Data Protection Notice
We attach great importance to protecting your personal data when they are collected, processed and used on your visit to our website. We respect the regulations contained in the EU General Data Protection Regulation, the Federal Data Protection Act, the Telemedia Act as well as any other applicable, particularly country-specific data protection provisions.
As a general principle, Oliver Bartsch GmbH’s website (www.glasklaroptica.com) can be used without supplying any personal details (e.g. the name, address, email address or telephone number of the person concerned). However, if you wish to use special services from our range of products offered through our website, it may be necessary for us to process personal details. We always obtain your consent if it is necessary to process personal data, and the basis for processing them is not already enshrined in law.
This notice informs you of the way in which we collect, process and use personal data, the extent to which we do so, and our purpose in doing so. This data protection notice also informs you of your rights.
We have taken a number of technical and organisational steps to protect any personal details of yours processed through this website as seamlessly as possible. Nevertheless, we point out that due to the transmission of data over the internet and possible security loopholes associated with this technology, it is not possible to guarantee absolute protection. For that reason, you have the option of sending us your personal data by other means (e.g. by phone or post).
1. Terms
In the course of this data protection notice, we use the terms also used in the EU General Data Protection Regulation (GDPR). Those terms are the following:
– Personal data
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
– Data subject
A “data subject” is any identified or identifiable natural person whose personal data are processed by the entity responsible for processing.
– Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
– Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
– Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
– Pseudonymisation
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
– Filing system
A “filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
– Controller
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
– Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
– Recipient
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data as part of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.
– Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
– Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signal agreement to the processing of personal data relating to them.
2. Name and address of the controller responsible for processing the data
The controller responsible for processing the data collected via the website of glasklaroptica.com is:
Oliver Bartsch GmbH, Servatiusstraße 80, 51109 Köln, Germany, Tel.: +49 221 9226560, Fax: +49 221 92265621, Email: info@glasklar.com, Website: www.glasklar.com.
3. Name and address of the Data Protection Officer
The Data Protection Officer for the controller responsible for processing the data is:
Oliver Bartsch GmbH, Servatiusstraße 80, 51109 Köln, Germany, Tel.: +49 221 9226560, Fax: +49 221 92265621, Email: info@glasklar.com.
4. Registration of general data and information
When a data subject or an automated system visits our website, general information on their visit is generally stored in the log files of our server. This can relate to the type and version of browser used, the operating system as well as the website from the data subject or automated system arrived on our website, and equally it can refer to the subpages visited on our website, the date and time when the website was accessed, the IP address, the Internet Service Provider of the accessing system and other data and information which we need to avert danger in the event of attacks on our IT systems.
These data are not used by us to enable us to deduce the identity of the data subject. Rather we need the data to correctly transmit content on our website, optimise our site, guarantee its full functionality or provide law enforcement authorities the information they need in the event of a cyber attack. We evaluate these data solely for statistical purposes and also to enhance data protection and data security within our company. The intention is to ensure that the personal data processed by us are given the best possible protection. We store personal data which you communicate to us separately from the anonymous data specified which our server records in log files.
5. Contact option via the website
In accordance with statutory requirements, details can be found on the website www.glasklaroptica.com which allow you to make contact with our company electronically and to communicate with us directly. Such information also includes our email address.
If you contact us by email or by using a contact form, the personal data you send us will be automatically stored. These data sent to us voluntarily by you, are stored for the purpose of processing your enquiry or contacting you as a data subject. We do not pass such data on to third parties.
6. SSL encryption
We use SSL encryption to protect the data you send us to best possible effect. You can recognise connections that are encrypted in this way by the prefix “ HYPERLINK “https://” https://” in the address line of your browser. Unencrypted pages bear the prefix “http://”. Data sent to us with SSL encryption activated cannot be read by third parties. We recommend that you only send confidential information, in particular, if SSL encryption is activated, and that your approach us if you have any doubts.
7. Routine deletion and blocking of personal data
We only process and store personal data for the time required to meet the purpose of storing them, or if there are statutory provisions requiring such storage which we are obliged to respect.
If the purpose for which the data have been stored, no longer applies or if a statutory storage term expires, the personal data routinely blocked or deleted in accordance with statutory regulations.
8. Rights of the data subject
On the basis of provisions contained in the GDPR, you enjoy the following rights as a data subject.
– Right of confirmation
As a data subject, you have the right to request confirmation from the controller responsible for processing data as to whether personal data relating to yourself are being processed. If you would like to take advantage of this right of confirmation, you are free at any time to approach any Data Protection Officer mentioned in this data protection notice or another of our employees.
– Right of information
As a data subject, you have the right at any time to obtain free information from us on the personal data stored about you and to receive a copy of such information. You also have the right to receive the following information:
a) the purposes of the processing
b) the categories of personal data processed
c) the recipients or categories of recipients to whom the personal data were disclosed or are still being disclosed, particularly in the case of recipients in third countries or international organisations
d) if possible, the planned length of time for which the personal data will be stored, or if this is not possible, the criteria for defining this duration
e) the existence of any right of correction or deletion of the personal data relating to you, or any right to restrict processing by the controller or any right of objection to such processing
f) the existence of any right of complaint to a regulatory authority
g) if the personal data are not ascertained from you as the data subject: all available information on the origin of the data
h) the existence of an automated decision-making process including profiling in accordance with Article 22 (1) and (4) GDPR — at least in these cases — meaningful information on the logic involved as well as the targeted effects of any such processing for you as a data subject
If personal data are sent to a third country or an international organisation, you have the right as a data subject to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with their transmission.
If you as a data subject would like to take advantage of this right of information, you can approach any Data Protection Officer mentioned in this data protection notice or another of our employees at any time.
– Right of correction
As a data subject, you have the right to demand that we immediately correct any false personal data relating to you. Taking account of the purposes of the processing, you have the right as a data subject to demand that incomplete personal data are completed — even by means of a supplementary statement.
If you as a data subject would like to take advantage of this right of correction, you can approach any Data Protection Officer mentioned in this data protection notice or another of employee of the Oliver Bartsch GmbH at any time.
– Right of deletion (“right to be forgotten”)
As a data subject, you have the right to ask us to immediately delete personal data relating to yourself if one of the following reasons applies and provided processing is not required:
a) The personal data are no longer needed for the purposes for which they were collected or otherwise processed.
b) The data subject revokes their consent on which the processing was based in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a), and there is no other legal basis for the processing.
c) The data subject objects to processing in accordance with Art. 21 (1) GDPR, and there are no overriding, justified reasons for the processing, or the data subject objects to the processing in accordance with Art. 21 (2) GDPR.
d) The personal data were illegally processed.
e) Deletion of the personal data is required to meet a legal obligation in accordance with Union or Member State law to which the controller is subject.
f) The personal data were collected with reference to services offered by the information society in accordance with Art. 8 (1) GDPR.
If one of these reasons applies and you as the data subject would like to effect the deletion of your personal data stored by us, you can approach any Data Protection Officer mentioned in this data protection notice or another of our employees at any time. A Data Protection Officer mentioned in this data protection notice or another Oliver Bartsch GmbH employee will ensure that the request for deletion is complied with promptly.
If we have published the personal data and our company is obliged under Art. 17 (1) GDPR to delete the personal data, we will take appropriate steps, including of a technical nature, taking into account the technology available and the implementation costs, to inform other controllers responsible for processing the data who are processing the personal data published that you as the data subject have requested that such other controllers responsible for processing delete all links to these personal data or copies or duplicates of such personal data unless processing is necessary. Any Data Protection Officer of the Oliver Bartsch GmbH or another employee will make all the necessary arrangements in each individual case.
– Right of restriction of processing
As a data subject, you have the right to ask us to restrict the processing if one of the following conditions is met:
a) The accuracy of the personal data is disputed by the data subject for a length of time which allows the controller to review the accuracy of the personal data.
b) The processing is illegal, you as the data subject reject the deletion of your personal data and instead request that the use of the personal data be restricted.
c) We have no further need of the personal data for the purposes of processing, but you as the data subject need them in order to assert, exercise or defend legal interests.
d) You as the data subject have objected to the processing pursuant to Art. 21 (1) GDPR, and it has not yet been determined whether our legitimate reasons outweigh your reasons as the data subject.
If one of these conditions is met and you as the data subject would like to request the restriction of your personal data stored by us, you can approach any Data Protection Officer mentioned in this data protection notice or another of our employees at any time. Any Data Protection Officer of the Oliver Bartsch GmbH or another employee will arrange for processing to be restricted.
– Right of data portability
As a data subject, you have the right to receive the personal data relating to yourself which you have provided to us in a structured, conventional and machine-readable format. You also have the right to transmit these data to another controller without being hindered in doing so by the controller to whom the personal data were provided, provided the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is conducted with the aid of an automated procedure unless the processing is required for performing a task which is in the public interest or is carried out in the exercise of official authority conferred on the controller. As a data subject exercising your right of data portability pursuant to Art. 20 (1) GDPR, you also have the right to have your personal data transmitted directly from one controller to another provided this is technically feasible and unless the rights and freedoms of other persons are impaired by doing so. If you as a data subject would like to take advantage of this right of data portability, you can approach any Data Protection Officer mentioned in this data protection notice or another of our employees at any time.
– Right of objection
As the data subject, you have the right, for reasons stemming from your particular situation, to object at any time to the processing of personal data relating to yourself carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to any profiling based on these provisions.
In the event of an objection, we will no longer process the personal data unless we can show compelling, sensitive reasons for the processing which outweigh the interests, rights and freedoms of yourself as the data subject, or the processing serves to assert, exercise or defend legal interests.
If we process personal data in order to conduct direct advertising, you as the data subject have the right to object at any time to the processing of the personal data relating to yourself for the purpose of such advertising. This also applies to the profiling provided it is associated with such direct advertising. If you as the data subject lodge an objection with us to the processing for the purpose of direct advertising, we will no longer process the personal data for such purposes.
As the data subject, you also have the right, for reasons arising from your particular situation, to object to the processing of personal data relating to yourself carried out on our premises for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is required to perform a task which lies in the public interest.
If you as a data subject would like to take advantage of this right of objection, you can approach any Data Protection Officer mentioned in this data protection notice or another of employee of the Oliver Bartsch GmbH at any time. As the data subject, you are also free to exercise your right of objection in connection with the use of services of the information society, notwithstanding Directive 2002/58/EC by means of automated procedures in which technical specifications are used.
– Automated decisions in individual cases including profiling
As a data subject, you have the right not to be subject to a decision based on automated processing — including profiling — which is legally binding on you or which has a considerably adverse effect on you in some other way unless such decision
a) is required to conclude or fulfil a contract between you as the data subject and ourselves, or
b) is permitted due to legal regulations of the Union or Member States to which we are subject, and such legal regulations contain appropriate measures for preserving the rights and freedoms as well as the legitimate interests of yourself as the data subject, or
c) has been made with your explicit consent as the data subject.
If the decision is necessary for concluding or fulfilling a contract between you as the data subject and ourselves, or if it is taken with your explicit consent as the data subject, we will take appropriate steps to preserve your rights and freedoms as well as your legitimate interests as the data subject which at the very least includes the right to have a person from the Oliver Bartsch GmbH intervene, set out your own viewpoint and contest the decision.
If you as a data subject would like to take advantage of these rights regarding automated decisions, you can approach any Data Protection Officer mentioned in this data protection notice or another of our employees at any time.
– Right to revoke consent under data protection laws
As the data subject affected by the processing of personal data, you have the right at any time to revoke your consent to the processing of personal data.
If you as a data subject would like to take advantage of this right revoke your consent, you can approach any Data Protection Officer mentioned in this data protection notice or another of our employees at any time.
9. Data protection provisions regarding the deployment and use of Google Analytics (with anonymisation function)
We have integrated the Google Analytics Component (with anonymisation function) on this website.
Google Analytics is a web analysis service. Web analysis is the collection, aggregation and evaluation of data regarding the behaviour of visitors to websites. Among other things, a web analysis service records data on the website from which you as the data subject have arrived on our website (so-called referrer), which subpages of our website you access or how often and the length of time you view any particular subpage. Web analysis is primarily used to optimise our website and to conduct a cost -benefit analysis of internet advertising.
The company operating the Google Analytics Component is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
We use the suffix “_gat._anonymizeIp” for web analysis via Google Analytics. Google uses this suffix to truncate and anonymise the IP address of the data subject’s internet connection if our website is accessed from a Member State of the European Union or from another country that is party to the agreement on the European Economic Area.
The purpose of the Google Analytics Component is to analyse visitor traffic on our website. Google uses the data and information gained among other things to evaluate use of our website, compile online reports for us which identify activities on our web pages and to provide further services in connection with the use of our website.
Google Analytics places a cookie on the IT system used by you as the data subject. Cookies are text files that are placed and stored on a computer system through a web browser. Many internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID identifies the cookie unambiguously. It consists of a series of characters through which internet sites and servers can be attributed to the specific web browser on which the cookie has been saved. This allows the websites and servers visited to distinguish the individual browser of the data subject from other web browsers containing other cookies. A particular web browser can be recognised and identified using this unique cookie ID.
By placing the cookie, Google is able to analyse use of our website. Every time one of the individual pages of this website operated by the Oliver Bartsch GmbH and which has a Google Analytics Component installed, is called up, the internet browser on the IT system of the data subject is automatically induced by the relevant Google Analytics Component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google becomes aware of personal data such as the IP address of the data subject which among other things enable Google to trace where visitors come from and what they click on, thereby facilitating commission billing.
Personal information, e.g. time of access, location from which the site was accessed and the frequency of visits to our website by the data subject, are saved by means of cookies. With every visit to our website, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass on these personal data collected via the technical procedure to third parties under certain circumstances.
The data subject can at any time prevent our website from placing cookies, as described above, by making a corresponding setting in their internet browser, thereby permanently rejecting the installation of cookies. Any such setting in the internet browser used would also prevent Google from installing a cookie on the data subject’s IT system. Any cookie already installed by Google Analytics can also be deleted at any time via the internet browser or other software programmes.
The data subject also has the option of rejecting and preventing any recording of data generated by Google Analytics relating to use of this website or any processing of such data by Google. To do so, the data subject must download and install a browser add-on on the following link: https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data or information on visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is interpreted as an objection by Google. If the IT system of the data subject is deleted, formatted or re-installed at a later time, the data subject must re-install the browser add-on to deactivate Google Analytics. If the browser add-on is deinstalled or deactivated by the data subject or another person under their control, there is an option to re-install or re-activate the browser add-on.
You can call up further information and Google’s latest data protection provisions at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html Google Analytics is explained in greater detail at this link: https://www.google.com/intl/de_de/analytics/.
10. Legal basis for processing
In accordance with Art. 6 (1) GDPR, the processing of personal data by us is legal if at least one of the following conditions is met:
a) The data subject has given their consent to the processing of personal data relating them for one or more particular purposes;
b) The processing is required for fulfilling a contract to which the data subject is a contracting party, or to carry out pre-contractual measures to be taken at the request of the data subject (e.g. product enquiries);
c) Processing is required to meet a legal obligation imposed on the controller (e.g. tax obligations);
d) Processing is required to protect vital interests of the data subject or another natural person (e.g. health insurance data of a visitor in the event of an accident in our offices);
e) Processing is required to perform a task which lies in the public interest or carried out in the exercise of official authority conferred on the controller;
f) Processing is required to preserve the legitimate interests of the controller or a third party unless the interests or basic rights and basic freedoms of the data subject which require the protection of personal data, predominate, especially if the data subject is a child.
11. Legitimate interests in processing pursued by the controller or a third party
If the processing of personal data is based on Art. 6 (1) (f) EU-GDPR, our legitimate interest is the conduct of our business activities to further the prosperity of all our employees and shareholders.
12. Length of time for which personal data are stored
We store personal data in each case for the period defined by the relevant statutory retention period. After this deadline expires, the corresponding data are deleted as a matter of routine provided they are no longer required to fulfil or initiate a contract.
13. Statutory or contractual regulations on the provision of personal data; Necessity for conclusion of contract; obligation of the data subject to provide their personal data; possible consequences of non-provision
We inform you that the provision of personal data is partly prescribed in law (e.g. tax regulations) or can result from contractual obligations (e.g. details of contractual partner). Sometimes the conclusion of a contract may require you as the data subject to provide us with personal data which consequently have to be processed by us. For example, as the data subject, you are obliged to provide us with personal data if our company concludes a contract with you. Any failure to provide personal data would mean that no contract could be concluded with you as the data subject. Before you as the data subject provide personal data, you must approach our Data Protection Officer or one of our staff. The latter will clarify for you as the data subject based on the individual case whether the provision of personal data is statutorily or contractually prescribed or is required to conclude the contract, whether there is any obligation to provide personal data and what the consequences would be of not providing personal data.
14. Existence of an automated decision-making process
As a responsible company, we refrain from automatic decision-making or profiling.
15. Data protection provisions for the deployment and use of Instagram plug-ins
The website https://www.glasklaroptica.com has components of the social media service Instagram built in.
A social media service is an online service through which users can communicate with each other and interact in a virtual space. This social meeting point operated on the internet (online community) can serve the purpose of swapping ideas and experiences and making personal or company-specific information available to other users within the internet community. In Instagram, users can, amongst other things, create personal profiles, upload photos and subscribe to the contributions of other users.
Instagram is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If a visitor to the website https://www.glasklaroptica.com calls up an individual page of this site which has the Instagram component built in (Instagram plug-in), their IT system will be automatically prompted by the relevant component to download a representation of the particular Instagram component from Instagram. If the user is a member of the Instagram platform, it will be able to determine which specific sub-page of https://www.glasklaroptica.com the user is visiting.
Instagram’s Data Guideline which can be found at http://instagram.com/about/legal/privacy/ reveals what personal data are collected, processed and used by Instagram.