Privacy Policy
We are pleased by your interest in our company. Protecting your data is a top priority for the management at prodecon fabrics GmbH. In General, you can visit the prodecon fabrics GmbH website without providing any personal information. However, if you wish to access certain services offered through our website, the processing of personal data may become necessary. Should this occur, and there is no legal basis for such processing, we will always seek your explicit consent.
When we process personal data—such as your name, address, email address, or phone number—it is done in full compliance with the General Data Protection Regulation (GDPR) and in accordance with the specific data protection laws applicable to prodecon fabrics GmbH. Through this Privacy Policy, we aim to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. We also explain the rights to which individuals are entitled.
As the data controller, prodecon fabrics GmbH has implemented a range of technical and organizational measures to ensure the most comprehensive protection possible of personal data processed through our website. However, please note that Internet-based data transmissions can still be vulnerable to security risks, and complete protection cannot be guaranteed. For this reason, individuals are free to submit personal data to us via alternative methods, such as over the phone.
1. Definition of terms
The privacy policy of prodecon fabrics GmbH is based on the terminology used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the public as well as our customers and business partners. To ensure this, we would like to explain the key terms used in advance.
Throughout this privacy policy, we use the following terms:
- a) Personal Data
Personal data includes any information related to an identified or identifiable individual (referred to as the “data subject”). An identifiable person is someone who can be directly or indirectly identified, especially by reference to identifiers like their name, identification number, location data, online ID, or other characteristics like physical, genetic, mental, economic, cultural, or social traits. - b) Data Subject
A data subject is any individual whose personal data is being processed by the person or entity responsible for the processing.
- c) Processing
Processing refers to any action or series of actions performed on personal data, whether through automated means or not. This can include collecting, recording, organizing, storing, modifying, retrieving, using, sharing, or deleting personal data. - d) Restriction of Processing
Restriction of processing means marking stored personal data to limit how it can be used in the future. - e) Profiling
Profiling is any type of automated processing of personal data used to assess certain personal characteristics about an individual, such as their job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. - f) Pseudonymization
Pseudonymization is the process of handling personal data in a way that prevents it from being linked to a specific person without additional information, which is kept separately and protected by technical and organizational safeguards.
- g) Controller (Data Controller)
The controller, or data controller, is the person, company, or authority that determines how and why personal data is processed. If the purposes and methods of processing are defined by law, the controller may be designated according to that law. - h) Processor
A processor is the person or organization that processes personal data on behalf of the controller. - i) Recipient
A recipient is any person, company, or authority to whom personal data is disclosed, whether or not they are considered a third party. However, authorities that receive personal data as part of a specific investigation under the law are not considered recipients. - j) Third Party
A third party is anyone other than the data subject, the controller, the processor, or those authorized by the controller or processor to handle personal data.
- k) Consent
Consent means any clear, informed, and voluntary agreement by the data subject to allow the processing of their personal data. This can be given through a statement or a clear affirmative action.
2. Name and Address of the Data Controller
The data controller, as defined by the General Data Protection Regulation (GDPR) and other applicable data protection laws in the member states of the European Union, as well as other provisions related to data protection, is:
prodecon fabrics GmbH
Wolfäckerstrasse 10
70794 Filderstadt
Germany
Phone: +497158943310
E-Mail: fabrics@prodecon-fabrics.com
Website: www.prodecon-fabrics.de
3. Collection of General Data and Information
When a data subject or an automated system accesses the prodecon fabrics GmbH website, a range of general data and information is collected. This information is stored in the server log files. The data collected may include: (1) the type and version of the browser used, (2) the operating system of the accessing system, (3) the website from which the accessing system reached our site (known as the referrer), (4) the subpages accessed on our website, (5) the date and time of access, (6) an Internet Protocol (IP) address, (7) the Internet service provider of the accessing system, and (8) other similar data and information used to protect against threats to our IT systems.
The collection of this general data and information does not allow prodecon fabrics GmbH to draw any conclusions about the data subject. Instead, this information is used to: (1) deliver the content of our website correctly, (2) optimize our website content and advertisements, (3) ensure the ongoing functionality of our IT systems and website technology, and (4) provide necessary information to law enforcement agencies in the event of a cyberattack. This anonymized data is analyzed statistically and to improve data protection and security within our company, ultimately aiming to ensure an optimal level of protection for the personal data we process. The anonymous data in server log files is stored separately from any personal data provided by the data subject.
4. Contact through the website
The prodecon fabrics GmbH website provides information required by law to facilitate quick electronic contact with our company and direct communication with us, including a general email address. If a data subject contacts the data controller via email or through a contact form, the personal data they provide is automatically stored. This data, submitted voluntarily, is used solely for processing the request or for communication with the data subject. It will not be shared with third parties.
5. Routine Deletion and Blocking of Personal Data
The data controller processes and stores personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by European regulations or other applicable laws.
Once the purpose for storing the data no longer exists or the retention period mandated by European regulations or other relevant laws expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.
6. Rights of the Data Subject
- a) Right to Confirmation Every data subject has the right, granted by European regulations, to request confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right, they can contact an employee of the data controller at any time.
- b) Right to Access Every data subject whose personal data is being processed has the right, granted by European regulations, to obtain, at any time, free information from the data controller about the personal data stored about them, as well as a copy of this information. Additionally, European regulations grant the data subject access to the following details:
- The purposes of the processing.
- The categories of personal data being processed.
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly if they are recipients in third countries or international organizations.
- Where possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration.
- The existence of the right to request rectification or erasure of personal data, restriction of processing by the controller, or objection to such processing.
- The Right to Lodge a Complaint with a Supervisory Authority
Data subjects also have the right to lodge a complaint with a supervisory authority if they believe their personal data is being processed unlawfully. - If the personal data was not collected from the data subject: data subjects have the right to access all available information about the origin of their personal data.
- The Right to Automated Decision-Making, Including Profiling: data subjects have the right to be informed about the existence of automated decision-making, including profiling, as outlined in Article 22(1) and (4) of the GDPR. In such cases, they are entitled to receive meaningful information about the logic involved, as well as the significance and potential consequences of such processing for them.
Data subjects also have the right to know whether their personal data has been transferred to a third country or an international organization. If this has occurred, they are entitled to receive information about the appropriate safeguards in place concerning the transfer.
If a data subject wishes to exercise their right to access, they may contact an employee of the data controller at any time.
- c) Right to Rectification
Every data subject whose personal data is being processed has the right, granted by European regulations, to request the immediate rectification of inaccurate personal data concerning them. Additionally, data subjects have the right to request the completion of incomplete personal data, considering the purposes of the processing, which may include providing a supplementary statement. If a data subject wishes to exercise this right, they can contact an employee of the data controller at any time.
- d) Right to Erasure (Right to Be Forgotten)
Every data subject whose personal data is being processed has the right, granted by European regulations, to request that the data controller delete their personal data without delay, provided one of the following reasons applies and the processing is not necessary:
- The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
- The data subject withdraws their consent, which served as the basis for processing according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data has been unlawfully processed.
- The erasure of the personal data is necessary to fulfill a legal obligation under European Union law or the laws of the member states to which the data controller is subject.
- The personal data was collected in relation to the offering of information society services as referred to in Article 8(1) GDPR.
If one of the aforementioned reasons applies and a data subject wishes to request the deletion of personal data stored by prodecon fabrics GmbH, they may contact an employee of the data controller at any time.
An employee at prodecon fabrics GmbH will ensure that the deletion request is processed promptly.
If prodecon fabrics GmbH has made the personal data public and, as the data controller, is required under Article 17(1) GDPR to delete it, prodecon fabrics GmbH will take reasonable steps—considering available technology and implementation costs—to notify other data controllers who are processing the published data. These controllers will be informed that the data subject has requested the removal of any links, copies, or replications of their personal data, unless further processing is necessary. The employee at prodecon fabrics GmbH will take appropriate actions to ensure this happens in each individual case.
- e) Right to Restrict Processing
Data subjects also have the right, granted by European regulations, to request that the processing of their personal data be restricted if one of the following conditions applies: - The accuracy of the data is disputed by the data subject, allowing the controller time to verify the accuracy.
- The processing is unlawful, but instead of requesting the data be deleted, the data subject asks for a restriction on its use.
- The data controller no longer needs the personal data for processing purposes, but the data subject requires it for establishing, exercising, or defending legal claims.
- The data subject has objected to the processing under Article 21(1) of the GDPR, and it has not yet been determined whether the legitimate interests of the controller outweigh those of the data subject.
If any of the above conditions apply and a data subject wishes to request the restriction of personal data stored by prodecon fabrics GmbH, they can contact an employee of the data controller at any time. The employee at prodecon fabrics GmbH will ensure the restriction of processing is implemented.
- f) Right to Data Portability
Every data subject whose personal data is being processed has the right, as granted by European regulations, to receive the personal data they have provided to a data controller in a structured, commonly used, and machine-readable format. Additionally, they have the right to transfer this data to another data controller without obstruction from the original controller, as long as the processing is based on consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract under Article 6(1)(b) GDPR, and the processing is carried out by automated means. This right does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising the right to data portability according to Article 20(1) GDPR, the data subject has the right to have their personal data transmitted directly from one controller to another, provided it is technically feasible and does not affect the rights and freedoms of others.
To assert the right to data portability, the data subject may contact any employee of prodecon fabrics GmbH at any time.
- g) Right to Object
Every data subject whose personal data is being processed has the right, as granted by European regulations, to object at any time, on grounds relating to their particular situation, to the processing of their personal data that is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
If prodecon fabrics GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing. This also applies to profiling related to direct marketing. If the data subject objects to prodecon fabrics GmbH processing their personal data for direct marketing purposes, prodecon fabrics GmbH will no longer process the personal data for this purpose.
Additionally, the data subject has the right, on grounds relating to their particular situation, to object to the processing of their personal data for scientific or historical research purposes or statistical purposes under Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may directly contact any employee of prodecon fabrics GmbH or another staff member. The data subject is also free, in the context of the use of information society services, and regardless of Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.
- h) Automated Decisions, Including Profiling
Every data subject has the right, as granted by European regulations, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1)
is necessary for entering into or fulfilling a contract between the data subject and the data controller, (2) is authorized by Union or Member State law to which the controller is subject, and that law provides appropriate safeguards for the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into or fulfilling a contract between the data subject and the controller or (2) is based on the data subject’s explicit consent, prodecon fabrics GmbH will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which at least include the right to obtain human intervention from the controller, to express their point of view, and to contest the decision.
If the data subject wishes to assert their rights regarding automated decision-making, they can contact any employee of the data controller at any time.
- i) Right to Withdraw Consent
Every data subject has the right, as granted by European regulations, to withdraw their consent to the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they may contact any employee of the data controller at any time.
7. Data Protection in Applications and the Application Process
The controller collects and processes the personal data of applicants for the purpose of handling the application process. The processing may be carried out electronically, especially when an applicant submits application documents electronically, such as by email or via a form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship, in compliance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the rejection decision, unless other legitimate interests of the controller prevent deletion. An example of such a legitimate interest is the duty to provide evidence in a proceeding under the General Equal Treatment Act (AGG).
8. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of another service, the processing is based on Article 6(1)(b) GDPR.
The same applies to processing operations that are necessary to carry out pre-contractual measures, for instance, in cases of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our company were injured and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In such cases, the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the above legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that the interests, rights, and freedoms of the data subject do not override these interests. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).
9. Legitimate Interests in Processing by the Controller or a Third Party
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business for the well-being of all our employees and shareholders.
10. Duration of Storage of Personal Data
The criterion for determining the storage period of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, provided it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
11. Legal or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide Such Data
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information about the contractual partner). Sometimes it may be necessary for a data subject to provide us with personal data, which must subsequently be processed by us, for the conclusion of a contract. The data subject is, for example, obliged to provide personal data when our company enters into a contract with them. Failure to provide the personal data would mean that the contract could not be concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of failure to provide the personal data.
12. Existence of Automated Decision-Making
As a responsible company, we do not use automatic decision-making or profiling.
This privacy policy was created by the Privacy Policy Generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which conducts data protection audits, in cooperation with the media law firm WILDE BEUGER SOLMECKE.