Privacy statement in accordance with the GDPR

I.    Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other data protection acts of the Member States as well as other data protection provisions is:

Tintometer GmbH
Schleefstraße 8-12
44287 Dortmund
Germany
Tel.: +49 231 94510-0
Email: info@tintometer.de
Website: www.lovibond.com

Name and address of the data protection officer
The data protection officer of the controller is:

TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy

Am TÜV 1
45307 Essen
Tel. 0201 - 8999-899
Fax 0201 - 8999-666
Email: privacyguard@tuvit.de

II.    General provisions on data processing

1.    Scope of processing of personal data

In principle, we only collect and use the personal data of our users insofar as this is required in order to provide our services. The collection and use of the personal data of our users only takes place regularly with the consent of the user. An exception to this applies in cases where it is not possible to obtain prior consent for practical reasons and the processing of the data is permitted by law.

2.    Legal basis for the processing of personal data

In cases where we obtain the consent of the data subject to the processing of their personal data, Article 6(1)(a) of the EU Data Protection Regulation (GDPR) shall form the legal basis for the processing of personal data.
The legal basis for processing personal data that is necessary for the performance of a contract to which the data subject is party is Article 6(1)(b) GDPR. This also applies to processing required for the performance of pre-contractual measures.
The legal basis for processing personal data that is necessary for compliance with a legal obligation to which our company is subject is Article 6(1)(c) GDPR.
Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR shall form the legal basis.
Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR shall form the legal basis.

3.    Erasure of data and retention period

The personal data of data subjects shall be erased or blocked as soon as it is no longer required for the purpose for which it was stored. Data may be retained beyond such a time if this has been stipulated by European or national legislators in EU regulations, acts or other provisions to which the data controller is subject. Data will also be blocked or erased once the retention period set out in the aforementioned provisions expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

III.    Provision of the website and creation of log files

1.    Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the accessing computer.
This concerns the following data:information about the browser type and version

  • operating system of the user
  • internet service provider of the user
  • IP address of the user
  • date and time of access
  • websites from which the user’s system accesses our website
  • websites accessed by the user’s system via our website

The log files contain IP addresses and other data that can be attributed to a particular user. This may be the case, for example, if the link to the website from which the user accesses our website, or the link to the website the user switches to, contains personal data.

2.    Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3.    Purpose of data processing

The temporary storage of IP addresses by the system is necessary in order to enable the delivery of the website to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of their session.
IP addresses are saved in log files in order to ensure the proper functioning of the website. In addition, we use the data to optimise the website and to ensure the security of our IT systems. This data is not analysed for marketing purposes.
In this case, we also have a legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

4.    Retention period

The data is deleted as soon as it is no longer required for the purpose for which it was collected. If the data is collected for the purpose of provision of the website, this shall be the case once the session in question is terminated.
For data stored in log files, this shall be the case after seven days at the latest. Data may also be stored for a longer period. In such cases, the IP addresses of users shall be deleted or anonymised so that they can no longer be attributed to the accessing client.

5.    Right to object and right to erasure

The collection of data for the provision of the website and the storage of that data in log files is necessary for the operation of the website. As a result, the user does not have the right to object.
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a particular string of characters that allows unique identification of the browser the next time the website is accessed.
We use cookies to make our website more user-friendly. Certain elements of our website require the accessing browser to be identified when opening a new page.

The following data is stored in the cookies and transmitted:

  • language settings
  • wishlist items
  • log-in information
  • administrative UI display options
  • URL history in order to determine the restore point

User data collected in this way is pseudonymised by technical means. As such, it is no longer possible to attribute the data to the accessing user. The data is not stored together with other personal data of the user.
When accessing our website, the user is informed about the use of cookies for analysis purposes via a banner, and is referred to this privacy statement. They are also informed how to disable cookies in their browser settings.
When accessing our website, the user is informed about the use of cookies for analysis purposes, and their consent is obtained for the processing of the personal data used for this purpose. At the same time, they are referred to this privacy statement.
b) Legal basis for the processing of data
The legal basis for the processing of personal data when using cookies is Article 6(1)(f) GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to facilitate the use of the website for users. Certain functions of our website may not be available without the use of cookies. For these elements, the browser must be recognised, even after opening a new page.

We require cookies for the following applications:

  • language settings
  • wishlist items
  • log-in information
  • administrative UI display options
  • URL history in order to determine the restore point

The user data collected by means of technically necessary cookies is not used to create user profiles.
Analysis cookies are used in order to improve the quality of our website and its content. We use analysis cookies to find out how the website is used in order to continuously improve our service.
For these purposes, our legitimate interest in the processing of personal data is also based on Article 6(1)(f) GDPR.
e) Retention period, right to object and right to erasure
Cookies are stored on the user’s computer and transferred to our website from there. As such, you as the user have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transfer of cookies. Stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to the full extent.

IV.    Newsletter

1.    Description and scope of data processing

On our website, it is possible to subscribe to a free newsletter. When subscribing to the newsletter, the data from the input screen is transmitted to us. We only collect the user’s e-mail address for this purpose.
In addition, the following data is collected during subscription:

  • IP address of the accessing computer
  • date and time of registration

During the subscription process, you will be requested to consent to the processing of the data and will be referred to this privacy statement.
In order to adapt the newsletter to your needs, we also collect the following data on a voluntary basis:

  • title
  • surname
  • name
  • company
  • country
  • customer number
  • areas of interest
  • field of application

No data is forwarded to third parties in connection with the processing of data for the purpose of sending newsletters. The data is exclusively used for sending the newsletter.

Legal basis for data processing
The legal basis for the processing of data after subscription to the newsletter by the user in the event that consent is granted by the user is Article 6(1)(a) GDPR.

Purpose of data processing
The user’s email address is collected so that they can be sent the newsletter.
The collection of additional personal data during the subscription process serves to prevent misuse of the service or the email address used.

Retention period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. Accordingly, the email address of the user is stored for as long as they are subscribed to the newsletter.
Other personal data collected during subscription is usually deleted after a period of seven days.

Right to object and right to erasure
The user may cancel their subscription to the newsletter at any time. A link can be found in every newsletter for this purpose.
This also enables the user to withdraw their consent to storage of the personal data collected during subscription.

Third party provider
We send our newsletter using the newsletter service Evalanche (SC-Networks GmbH, Enzianstr. 2, 82319 Starnberg, Germany). SC-Networks is a member of the Certified Senders Alliance. We transmit your name and email address to SC-Networks exclusively for the purpose of sending the newsletter. Your data is stored by SC-Networks in such a way that it cannot be accessed by other customers of SC-Networks or third parties. You will find further information in the privacy statement of SC-Networks.

Registration
Description and scope of data processing
On our website, users have the option to register by providing personal data. This involves the data being entered on an input screen, transmitted to us and stored. The data will not be transferred to third parties without the consent of the person/institution in question.

The following data may be collected during the registration process:

  • address details
  • information about employer and role
  • user names for social media profiles and internet addresses.
  • in the case of applications: the data required in the selection of applications, such as application forms, letters of motivation, CVs and other relevant information
  • in the case of events: dietary requirements, interests and other information relevant to the organisation of the event

The following data is also stored at the time of registration:

  • IP address of the user
  • date and time of registration

During the registration process, the user is asked to consent to the processing of this data.

2.    Legal basis for data processing

The legal basis for the processing of the data in the event that consent is granted by the user is Article 6(1)(a) GDPR.

Purpose of data processing
Users must register in order to access certain content and services on our website. This includes organisation of events, expression of interest in participating in the HFD, application for HFD programmes, subscription to the HFD newsletter and participation in the HFD communication platform.

Retention period
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This shall be the case for data collected during registration when registration with our website is cancelled or amended.

Right to object and right to erasure
As the user, you have the option to cancel your registration at any time. You may request the modification of the data held on you at any time. For amendment or deletion requests, please contact info@tintometer.de

V.    Contact form and email contact

1.    Description and scope of data processing

There is a contact form available on our website that can be used for the purpose of electronic communication. If the user makes use of this possibility, the data entered on the input screen is transmitted to us and stored.
This data comprises:

  • surname
  • email address
  • subject
  • body of the message

The following data is also stored at the time of sending of the message:

  • IP address of the user
  • date and time of registration

During the sending process, you will be requested to consent to the processing of the data and will be referred to this privacy statement.
Alternatively, you can contact us using the email address provided, whereby the personal data of the user transmitted along with the email is stored.
In this case, the data will not be transferred to third parties. The data is exclusively used for processing the query.

2.    Product request contact form

There is a contact form available on our website which can be used for the purpose of electronic product requests. If the user makes use of this possibility, the data entered on the input screen is transmitted to us and stored.
This data comprises:

  • surname
  • address details
  • customer type
  • email address
  • subject
  • body of the message.

The following data is also stored at the time of sending of the message:

  • IP address of the user
  • date and time of registration

During the sending process, you will be requested to consent to the processing of the data and will be referred to this privacy statement.
Alternatively, you can contact us using the email address provided, whereby the personal data of the user transmitted along with the email is stored.
In this case, the data will not be transferred to third parties. The data is exclusively used for processing the query.

3.    Contact form for catalogue ordering

There is a contact form available on our website which can be used for the purpose of ordering an electronic catalogue. If the user makes use of this possibility, the data entered on the input screen is transmitted to us and stored.
This data comprises:

  • surname
  • address details
  • email address
  • subject
  • body of the message

The following data is also stored at the time of sending of the message:

  • IP address of the user
  • date and time of registration

During the sending process, you will be requested to consent to the processing of the data and will be referred to this privacy statement.
Alternatively, you can contact us using the email address provided, whereby the personal data of the user transmitted along with the email is stored.
In this case, the data will not be transferred to third parties. The data is exclusively used for processing the query.

4.    Certificates of Analysis

There is a contact form available on our website which can be used for the purpose of electronic generation of certificates of analysis (including personalised certificates). If the user makes use of this possibility, the data entered on the input screen is transmitted to us and stored.
This data comprises:

  • surname
  • customer number

The following data is also stored at the time of sending of the message:

  • IP address of the user
  • date and time of registration

The data entered is not stored.

5.    Pool Handbook

There is a contact form available on our website which can be used for the purpose of ordering an electronic catalogue. If the user makes use of this possibility, the data entered on the input screen is transmitted to us and stored.
This data comprises:

  • surname
  • address details
  • email address
  • subject
  • body of the message.

The following data is also stored at the time of sending of the message:

  • IP address of the user
  • date and time of registration

During the sending process, you will be requested to consent to the processing of the data and will be referred to this privacy statement.
Alternatively, you can contact us using the email address provided, whereby the personal data of the user transmitted along with the email is stored.
In this case, the data will not be transferred to third parties. The data is exclusively used for processing the query.

a.    Use of Google Analytics

Description

This website uses Google Analytics, a web analytics service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files stored on your computer, to enable analysis of your use of the website. The information generated by the cookies about your use of this website is usually transmitted to and stored by Google on servers in the USA. However, if IP anonymisation is activated on this website, Google will truncate your IP address within a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area prior to transmission. Your full IP address will only be sent to Google servers in the USA and truncated there in exceptional cases. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.

IP address
The IP address transmitted by your browser in connection with Google Analytics will not be associated with any other data held by Google.

Use of cookies
You may refuse the use of cookies by adjusting the settings of your browser software; however, please note that if you do so, you may not be able to access all functions of this website in full. You can also prevent Google’s collection and use of the data relating to your use of the website generated by the cookie (incl. your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Anonymisation of your IP address
This website uses Google Analytics with the extension ‘_anonymizeIp()’. This means that IP addresses are processed in truncated form to prevent them being directly linked to an individual. If any data collected about you is of a personal nature, this data will be excluded instantly, and thereby any personal data immediately deleted.

Purpose
We use Google Analytics to analyse the use of our website and continuously improve it. We can use the statistics generated to improve our service and make it more relevant to you as the user. In those exceptional cases where personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6(1)(f), first sentence GDPR.

Third party provider
Details of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms and conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html and privacy statement: http://www.google.de/intl/de/policies/privacy.

Cross-device analysis
This website also uses Google Analytics to carry out a cross-device analysis of the flow of visitors, which is performed by means of a user ID. You may deactivate the cross-device analysis of your use of the website in your user account under ‘My data’ > ‘Personal data’.

b.    Data protection provisions on the use and application of Xing

The controller has integrated components of Xing into this website. Xing is a web-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create their own personal Xing profile. Companies can use Xing to, for example, create company profiles or publish vacancies.
The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time the user accesses one of the individual pages of this website that is operated by the controller and into which a Xing component (Xing plug-in) has been integrated, the internet browser of the user’s IT system is automatically requested by the relevant Xing components to download and display those components. Further information about the Xing plug-ins can be found at https://dev.xing.com/plugins. In connection with this technical process, Xing receives information about the specific sub-page of our website that is visited by the data subject.
If the data subject is logged in to Xing at the same time, Xing will recognise which specific sub-page of our website is accessed by the data subject each time they access our website and for the entire duration of their stay on our website. This information is collected by the Xing components and assigned to the relevant Xing account of the data subject by Xing. If the data subject clicks on one of the Xing buttons integrated into our website, for example the ‘Share’ button, Xing will allocate this information to the personal Xing user account of the data subject and store this personal data.
If the data subject is logged into Xing at the same time as accessing our website, Xing will always receive a notification via the Xing component that the data subject has visited our website; this takes place regardless of whether the data subject clicks on one of the Xing components or not. If the data subject does not wish for this information to be transmitted to Xing, they can prevent this by logging out of their Xing account before accessing our website.
The data protection provisions published by Xing, which are available at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Xing has also published data protection information about the Xing share button at https://www.xing.com/app/share?op=data_protection.

6.    Legal basis for data processing

The legal basis for the processing of the data in the event that consent is granted by the user is Article 6(1)(a) GDPR.
The legal basis for the processing of the data transmitted when sending an email is Article 6(1)(f) GDPR. If the email communication is taking place for the purpose of concluding a contract, the legal basis for processing is Article 6(1)(b) GDPR.

7.    Purpose of data processing

The processing of personal data from the input screen serves the sole purpose of processing the query. In the case of email contact, this justifies our legitimate interest in the processing of data.
Other personal data processed during sending is used to prevent misuse of the contact form and ensure the security of our IT systems.

8.    Retention period

The data is deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input screen for the contact form or sent via email, this shall be the case when the relevant conversation with the user comes to an end. The conversation is considered to have come to an end when the circumstances imply that an adequate response has been provided to the query.
Other personal data collected during sending is deleted after a period of seven days at the latest.

9.    Right to object and right to erasure

The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. If they do so, the conversation cannot be continued. If you wish to object, please email info@tintometer.de. In this case, all personal data stored during your communication with us will be deleted.

Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR, and are entitled to exercise the following rights vis-à-vis the data controller:

1.    Right to information

You may request confirmation from the controller as to whether we are processing personal data concerning you.
If such processing is taking place, you may request the following information from the controller:

  • the purposes for which the personal data is being processed;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data held on you has been or will be disclosed;
  • the period for which the personal data held on you will be stored, or if that is not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of the personal data held on you or restriction of processing or to object to processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data has not been obtained from the data subject;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and 22(4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged
  • consequences of such processing for the data subject.

You are entitled to request information about whether the personal data held on you will be transferred to a third country or international organisation, whereby you may also request confirmation that appropriate safeguards are in place with respect to this transfer in accordance with Article 46 GDPR.

2.    Right to rectification

You have a right to obtain from the controller the rectification and/or completion of the processed personal data held on you if it is incorrect or incomplete. The controller shall perform the correction without undue delay.

3.    Right to restriction of processing

You may request the restriction of processing of the personal data held on you if:

  • the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
  • you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject

Where the processing of the personal data held on you has been restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where you have obtained restriction of processing pursuant to the aforementioned requirements, you shall be informed by the controller before the restriction of processing is lifted.

4.    Right to erasure

a)    Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  • The personal data concerning you has been unlawfully processed.
  • The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR

b)    Notification of third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c)    Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims

5.    Right to notification

If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled to request that the controller informs you about those recipients.

6.    Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
  • the processing is carried out by automated means

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7.    Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.    Right to withdrawal of the declaration of consent under data protection law

You are entitled to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9.    Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and the data controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent

However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10.    Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.