Privacy Noticeof Adalbert Zajadacz GmbH & Co. KG
The provisions of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) apply across Europe. We would like to inform you on the processing of personal data as carried out by our company in accordance with this regulation (compare Articles 13 and 14 of the GDPR). Should you have any questions or remarks regarding this privacy policy, you can send these to the email address provided under paragraph 2 and/or 3 at any time.
Table of Contents
I. Overview
In this section of the privacy policy, you can find information regarding its scope, the controller, their data protection officer, and data security.
1. Scope
Fundamentally, the data processing carried out by Adalbert Zajadacz GmbH & Co. KG can be divided into two categories:
- All data required for the execution of a contract with Adalbert Zajadacz GmbH & Co. KG will be processed for the purpose of contract performance. If external service providers such as logistics companies or payment service providers are involved in the performance of the contract, your data shall be transferred to these to the extent to which it is required in each case.
- Upon accessing the website/application, various pieces of information will be exchanged between your device and our server. This can also include personal data. The information which is collected in this manner will be used, among other things, to optimise our website or to display advertising in your device’s browser.
- This privacy policy applies to the following offers:
- our on-line offer, retrievable at www.zajadacz.de;
- whenever reference is made to this privacy policy from one of our other offers (e.g. websites, sub-domains, mobile applications, web services, or inclusions on third-party websites), irrespective of the manner in which you access or use these.
- All of these offers together are also referred to as “Services”.
2. Controller
The controller – i.e. the person who determines the purposes and means of the processing of personal data – in connection with the Services is
Adalbert Zajadacz GmbH & Co. KG
Lessingstraße 46
21629 Neu Wulmstorf
Telephone: +49 (0)40-70077-0
Email: datenschutz@zajadacz.de
3. Data Protection Officer
You can contact our Data Protection Officer as follows:
Contact form: https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg
4. Data Security
In order to develop the measures required in Art. 32 GDPR and, with it, to achieve a level of protection which is appropriate to the risk, we have established an information security management system within our company.
II. Data Processing Activities in Detail
In this section of the privacy policy, we provide you with information regarding the processing of personal data within the framework of our Services in detail. For greater clarity, we have arranged this information according to specific features of our Services. When using our Services normally, various functions and thus, various processing activities, may take effect, either consecutively or simultaneously.
Data Security
In order to develop the measures required in Art. 32 GDPR and, with it, to achieve a level of protection which is appropriate to the risk, we have established an information security management system within our company.
II. Data Processing Activities in Detail
In this section of the privacy policy, we provide you with information regarding the processing of personal data within the framework of our Services in detail. For greater clarity, we have arranged this information according to specific features of our Services. When using our Services normally, various functions and thus, various processing activities, may take effect, either consecutively or simultaneously.
1. General Points concerning Data Processing Activities
The following applies to all data processing activities presented below, unless otherwise specified:
a. No duty to provision
No contractual or legal obligation to provide personal data exists. You are not obligated to provide data.
b. Consequences of Failure to Provide
Failure to provide required data (data which is marked as mandatory field when it is being entered) will result in an inability to render to Service in question. Otherwise, failure to provide this data will, where applicable, result in our services not being able to be rendered in the same form and quality.
c. Consent
In certain cases, you have the opportunity to also give us consent to carry out further processing activities (where applicable, for only part of the data) in connection with those processing activities presented below. In this case, we provide you with information regarding all modalities and the scope of the consent, as well as regarding the purposes which we pursue with these processing activities, separately and in connection with the submission of each corresponding declaration of consent.
d. Transfer of Personal Data to Third Countries
In the event that we transfer any data to third countries, i.e. countries outside the European Union, this transfer takes place exclusively in compliance with legislative requirements placed on legitimacy.
The requirements placed on legitimacy are regulated by Art. 44-49 GDPR.
e. Hosting with External Service Providers
To a large extent, the way in which we process data involves so-called hosting service providers, which provide us with storage space and processing capacities in their data centres, and which also process personal data on our behalf and in accordance with our instructions. These service providers either exclusively process data within the EU, or we have ensured an adequate level of data protection with help from the EU standard contractual clauses for data protection.
f. Transfer to Government Authorities
We transfer personal data to government authorities (including law enforcement authorities) if this is required to fulfil a legal obligation to which we are subject (legal basis: point (c) of Art. 6(1) GDPR) or to assert, exercise or defend legal claims (legal basis: point (f of Art. 6(1) GDPR).
g. Retention Period
We will only store your data for as long as we require it to fulfil the respective processing purposes for which it was collected. Should this data no longer be required for the fulfilment of contractual or legal obligations, it shall be regularly erased, unless its retention continues to be necessary for a fixed term. Reasons for this could, for example, be the following:
- The fulfilment of retention obligations according to commercial and tax law
- The preservation of evidence for legal disputes within the framework of statutory limitation periods
- Equally, we are able to continue to store your data if you have expressly given your consent for us to do so.
- h. Data Categories
- Personal master data: Title, address/gender, first name, surname, date of birth
- Address data: Street, house number, address supplements where necessary, post code, town, country
- Contact details: Telephone number(s), fax number(s), email address(es)
- Subscription data: Information regarding the service through which you registered; times and technical information surrounding the registration, confirmation and logout; data which you provided when registering
- Order data: Ordered products, prices, payment and delivery information
- Payment data: Account data, credit card details, data regarding other payment services
- Access data: Date and time at which you visited our Service; the page from which the accessing system reached our page; the pages which were accessed during the use of the site; data regarding the identification of the session (session ID); furthermore, the following information relating to the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system, and similar technical information
- Application data: CV, references, supporting documents, work samples, certificates, pictures
h. Data Categories
- Personal master data: Title, address/gender, first name, surname, date of birth
- Address data: Street, house number, address supplements where necessary, post code, town, country
- Contact details: Telephone number(s), fax number(s), email address(es)
- Subscription data: Information regarding the service through which you registered; times and technical information surrounding the registration, confirmation and logout; data which you provided when registering
- Order data: Ordered products, prices, payment and delivery information
- Payment data: Account data, credit card details, data regarding other payment services
- Access data: Date and time at which you visited our Service; the page from which the accessing system reached our page; the pages which were accessed during the use of the site; data regarding the identification of the session (session ID); furthermore, the following information relating to the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system, and similar technical information
- Application data: CV, references, supporting documents, work samples, certificates, pictures
2. Accessing the Website/Application
Here, we describe how the personal data which we receive from you when you access our Services is processed. We would like to make particular reference to the fact that the transfer of access data to external content suppliers (see ‘b’ below) is inevitable due to the way in which the transfer of information on the internet technically works.
a. Information Concerning Processing
Category of Data | Intended Purpose | Legal Basis | Legitimate Interests, where applicable | Retention period |
Access data | Establishment of the connection, presentation of the contents of the Service, the discovery of attacks on our website through unusual activity, troubleshooting | Point (f) of Art. 6(1) GDPR | Proper functioning of Services, security of data and business processes, prevention of improper use, prevention of damages through interventions in information systems | 7 days |
b. Information Concerning Processing
Category of Recipient | Affected Data | Legal Basis for the Transfer | Legitimate Interests, where applicable |
External content suppliers who provide content (e.g. pictures, videos, embedded posts from social networks, advertisement banners, fonts, update information) which is required for displaying the Service | Access data | Processing (Art. 28 GDPR) | Proper functioning of Services, (accelerated) presentation of contents |
Hosting service providers | Access data | Processing (Art. 28 GDPR) |
“EVI” Zajadacz app
Registration is required to use the app. You can apply for access to the shop using the contact details provided above.
What does our app use authorisations for?
Full use of the app requires adequate authorisations, that is, to be more precise, the below authorisations for the Apple iOS and Android operating systems.
Camera access (iOS, Android)
We need to have access to your device camera. We do not collect or store any data, but access is only required for you to be able to scan bar codes.
Positioning service/access to locations (iOS / Android)
This is required for the optional route planning.
Photos/media/files and storage (Android)
Several applications must be able to read, write and delete flash drive contents – including contents from storage devices connected via USB ports and microSD cards – since apps are otherwise limited to the often restricted internal device storage spaces.
WiFi connection data (Android)
This is used for accessing WiFi connections, including the names of connected devices, WiFi connections and the WiFi status (on/off).
Other (Android)
- Calling off network connections;
- Controlling the lighting;
- Accessing all the networks:
- Controlling vibration alarms;
- Reading the Google service configuration.
- When accessing app contents, our server may save identification data (IP address) and other information (date, time, accessed pages) for data security purposes. This data will only be analysed for statistical purposes and in an anonymised or pseudonymised form (that is, IP addresses shortened by several figures or addresses encrypted to other figures).
3. Application
During an application process, we process your personal data as follows:
a. Information Concerning Processing
Category of Data | Intended Purpose | Legal Basis | Legitimate Interests, where applicable | Retention period |
Address data, contact data | Identification, making contact, communication regarding contract initiation | Point (b) of Art. 6(1) GDPR | 6 months | |
personal master data | Identification, making contact, age verification | Point (b) of Art. 6(1) GDPR | 6 months | |
Application data | Selection of applicants | Point (b) of Art. 6(1) GDPR | 6 months |
b. Recipients of Personal Data
Category of Recipient | Affected Data | Legal Basis for the Transfer | Legitimate Interests, where applicable |
Email service providers | All those mentioned under a. | Processing (Art. 28 GDPR) | |
Email archiving service providers | All those mentioned under a. | Processing (Art. 28 GDPR) |
4. Customer Account
The following information describes how we process your personal data when you open a customer account.
a. Information Concerning Processing
Category of Data | Intended Purpose | Legal Basis | Legitimate Interests, where applicable | Retention period |
Email address, personal master data, registration data and financial data (if required) | Provision of a closed customer area to purchase goods and services | Points (b) and (f) of Art. 6(1) GDPR | Customer retention, goods supplies and service provision | During the customer relationship, unless this is contrary to other legal retention periods. |
b. Recipients of Personal Data
Category of Recipient | Affected Data | Legal Basis for the Transfer | Legitimate Interests, where applicable |
Email service providers | All those mentioned under a. | Processing (Art. 28 GDPR) | |
Email archiving service providers | All those mentioned under a. | Processing (Art. 28 GDPR) |
5. Contact by Email
Find out how we process your personal data when you get in touch with us by email:
a. Information Concerning Processing
Category of Data | Intended Purpose | Legal Basis | Legitimate Interests, where applicable | Retention period |
Personal master data, contact data, contents of the queries/complaints/objections | Processing of Queries | Points (b) and (f) of Art. 6(1) GDPR | Customer loyalty, improvement of our Service | 1 year archiving for 10 years |
Order data | Contract brokering/service provision | Point (b) of Art. 6(1) GDPR | 1 year archiving for 10 years |
b. Recipients of Personal Data
Category of Recipient | Affected Data | Legal Basis for the Transfer | Legitimate Interests, where applicable |
Email service providers | All those mentioned under a. | Processing (Art. 28 GDPR) | |
Email archiving service providers | All those mentioned under a. | Processing (Art. 28 GDPR) |
6. Contact form
Find out how we process your personal data when you get in touch with us by email:
a. Information Concerning Processing
Category of Data | Intended Purpose | Legal Basis | Legitimate Interests, where applicable | Retention period |
Contact details | Processing of Queries | Point (a) of Art. 6(1) GDPR | 1 year archiving for 10 years | |
personal master data | Processing of Queries | Point (a) of Art. 6(1) GDPR | 1 year archiving for 10 years | |
Free text | Processing of Queries | Point (a) of Art. 6(1) GDPR | 1 year archiving for 10 years |
b. Recipients of Personal Data
Category of Recipient | Affected Data | Legal Basis for the Transfer | Legitimate Interests, where applicable |
Hosting service providers | All those mentioned under a. | Processing (Art. 28 GDPR) | |
Email archiving service provider | All those mentioned under a. | Processing (Art. 28 GDPR) | |
Companies to which the query refers | All those mentioned under a. | Processing (Art. 28 GDPR) |
7. Tracking
Below, we shall describe how, with help from tracking technologies, your personal data is processed for the analysis and optimisation of our Services, as well as for advertising purposes.The description of tracking procedures also contains information on how you can prevent or object to data processing. Please take note that the so-called “opt-out” declaration, i.e. the rejection of processing, is generally saved via cookies. If you use our Services via a new end device or in another browser, or when you have deleted the cookies placed by your browser, you must declare your rejection once more. The tracking procedures presented only process personal data in pseudonymised form. A connection with a concrete, identifiable natural person, i.e. a merging of the data with information about the bearer of the pseudonym, does not occur.
a. Tracking for the analysis and optimisation of our services and their use, as well for the measurement of the success of advertising campaigns and optimisation of the presentation of advertisements
(1) Purposes of the Processing
Analysing user behaviour through tracking helps us to review the effectiveness of our Services, to optimise them and adjust them to meet the needs of the user, as well as to resolve errors. Furthermore, it serves the purpose of establishing specific values in regard to our Services (reach, intensity of use, surfing behaviour of the user) statistically – on the basis of uniform, standard processes – and thus of receiving values which are comparable across the market. Tracking for the measurement of the success of advertising campaigns serves to optimise our advertisements for the future, as well as to enable marketers and advertisers a corresponding optimisation of their advertisements. Tracking for the optimisation of the display of advertisements serves the purpose of showing users advertising which is tailored to their interests, in order to increase the success, and thus the revenues, of advertising.
(2) Legal Basis of Processing
For services which enable the behaviour of data subjects to be traced on the internet, and when creating user profiles, an informed consent within the meaning of the GDPR is required.
(3) The tracking procedures used in detail
Name of the Service | Operating Principle | Possibility to Prevent Processing (Opt-out) | Transfer of Data to Third Countries? | Adequacy Decision (Art. 45 GDPR), where applicable | Appropriate Safeguards (Art. 46 GDPR), where applicable |
Google Analytics | Web Analysis | https://tools.google.com/dlpage/gaoptout?hl=en-GB | No | ||
Google Maps | Marketing | https://tools.google.com/dlpage/gaoptout?hl=en-GB | No | ||
Wiredminds | Marketing | www.zajadacz.de/datenschutz | No |
If you would like to decide against interests-based advertising, you can also visit the website http://youronlinechoices.com/, click on “Your Ad Choices” and follow the instructions in order to either completely prohibit the use of your data for interests-based advertising for those service providers which are listed there, or to create custom settings. You will continue to receive advertisements, however, these will no longer be based on your interests.
III. Data Subject Rights
1. Right to Object
If we process your personal data for the purposes of direct advertising, you have the right to object at any time to the processing of personal data about your person for such advertising purposes with effect for the future.
Furthermore, you have the right to object at any time, on grounds relating to your particular situation and with effect for the future, to the processing of personal data about your person that is based on point (e) or (f) of Art. 6(1) GDPR.
You may exercise your right to object free of charge.
You can contact us via the contact details stated in I.2.
2. Right of Access
You have the right to learn whether personal data concerning your person is being processed by us, what personal data this concerns, where applicable, as well as additional information in accordance with Art. 15 GDPR.
3. Right to Rectification
You have the right to request that we immediately rectify inaccurate personal data concerning your person (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. Right to erasure (“right to be forgotten”)
You have the right to request that personal data concerning your person be deleted immediately, insofar as one of the reasons listed in Art. 17(1) GDPR is applicable, and insofar as the processing of the data is not required for a purpose as regulated in Art. 17(3) GDPR.
5. Right to Restriction of Processing
You are entitled to request the restriction of the processing of your personal data in the case of the existence of one of the conditions set out in points (a) to (d) of Art. 18(1) GDPR
6. Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from us, or to have this data transmitted directly from us, insofar as this is technically feasible. This shall always apply when the basis of the data processing is consent or a contract, and where the data is automatically processed. Thus, this does not apply to data which is only available in paper form.
7. Right to Withdrawal of Consent
Insofar as processing takes place based on your consent, you have the right to withdraw that consent at any time. In doing so, the lawfulness of the processing which was carried out based on consent until the time of its withdrawal shall not be affected.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority.
Our website uses the wiredminds GmbH (www.wiredminds.de) tracking pixels technology to analyse the visitors’ behaviour.
Data may be collected, processed and stored, from which user profiles are created under a pseudonym. Where possible and appropriate, these user profiles will be completely anonymised. In this context, cookies can be used. Cookies are small text files that are stored in the internet browser of the website visitor that serve the purpose of the recognition of the internet browser on future visits. The data that is collected, which can also include personal data, will be transferred directly to wiredminds or collected directly by wiredminds. wiredminds is able to use information which is left during visits to the web pages for the creation of user profiles. The data collected in this way will not be used in order to identify the user of this website personally without the explicit consent of the data subject, and it will not be not combined with the personal data of the holder of the pseudonym. If IP addresses are collected, they will be anonymised immediately through the erasure of the last numerical block.
If you object to this, please click here. Opt out from tracking
Reservation of Changes
We reserve the right to amend this Privacy Policy at any time taking into account the applicable regulations
Neu Wulmstorf, June 2018