Data protection declaration
Data protection is of particularly high priority to the management of ADZ NAGANO GmbH. The use of the Internet pages of the ADZ NAGANO GmbH is possible without any specification of personal data. This data protection declaration informs users (hereinafter referred to as “you” or “user” or “data subject”) about the nature, scope and purposes of the collection and use of personal data by the responsible provider ADZ NAGANO GmbH (hereinafter also referred to as “provider” or “responsible party”) on this website.
Change of the data protection declaration
1. Scope and name and address of the controller
The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
ADZ NAGANO GmbH
Bergener Ring 43
Phone: +49 35205 59 69-30
In case of data protection concerns, please contact the data controller.
2. General information on data processing
The data protection declaration of ADZ NAGANO GmbH is based on the terms used by the European Data Protection Supervisor when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
a) Personal data
According to Section 46 No. 1 BDSG-new (the new German Federal Data Protection Act), personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This data includes, for example, name, address, e-mail address or telephone number.
b) Collection and processing of personal data
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal data is collected and processed by the provider only if this is permitted by law or if you consent to the collection of the data.
c) Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. Thereby, the following data is collected:
- information on the type of browser and version used
- the user’s operating system
- the user’s Internet service provider
- the user’s IP address
- access date and clock time
- websites from which the user’s system accesses our Internet site (referrer URL)
- websites that are accessed by the user’s system via our website
The collection and processing of the aforementioned access data is only carried out for the purposes of system administration, system security and optimization of the offer.
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that they consent to the processing of personal data relating to them.
Consent is assumed by the provider in the event that you contact the provider, e.g. by e-mail. In this case, your data will be stored for the purpose of processing your request.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files serves to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not stored together with other personal data of the user.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 sent. 1 lit. f GDPR.
Cookies are text files that are placed and stored on a computer system via an Internet browser.
The Internet pages of ADZ NAGANO GmbH use technically necessary cookies exclusively.
If desired, the data subject can, at any time, delete cookies already set via an Internet browser or other software programs. This is possible in all common Internet browsers.
If cookies are deactivated for our website, it may no longer be possible to use all functions to their full extent. The user data collected by technically necessary cookies are not used to create user profiles.
5. Third-party content and services
The provider reserves the right to integrate third-party services and content, such as Google Maps, into its website. For the successful display of this content, a query of your IP address by the third-party provider is required. The provider endeavors to integrate only such third-party offers into his Internet offer, which use the queried IP address only for the successful presentation of the respective offer. However, the use of your IP address for additional statistical purposes cannot be ruled out by the provider. In the event of positive knowledge of this, the provider will refer to this separately.
6. Data subjects’ rights
You have the right to:
- request information about your personal data processed by the provider in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if it has not been collected by the provider itself, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details (right to information);
- demand, in accordance with Art. 16 GDPR, the correction of inaccurate or incomplete personal data stored by the provider without delay (right to rectification);
- request, in accordance with Art. 17 GDPR, the erasure of your personal data stored by the provider, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims (right to erasure);
- request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR (claim for restriction);
- receive, in accordance with Art. 20 GDPR, your personal data that you have provided to the provider in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (right to data portability);
- revoke, in accordance with Art. 7 para. 3 GDPR, your consent at any time vis-à-vis the provider. This has the consequence that the provider may no longer continue the data processing, which was based on this consent, for the future (right of revocation);
- complain, in accordance with Art. 77 GDPR, to a supervisory authority (right to lodge a complaint).
7. Data protection during applications and the application process
The data controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also be performed electronically. This is particularly the case if an applicant sends corresponding application documents to the data controller by electronic means, by e-mail, for example.
If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the data controller prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG, abbreviated in German).
8. Data protection when using the "ADZ Sensor App"
ADZ NAGANO GmbH is responsible for the app and compliance with data protection. With the ADZ Sensor App, we want to enable the user to process the measurement data recorded by him via NFC-enabled pressure transmitters. We provide an overview of the following content:
- Time of acquisition of the measurement data
- Measurement location and associated sensor ID
- Measured pressure and temperature values
- Number of measurements
We only process data to the extent necessary to provide the above information (Art. 6 Para. 1 b GDPR).
8.1 Data transfers to App Store
When downloading the mobile app, the required information is transmitted to the respective app store, in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device. After installation, no more personal data is transferred on the app side, unless the use of Crashlytics (see 8.3) is activated by the user. Device-specific data is then transmitted.
8.2 Access Authorizations and Data Processing
The data processed via the app is stored and processed on the end device. In addition, a service provider is used to ensure the constant further development and functionality of the app. We do not use statistical programs to analyze user behavior. Data is only stored as long as it is necessary for the operation of the app.
In all data protection matters and in particular to exercise your rights in accordance with Art. 15 et seq. of the GDPR (Information about the data processed about you, its origin, recipient and the purpose of the processing and, if applicable, a right to correction, restriction of processing or deletion and revocation or objection) you can contact the data protection officer of ADZ NAGANO GmbH. All concerns are treated confidentially. In addition, you can contact the supervisory authority (Saxon data protection officer, www.saechsdsb.de) at any time if you do not agree to data processing by ADZ NAGANO GmbH.
The ADZ sensor app offers the option of using the Crashlytics analysis tool. Activating Crashlytics is voluntary. It only takes place after the user has given his or her active consent (Art. 6 Para. 1 a GDPR) and can be revoked at any time. A non-consent or a revocation has no restrictive effect on the use of the app. Crashlytics only collects device-specific data (installation UUID, crash traces (anonymous metadata)) when an app crash occurs. These are used to analyze system failures and thus facilitate sustainable system maintenance. The crash analyzes are evaluated via a Google server (default setting: Frankfurt am Main). At the same time, the device-specific data is also transmitted to Google Inc. The crash traces are transmitted anonymously, but the UUID can leave traces which, in particular in combination with unique identifiers and other information received by the server, can be used to create profiles of the person concerned and, if necessary, to identify them.
The responsible employees of ADZ NAGANO GmbH and the responsible employees of Develappers GmbH Dresden have access to the operational area. The security of the processing was ensured for the latter company with a contract for order processing. The UUID will be deleted after 90 days.
Users of the app are asked to inform themselves regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing we carry out or changed legal provisions make this necessary. We will inform you as soon as the changes require user cooperation (e.g. consent) or other individual notification.
9. Legal basis for data processing
Art. 6 para. 1 sent. 1 lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 para. 1 sent. 1 lit. b GDPR.
The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 sent. 1 lit.. c GDPR.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result such visitor's name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 sent. 1 lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 sent. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases rest on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
The legal basis for the processing of personal data using cookies is
Art. 6 para. 1 sent. 1 lit. f GDPR, as well as Art. 6 para. 1 sent. 1 lit. a.
10. Duration for which the personal data is stored
ADZ NAGANO GmbH processes and stores personal data of the data subject only for the time necessary to achieve the purpose of the storage or where otherwise provided for by the provider of European Directives and Regulations or other legislators in laws or regulations to which the data controller is subject.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.
In individual cases, longer storage is necessary for the preservation of evidence within the framework of the statutory limitation provisions. According to Section 195 et seq. of the German Civil Code (BGB, abbreviated in German), these limitation periods can be up to 30 years, with the regular limitation period being three years.
Notwithstanding the above, longer storage may be necessary in accordance with Art. 6 para. 1 sent. 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from HGB (German Commercial Code), StGB (German Penal Code) or AO (German Tax Code)), because you have consented to further storage in accordance with Article 6 para. 1 sent. 1 lit. a GDPR or in accordance with Article 17 para. 3 lit. e GDPR because it is necessary for the assertion, exercise or defense of legal claims.
11. Legal or contractual requirements to provide personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; possible consequences of non-provision
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner).
It may sometimes be necessary for a contract to be concluded that a data subject provides us with personal data that subsequently needs to be processed by us. This is also the necessary interest in the processing of the data. The data subject is therefore obliged to provide us with personal data if our company concludes a contract with such data subject. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
Updated last: March 2022
In case of doubt, the German version applies.