Data Privacy Statement

The person responsible within the meaning of the data protection laws is

Prof. Dr. Ing. Hans-Joachim Kretschmar

Haager Weg 6
92224 Amberg
Germany

Email: info@thermofluidprop.com

link to legal notice:thermofluidprop.com

 

With this data protection information we inform you (in the following text also referred to as "user" or "data subject") in a general way about the data processing in our company and in particular about the data processing in the context of a visit to our website, contacting us by email or telephone/fax. We also inform you about your rights with regard to the processing of your data. The term "data processing" always refers to the processing of personal data.

 

1. General information on data processing

 

1.1 Categories of personal data

We process the following categories of personal data:

- inventory data (e.g. names, addresses, functions, organizational affiliation, etc.);

- contact data (e.g. email, telephone/fax numbers etc.);

- content data (e.g. text entries, image files, videos etc.);

- usage data (e.g. access data);

- meta/communication data (e.g. IP addresses).

 

1.2 Recipients or categories of recipients of personal data

If, in the course of our processing, we disclose data to other persons and companies such as webhosts, contract processors or third parties, transfer it to them or otherwise grant them access to the data, this is done on the basis of a legal authorisation (e.g. if transfer of the data to third parties is necessary in accordance with Art. 6 Para. 1 letter b DS-GVO for the performance of the contract), if the persons concerned have given their consent or if a legal obligation provides for this.

 

1.3 Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of the period, the corresponding data will be deleted if they are no longer required for achieving the purpose, fulfilling the contract or initiating a contract.

 

1.4 Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or if data is disclosed or transferred to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data to a third country if the special requirements of Art. 44 ff. DS-GVO, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection equivalent to that in the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

 

2. Data processing within the scope of visiting our website

2.1 Log files

Every time a person accesses our website, general data and information is stored in the log files of our system:

 

- date and time of access (time stamp);

- request details and destination address (protocol version, HTTP method, referrer, user agent string);

- Name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes);

- Message whether the retrieval was successful (HTTP Status Code).

 

When using this general data and information, we do not draw any conclusions about the person concerned. There is no personal evaluation or an evaluation of the data for marketing purposes or profile building. The IP address is not saved in this context.

The legal basis for the temporary storage of data is Art. 6 Para. 1 lit. f DS-GVO. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the secure operation of our website. There is therefore no possibility of objection on the part of the person concerned.

 

2.2 Malware detection and log data evaluation

We collect log data that is generated during the operation of our company's communication technology and evaluate it automatically, insofar as this is necessary to detect, limit or eliminate faults or errors in communication technology or to defend against attacks on our information technology or the detection and defence of malware.

The legal basis for the temporary storage and evaluation of the data is Art. 6 para. 1 lit. f DS-GVO. The storage and evaluation of the data is absolutely necessary for the provision of the website and for its secure operation. There is therefore no possibility of appeal by the person concerned.

 

2.3 Cookies

So-called cookies are used on our website. Cookies are small text files that are exchanged between web browsers and the hosting server. Cookies are stored on the user's computer and are transmitted by the user to our site. In the web browser used in each case, you can restrict or generally prevent the use of cookies by using an appropriate setting. Cookies already stored can be deleted at any time. If cookies for our website are deactivated, this may mean that the website cannot be displayed or used in its entirety.

The legal basis for the processing of personal data using cookies is Art. 6 Paragraph 1 lit. f DS-GVO.

 

2.4 Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating our website.

For this purpose, we or our contract processor process inventory data, contact data, content data, contract data, usage data, meta and communication data of users of our website on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f DS-GVO in conjunction with Art. 28 DS-GVO (conclusion of a contract for contract processing).

 

3. Data processing within the scope of establishing contact

 

3.1 Contact by email

It is possible to contact our company by email using the email addresses published on our website.

As far as you use this contact method, the data transmitted by you (e.g. name, first name, address), at least however the email address, as well as the information contained in the email together with any personal data transmitted by you will be stored for the purpose of contacting you and processing your request. In addition, the following data is collected by our system:

 

- IP address of the calling computer;

- Date and time of the email.

 

The legal basis for the processing of personal data in the context of emails sent to us is Art. 6 Para. 1 lit. b or lit. f DS-GVO.

 

3.2 Contact by letter and fax

If you send us a letter or a fax, the data transmitted by you (e.g. surname, first name, address) and the information contained in the letter or fax will be stored together with any personal data you may have transmitted for the purpose of contacting you and processing your request.

The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6 Paragraph 1 lit. b or lit. f DS-GVO.

 

4. Your rights

As a data subject, you are entitled to the following rights in connection with the processing of your personal data:

 

4.1 Right of access

1. The data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him or her are being processed; if this is the case, he or she shall have the right to obtain information concerning such personal data and to obtain the following information

(a) the purposes of the processing;

(b) the categories of personal data processed;

(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

(d) if possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;

(e) the existence of a right of rectification or erasure of personal data relating to him or her or of a restriction on processing by the controller or a right to object to such processing;

(f) the existence of a right of appeal to a supervisory authority;

(g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

2. Where personal data are transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 of the DPA in connection with the transfer.

 

4.2 Right of rectification

The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate personal data concerning him/her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration.

 

4.3 Right of cancellation

1. The data subject shall have the right to obtain from the controller the deletion without delay of personal data relating to him/her and the controller shall be obliged to delete personal data relating to him/her without delay if one of the following reasons applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed

b) the data subject withdraws the consent on which the processing was based under Article 6(1)(a) or Article 9(2)(a) of the DPA and there is no other legal basis for the processing.

c) The data subject objects to the processing pursuant to Article 21 (1) DPA and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Article 21 (2) DPA.

d) The personal data have been processed unlawfully.

(e) the deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject

f) The personal data were collected in relation to information society services offered, in accordance with Article 8(1) of the DS-GVO.

 

2. Where the controller has made the personal data public and is under an obligation to erase them in accordance with paragraph 1, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform controllers who process the personal data that a data subject has requested them to delete all links to those personal data or to make copies or replications of them.

 

3. Paragraphs 1 and 2 shall not apply insofar as the processing is necessary

(a) to exercise the right to freedom of expression and information

(b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

c) for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the DS-GVO;

d) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1, insofar as the right referred to in para. 1 is likely to render impossible or seriously hamper the attainment of the objectives of such processing, or

(e) to assert, exercise or defend legal claims

 

4.4 Right to restrict processing

1. The data subject shall have the right to obtain from the controller the restriction of the processing if one of the following conditions is met:

(a) the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data

(b) the processing is unlawful and the data subject refuses the deletion of the personal data and requests instead the restriction of the use of the personal data

(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the purpose of asserting, exercising or defending legal claims; or

(d) the data subject has lodged an objection to the processing pursuant to Article 21(1) of the DPA, as long as it has not been established that the legitimate reasons of the controller outweigh those of the data subject.

 

2. Where processing has been restricted in accordance with paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

 

4.5 Right to data transferability

1. The data subject shall have the right to obtain the personal data concerning him/her which he/she has supplied to a controller in a structured, standard and machine-readable format and the right to have such data communicated to another controller without interference by the controller to whom the personal data have been supplied, provided that

(a) the processing is based on a consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the DS-BER or on a contract pursuant to Article 6(1)(b) of the DS-BER, and

(b) the processing is carried out by means of automated procedures.

 

2. In exercising his or her right to data transfer pursuant to paragraph 1, the data subject shall have the right that personal data be transferred directly from one controller to another controller, in so far as this is technically feasible.

The right referred to in paragraph 1 shall not affect the rights and freedoms of other persons.

This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

4.6 Right of objection

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) of the DPA, including profiling based on these provisions. The controller no longer processes the personal data unless he or she can demonstrate compelling reasons for processing which are justified on grounds of protection that outweigh the interests, rights and freedoms of the data subject, or the processing is carried out for the purpose of asserting, exercising or defending legal claims.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right of objection by means of automated procedures involving technical specifications.

 

4.7 Right of withdrawal

The person concerned has the right to revoke his or her declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

 

4.8 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he or she is resident, at his or her place of work or at the place where the alleged infringement occurred, if he or she considers that the processing of personal data relating to him or her is being carried out in breach of this Regulation.