Data protection statements

Name and contact details of those responsible pursuant to Art. 4 sec. 7 GDPR.

Hermann Nottenkämper GmbH & Co. KG

Eichenallee 1
46569  Hünxe

Nottenkämper Umweltdienste GmbH

Vogesenstraße 30b
46119 Oberhausen

Postfach 11 10
46536 Hünxe

Telephone: (02853) 95690 0
Telefax: (02853) 95690 99
E-mail: info(at)nottenkaemper.de

Contact data protection representative: datenschutz(at)nottenkaemper.de

Security and protection of your personal data

We consider it our paramount duty to safeguard the confidentiality of the personal data provided by you, and to protect these against unauthorised access. We therefore exercise the utmost care and apply the latest security standards to ensure maximum protection for your personal data.

As a private-law company we are governed by the provisions of the European General Data Protection Regulation (GDPR) and the rules of the German Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure compliance with data protection regulations by ourselves as well as by our external service providers.

Definitions
The lawmaker requires that personal data be processed lawfully, in good faith and in a manner that can be understood by the data subject ("legality, processing in good faith, transparency"). To ensure this, we now wish to inform you of the definition of the individual legal terms, also used in this data protection statement.

1. Personal data
"Personal data" are all information concerning an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if he/she can be identified directly or indirectly, in particular through allocation to an identifier such as name, a code number, location data, an online identifier or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
 
2. Processing
“Processing” is any process, carried out with or without the help of automated procedures, or any such series of processes in connection with personal data, such as the collection, recording, organisation, arrangement, storage, adaptation or alteration, the reading out, retrieval, use, disclosure through transmission, dissemination or any other form of provision, the comparison or linking, restriction, erasure or destruction.

3. Restriction of processing
"Restriction of processing" is the marking of stored personal data with the aim of restricting their future processing.

4. Profiling
"Profiling" is any form of automated processing of personal data involving the use of these personal data to assess specific personal aspects referring to a natural person, in particular to analyse or forecast aspects related to work performance, economic position, health, personal preferences, interests, reliability, conduct, place of residence or a change of location of this natural person.

5. Pseudonymisation
"Pseudonymisation" is the processing of personal data in such a manner that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided this additional information is kept separately, and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
 
6. File system
"File system" is any structured collection of personal data that are accessible on the basis of specific criteria, irrespective of whether this collection is kept centrally, decentrally or classified according to functional or geographic aspects.
 
7. Controller
"Controller" is a natural or legal person, authority, establishment or other body that decides, alone or jointly with others, on the purposes and means of the processing of personal data. If the purposes and means of this processing are prescribed by EU law or the law of the member states, the controller, or the specific criteria for his/her appointment, can be envisaged under EU law or the law of the member states.

8. Processor
"Processor" is a natural or legal person, authority, establishment or other body that processes personal data on behalf of the controller.

9. Recipient
"Recipient" is a natural or legal person, authority, establishment or other body to which personal data are disclosed, irrespective of whether this person or body is a third party or not. Authorities that may possibly receive personal data within the framework of a specific inquiry under EU law or the law of the member states are not however considered to be recipients. The processing of these data by the said authorities is carried out in compliance with the applicable data protection regulations in accordance with the purposes of the processing.
 
10. Third party
"Third party" is a natural or legal person, authority, establishment or other body, other than the data subject, the controller, the processor and those persons authorised to process the personal data under the direct responsibility of the controller or of the processor.

11. Consent
"Consent" by the data subject is any voluntary declaration of will, issued for the specific case, in an informed manner and unmistakeably, in the form of a declaration or other clearly confirming action, through which the data subject indicates that he/she is in agreement with the processing of his/her personal data.

Lawfulness of processing

The processing of personal data is only lawful if there is a legal basis for the processing. Under Article 6 (1) lit. a – f GDPR, the legal basis for the processing can be in particular:

a. The data subject has issued his/her consent to the processing of his/her personal data for one or more specific purposes.

b. The processing is necessary for fulfilment of a contract to which the data subject is a contracting party, or for implementation of pre-contractual measures carried out at the request of the data subject.

c. The processing is necessary for fulfilment of a legal obligation incumbent on the controller.

d. The processing is necessary in order to protect vital interests of the data subject or of another natural person.

e. The processing is necessary for the performance of a duty that is in the public interest, or is performed in the exercise of public powers transferred to the controller.

f. The processing is necessary for safeguarding the legitimate interests of the controller or of a third party, unless interests or basic rights and basic liberties of the data subject prevail that require the protection of personal data, in particular if the data subject is a child.

Information concerning the collection of personal data

 (1) We wish to inform you below concerning the collection of personal data when using our website. Personal data are for example name, address, email addresses, user behavior.

 (2) If you contact us by email or via a contact form, the data provided by you (your email address, possibly your name and telephone number) will be stored by us in order to answer your questions. The data collected in this context will be erased as soon as storage is no longer necessary, or the processing will be restricted if statutory retention periods apply.

Collection of personal data when visiting our website
If you use our website for information purposes only, i.e. if you do not register or provide us with information in any other way, we shall collect solely the personal data forwarded to our server by your browser. If you wish to view our website, we shall collect the following data that are technically necessary for us in order to show you our website and to guarantee its stability and security (legal basis is Art. 6 (1) Sentence 1 lit f. GDPR):

  • IP address
  • Date and time of the inquiry
  • Time-zone difference compared to Greenwich Mean Time (GMT)
  • Content of the request (specific site)
  • Access status/HTTP status code
  • Respective data volume transferred
  • Website from which the request is sent
  • Browser
  • Operating system and its surface
  • Language and version of the browser software

Use of cookies

(1) In addition to the above mentioned data, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser used by you, and via which specific information is sent to the body setting the cookie. Cookies cannot run programs or transfer viruses to your computer. Their purpose is to make the website more user friendly and effective overall.  


(2) This website uses the following types of cookies whose scope and function are explained below:
– Transient cookies (see a.)
– Persistent cookies (see b.).


a. Transient cookies are erased automatically when you close your browser. These include in particular the session cookies. These store a so-called session ID with which various inquiries by your browser can be assigned to the joint session. This enables recognition of your computer when you return to our website. The session cookies are erased when you log off or close the browser.


b. Persistent cookies are automatically erased after a pre-defined period which can however vary from cookie to cookie. You can erase the cookies at any time via the security settings of your browser.


c. You can configure your browser settings in accordance with your wishes and, for example, reject the acceptance of third-party cookies or of all cookies. So-called "third-party cookies" are cookies set by a third party and therefore not by the actual website you are currently visiting. We draw your attention to the fact that deactivating cookies may result in you not being able to use all functions of this website.


d. We use cookies in order to be able to identify you during later visits if you have an account with us. Otherwise, you would have to log on again during each visit.

Additional functions and offers on our website

(1) In addition to use of our website purely for information purposes, we offer various services that you can use in the event of interest. As a rule, this requires the provision of additional personal data that we use to provide the respective service, and for which the above mentioned data processing principles apply.  

(2) We in part use external service providers to process your data. These have been carefully selected and appointed by us, are bound by our instructions and are checked at regular intervals.

(3) We are also entitled to forward your personal data to third parties if we offer promotional measures, prize competitions, contract conclusion or similar services jointly with partners. You will receive more detailed information when you provide your personal data or below in the description of the offer.

(4) If our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we shall inform you of the related consequences in the description of the offer.

Children

Our offer is generally intended for adults. Persons under the age of 18 should not forward personal data to us without the consent of their parents or guardian.

Rights of persons concerned

(1) Revocation of consent
If the processing of personal data is based on consent issued, you have the right to revoke the consent at any time. Revocation of the consent shall not affect the legality of the processing, carried out on the basis of the consent, up until the revocation. You can contact us at any time to exercise your right of revocation.

(2) Right to confirmation
You have the right to request confirmation from the controller as to whether we process personal data concerning you. You can request the confirmation at any time via the above contact data

(3) Right of access to personal data
If personal data are processed, you can request access to these personal data at any time as well as the following information:

a. the purposes of the processing
b. the categories of personal data processed
c. the recipients or categories of recipients to which the personal data have been or will be disclosed, in particular in the case of recipients in third countries or in international organisations
d. if possible the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining the duration
e. the existence of a right to rectification or erasure of your personal data, of a right to restrict the processing by the controller, or of a right to object to this processing
f. the existence of a right to complain to a supervisory authority
g. all available information on the origin of the data, if the personal data are not collected from the data subject
h. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and - at least in these cases – meaningful information on the logic involved as well as the consequences and striven-for effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed concerning the suitable guarantees in connection with the transfer pursuant to Art. 46 GDPR. We shall provide one copy of the personal data covered by the processing. We are entitled to levy an appropriate charge based on the administration costs for all further copies requested by you. If you submit the application electronically, the information must be provided in a commonly-used electronic format, unless otherwise specified. The right to receive a copy pursuant to (3) must not impair the rights and liberties of other persons.

(4) Right to rectifiction
You have the right to demand immediate rectification by us of incorrect personal data on you. Taking account of the purposes of the processing, you have the right to demand the completion of incomplete personal data – including via a supplementing declaration.  

(5) Right to erasure (“Right to be forgotten”)
You have the right to demand immediate rectification by us of incorrect personal data on you. Taking account of the purposes of the processing, you have the right to demand the completion of incomplete personal data – including via a supplementing declaration.

a. The personal data are no longer required for the purposes for which they were collected or otherwise processed.
b. The data subject revokes the consent on which the processing pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR was based, and there is no other legal basis for the processing.
c. The data subject files an objection against the processing pursuant to Art. 21 (1) GDPR, and there are no overriding legitimate reasons for the processing, or the data subject files an objection against the processing pursuant to Art. 21 (2) GDPR.
d. The personal data have been processed unlawfully.
e. Erasure of the personal data is required for fulfilment of a legal obligation under EU law or the law of the member states to which the controller is subject.
f. The personal data have been collected in connection with services offered by the information society pursuant to Art. 8 (1) GDPR.

If the controller has made the personal data public and is obliged to erase them under (1), he/she shall, with consideration for the available technology and the implementation costs, take appropriate measures, including of a technical nature, to inform controllers, responsible for the data processing and processing the personal data, that a data subject has demanded that they erase all links to these personal data, or copies or replications of these personal data.

The right to erasure ("Right to be forgotten") shall not apply if the processing is necessary:

for exercising the right of freedom of expression and information,
for fulfilment of a legal obligation requiring processing under the law of the EU or of the member states to which the controller is subject, or for performance of a duty that is in the public interest, or is performed in the exercise of public powers transferred to the controller,
for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i, as well as Art. 9 (3) GDPR,
for archiving purposes, scientific or historical research purposes in the public interest, or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right stated under (1) foreseeably renders achievement of the aims of this processing impossible or seriously impairs this, or
for the assertion, exercise or defence of legal entitlements.
(6) Right to restriction of the processing
You have the right to demand restriction of the processing of your personal data by us if one of the following prerequisites applies:

a. if the data subject disputes the correctness of the personal data, and indeed for a period that enables the controller to check the correctness of the personal data,

b. if the processing is unlawful and the data subject rejects the erasure of the personal data, and instead demands a restriction on the use of the personal data,

c. if the controller no longer requires the personal data for the purposes of the processing, but the data subject nevertheless requires these for the assertion, exercise or defence of legal entitlements, or

d. the data subject has filed an objection to the processing pursuant to Art. 21 (1) GDPR, until such time as it has been ascertained whether the legitimate interests of the controller prevail over those of the data subject. If the processing has been restricted on the basis of the above prerequisites, these personal data – with the exception of their storage – will only be processed with the consent of the data subject, for the assertion, exercise or defence of legal entitlements, to protect the rights of another natural or legal person, or for reasons of an important public interest on the part of the EU or a member state.

The data subject can contact us at any time via the above contact data to exercise the right to restriction of processing.

(7) Right to data portability
You have the right to receive your personal data, provided to us by you, in a structured, commonly-used and machine-readable format, and you also have the right to transfer these data to another controller without hindrance by the controller to whom the personal data were provided, as long as:

a. the processing is based on consent pursuant to Article 6 (1) lit a. or Article 9 (2) lit. a., or on a contract pursuant to Article 6 (1) lit. b. GDPR, and

b. the processing is carried out with the help of automated procedures.

When exercising the right to data portability pursuant to (1), you have the right to insist that the personal data be transferred directly by one controller to another controller, insofar as this is technically possible.  Exercise of the right to data portability shall not affect the right to erasure ("Right to be forgotten").  This right shall not apply to processing that is necessary for the performance of a duty that is in the public interest, or is performed in the exercise of public powers transferred to the controller.e. The processing is necessary for the performance of a duty that is in the public interest, or is performed in the exercise of public powers transferred to the controller.

(8) Right to object
You have the right to file an objection at any time against processing of your personal data, carried out on the basis of Art. 6 (1) lit. e or f GDPR, for reasons resulting from your particular situation. This also applies to any profiling based on these provisions. The controller will then no longer process the personal data, unless he/she can demonstrate compelling reasons for the processing warranting protection, and these prevail over the interests, rights and liberties of the data subject, or if the processing is for the purpose of asserting, exercising or defence of legal entitlements.

If personal data are processed in order to carry out direct advertising, you have the right to file an objection at any time against the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If you object to processing for purposes of direct advertising, the personal data will no longer be processed for these purposes.

In connection with the use of services of the information society and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right of objection via automated procedures that use technical specifications.

You have the right to file an objection, for reasons resulting from your particular situation, to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary for fulfilment of a duty that is in the public interest.

The right to object can be exercised at any time by contacting the respective controller.

(9) Automated decisions on a case-by-case basis, including profiling
You have the right not to be subjected to a decision, based exclusively on automated processing – including profiling - that is legally effective against you or that significantly impairs you in a similar manner. This shall not apply if the decision. This shall not apply if the decision:

a. is necessary for the conclusion or fulfilment of a contract between the data subject and the controller,

b. is admissible on the basis of legal regulations of the EU or of the member states to which the controller is subject, and these legal regulations include appropriate measures for safeguarding the rights and liberties as well as the legitimate interests of the data subject, or

c. is taken with the express consent of the data subject.

The controller shall take appropriate measures to safeguard the rights and liberties as well as the legitimate interests of the data subject. This includes at least the right to insist on the intervention of a person by the controller, the right to set out one’s own position and to contest the decision.

This right can be exercised by the data subject at any time by contacting the respective controller.

(10) Right to complain to a supervisory authority
Notwithstanding any other administrative-law or judicial remedy, you also have the right to complain to a supervisory authority, in particular in the member state of your residence, your place of work or the place of the suspected violation, if the data subject is of the opinion that the processing of his/her personal data violates this Regulation.

(11) Right to an effective judicial remedy
Notwithstanding any available administrative-law or extra-judicial remedy, including the right to complain to a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy if you are of the opinion that the rights, to which you are entitled under this Regulation, have been violated through processing of your personal data that is not in compliance with this Regulation.

Google Web Fonts

This site uses so-called Web Fonts, provided by Google, to obtain a uniform presentation of fonts. When a site is called up, your browser loads the required Web Fonts in your browser cache, in order to display texts and fonts correctly.

For this purpose, the browser used by you must establish a connection to the Google servers. In this way, Google is informed that our website has been called up via your IP address. The use of Google Web Fonts is in the interests of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest as defined in Art. 6 (1) lit. f GDPR.

If your browser does not support Web Fonts, your computer will use a standard font.

Further information on Google Web Fonts can be found at developers.google.com/fonts/faq and in the Google Data Protection Statement: www.google.com/policies/privacy/

Further information is available on the following pages: