Data Privacy Policy for the TopStick Web Offer
Information on the processing of your data in accordance with Art. 13 GDPR
References to legal regulations relate to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Status: January 2021
Table of Contents
1. Validity
2. Responsibility for the Data Processing
3. Company Data Privacy Officer Contact
4. Data Processing – Analysis and Tracking Tools (Cookies)
4.1 Server Utilization Data
4.2 Use of Cookies
4.3 Opt-out - Preventing Cookie Usage
4.4 Analysis and Tracking Tools
(1) ConsentManager
(2) Google Analytics
5. Duration of Storage, Erasure and Barring of Personal Data
6. Data Security
7. Your Rights
7.1 Right to Information
7.2 Right to Rectification
7.3 Right of Erasure
7.4 Right to Restriction of Processing
7.5 Right to Object
7.6 Right to Revoke
7.7 Right to Complain
8. Automatic Decision Finding
9. Amendments to the Data Privacy Policy
1. Validity
This data privacy policy applies for the HERMA GmbH web offers and the personal data collected via these web offers. For websites of other providers which are referred to, for example, by links, the data protection notes and privacy policies of these apply.
a. TopStick web offer
The TopStick web offer includes the website www.topstick-labels.com.
b. Personal data
According to article 4 GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Responsibility for the Data Processing
The responsibility for processing of personal data on the TopStick website lies with
HERMA GmbH (HERMA)
Heinrich-Hermann-Straße 14, 70794 Filderstadt, Germany
Phone: +49 711 / 7702 0
E-mail: mail(at)herma.de
3. Company Data Privacy Officer Contact
You can contact the company data privacy officer at HERMA GmbH at:
DataCo GmbH, Dachauer Str. 65, 80335 München, Germany
www.dataguard.de
Phone: +49 89 7400 45840
E-mail: datenschutz(at)herma.de
4. Data Processing – Analysis and Tracking Tools (Cookies)
4.1 Server Utilization Data
The TopStick website collects a number of general data and items of information every time the respective site is called and store these in the server logfiles. These are data that are collected anonymously and allow no inferences to be drawn to your person. The anonymous data of the server logfiles are stored separately from all the personal data entered by you. Your browser transmits the following data to our server every time that you visit the websites concerned:
- used browser types and versions
- used operating system
- the website from which you access our web offers (so-called referrer)
- the sub-sites which you visit within our website
- the date and time of the access to the website
- the Internet protocol address (IP address)
- the Internet service provider
- other similar data and information
These data are technically necessary for us to show you our website, to ensure the stability and security as well as to provide the necessary information for the law enforcement agencies for prosecution in the event of a cyber-attack.
Art. 6 Par. 1 lit. b) GDPR (contract establishment or contract) and Art. 6 Par. 1 lit. f) GDPR (legitimate interest) provide the legal basis for the data processing.
The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement.
Logfile information is stored for a maximum duration of 90 days for security reasons (e.g. to elucidate cases of misuse and fraud) and then erased. Data which must be kept for purposes of evidence are excepted from erasure until final clarification of the respective case.
4.2 Use of Cookies
Cookies are used by us directly or by third providers on our account when using the TopStickwebsite. Cookies are text files which are placed and stored on a computer system by an Internet browser. Many cookies contain a so-called cookie ID. A specific Internet browser can be recognized and identified by the unique cookie ID.
The following types of cookies are used within the scope of our web offers:
- Technical cookies that are necessary for the function of our web offers (necessary) serve to be able to identify the accessing browser even after switching sites. They do not require consent as, in accordance with Art. 6 I lit. f GDPR, HERMA as the website operator has a legitimate interest in using these cookies.
- Analysis and tracking cookies enable us to collect and analyze statistics on the user behavior of visitors to the websites, i.e. to carry out a coverage measurement and use analysis for the purpose of website optimization (tracking). They are not absolutely essential for the actual functions of the website and the tracking data might then be linked or shared with other data and services. You will find more information about the tracking tools that we use in the following sections.
4.3. Opt-out - Preventing Cookie Usage
You can prevent cookies from being set by our website by
- making the appropriate section in the cookie banner on your first visit to our website.
- clicking the fingerprint icon at the bottom left of our website and making the appropriate selection later (during a visit to the website and after already having granted consent).
- making the appropriate setting in your Internet browser, usually to be found under “Data protection” or “Cookies” of the “Internet options” or “Settings” menu of the browser.
4.4 Analysis and Tracking Tools
We use the following analysis and tracking tools within the scope of our web presence.
(1) ConsentManager
We have incorporated the ConsentManager tool of Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) into our websites to inquire consents for the data processing or use of cookies or similar functions. You can also change your settings later (fingerprint icon). In the course of using the ConsentManager, cookies are used and information about the used terminating devices such as the IP address processed to ensure that user settings and preference with regard to the use of cookies and other functionalities are saved.
Art. 6 Par. 1 lit. c) GDPR (legal obligation, obligation of the website operator to provide proof) provides the legal basis.
ConsentManager stores your data for as long as your user settings are active. Your consent will be requested again two years after making the user settings. The user settings that you make are then stored again for this period of time.
(2) Google Analytics
We use the web analysis service Google Analytics. Google-Analytics is operated in the EU by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).
Google Analytics uses cookies that are stored on your computer or mobile device and enable an analysis of the utilization of the website by the users. With these cookies, Google Analytics can measure the coverage of our web presence on our account. The cookies enable us to track which website you visited before accessing our website and how you have used our website. We use the data collected in this way (Google Analytics reports) to analyze the performance of our website as well as to analyze the success of our marketing-campaigns.
By using the cookie, Google collects (personal) data such as your IP address, date and time of the visit, usage data, site information, device information and browser information for HERMA. Your IP address is only processed further in abbreviated form (anonymize IP) when you access our website from a member state of the European Union or another contract state of the agreement on the European Economic Community.
The recipient of the (personal) data collected in this way is Google so that your data may be transmitted by Google to the United States of America and stored. Google may possibly pass on these data under some circumstances.
Google deletes automatically your personal data linked with Cookies after 14 months.
The data processing by Google Analytics is based on Art. 6 Par. 1 lit. a) GDPR (consent).
Right of revocation – Opt out
In addition to the opt-out options described in section 5.3 you also have the following possibilities of revoking data collection by Google Analytics:
- Download and install the browser plugins available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
- Click on the following link. An opt-out cookie is set which prevents your data from being collected the next time that you visit this website: Deactivate Google Analytics
Further information and the applicable data protection regulations of Google can be found under policies.google.com/privacy?hl=en&gl=en and under marketingplatform.google.com/about/analytics/terms/us/.
5. Duration of Storage, Erasure and Barring of Personal Data
HERMA processes and stores your personal data only for the period of time necessary to fulfill the purpose of the storage or insofar as this has been provided for by a law or regulation by which the respective responsible person at HERMA is bound – e.g. legal retention periods.
If the storage purpose is obsolete or a legally prescribed retention period has expired, the personal data are barred or erased routinely and according to the legal stipulations.
Concrete information about the individual erasure deadlines can be found in the respective topical sections of this data privacy policy (e.g. application form, logfiles) as well as in the ConsentManager Tool with regard to the storage duration of cookies.
6. Data Security
This site uses an SSL or TLS encryption for security reasons and to protect the transmission of confidential contents such as orders or inquiries which you send to us as the site operator. An encrypted connection is recognizable in that the address line of the browser changes from “http://” to “https://” and the lock icon is displayed in your browser bar.
The data that you transfer to us cannot be read by third parties when the SSL or TLS encryption is activated.
We secure our website and other systems by technical and organizational measures against loss, destruction, access, manipulation or distribution of your data by unauthorized persons.
Please enter data only directly on our website. If you should receive unrequested e-mails asking you to state or confirm personal information or payment data, please ignore these mails and inform our HERMA team under ecommerce(at)herma.de.
7. Your Rights
The GDPR grants you various rights as user of our websites. Please contact datenschutz(at)herma.de if you have any inquiries regarding exercise of these rights. Please note that we must ensure that you actually are the affected person in case of such inquiries.
7.1 Right to Information
You are entitled to demand information about your personal data processed by us in accordance with Art. 15 GDPR. Your application for information should specify details of your concern to make it easier for us to collect the necessary data.
7.2 Right to Rectification
If the data concerned are not (no longer) applicable, you are entitled to demand rectification in accordance with Art. 16 GDPR. If your data are incomplete, you are entitled to demand their completion.
7.3 Right of Erasure
You may demand erasure of your personal data under the conditions of Art. 17 GDPR. Your right of erasure depends among other things on whether the data concerned are still needed by us to fulfill our legal purposes.
7.4 Right to Restriction of Processing
Within the scope of the specifications of Art. 18 GDPR you are entitled to demand restriction of processing of the data concerning you.
7.5 Right to Object
Art. 21 GDPR grants you the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you on the legal basis of “legitimate interest” according to Ar. 6 Par. 1 lit. f GDPR.
7.6 Right to Revoke
You are entitled to revoke a granted consent at any time with no consequences for the lawfulness of the processing that took place based on the consent up until its revocation is the data processing is based on a consent according to Art. 6 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a GDPR.
7.7 Right to Complain
If you are of the opinion that we have not observed legal data privacy regulations in the processing of your data, you can lodge a complaint with the responsible data privacy supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Königstrasse 10a, 70173 Stuttgart, Germany
Phone: +49 711 6155 41-0, Fax: +49 711 6155 41-15, E-Mail: poststelle@lfdi.bwl.de
8. Automatic Decision Finding
The TopStick website do not use automatic decision finding.
9. Amendments to the Data Privacy Policy
We reserve the right to amend or adapt this data privacy policy at any time under consideration of the valid data privacy regulations.