Data Privacy Policy for the TopStick Web Offer

Information on the processing of your data in accordance with Art. 13 GDPR

References to legal regulations relate to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Status: 05/29/2020
 

Table of Contents

1. Validity
2. Responsibility for the Data Processing
3. Company Data Privacy Officer Contact
4. Data Processing – Analysis and Tracking Tools (Cookies)
   4.1 Server Utilization Data
   4.2 Use of Cookies
   4.3 Opt-out - Preventing Cookie Usage
   4.4 Analysis and Tracking Tools
        (1) ConsentManager
        (2) Google Analytics       
5. Duration of Storage, Erasure and Barring of Personal Data
6. Data Security
7. Your Rights
   7.1 Right to Information
   7.2 Right to Rectification
   7.3 Right of Erasure
   7.4 Right to Restriction of Processing
   7.5 Right to Object
   7.6 Right to Revoke
   7.7 Right to Complain
8. Automatic Decision Finding
9. Amendments to the Data Privacy Policy

 

1. Validity

This data privacy policy applies for the HERMA GmbH web offers and the personal data collected via these web offers. For websites of other providers which are referred to, for example, by links, the data protection notes and privacy policies of these apply.

a. TopStick web offer

The TopStick web offer includes the website topstick-labels.com

 

b. Personal data

According to article 4 GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

2. Responsibility for the Data Processing

The responsibility for processing of personal data on the TopStick website lies with
HERMA GmbH (HERMA)
Fabrikstrasse 16, 70794 Filderstadt, Germany
Phone: +49 711 / 7702 0
Fax: +49 711 / 7702 700
E-mail: mail@herma.de

 

3. Company Data Privacy Officer Contact

The responsibility for processing of personal data on the TopStck website lies with:
Data Privacy Officer
HERMA GmbH
Fabrikstrasse 16, 70794 Filderstadt, Germany
E-mail: datenschutz@herma.de

 

4. Data Processing – Analysis and Tracking Tools (Cookies)

4.1 Server Utilization Data

The TopStick website collect a number of general data and items of information every time the respective site is called and store these in the server logfiles. These are data that are collected anonymously and allow no inferences to be drawn to your person. The anonymous data of the server logfiles are stored separately from all the personal data entered by you. Your browser transmits the following data to our server every time that you visit the websites concerned:

  • used browser types and versions 
  • used operating system
  • the website from which you access our web offers (so-called referrer)
  • the sub-sites which you visit within our website
  • the date and time of the access to the website
  • the Internet protocol address (IP address)
  • the Internet service provider
  • other similar data and information

These data are technically necessary for us to show you our website, to ensure the stability and security as well as to provide the necessary information for the law enforcement agencies for prosecution in the event of a cyber-attack.

Art. 6 Par. 1 lit. b) GDPR (contract establishment or contract) and Art. 6 Par. 1 lit. f) GDPR (legitimate interest) provide the legal basis for the data processing.

The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement.

Logfile information is stored for a maximum duration of 90 days for security reasons (e.g. to elucidate cases of misuse and fraud) and then erased. Data which must be kept for purposes of evidence are excepted from erasure until final clarification of the respective case.

 

4.2 Use of Cookies

Cookies are used by us directly or by third providers on our account when using the TopStickwebsite. Cookies are text files which are placed and stored on a computer system by an Internet browser. Many cookies contain a so-called cookie ID. A specific Internet browser can be recognized and identified by the unique cookie ID.

The following types of cookies are used within the scope of our web offers:

  • Technical cookies that are necessary for the function of our web offers (necessary) serve to be able to identify the accessing browser even after switching sites. They do not require consent as, in accordance with Art. 6 I lit. f GDPR, HERMA as the website operator has a legitimate interest in using these cookies.
  • Analysis and tracking cookies enable us to collect and analyze statistics on the user behavior of visitors to the websites, i.e. to carry out a coverage measurement and use analysis for the purpose of website optimization (tracking). They are not absolutely essential for the actual functions of the website and the tracking data might then be linked or shared with other data and services. You will find more information about the tracking tools that we use in the following sections.

 

4.3. Opt-out - Preventing Cookie Usage

You can prevent cookies from being set by our website by

  • making the appropriate section in the cookie banner on your first visit to our website.
  • clicking the fingerprint icon at the bottom left of our website and making the appropriate selection later (during a visit to the website and after already having granted consent).
  • making the appropriate setting in your Internet browser, usually to be found under “Data protection” or “Cookies” of the “Internet options” or “Settings” menu of the browser.

 

4.4 Analysis and Tracking Tools

We use the following analysis and tracking tools within the scope of our web presence which we apply dependent on the concrete web offers (websites, B2B online shops, apps).
 

(1) ConsentManager

We have incorporated the ConsentManager tool of Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) into our websites to inquire consents for the data processing or use of cookies or similar functions. You can also change your settings later (fingerprint icon). In the course of using the ConsentManager, cookies are used and information about the used terminating devices such as the IP address processed to ensure that user settings and preference with regard to the use of cookies and other functionalities are saved.

Art. 6 Par. 1 lit. c) GDPR (legal obligation, obligation of the website operator to provide proof) provides the legal basis.

ConsentManager stores your data for as long as your user settings are active. Your consent will be requested again two years after making the user settings. The user settings that you make are then stored again for this period of time.

 

(2) Google Analytics

We use the web analysis service Google Analytics. Google-Analytics is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics uses cookies that are stored on your computer or mobile device and enable an analysis of the utilization of the website by the users. With these cookies, Google Analytics can measure the coverage of our web presence on our account. The cookies enable us to track which website you visited before accessing our website and how you have used our website. We use the data collected in this way to optimize our website.

By using the cookie, Google collects (personal) data such as your IP address, date and time of the visit, usage data, site information, device information and browser information for HERMA. Your IP address is only processed further in abbreviated form and is therefore anonymized when you access our website from a member state of the European Union or another contract state of the agreement on the European Economic Community.

The recipient of the (personal) data collected in this way is Google so that your data may be transmitted by Google to the United States of America and stored. Google may possibly pass on these data under some circumstances. Google has submitted to the EU-US Privacy Shield.

The data processing by Google Analytics is based on Art. 6 Par. 1 lit. a) GDPR (consent).

Right of revocation – Opt out
In addition to the opt-out options described in section 5.3 you also have the following possibilities of revoking data collection by Google Analytics:

Further information and the applicable data protection regulations of Google can be found under https://policies.google.com/privacy?hl=en&gl=en and under https://marketingplatform.google.com/about/analytics/terms/us/.

  

5. Duration of Storage, Erasure and Barring of Personal Data

HERMA processes and stores your personal data only for the period of time necessary to fulfill the purpose of the storage or insofar as this has been provided for by a law or regulation by which the respective responsible person at HERMA is bound – e.g. legal retention periods.

If the storage purpose is obsolete or a legally prescribed retention period has expired, the personal data are barred or erased routinely and according to the legal stipulations.

Concrete information about the individual erasure deadlines can be found in the respective topical sections of this data privacy policy (e.g. application form, logfiles) as well as in the ConsentManager Tool with regard to the storage duration of cookies.

 

6. Data Security

This site uses an SSL or TLS encryption for security reasons and to protect the transmission of confidential contents such as orders or inquiries which you send to us as the site operator. An encrypted connection is recognizable in that the address line of the browser changes from “http://” to “https://” and the lock icon is displayed in your browser bar.

The data that you transfer to us cannot be read by third parties when the SSL or TLS encryption is activated.

We secure our website and other systems by technical and organizational measures against loss, destruction, access, manipulation or distribution of your data by unauthorized persons.

Please enter data only directly on our website. If you should receive unrequested e-mails asking you to state or confirm personal information or payment data, please ignore these mails and inform our HERMA team under ecommerce@herma.de.

 

7. Your Rights

The GDPR grants you various rights as user of our websites. Please contact datenschutz@herma.de if you have any inquiries regarding exercise of these rights. Please note that we must ensure that you actually are the affected person in case of such inquiries.
  

7.1 Right to Information

You are entitled to demand information about your personal data processed by us in accordance with Art. 15 GDPR. Your application for information should specify details of your concern to make it easier for us to collect the necessary data.
 

7.2 Right to Rectification

If the data concerned are not (no longer) applicable, you are entitled to demand rectification in accordance with Art. 16 GDPR. If your data are incomplete, you are entitled to demand their completion.
 

7.3 Right of Erasure

You may demand erasure of your personal data under the conditions of Art. 17 GDPR. Your right of erasure depends among other things on whether the data concerned are still needed by us to fulfill our legal purposes.
 

7.4 Right to Restriction of Processing

Within the scope of the specifications of Art. 18 GDPR you are entitled to demand restriction of processing of the data concerning you.
 

7.5 Right to Object

Art. 21 GDPR grants you the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you on the legal basis of “legitimate interest” according to Ar. 6 Par. 1 lit. f GDPR.
 

7.6 Right to Revoke

You are entitled to revoke a granted consent at any time with no consequences for the lawfulness of the processing that took place based on the consent up until its revocation is the data processing is based on a consent according to Art. 6 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a GDPR.
 

7.7 Right to Complain

If you are of the opinion that we have not observed legal data privacy regulations in the processing of your data, you can lodge a complaint with the responsible data privacy supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Königstrasse 10a, 70173 Stuttgart, Germany
Phone: +49 711 6155 41-0, Fax: +49 711 6155 41-15, E-Mail: poststelle@lfdi.bwl.de

 

8. Automatic Decision Finding

The TopStick website do not use automatic decision finding.

 

9. Amendments to the Data Privacy Policy

We reserve the right to amend or adapt this data privacy policy at any time under consideration of the valid data privacy regulations.