Privacy Policy

Introduction

In this Privacy Statement, we set out our approach to the information collected by users who access our website under www.torrox.de (“Website”) or otherwise provide us with personal information (collectively, “User”).

Competent authority within the meaning of the General Data Protection Regulation (DS-GVO): Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany

Privacy policy

We are very pleased about your interest in our facility. Data protection is of particular importance to Torrox GmbH & Co. KG, Fabrikstr. 22, 95111 Rehau. The use of the internet pages of our company is possible without any indication of personal data.
However, if a person affected likes to use special services of our institution via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person affected.

The processing of personal data, such as the name, address, e-mail address or telephone number of a person affected, is always in accordance with the General Data Protection Regulation (DS-GVO) and in accordance with the country-specific data protection regulations applicable to our company. By means of this data protection declaration, our institution wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. In addition, person affected are informed about their rights by means of this data protection declaration.

As responsible, our company has implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed via this website. However, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, any person affected is free to transmit personal data to us by alternative means, for example by telephone.
The privacy policy of our internet provider can be found here:
https://www.hetzner.de/rechtliches/datenschutz

1. Definitions

The data protection declaration of our company is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (DS-GVO). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. In order to ensure this, we would like to explain the terms used in advance. We use in this Privacy Policy, among others, the following terms:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the “person affected”). Identifiable is a natural person who is directly or indirectly identified, in particular by associating an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person,

b) Person affected

Person affected is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing is any operation carried out with or without the help of automated procedures or any such series of operations relating to personal data such as the collection, collection, organization, ordering, storage, adaptation or modification, reading, , the comparison or linking, restriction, deletion or destruction.

d) Restriction of the processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any type of automated processing of personal data consisting in the use of such personal data, to evaluate or predict certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or location of that natural person.

f) Pseudonymization

Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific person affected without the use of additional information, provided that this additional information is kept separately and is subject to technical measures, , which ensure that the personal data is not assigned to an identified or identifiable natural person.

g) Responsible or Controller responsible

Responsible or controller responsible is the natural or legal person, authority, body or other body that decides alone or jointly with others on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller may or may be provided for the specific criteria of his designation under Union or Member State law.

h) Processor

Processor is a natural or legal person, authority, body or other body that processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, authority, body or other body that discloses personal data, whether or not it is a third party. However, authorities which may receive personal data under Union or Member State law under a particular investigative mission shall not be deemed to be recipients.

j) Third parties

Third party is a natural or legal person, authority, Institution or other body other than the person affected, the controller, the processor and the persons authorised, under the direct responsibility of the controller or processor, to process the personal data.

k) Consent

Consent by the person affected is any statement of intent voluntarily given by the person affected in an informed and unequivocal manner in the form of a statement or other clear affirmative act by which the person affected consents to the processing of the person affected.

2. Name and address of the controller:

The responsible person for the purposes of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:

Torrox GmbH & Co. KG
Managing Director: Dipl.-Ing. Torsten Robitzki
Fabrikstraße 22; 95111 Rehau
Phone: +49 9283 8999666

The website is hosted by Hetzner Online GmbH. The hoster receives the above-mentioned data as a data processor.
Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen
Phone: +49 (0)9831 505-0
Email: info@hetzner.com

Address of the supervisoryauthority:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach

3. Collection of general data and information (server log files)

The website of our company collects a series of general data and information with each call-up of the website by a person affected or an automated system. This general data and information is stored in the log files of the server. The browser types and versions used (1) can be recorded, (2) the operating system used by the accessing system, (3) the website, from which an accessing system accesses our website (so-called referrers), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service providers of the accessing system and (8) other similar data and information that serve the security in the event of attacks on our information technology systems. When using this general data and information, our company does not draw any conclusions about the person affected. Rather, this information is needed to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore evaluated statistically by our company on the one hand and further with the aim of increasing data protection and data security in our institution, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a person affected.

4. SSL encryption

Our website uses SSL encryption for security reasons and to protect the transmission of all content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon in your browser line. Due to SSL encryption, the data you transmit to us cannot be read by third parties.

5. Registration on our website

The person affected has the possibility to register on the website of the controller with personal data. The personal data transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the person affected will be collected and stored exclusively for internal use by the controller and for his own purposes. The controller may arrange for the transfer to one or more processors, such as an online calendar service, which also uses the personal data exclusively for internal use attributable to the controller. By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) to the person affected, the date and time of registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services and to enable this data to be investigated if necessary. In this respect, the storage of this data is necessary to secure the controller. In principle, this data will not be passed on to third parties, provided that there is no legal obligation to pass it on or if the disclosure serves the purpose of law enforcement. The registration of the person affected with the voluntary disclosure of personal data serves the controller to offer the person affected content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided at the time of registration or to have them completely deleted from the data set of the controller. The controller shall provide each person affected with information on which personal data about the person affected is stored at any time upon request. Furthermore, the controller corrects or deletes personal data upon request or notice of the person affected, insofar as this is not precluded by legal retention obligations. In this context, the entire tying of the employees of the controller are available to the person affected as a contact person.

6. Possibility of contact via the website

Due to legal regulations, the website of our company contains information that enables a quick electronic contact to our institution as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a person affected contacts the controller by e-mail or via a contact form, the personal data transmitted by the person affected will be automatically stored. Such personal data transmitted on a voluntary basis by a person affected to the controller shall be stored for the purpose of processing or contacting the person affected. This personal data will not be passed on to third parties.

7. Routine deletion and blocking of personal data

The controller shall only process and store the personal data of a person affected for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in the laws or regulations to which the controller is subject. If the purpose of storage is waived or a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

8. Rights of the person affected

a) Right to confirmation

Each person affected has the right granted by the European legislator to require the controller to certify whether personal data concerning him or her will be processed. If a person affected wishes to withdraw this right of confirmation, he or she may at any time contact an employee of the controller.

b) Right to information

Any person concerned by the processing of personal data shall have the right granted by the European legislator to obtain free information at any time from the controller about the personal data stored about him or her and a copy of that information. In addition, the European legislator has granted the person affected information on the following information:

• the processing purposes
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data has been or is still being disclosed, in particular for recipients in third countries or international organisations
• where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
• the existence of a right to rectification or erasure of personal data concerning them or to restrict the processing by the controller or a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data is not collected from the person affected: all available information on the origin of the data
• the existence of automated decision-making, including profiling in accordance with Article 22 (1) and 4 DS-GVO and, at least in such cases, meaningful information on the logic involved and the scope and intended impact of such processing on the person affected.

In addition, the person affected has a right of access to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the person affected shall also have the right to obtain information on the appropriate guarantees in connection with the transfer.
If a person affected wishes to withdraw this right of access, he or she may at any time contact an employee of the controller.

c) Right to correction

Any person concerned by the processing of personal data shall have the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning him/her. In addition, the person affected has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a person affected wishes to take advantage of this right of correction, he or she may at any time contact an employee of the controller.

d) Right to erasure (Right to be forgotten)

Any person concerned by the processing of personal data shall have the right granted by the European legislator to require the controller to delete the personal data concerning him or her without delay, provided that one of the following reasons is true and that the processing is not necessary:

• The personal data have been collected or processed in any other way for which they are no longer necessary.
• The person affected withdraws his consent on which the processing was based in accordance with Article 6(1) (a) DS-GVO or Article 9(2) (a) DS-GVO, and there is no other legal basis for processing.
• The person affected objects to the processing in accordance with Article 21(1) of the DS-GVO and there are no legitimate primary grounds for processing, or the person affected objects to the processing in accordance with Article 21(2) DS-GVO.
• The personal data have been processed unlawfully.
• The erasure of personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
• The personal data were collected in relation to the information society services offered in accordance with Article 8(1) of the DS-GVO.

If one of the above reasons applies and a person affected is subject to the deletion of personal data that is our company may, at any time, contact an employee of the controller. The employee of the our company will ensure that the request for deletion is complied with without delay.

If the personal data of our company public and our institution as controller is obliged to delete the personal data in accordance with Article 17(1) of the DS-GVO, the our company taking into account the available technology and implementation costs, appropriate measures, including technical measures, to inform other data controllers who process the published personal data that the person affected has requested from those other data controllers the deletion of all links to such personal data or to copies or replicas of that personal data, unless the processing is necessary. The employee our company will arrange what is necessary in individual cases.

e) Right to restrict processing

Any person concerned by the processing of personal data shall have the right granted by the European legislator to require the controller to restrict the processing if one of the following conditions is met:

• The accuracy of the personal data is disputed by the person affected for a period of time that allows the controller to verify the accuracy of the personal data.
• The processing is unlawful, the person affected refuses to delete the personal data and instead demands the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of the processing, but the person affected needs it to assert, exercise or defend legal claims.
• The person affected has objected to the processing in accordance with Article 21(1) of the DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh those of the person affected.

If one of the above conditions is met and a person affected restricts the restriction of personal data that is our company stored, it may at any time contact an employee of the controller. The employee our company will cause the restriction of processing.

f) Right to data portability

Any person concerned by the processing of personal data shall have the right granted by the European legislator to obtain the personal data concerning him or her, which have been provided by the person affected to a controller, in a structured, common and machine-readable format. It also has the right to transfer this data to another controller without hindrance by the controller to whom the personal data were provided, provided that the processing is based on the consent in accordance with Article 6(1) (a) DS-GVO or Article 9(2) (a) OR on a contract under Article 6(1) (b) OF the DS-GVO and the processing is carried out using automated procedures. , provided that the processing is not necessary for the performance of a task which is in the public interest or in the exercise of official authority entrusted to the controller.
Furthermore, in exercising his right to data portability in accordance with Article 20(1) of the DS-GVO, the person affected has the right to obtain that the personal data be transferred directly from a controller to another controller, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
In order to assert the right to data portability, the person affected may at any time contact an employee our company Apply.

g) Right to object

Any person concerned by the processing of personal data shall have the right granted by the European legislator to object at any time to the processing of personal data concerning him or her, on the basis of Article 6(1) (e) or (f) DS-GVO, for reasons arising from his or her particular situation. This also applies to profiling based on these provisions.

Our company will no longer process the personal data in the event of an objection, unless we can prove compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the person affected, or the processing serves to assert, exercise or defend legal claims.

Processed our company personal data for direct marketing, the person affected has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling in so far as it is related to such direct marketing. If the person affected objects to our company processing for direct marketing purposes, it will be our company the personal data will no longer be processed for these purposes.

In addition, the person affected has the right, for reasons arising from his or her particular situation, to object to the processing of personal data concerning him or her, which is our company for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) DS-GVO, to object, unless such processing is necessary for the performance of a task in the public interest.

In order to exercise the right to object, the person affected may directly our company apply. The person affected is also free to exercise his right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h) Automated decisions on a case-by-case basis, including profiling
Any person concerned by the processing of personal data shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which has legal effect towards him or otherwise significantly affects it, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the person affected and the controller. , or (2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the person affected, or (3) takes place with the express consent of the person affected.

If the decision (1) is necessary for the conclusion or performance of a contract between the person affected and the controller, or (2) it is made with the express consent of the person affected, the our company appropriate measures to safeguard the rights and freedoms and legitimate interests of the person affected, including at least the right to the intervention of a person on the part of the controller, to express his or her point of view and to challenge the decision.
If the person affected wishes to exercise rights relating to automated decisions, he or she may at any time contact an employee of the controller.

i) Right to withdraw from data protection consent

Any person affected by the processing of personal data has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.
If the person affected wishes to exercise his or her right to withdraw consent, he or she may at any time contact an employee of the controller.

9. Legal basis of processing

Article 6 I lit. a DS-GVO serves as the legal basis for our institution for processing operations in which we obtain consent for a specific purpose of processing. Where the processing of personal data is necessary for the performance of a contract to which the person affected is a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing shall be based on Article 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our institution is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing shall be based on Article 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect the vital interests of the person affected or another natural person. This would be the case, for example, if a visitor to our facility were to be injured and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third parties. The processing would then be based on Article 6 I lit. d DS-GVO. Ultimately, processing operations could be based on Article 6 I lit. f DS-GVO. This legal basis is based on processing operations which are not covered by any of the aforementioned legal bases where the processing is necessary to safeguard a legitimate interest of our body or a third party, provided that the interests, fundamental rights and freedoms of the person affected do not prevail. We are allowed to do this kind of processing, in particular because they have been specifically mentioned by the European legislator. In that regard, it took the view that a legitimate interest could be presumed if the person affected is a customer of the controller (recital 47 sentence 2 DS-GVO).

10. Eligible interests in the processing pursued by the controller or a third party

Based on Article 6 I lit. f DS-GVO, our legitimate interest in carrying out our business for the benefit of the well-being of all our employees and the owner is based on Article 6 I lit. f DS-GVO.

11. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of the period, the relevant data will be routinely deleted, provided that they are no longer necessary for the performance of the contract or initiation of the contract.

12. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the person affected to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some ways, it may be necessary for a person affected to provide us with personal data, which must subsequently be processed by us. For example, the person affected is obliged to provide us with personal data if our institution concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the person affected could not be concluded. Before providing personal data by the person affected, the person affected must contact one of our employees. Our employee clarifies on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

13. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

14. Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In this case, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. Google may aggregate this data into a profile that is assigned to the respective user or device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 sec. 1 lit. f DS-GVO. The website operator has a legitimate interest in the analysis of user behaviour in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 sec. 1 lit. a DS-GVO; consent can be revoked at any time.

15. IP anonymization

We have activated the IP anonymization feature on this website. This will shorten your IP address from Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, comcompile reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.

16. Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how to handle user data at Google Analytics, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

a.) Order processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

b.) Demographics of Google Analytics

This website uses the “Demographics” feature of Google Analytics to display suitable advertisements for website visitors within the Google advertising network. This allows you to create reports that contain statements about the age, gender, and interests of page visitors. This data comes from interest-based advertising from Google as well as from third-party visitor data. This data cannot be associated with a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as shown in the item “Opposition to data collection”.

c.) Storage time

User-level and event-level data stored by Google that is linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de

17. Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). In addition, targeted advertisements can be played based on the user data available at Google (e.g. location data and interests) (target group targeting). As a website operator, we can quantitatively evaluate this data, for example by analyzing which search terms have led to the display of our advertisements and how many advertisements have resulted in corresponding clicks.
The use of Google Ads is based on Art. 6 sec. 1 lit. f DS-GVO. The website operator has a legitimate interest in the most effective marketing of its products services.

18. Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behaviour on our website (e.g. click on certain products) in order to classify you into specific advertising target groups and then to send you appropriate web messages when visiting other online offers (remarketing or retargeting).

Furthermore, the advertising audiences created with Google Remarketing can be linked to Google’s cross-device features. In this way, interest-based, personalized advertising messages that have been customized to you on one device (e.g. mobile phone) depending on your previous usage and browsing behavior can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to the personalized advertisement at the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6 sec. 1 lit. f DS-GVO. The website operator has a legitimate interest in the most effective marketing of its products. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 sec. 1 lit. a DS-GVO; consent can be revoked at any time.

Further information and the privacy policy can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

19. Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can detect whether the user has performed certain actions. For example, we can evaluate which buttons on our website have been clicked and how often and which products have been viewed or purchased most frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they did. We do not receive any information that we can use to personally identify the user. Google itself uses cookies or similar recognition technologies to identify it.

The use of Google Conversion Tracking is based on Art. 6 sec. 1 lit. f DS-GVO. The website operator has a legitimate interest in the analysis of user behaviour in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 sec. 1 lit. a DS-GVO; consent can be revoked at any time.

For more information about Google Conversion Tracking, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

20. Cookies

We and our partners use cookies to provide such services. This also applies when you visit our website or access our services. A “cookie” is a small packet of data that is assigned to your device when you visit a website from that website. Cookies are useful and can be used for different purposes. This includes, for example, making it easier to navigate between different pages, automatically activating certain features, saving your settings, and optimizing access to our services. The use of cookies also allows us to show you relevant advertisements tailored to your interests and to collect statistical information about your use of our services. This website uses the following types of cookies:

a. “session cookies” that ensure normal system usage. Session cookies are only stored for a limited time during a session and deleted from your device as soon as you close your browser.b.
“Permanent cookies”that are only read from the website and are not deleted when the browser window is closed, but are stored on your computer for a certain period of time. This type of cookie allows us to identify you on your next visit and, for example, to save your settings.c.
“Third-Party Cookies” set by other online services that are represented with their own content on the site you visit. For example, external web analytics companies that collect and analyze access to our website. Cookies do not contain any personal data that identifies you, but the personal data we hold may be linked by us to the data contained in the cookies. You canremove cookies from your
device’s device settings. Follow the instructions. Please note that disabling cookies may result in the restriction of certain functions when using our website.

21. Cookie consent with Borlabs Cookie

Our website uses the cookie consent technology of
Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document them in compliance with data protection. The supplier of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you give or the revocation of these consents are stored. This data will not be passed on to the provider of Borlabs Cookie. The collected data is stored until you ask us to delete it or delete the Borlabs cookie yourself or the purpose for data storage is omitted. Mandatory statutory retention periods remain unaffected. Details on the data processing of Borlab Cookie can be found under https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. The legal basis for this is Art. 6 sec. 1 p. 1 lit. c DS-GVO.

22. Use of script libraries (Google Web Fonts)

In order to display our content correctly and graphically in every browser, we use script and font libraries such as Google Web Fonts (https://www.google.com/webfonts) for thiswebsite. Google Web Fonts are transferred to your browser’s cache, so they only need to be loaded once. If your browser does not support Google Web Fonts or deny access, the content will be displayed in a default font.
• When calling script or font libraries, we automatically connect to the operator of the library. In theory, this operator has the option of collecting data. It is not currently known whether and for what purpose the operators of the relevant libraries actually collect data.
• Here you can find the privacy policy of the operator of the Google library: https://www.google.com/policies/privacy.

23. LinkedIn Plugin

This website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time a page of this website that contains LinkedIn features is accessed, a connection is established to LinkedIn servers. LinkedIn is notified that you have visited this website with your IP address. If you click on the “Recommend” button of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to this website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data as well as their use by LinkedIn.
The LinkedIn plugin is used on the basis of Art. 6 sec. 1 lit. f DS-GVO. The website operator has a legitimate interest in the widest possible visibility on social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 sec. 1 lit. a DS-GVO; consent can be revoked at any time. For more information, see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

24. Comment function in the blog on the website

The responsible of this website offers users the opportunity to leave individual comments on individual blog posts on a blog located on the website of the controller. A blog is a portal, usually open to the public, on a website, in which one or more people called bloggers or web bloggers can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented on by third parties.
If a person affected leaves a comment in the blog published on this website, in addition to the comments left by the person affected, information on the time of the comment is entered and on the username (pseudonym) chosen by the person affected will be stored and published. In addition, the IP address assigned by the Internet Service Provider (ISP) to the person affected is also logged. This storage of the IP address takes place for security reasons and in the event that the person affected violates the rights of third parties or posts illegal content by making a comment. The storage of this personal data is therefore in the own interest of the controller, so that the controller could, if necessary, exculplate himself in the event of an infringement. No personal data collected will be passed on to third parties unless such disclosure is required by law or serves the legal defense of the controller.

25. Newsletter

a.) Newsletter data

If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data are not collected or only on a voluntary basis. We use this data exclusively for the sending of the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 sec. 1 lit. a DS-GVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you are sent out of the newsletter with us or the newsletter service provider and deleted from the newsletter distribution list after the newsletter has been unsubscribed. Data stored for other purposes remain unaffected by this.
After you have left the newsletter distribution list, your e-mail address with us or the newsletter service provider may be stored in a blacklist in order to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 sec. 1 lit. f DS-GVO). The storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.

b.) MailChimp

This website uses MailChimp’s services to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that can be used to organize and analyze newsletters, among other things. If you enter data for the purpose of receiving a newsletter (e.g. e-mail address), it is stored on MailChimp’s servers in the United States.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file (web-beacon) contained in the email connects to MailChimp’s servers in the United States. This allows you to determine whether a newsletter message has been opened and which links have been clicked if necessary. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of recipients.
If you do not want an analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly from the website.
The data processing is based on your consent (Art. 6 sec. 1 lit. a DS-GVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you are sent out of the newsletter and deleted from both our servers and mailchimp servers after you have unsubscribed from the newsletter. Data that has been stored for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
For more information, please refer to MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/.

c.) Conclusion of a data processing agreement

We have concluded a so-called “Data Processing Agreement” with MailChimp in which we oblige MailChimp to protect our customers’ data and not to pass it on to third parties. This contract can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.

26. Matomo (Formerly Piwik)

For statistical analysis, the person responsible uses “Matomo” (formerly “PIWIK”) for this website. This is an open source tool for web analysis. Matomo does not transmit data to servers that are outside the control of the website manager (see Privacy Policy). Matomo is disabled when you visit our website. Only when you actively consent will your usage behavior be recorded anonymously.
Matomo uses so-called cookies. These are text files that are stored on your computer and which enable the person responsible for the website to analyse the use of this website. For this purpose, the information obtained by the cookie about the use is transmitted to the server of the controller of this website and stored, so that the usage behavior can be evaluated. Your IP address will be anonymized immediately; so you remain anonymous as a user. The information generated by the cookie about your use of this website will not be passed on to third parties.
The responsible for this website understands this analysis as part of his Internet service. It wants to further improve the website and adapt it even more to the needs of users.

27. Own services

a.) Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail, postal or online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.

b.) The scope and purpose of data collection

If you send us an application, we process your personal data associated with it (e.g. contact and communication data, application documents, notes in the course of interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (initiation of an employment relationship), Art. 6 sec. 1 lit. b DS-GVO (general initiation of contracts) and, if you have given your consent, Article 6 (1) lit. a DS-GVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in the processing of your application. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 of the German Data Protection Act (BDSG) and Art. 6 (1) lit. b DS-GVO for the purpose of carrying out the employment relationship.

c.) Retention period of the data

If we cannot offer you a job offer, reject a job offer or withdraw your application, we reserve the right to keep the data transmitted by you on the basis of our legitimate interests (Art. 6 sec. 1 lit. f DS-GVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data is then deleted and the physical application documents are destroyed. The retention is used in particular for verification purposes in the event of a dispute. If it is apparent that the data will be necessary after the expiry of the 6-month period (e.g. due to an impending or pending litigation), deletion will only take place if the purpose for further storage is no longer necessary. A longer retention can also take place if you have given appropriate consent (Art. 6 sec. 1 lit. a DS-GVO) or if legal retention obligations prevent deletion.

d.) Admission to the applicant pool

If we do not offer you a job, you may be able to add you to our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool to contact you in case of suitable vacancies.
Admission to the applicant pool is based solely on your express consent (Art. 6 sec. 1 lit. a DS-GVO). The submission of consent is voluntary and is unrelated to the ongoing application process. The person concerned may withdraw his consent at any time. In this case, the data from the applicant pool will be permanently deleted, unless there are legal reasons for retention. The data from the applicant pool will be irrevocably deleted no later than two years after the consent has been given.

28. Minors

The protection of children’s data is very important, especially in the online sector. The website is not intended for children and is not intended for them. The use of our Services by minors is only permitted with the prior consent or authorization of a parent or guardian. We do not knowingly collect personal information from minors. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he/she may contact us at info@torrox.de.

29. Updates or changes to this Privacy Policy

We reserve the right to change or review this Privacy Policy from time to time. You can find the date of the current version under “Last modified on”. Your continued use of the Platform after the notice of such changes on our website constitutes your acceptance of such changes to the Privacy Policy and is deemed to be your acceptance of binding to the amended terms.
This data protection declaration was prepared on the basis of a draft of the German Society for Data Protection GmbH and reviewed and adapted by Mr. Attorney Jörg Frotscher, Im Heidekamp 22, 59555 Lippstadt.

Last modified on 19. 10.2020