions and will assist you should you require assistance.

Provider:
Instagram
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Data Security Statement / Opt-Out: http://instagram.com/about/legal/privacy/.


Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Data security statement: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 

13. Period for which the personal data are stored

The criterion for the duration of the storage of personal data is statutory storage periods, which may arise from tax or commercial law or from other applicable legal provisions, wherever these legal provisions apply to your personal data. After the time limit expires, the data in question are erased if they are no longer needed for the performance of a contract, to prepare to enter into a contract, or to maintain the business relationship. If there are no applicable storage periods and you have given us your consent to store and use your personal data, then the data will be stored and used for the specific purpose thereof for the period indicated within the scope of the consent or until you withdraw your consent to the use thereof for the future.

 

14. Statutory or contractual provisions on providing the personal data; necessity of entering into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data

Please note that providing personal data is required by law in some cases (e.g. under tax law) or may also arise from contractual provisions (e.g. information regarding the other party to the contract). In some cases, it may be necessary for a data subject to provide us with personal data, which we are then required to process, in order to enter into a contract. For example, the data subject is obligated to provide us with personal data if our company enters into a contract with the data subject. Failure to provide the personal data would render it impossible to enter into the contract with the data subject.

 

15. Data protection provisions on the use of Google Analytics (with anonymization function and opt-in)

We have integrated the Google Analytics component (with anonymization function) into our website and implemented this via an opt-in solution.

This means we use this technology only with your express consent. If you visit our website, you have the choice of consenting to the use of Google Analytics or deciding against it  (opt-in cookie). If you give your consent, the Google Analytics cookie will be placed on your device. If you decide against the use of Google Analytics, the Google Analytics cookie will not be placed on your device, with the result that no analysis will take place.

Google Analytics is a Web analytics service. Web analytics is the collection and analysis of data regarding the behavior of website visitors. A Web analytics service collects data on, among other things, the website from which a data subject has reached a certain website (known as the referrer), which subpages of the website are accessed, and how often and for what period a subpage is visited. Web analytics is used primarily to optimize a website and perform a cost-benefit analysis of Internet advertising.

The company that operates the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With an eye to data protection, we have integrated the additional element “_gat._anonymizeIp” for Web analytics using Google Analytics. Via this additional element, the IP address of the data subject’s Internet connection is truncated and anonymized by Google if the access to our websites takes place from a Member State of the European Union or another country that is a signatory to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor streams on our website. Google uses the data and information gleaned for various purposes, including to analyze the use of our website, compile online reports on activity on our websites for us, and perform further services associated with the use of our website.

These purposes also constitute our legitimate interest in the processing of data. The legal basis for the use of Google Analytics is Sec. 15 (3) of the German Telemedia Act (TMG) or Article 6(1)(f) GDPR. The data we transmit which are linked with cookies, user identifiers (e.g. user ID) or advertising IDs are automatically erased after 50 months. Data whose storage period has been reached are automatically erased once per month. For further information on terms of use and data protection, please see https://www.google.com/analytics/terms/de.html

https://www.google.com/analytics/terms/de.html

https://policies.google.com

In the event of express consent by the user (opt-in), Google Analytics places a cookie on the data subject’s information technology system. What cookies are is explained in our cookie statement, which is an element of this data protection statement. When the cookie is placed, it becomes possible for Google to analyze the use of our website. Every time any of the individual pages of this website, which is operated by the controller and into which a Google Analytics component has been integrated, is accessed, the relevant Google Analytics component automatically causes the Internet browser on the data subject’s information technology system to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google gains knowledge of personal data, such as the data subject’s IP address (anonymized). This information allows Google, among other things, to track the origin of the visitors and clicks and subsequently perform billing calculations for commissions.

The cookie stores personal data, such as the time of access, the place from which access originates and the frequency of visits to our website by the data subject. Every time our website is visited, these personal data, including the IP address of the Internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may share these personal data that are collected via this technical process with third parties.

Deactivating (opt-in) consent that has been granted to Web analytics using Google Analytics

You as a website user can prevent cookies from being stored even after giving your consent to the use of Google Analytics (opt-in) by adjusting the settings in your browser software accordingly; in addition, a cookie that has already been placed by Google Analytics can be deleted at any time using an Internet browser or other software programs. However, please note that in this case, you may not be able to use all of the functions of this website in full.

You can also prevent the data generated by the cookie regarding your use of the website (including your IP address) from being collected and transmitted to Google and from being processed by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For further information and the applicable privacy policies of Google, please visit https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. This link:  https://www.google.com/intl/de_de/analytics/ provides further explanatory information regarding Google Analytics.

 

16. Use of social media buttons via “Shariff” (Facebook, Pinterest)

We use the c’t project “Shariff” on our website. It replaces the usual share buttons of the social networks, thereby protecting our website users’ surfing behavior.

Shariff integrates the share buttons and/or social media plugins of the social networks into our website merely as graphics that contain a link to the relevant social network. When you visit our website, these buttons are deactivated by default, meaning that they do not transmit any data to the relevant social networks without your participation. Before you can use the buttons, you need to activate them by clicking. The Shariff button then establishes direct contact between the social network and our users, only after the user actively clicks the share button. Only then are your data transmitted to the relevant social network. If the Shariff button is not clicked, on the other hand, no exchange at all takes place between you and the social networks. This makes it possible to share our website quickly and easily on social networks, something many website users value. To this end, we have used our social buttons to give you a way to use these services – while also protecting your privacy.

After the Shariff button is activated, a direct connection is established with the server of the relevant social network. The content of the button is then transmitted directly to your browser by the social networks and integrated into the website by your browser.

Once a button has been activated, the relevant social network can already collect data, regardless of whether you interact with the button. If you are logged into a social network, the network can associate your visit to this website with your user account. If you are a member of a social network and do not want the network to associate the data collected when you visit our website with your stored member data, you need to log out of the relevant social network before activating the buttons.

We have no influence over the scope of the data collected by social networks via their buttons. For information on the purpose and scope of the collection of data and the further processing and use of the data by the relevant social networks and on your rights in this regard and settings options to protect your privacy, please see the data protection and privacy policies of the relevant social networks.

The developer of this component is GitHub, Inc., 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA. For further information and the applicable privacy policy of GitHub, please visit https://help.github.com/articles/github-privacy-policy/. Further information on the c’t project Shariff is available at https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

We integrate the following social networks into our website with Shariff:

 - Facebook

 - Pinterest

Links to the privacy settings of the social services integrated via Shariff:

https://www.facebook.com/about/privacy/

https://policy.pinterest.com/de/privacy-policy

 

17. Integration of the Facebook sidebar via data protection-friendly “2-click method”

We use a social plugin for the use of the “Facebook sidebar.” This plugin is offered and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and is clearly labeled with the Facebook logo. To protect your personal data, we have integrated a manual message that opens when the “f” is clicked. This message notifies you that data will not be transmitted to Facebook unless and until you click the “Display Facebook” button and confirm the “privacy provisions” in a checkbox (termed “2-click method”). No data are transmitted before then. If you connect with the Facebook sidebar, the content of the Facebook plugin transmits data from your browser to Facebook and displays them accordingly in our environment without us having an influence on the content of the plugin. Facebook may be able to track your visit to our relevant pages in that case and associate it with a Facebook account if you are registered with Facebook or recently visited a page of Facebook or with Facebook content. All further Facebook components are integrated into our site via the “Shariff buttons,” as described in the first paragraph of this section of our data protection statement. For further details and information on the nature, purpose, and scope and on the further processing and use of your data by Facebook, please see Facebook’s privacy policy. It will also tell you more about your rights in this regard and settings options to protect your privacy.

Link: Facebook privacy policy www.facebook.com/about/privacy/

If you do not want Facebook to be able to associate your visit to our pages with your Facebook account, please log out of your Facebook user account.

 

18. Data protection provisions on the use of Google AdWords

We have integrated Google AdWords into our website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google search engine results and in the Google advertising network. Google AdWords allows advertisers to set certain keywords in advance which are then used to display an ad in the Google search engine results exclusively when the user accesses a search result that is relevant to the keyword via the search engine. Within the Google advertising network, the ads are distributed to websites on relevant topics using an automatic algorithm and taking into account the previously specified keywords.

The company that operates the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying ads on relevant interests on the websites of third-party companies and in the search engine results of the Google search engine and displaying external ads on our website.

If a data subject reaches our website via a Google ad, Google places a “conversion cookie” on the data subject’s information technology system. What cookies are is explained above. A conversion cookie ceases to be valid after 30 days. It does not serve to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping cart of an online shop system, on our website are accessed. The conversion cookie allows both us and Google to track whether a data subject who has reached our website via an AdWords ad has generated sales, meaning whether a purchase of goods has been made or terminated.

Google uses the data and information collected through the use of the conversion cookie to generate statistics on visits to our website. We use these visit statistics in turn to determine the total number of visitors who have been connected with us via AdWords ads, meaning to determine the success or failure of the relevant AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertising customers of Google AdWords receive information from Google that would allow the data subject to be identified.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. This means that every time our website is visited, personal data, including the IP address of the Internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may share these personal data that are collected via this technical process with third parties.

The data subject can prevent the placement of cookies by our website, as explained in the cookie statement in this data protection statement, at any time by adjusting the settings of the Internet browser used accordingly and can thus prevent cookies from being placed on a lasting basis. Adjusting the settings of the Internet browser used in this way would also prevent Google from placing a conversion cookie on the data subject’s information technology system. In addition, a cookie that has already been placed by Google AdWords can be deleted at any time via the Internet browser or other software programs.

In addition, the data subject has the option to object to interest-related advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each Internet browser used by him or her and adjust the settings there as desired.

For further information and the applicable privacy policy of Google, please visit  https://www.google.de/intl/de/policies/privacy/.

 

19. Overview of your rights as a data subject

Pursuant to the provisions of the GDPR, a data subject has specific request rights that can be asserted in connection with your personal data. For example, you have a right of access and a right to rectification, erasure, restriction of processing and data portability, along with individual rights to object and a right to lodge a complaint with a supervisory authority. This section provides an overview of the individual rights and the time limits that apply.

19.1 Time limits for the “request rights” pursuant to Articles 15 through 21 GDPR

We as the controller will respond to any requests received from the data subject pursuant to Articles 15 through 21 GDPR within a time limit of one month after receipt. This time limit may be extended by a further two months if necessary, taking into account the complexity and number of requests. In this case, we will let you know that we are exercising our right to extend this period within one month after we receive your request. If the data subject makes the request electronically, we will answer it by electronic means if possible unless you state otherwise.

19.2 Ways to make a request

You can submit requests by mail or e-mail. The contact address is listed in section 4 of this statement.

19.3 Right of access by the data subject pursuant to Article 15 GDPR         

A data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information as described in Article 15 GDPR.

Please note that the controller can only provide information if there are no concerns about the data subject’s identity. The controller will use all reasonable means to check the identity of a data subject who is seeking access.

19.4 Right to rectification pursuant to Article 16 GDPR

A data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

19.5 Right to erasure pursuant to Article 17 GDPR

A data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where the prerequisites listed in Article 17 GDPR are met.

19.6 Right to restriction of processing pursuant to Article 18 GDPR

The data subject has the right to obtain from the controller restriction of processing where the prerequisites listed in Article 18 GDPR are met.

19.7 Right to data portability pursuant to Article 20 GDPR

A data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a format as described in Article 20 GDPR or to have them transferred to another controller at the data subject’s instructions if the prerequisites described in Article 20 GDPR are met.

19.8 Right to object pursuant to Article 21 GDPR

A data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which have been collected based on  Article 6(1)(e) GDPR (processing takes place within the scope of a task assigned to the controller in the public interest or in the exercise of official authority) or Article 6(1)(f) GDPR (processing takes place on the basis of a legitimate interest of the controller or a third party).

The controller will no longer process the personal data in these cases unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data are processed by the controller for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

19.9 Right to object pursuant to Article 13(2)(c) GDPR

Where the processing of personal data of a data subject by the controller is based on point (a) of Article 6(1) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes) or point (a) of Article 9(2) GDPR (the data subject has given consent to the processing of the special categories of personal data concerning him or her for one or more specified purposes), the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can withdraw consent by mail or e-mail. The contact address is listed in section 4 of this statement.

 

20. Right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. You can typically contact the supervisory authority of your habitual residence, place of work, or the location of the company’s registered office for this.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and results of the complaint and of the possibility of a judicial remedy pursuant to Article 78 GDPR.

The data protection authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Home adress:                                                                       Mailing adress:

Königstraße 10a                                                                    Postfach 10 29 32
70173 Stuttgart                                                                     70025 Stuttgart
Germany                                                                                 Germany

For more information please click the following link: www.baden-wuerttemberg.datenschutz.de .

 

21. Updates to this data protection statement

It may be necessary to adjust our data protection statement for legal or technical reasons. We reserve the right to make changes accordingly at any time and therefore ask that you consult this data protection statement at regular intervals for information about the current status.

 

Last updated January 2019

Contact

Südwestdeutsche Salzwerke AG
Salzgrund 67
74076 Heilbronn

Email: datenschutz@salzwerke.de

To top