Data Protection
This privacy policy informs you about the type, scope, and purpose of processing personal data within our online offer and the associated websites, functions, and content. Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
I. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection regulations is:
CPT Präzisionstechnik GmbH
represented by the Managing Director, Ms. Carmen Ahnert
Carl-von-Bach-Straße 30, 09116 Chemnitz
Phone: +49 371 808179510
Fax: +49 371 808179555
Email: kontakt@cptcnc.de
II. General Information on Data Processing
We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only after the user’s consent. An exception applies in such cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by legal regulations. Insofar as we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this is provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for a contract conclusion or fulfillment.
III. Provision of the Website, Contact Form, and Cookies Scope, Purpose, and Legal Basis of Data Processing
a) Website
Each time our website www.cptcnc.de is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected:
- IP address of the requesting device,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The data is temporarily stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. Additionally, the data serves us to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing according to Article 6(1)(f) GDPR.
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the respective session is terminated. In the case of storing data in log files, this is the case after a maximum of seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that an assignment to the calling client is no longer possible. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website.
The hosting services we utilize serve the provision of the following services: infrastructure and platform services, computing capacity, storage space, and database services; email dispatch, security services, and technical maintenance services that we use for the purpose of operating this online offer.
In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties, and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer according to Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (conclusion of a data processing agreement).
We, or our hosting provider, collect data on the basis of our legitimate interests according to Article 6(1)(f) GDPR about every access to the server on which this service is located (so-called server log files). Access data includes the name of the retrieved website, file, date and time of retrieval, data volume transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Log file information is stored for security reasons (e.g., to clarify misuse or fraud) for a maximum period of 7 days and then deleted. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident is finally clarified.
b) E-Mail Contact
On our website www.cptcnc.de, there is an option for email contact. If a user takes advantage of this option, the data entered is transmitted to us and stored. This data includes:
- Email address
Additionally, any other personal data transmitted with the email will be stored. There is no transfer of this data to third parties. The data is used exclusively for processing the conversation. The processing of personal data serves solely to handle the contact. This is also the required legitimate interest in processing the data. The legal basis for the processing of data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact aims at concluding a contract, an additional legal basis for the processing is Article 6(1)(b) GDPR.
The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified. Any additional personal data collected during the sending process will be deleted at the latest after a period of seven days. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
c) Cookies
Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again. Information is stored in the cookie that is related to the specific device being used. However, this does not mean that we obtain direct knowledge of your identity as a result.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The data processed by cookies is necessary for the stated purposes to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) GDPR. Most browsers accept cookies automatically. Cookies are stored on the user’s computer and transmitted to our site. Therefore, you, as the user, have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all the functions of the website to their full extent.
IV. Links and Privacy Practices of Third Parties
The CPT website contains links to other websites not operated by us. These linked websites are not under our control, and we are not responsible for the privacy practices or content of any linked websites.
V. OpenStreetMap
This site uses the OpenStreetMap (https://www.openstreetmap.de) map service via an API, based on the Open Data Commons Open Database License (ODbL) offered by the OpenStreetMap Foundation (OSMF). To use the functions of OpenStreetMap, it is necessary to store your IP address and, if applicable, your location data. This information is usually transferred to a server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the locations specified by us on the website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. More information on the handling of user data can be found in OpenStreetMap’s privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
VI. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:
- In accordance with Article 15 GDPR, you have the right to obtain information about your personal data processed by us. In particular, you can request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about their details.
- In accordance with Article 16 GDPR, you have the right to demand the immediate correction of incorrect or completion of your personal data stored by us.
- In accordance with Article 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims.
- In accordance with Article 18 GDPR, you have the right to request the restriction of processing your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose its erasure and we no longer need the data, but you require it to establish, exercise, or defend legal claims, or you have objected to processing in accordance with Article 21 GDPR.
- In accordance with Article 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
Furthermore, you have the following rights:
a) Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. You have the possibility to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
b) Right to Withdraw Consent
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal.
c) Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.
VII. Data Security
We use the widespread SSL (Secure Socket Layer) procedure during your visit to the website in conjunction with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. Furthermore, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
VIII. Currency
This privacy policy is currently valid and has the status of October 2021.