Privacy Policy

We inform you below, in accordance with the statutory provisions of data protection law (in particular pursuant to the Federal Data Protection Act – BDSG, new version – and the European General Data Protection Regulation “GDPR”), about the type, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For definitions of terms such as “personal data” or “processing,” please refer to Art. 4 GDPR.

Name and contact details of the controller

JMD Jens Munser Designs Karl-Scharfenberg-Str. 38229 Salzgitter, Germany Email: info@jmd.de

Types of data, purposes of processing and categories of data subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process

• Master data (name, address, etc.)
• Contact data (telephone number, email, fax, etc.)

2. Purposes of processing pursuant to Art. 13(1)(c) GDPR

• Performance and execution of contracts

3. Categories of data subjects pursuant to Art. 13(1)(e) GDPR

• Visitors/users of the website
• Customers
• Prospective customers

The data subjects are collectively referred to as “users.”

Legal bases for processing personal data

Below we inform you about the legal bases for processing personal data:

• Consent: Art. 6(1)(a) GDPR
• Performance of a contract / pre-contractual measures: Art. 6(1)(b) GDPR
• Legal obligation: Art. 6(1)(c) GDPR
• Vital interests: Art. 6(1)(d) GDPR
• Legitimate interests: Art. 6(1)(f) GDPR

Disclosure of personal data to third parties and processors

As a rule, we do not disclose data to third parties without your consent. If disclosure does occur, it is based on the aforementioned legal bases—for example, the transfer of data to online payment providers for contract performance or due to a court order or a legal obligation to disclose data (for criminal prosecution, averting danger, or enforcing intellectual property rights). We also engage processors (external service providers, e.g., for web hosting of our websites and databases). Any transfer to processors within a processing agreement is always carried out pursuant to Art. 28 GDPR. We carefully select our processors, monitor them regularly, have a right to issue instructions, and require appropriate technical and organizational measures as well as compliance with data protection regulations under the BDSG and GDPR.

Data transfers to third countries

With the GDPR, a uniform basis for data protection was created in Europe. Your data is therefore primarily processed by companies to which the GDPR applies. If processing is carried out by third-party services outside the EU/EEA, the special requirements of Art. 44 et seq. GDPR must be met (e.g., an adequacy decision by the EU Commission or standard contractual clauses). For U.S. companies, submission to the so-called “Privacy Shield” can be used as a safeguard.

Erasure of data and storage period

Unless expressly stated otherwise, personal data are deleted or blocked as soon as the purpose of storage ceases to apply, unless further retention is necessary for evidentiary purposes or statutory retention obligations prevent deletion (e.g., commercial law retention of business letters under § 257(1) HGB — 6 years — and tax law retention of records under § 147(1) AO — 10 years). After these periods expire, data are blocked or deleted unless continued storage is required for the conclusion or performance of a contract.

Existence of automated decision-making

We do not use automated decision-making or profiling.

Provision of our website and creation of log files

If you use our website for informational purposes only, we collect only the personal data that your browser transmits to our server. These include in particular:

• IP address
• Internet service provider of the user
• Date and time of access
• Browser type
• Language and browser version
• Content of the request
• Time zone
• Access status/HTTP status code
• Amount of data transferred
• Websites from which the request originates
• Operating system

These data are not stored together with other personal data. They serve to deliver our website in a user-friendly, functional and secure manner, and for optimization and statistical evaluation. The legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR. For security reasons, we store these data in server log files for a period of days; after that they are automatically deleted, unless retention is required for evidentiary purposes (e.g., in the event of attacks).

Contact via contact form / email / fax / post

When you contact us, we process your details for handling your inquiry. Legal bases are Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) (legitimate interest in responding/preserving evidence/fulfilling retention duties), and in the case of contract initiation Art. 6(1)(b). Details may be stored in a CRM system. Data are deleted once the purpose ceases—generally upon conclusion of the conversation. Requests from users with an account/contract are stored for up to two years after contract end. Statutory archiving: end of the commercial (6 years) or tax (10 years) retention periods. You may withdraw consent at any time; you may also object to storage of personal data transmitted by email.

Contact by telephone

When you contact us by telephone, your phone number is processed for handling the inquiry and is temporarily stored in the device (RAM/cache) or displayed. Storage occurs for liability/security reasons (proof) and to enable call-backs. Unauthorized advertising calls are blocked. Legal basis: Art. 6(1)(f) GDPR; for contract initiation additionally Art. 6(1)(b). The device cache stores calls for 30 days and overwrites/deletes old data; upon device disposal, all data are deleted. Blocked numbers are reviewed annually. You can prevent display of your number by suppressing caller ID.

Presence on social media

We maintain profiles/fan pages on social media to communicate with users and to provide information about products, offers and services. When using and accessing our profile, the privacy notices and terms of the respective network apply. We process the data you send us there to communicate with you and reply to your messages. Legal basis: legitimate interests in communication and external presentation (Art. 6(1)(f) GDPR); where you have given consent to the network operator, Art. 6(1)(a) in conjunction with Art. 7 GDPR.

• Facebook (Facebook Ireland Ltd., Dublin, Ireland) — Privacy Policy, Opt-out: facebook.com/settings?tab=ads, youronlinechoices.com, Privacy Shield: link.
• Instagram (Instagram Inc., Menlo Park, USA) — Privacy/Opt-out.
• Twitter (Twitter Inc., San Francisco, USA) — Privacy Policy, Opt-out: twitter.com/personalization, Privacy Shield: link.

Social media plug-ins

We use social media plug-ins and the “two-click solution” Shariff (c’t/heise). When our website is called up, no personal data are transmitted to plug-in providers. Only after activation does the provider receive information about the visit and personal data are transmitted/stored (third-party cookies). Data collected are stored by the plug-in provider as user profiles (for advertising, market research, and/or needs-based website design), potentially also for users who are not logged in. Users have the right to object to such profiling (please contact the respective provider directly). Legal basis: legitimate interests pursuant to Art. 6(1)(f) GDPR. We have no influence on scope/purpose/storage duration of processing. Please consult the privacy policies of the respective networks; there you will also find information about your rights and settings to protect your data.

Facebook

We have integrated Facebook plug-ins (Shariff). After deliberate activation, a connection to Facebook’s servers is established; Facebook receives, among other things, your IP address and may store it in the USA. If you are logged in, Facebook may associate the visit with your account. Actions (e.g., pressing “Like”) are also transmitted/stored and displayed in your profile. Details: facebook.com/about/privacy/ — “Like” button: facebook.com/help/186325668085084 — Ad settings/objection: facebook.com/ads/preferences/.

Twitter

We have integrated Twitter plug-ins (Shariff). Upon activation, Twitter may associate the visit to our website with your profile (if logged in). To prevent this, log out before visiting and delete your cookies. Details: twitter.com/en/privacy — Opt-out: twitter.com/personalization.

Instagram

We have integrated Instagram plug-ins (Shariff). Upon activation, Instagram receives, among other things, your IP address and may associate the visit with your account (if logged in). Content can be shared/saved via the button. Details: help.instagram.com/519522125107875 — Privacy settings: help.instagram.com/196883487377501.

Rights of the data subject

Objection or withdrawal against the processing of your data

Where processing is based on your consent (Art. 6(1)(a), Art. 7 GDPR), you may withdraw consent at any time. The lawfulness of processing up to the time of withdrawal remains unaffected. Where processing is based on Art. 6(1)(f) GDPR, you may object. Please state your reasons so we can review the situation and stop/adjust processing or demonstrate compelling legitimate grounds. You may object to processing for advertising and data analysis purposes at any time, free of charge.

JMD Jens Munser Designs Karl-Scharfenberg-Str. 70 38229 Salzgitter, Germany Email: info@jmd.de

Right of access

You have the right of access under Art. 15 GDPR to the personal data stored by us (purposes, categories, recipients, storage period, source of the data, etc.).

Right to rectification

You have the right to rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR).

Right to erasure

You have the right to erasure under Art. 17 GDPR, unless statutory/contractual obligations require retention.

Right to restriction

You may request restriction of processing (Art. 18(1)(a–d) GDPR), in particular if:

• you contest the accuracy of personal data (for the period enabling verification),
• processing is unlawful and you request restriction instead of erasure,
• the controller no longer needs the data, but you need them for legal claims, or
• you objected pursuant to Art. 21(1) GDPR and the balancing is pending.

Right to data portability

You have the right to data portability under Art. 20 GDPR (common, machine-readable format or transfer to another controller).

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority (place of residence, workplace, or place of the alleged infringement).

Data security

To protect all personal data transmitted to us and to ensure compliance with data protection regulations by us and our external service providers, we have implemented appropriate technical and organizational measures. All data between your browser and our server are transmitted in encrypted form via a secure SSL connection. Status: 29/10/2018 Source: Sample privacy policy by JuraForum.de