Privacy policy in accordance with the GDPR

I. Name and address of the controller

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Johannes Droste GmbH
Tel.: 0209 / 947000
Email: anfrage@droste-gmbh.de
Website: www.droste-gmbh.de

II. Name and address of the contact person for data protection issues

Due to legal provisions, the company is not obliged to appoint a data protection officer. If you have any questions regarding data protection, please contact:

Johannes Droste GmbH
Tel.: 0209 / 947000
Email: anfrage@droste-gmbh.de

II. General information on data processing

Scope of the processing of personal data
We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.

Legal basis for the processing of personal data
Where we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Where the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for processing.

Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by European or national legislation in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
4.  SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser’s address bar.

II. Provision of the website and creation of log files

1.  Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected:
(1)   Information about the browser type and version used
(2)   The user’s operating system
(3)   The user’s Internet service provider
(4)   The user’s IP address
(5)   Date and time of access
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2.  Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Article 6(1)(f) GDPR.

3.  Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

4.  Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after no more than seven days. Storage beyond this period is possible. In such cases, the users’ IP addresses are deleted or anonymised so that it is no longer possible to identify the accessing client.

5.  Right to object and removal
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no right to object.

II. Use of cookies

1.  Description and scope of data processing
Our website does not use cookies.
Email contact
1.  Description and scope of data processing
Contact can be made via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.
The data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2.  Legal basis for data processing
If the user has given consent, the legal basis for processing the data is Article 6(1)(a) GDPR.
The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3.  Purpose of data processing
The processing of personal data transmitted by email serves solely to handle the contact request. This also constitutes the required legitimate interest in processing the data.

4.  Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the contact form input fields and those transmitted by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5.  Right to object and removal
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of the contact will be deleted.

II. Plugins and Tools

Adobe Typekit
We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service that provides access to a font library and is offered by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When a page is accessed, your browser loads the required web fonts into its cache in order to display texts and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to deliver the fonts. To provide the Typekit service, Adobe may collect information about the font usage that serves to identify the website itself and the associated Typekit account.
Further information can be found on the Adobe Typekit privacy information page (https://www.adobe.com/privacy/policies/typekit.html) and in Adobe’s privacy policy (https://www.adobe.com/privacy/policy.html).

Google Maps
This website uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the United States and stored there. The operator of this website has no influence on this data transmission. The use of Google Maps is in the interest of an appealing presentation of our online offerings and to make it easy to locate the places specified on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. More information on how Google handles user data can be found in Google’s privacy policy: https://www.google.de/intl/en/policies/privacy/.

II. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1.  Right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you may request access from the controller to the following information:
(1)        the purposes for which the personal data is processed;
(2)        the categories of personal data being processed;
(3)        the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4)        the planned duration for which the personal data concerning you will be stored, or, if specific information is not possible, the criteria used to determine that period;
(5)        the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6)        the existence of a right to lodge a complaint with a supervisory authority;
(7)        all available information as to the source of the data, where the personal data is not collected from the data subject;
(8)        the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2.  Right to rectification
You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you.

3.  Right to restriction of processing
You may request the restriction of processing of your personal data under the following conditions:
(1)        if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2)        if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3)        if the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
(4)        if you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been imposed under the above conditions, you will be informed by the controller before the restriction is lifted.

4.  Right to erasure
a)  Obligation to erase
You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such personal data without undue delay where one of the following grounds app