Data protection

Name and contact info for the controller as per Article 4 (7) GDPR

Company: Dipl.-Ing. Th. Mumken Sales GmbH
Address: 28, 46569 in the Beckuhl Hünxe
Phone: +49 (0)2858-58243-0
Fax: +49 (0)2858-58243-19
E-Mail: info@ditms.de

Data Protection Officer

Address:
Dipl.-Ing. Th. Mumken Sales GmbH
Data Protection Officer
In the Beckuhl Hünxe 28, 46569
E-Mail: datenschutz@ditms.de

Security and protection for your personal data

We consider it our most important task to ensure that the personal data you provided remains confidential and protected from unauthorized access. For this reason, we take utmost care and adopt the latest security standards to guarantee maximum protection for your personal data.

As a company under private law, we are subject to the provisions in the European General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG) regulations. We have adopted technical and organisational measures to ensure that both we and our external service providers meet data privacy regulations.

Definition of terms

Legislation requires that personal data is lawfully processed in good faith and in a way which is open to scrutiny for the person concerned ("legality, processing in good faith, transparency"). Below, we inform you about the individual legal definition of terms, which are also used in this data privacy policy:

(1) Personal data

"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter: "data subject"); an identifiable natural person is regarded as one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.

(2) Processing

"Processing" refers to any procedure or set of procedures which is performed on personal data or on sets of personal data, whether or not by automated means. These include measures such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, erasure or destruction.

(3) Restriction of processing

"Restriction of processing" refers to the marking of saved personal data with the aim of limiting its processing in the future.

(4) Profiling

"Profiling" refers to any type of automated processing of personal data, where the personal data is used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

(5) Pseudonymisation

"Pseudonymisation" refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be associated with an identified or identifiable natural person.

(6) Filing system

"Filing system" refers to any structured set of personal data which is accessible according to specific criteria, irrespective of whether this set is managed in a centralised or decentralised system or dispersed on a functional or geographical basis.

(7) Controller

"Controller" refers to a natural or legal person, public authority, agency or other body which, solely or jointly with others, determines the purposes and means of processing personal data; if Union or Member State law determines the purposes and means of such processing, Union or Member State law may designate the controller or the specific criteria for their nomination.

(8) Processor

"Processor" is a natural or legal person, public authority, agency or other body which processes personal data on the controller's behalf.

(9) Recipient

"Recipient" refers to a natural or legal person, public authority, agency or other body to whom/which the personal data is disclosed, whether they are a third party or not. However, public authorities which possibly receive personal data within the bounds of a particular inquiry as per Union or Member State law are not regarded as recipients; the processing of such data by such public authorities shall be in compliance with the applicable data privacy rules according to the purposes of the processing.

(10) Third party

"Third party" refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

(11) Consent

The data subject's "consent" refers to any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data with a statement or through a clear, affirmative action.

Lawfulness of processing

Processing of personal data is only lawful if there is a legal basis for processing. According to Article 6 (1) lit. a–f GDPR, the legal basis for processing may be the following in particular:

(a) The data subject has given their consent to the processing of their personal data for one or more specific purposes;

(b) Processing is required to perform a contract to which the data subject is party or to take steps at the data subject's request prior to entering into a contract;

(d) Processing is required to protect the data subject's or another natural person's vital interests;

(e) Processing is required to perform a task carried out in the public interest or to exercise official authority vested in the controller;

(f) Processing is required for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the data subject's interests or fundamental rights and freedoms which require protection of personal data, in particular if the data subject is a child.

Information on the collection of personal data

(1) You will find below information on how we collect personal data when you use our website. Personal data includes information such as name, address, e-mail address, and user behaviour.

(2) If you contact us by e-mail or using a contact form, we save and store the information that you provide (your email address and possibly your name and telephone number) to answer your questions. We erase the data that you provide in this way when we no longer need to store it or we limit its processing if there is a statutory obligation to retain it.

Collection of personal data from visits to our website

If you are using this website solely to obtain information, i.e. if you have not logged in, registered, or otherwise provided us with information, we will not collect any data except for the data that your browser forwarded to us. If you wish to view our website, we collect the data listed below. We require it for technical purposes, so we can display our website to you and ensure it is stable and secure (legal basis: Art. 6 (1) Sentence 1 lit. f GDPR):

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Volume of data transmitted
Website making the request
Browser
Operating system and its interface
Language and version of browser software.

Use of cookies

(1) Cookies are also saved to your computer when you use our website in addition to the aforementioned data being collected. Cookies are small text files which are saved to your hard drive and are correlated to the browser you are using. They provide certain information to the party placing the cookie. Cookies are not able to execute programs or transmit viruses to your computer. They are used to make the website more user-friendly and more efficient as a whole.

(2) This website uses the following types of cookies. Their scope and mode of operation are explained below:

Transient cookies (see a.)
Persistent cookies (see b).

(a) Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. Session cookies store what is known as a session identifier that can be used to correlate different requests from your browser during the shared session. This allows your computer to be recognised when it returns to the website. Session cookies are deleted when you log out or you close your browser.

(b) Persistent cookies are automatically deleted after a specific time period, which may vary, depending on the cookie. You can delete cookies in your browser's security settings at any time.

(c) You can configure your browser settings as required and decline to accept third-party cookies or all cookies, for example. "Third party cookies" are cookies which are placed by a third party and not by the website which you are currently visiting. We point out that you may not be able to use all functions on this website if you disable cookies.

Other functions and offering on our website

(1) In addition to using our website for purely information purposes, you can also use the different services that we offer. To do so, you generally need to give us further personal data, which we will use to provide the service concerned and to which the aforementioned basic principles on data processing apply.

(2) We also make use of external service providers to process your data at times. We have carefully selected these service providers. They are obliged to comply with our instructions and undergo inspection on a regular basis.

(3) We may also pass on your personal data to third parties when we offer promotional campaigns, competitions, contracts or similar services in conjunction with partners. You can receive more information in this respect if you provide your personal data or see the description of the offer below.

(4) If our service provider or partner has its headquarters in a state outside the European Economic Area (EEA), we will inform of the consequences in a description of the offer.

(1) You can give your consent to subscribe to our newsletter, which we use to inform you about our latest offers. The acquired goods and services are specified in the declaration of consent.

(2) We use what is known as a double opt-in process for subscription to our newsletter. Thismeans that once you have registered, we will send you an email to the email address that you indicated to ask you to confirm that you would like to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically erased after one month. We will also save the IP address that you used and the time when you subscribed, and when you confirmed subscription. This process is designed to verify your subscription and any possible misuse of your personal data.

(3) Your e-mail address is the sole required field to send you the newsletter. Any other, separately marked data that you provide is on a voluntary basis and is then used to address you personally. Once you have sent confirmation, we save your e-mail address to send you the newsletter. The legal basis for its storage is Art. 6(1) Sentence 1 lit. a GDPR.

(4) You can withdraw your consent to the newsletter being sent and unsubscribe from the newsletter at any time. You can withdraw your consent by clicking on the linkprovided in every newsletter e-mail, sending an email to marketing@ditms.de, or sending a message to the contact details indicated in the legal notice.

(5) We point out that we analyse your user behaviour when sending the newsletter. The emails contain what are known as web beacons or tracking pixels for this purpose. They comprise single-pixel image files which are saved to our website. We link the aforementioned data and web beacons with your e-mail address and individual ID for analyses. The data is collected in pseudonymised format only, so the IDs are not linked to your other personal data. Direct reference to your person is thus ruled out. You can stop this tracking at any time by clicking on the separate link provided in each e-mail or notifying us using another means of contact. The information is stored for as long as you are subscribed. If you unsubscribe, we store the data in anonymous format for statistical purposes only.

(6) We use an external service provider to send newsletters. Separate processing of order-related data has been agreed with the service provider to safeguard the privacy of your personal data. We currently work with the following service providers:

CleverReach
CleverReach GmbH & Co. KG
Mühlenstrasse 43
26180 Rastede
Germany
Phone: +49 4402 97390-00
E-mail: info@cleverreach.com

The following data is transmitted to CleverReach for this purpose:

- Name
- E-mail address
- IP address

You can find more information in CleverReach's data privacy policy at https://www.cleverreach.com/en/privacy-policy/.

Children

Our range is generally intended for adults. Persons under 18 years should not transmit any personal data to us without their parents' or legal guardian's consent.

Rights of the data subject

(1) Withdrawal of consent

You have the right to withdraw your consent at any time if your personal data is processed as a result of you agreeing to its use. This withdrawal of consent has no impact on the legality of data processing activity up to the point in time when consent was withdrawn.

You can exercise your right to cancellation by contacting us at any time.

(2) Right of confirmation

You have the right to require confirmation from the controller whether we process the personal data concerned or not. You can request confirmation using the aforementioned contact details at any time.

(3) Right to information

You have the right to obtain information about personal data and the following information if your personal data is being processed:

(a) The purposes of processing;

(b) The categories of personal data which is processed;

(c) The recipients or categories of recipient to whom the personal data has been or will be disclosed, particularly recipients in third countries or in international organisations;

(d) Wherever possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the period of time;

(e) The existence of the right to request that the controller rectify or erase of personal data or restrict processing of your personal data, or of the right to object to such processing;

(f) The right to file a complaint with a supervisory authority;

(g) Any available information as to its source if the personal data is not collected from the data subject;

(h) The existence of an automated decision-making process, including profiling, referred to in Article 22 (1) and (4) GDPR and, as a minimum in such cases, meaningful information about the logic involved, and the significance and envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer as per Article 46 GDPR. We will provide a copy of the personal data which is subject to processing. The controller may charge a reasonable fee based on administrative costs for any further copies that you request. If you make the request by electronic means, the information will be provided in a commonly used electronic format unless you request otherwise. The right to obtain a copy as per Paragraph 3 must not adversely affect the rights and freedoms of others.

(4) Right to rectification

You have the right to obtain rectification of inaccurate your personal data from us without undue delay. You have the right to have incomplete personal data completed, including by means of a supplementary statement, while bearing in mind the purposes of the processing.

(5) Right to erasure ("the right to be forgotten")

You have the right to obtain from the controller the erasure of your personal data without undue delay. The controller is obliged to erase personal data without undue delay when one of the following reasons applies:

(a) The personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.

(b) The data subject withdraws consent on which processing is based according to Article 6 (1) lit. a, or Article 9 (2) lit. a GDPR, and where there is no other legal ground for the processing.

(c) The data subject files an objection to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for processing, or the data subject files an objection to processing in accordance with Article 21 (2) GDPR.

(d) The personal data has been processed unlawfully.

(e) The personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.

(f) The personal data has been collected in relation to offered information society services specified in Article 8 (1) GDPR.

If the controller has made the personal data public and is obliged to erase the personal data as per Paragraph 1, the controller will take reasonable measures based on the available technology and the cost of implementation. These will include technical measures to inform controllers who are processing the personal data that the data subject has requested such controllers erase any copies or replications of the personal data concerned and any links to said data.

The right to erasure ("the right to be forgotten") does not exist where processing is required to:

Exercise the right of freedom of expression and information;
Comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest, or to exercise of official authority vested in the controller;
Safeguard public interest in the area of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
Fulfil archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR if the right referred to in Paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
Establish, exercise or defend legal claims.

(6) Right to restriction of processing

You are entitled to require us to restrict processing of your personal data if one of the following applies:

(a) The data subject contests the accuracy of the personal data. Processing is restricted for a period to allow the controller to verify the accuracy of the personal data;

(b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;

(c) The controller no longer needs the personal data for processing purposes, but the data subject requires it to establish, assert, or defend legal claims;

(d) The data subject has objected to processing in line with Article 21 (1) GDPR, pending verification as to whether the legitimate grounds of the controller override those of the data subject.

(e) If processing has been restricted as per the aforementioned requirements, irrespective of whether they are stored or not, such personal data will only be processed with the data subject's consent or to establish, assert, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest in the Union or a Member State.

(f) The data subject may contact us at any time using the aforementioned contact details to assert the right to restrict processing.

(7) Right to data portability

You have the right to receive your personal data which you have provided to a controller in a structured, commonly used and machine-readable format. You have the right to transmit such data to another controller without hindrance from the controller to whom the personal data has been provided if:

(a) Its processing is based on consent as per Article 6 (1) lit. a or Article 9 (2) lit. a or on a contract as per Article 6 (1) lit. b GDPR; and

(b) Processing is carried out using automated means.

When exercising your right to data portability as per Paragraph 1, you have the right to have the personal data transmitted directly from one controller to another if this is technically feasible. Exercising the right to data portability is without prejudice to the right to erasure ("right to be forgotten"). This right does not apply to processing which is required to perform a task carried out in the public interest or to exercise official authority vested in the controller.

(8) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for processing which override the data subject's interests, rights and freedoms, or processing serves to establish, assert, or defend legal claims.

If personal data is processed for direct marketing purposes, you have the right to object to processing of your personal data for such marketing at any time. This also includes profiling if it is related to such marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You may exercise your right to object by automated means using technical specifications in conjunction with the use of information society services, and notwithstanding Directive 2002/58/EC.

If personal data is processed for scientific or historical research purposes or statistical purposes as per Article 89 (1), you have the right to object to the processing of your personal data on grounds related to your particular situation unless processing is necessary to perform a task carried out for reasons of public interest.

You may exercise your right to object at any time by contacting the controller concerned.

(9) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you significantly in a similar way. This does not apply if the decision:

(a) Is required to enter into or fulfil a contract between the data subject and a data controller;

(b) Is authorized by Union or Member State law to which the controller is subject and which also specifies suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

The controller will implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which include, as a minimum, the right to obtain human intervention on the part of the controller's behalf, to express their point of view, and to contest the decision.

The data subject may exercise this right at any time by contacting the controller concerned.

(10) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you also have the right to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that processing your personal data breaches this regulation.

(11) Right to an effective judicial remedy

Without prejudice to any other administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority as per Article 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this regulation have been infringed as a result of your personal data being processed in breach of this regulation.

Integration of Google Maps

(1) This website uses the services offered by Google Maps. This means that interactive maps can be displayed directly within the website, allowing you to use their convenient map functions.

(2) When you visit our website, Google is informed that you have accessed the page concerned on our website. The data collected during your visit is also transmitted. Data is forwarded irrespective of whether you have a Google user account or not, and are logged on or not. If you are logged on to Google, your data will be assigned directly to your account. You must log out if you do not wish your data to be correlated with your Google profile before pressing the button. Google stores your data as a usage profile and uses it for advertising and market research purposes and/or to create a website design tailored to user needs. This type of analytics (even for users who are not logged in) is used to introduce customised advertising and inform other social network users of your activity on our website. You have the right to oppose the creation of such user profiles; you need to contact Google to exercise this right.

(3) You can obtain more information on the purpose and scope of data collection and its processing by the plugin provider in the data privacy policies by the provider. There, you can obtain more information on your rights related to data collection and processing and setting options to protect your privacy from:
https://policies.google.com/privacy?hl=en&gl=de. Google also processes your personal data in the USA and complies with EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Processor

We use external service providers (processors) for services such as shipping of goods, newsletters, and payment transactions. Separate processing of order-related data has been agreed with the service provider to safeguard the privacy of your personal data.

We work with the following service providers:

STRATO AG, Pascalstrasse 10, 10587 Berlin, Germany
Veritek Germany GmbH, Hanns-Martin-Schleyer-Strasse 9A, 47877 Willich, Germany
vimago GmbH, Essener Strasse 99, 46047 Oberhausen, Germany
CleverReach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede